7 WordPress Security Tips

Most WordPress users think that the chance of getting attacked by a hacker is slim to none. The truth is that it happens more often than you think and unfortunately most people are not aware of that danger.

Have you noticed sometimes when searching on Google that some results are labeled “This site may harm your computer”? Those are websites that have been hacked and therefore blacklisted by Google. Needless to say, most users will freak out and might never visit your site again. Even if you manage to recover your site from such an attack, this would definitely give a bad reputation to your business.

I compiled a list of tips that can greatly improve the security of your WordPress website. Please note that the following tips apply to all versions of WordPress.

1. Use Strong Passwords

It may seem obvious but you would be amazed by how many users ignore this. No matter how much you work securing your website, a weak password can ruin everything. Your whole website’s security is dependent on that password. Do not even bother reading the rest of this article if your password is not strong enough.

Here are 3 tips when selecting your password:

  • Use something as random as possible (no single words, birthdays, or personal information)
  • Use at least eight characters. The longer the password the harder it is to guess
  • Use a mix of upper and lower-case letters and numbers. Passwords are case-sensitive, so use that to your advantage.

2. Keep WordPress Always Updated

It goes without saying that you always have to update your WordPress installation. If a vulnerability is discovered the WordPress development team will fix it by releasing a new version. The problem is that now the vulnerability is known to everyone so old versions of WordPress are now more vulnerable to attacks.

In order to avoid becoming a target of such an attack it is a good idea to hide your WordPress version number. This number is revealed in page’s meta data and in the readme.html file of your WordPress installation directory. In order to hide this number you have to delete the readme.html file and remove the version number for the header by adding the following line to your functions.php file of your theme folder.

<?php remove_action('wp_head', 'wp_generator');?>

3. Beware of Malicious Themes or Plugins

Some themes and plugins contain buggy or even malicious code. Most of the time malicious code is hidden using encryption so it’s not easily detectable. That’s why you should only download them from trusted sources. Never install pirated/nulled themes/plugins and avoid the free ones unless they are downloaded from the official WordPress themes/plugins repository.

Malicious themes/plugins can add hidden backlinks on your site, steal login information and compromise your websites security in general.

4. Disable File Editing

WordPress gives administrators the right to edit theme and plugin files. This feature can be very useful for quick edits but it can also be useful to a hacker who manages to login to the administration dashboard. The attacker can use this feature to edit PHP files and execute malicious code. To disable this feature add the following line in the wp-config.php file.

define('DISALLOW_FILE_EDIT', true);

5. Secure wp-config.php

wp-config.php contains some important configuration setting and most importantly contains your database username and password. So it is crucial for the security of your WordPress website that nobody will have access to the contents of that file.

Under normal circumstances the content of that file are not accessible to the public. But it is a good idea to add an extra layer of protection by using.htaccess rules to deny HTTP requests to it.

just add this to the.htaccess file on your website root:

<files wp-config.php>

order allow,deny
deny from all
</files>

6. Do not allow users to browse in your WordPress directories

Add the following line in the.htaccess file in the directory you installed WordPress:

Options -Indexes

This will disable directory browsing. In other words it will prevent anyone from getting the listing of files available in your directories without a index.html or index.php file.

7. Change username

Hackers know that the most common user name in WordPress is “admin”. Therefore it is highly advisable to have a different username.

It is best to set your username during the installation process, because once the username is set it cannot be changed from inside the admin dashboard but there are two ways to get around this.

The first way is to add a new administrator user from the admin dashboard. Then log out and log in again as the new user. Go to the admin dashboard and delete the user named admin. WordPress will give you the option to attribute all posts and links to the new user.

If you are more tech-savvy you can change your username simply by executing an SQL query. Go to phpmyadmin select your database and submit the following query:

UPDATE wp_users SET user_login = 'NewUsername' WHERE user_login = 'admin';

It is important to keep in mind that even if you implement all my advice you can never be 100% protected from hackers. But the above tips should be sufficient to decrease the chances of getting hacked.

8 Bitcoin Security Tips

Today, with the help of Bitcoin, you can revolutionize the way you do your business. You can make payments with virtual currency anytime in a matter of a few seconds. And you won’t have to pay anything to an intermediary as there will be no card processing involved.

You have your Bitcoins in your own Bitcoin wallet, which will sort of your own bank. But there is a catch. If you lose your wallet key, you will no longer have access to your digital money. Also, if the key lands in wrong hands, your wallet will be empty in seconds. So, for your security, we suggest that you follow the following security tips. Read on.

Use a Reliable Exchange Service

Web wallets are risky as hackers use them to gain unauthorized access to people’s money. If you really have to use one, make sure you use a reliable exchange service. Once the exchange transaction happens, make sure you transfer the coins to your own wallet right away.

Don’t allow open access to your Wallet

According to Joe Steward, you should not allow open access to your Bitcoin wallets. If an employee accesses your wallet and makes a transfer to a wallet they have access to, your money will be gone. To deal with this problem, you can use sub-wallets.

Use Separate Wallets

Often, Bitcoin wallets that are connected to the web all the time are prone to network-oriented attacks. So, it’s a good idea to use offline wallets instead. Actually, what you need to do is keep your digital money in the offline wallets. As soon as you get a big amount of money in your online wallet, make sure you transfer it to your offline wallet as soon as possible.

Store Your Keys Offline

It’s a good idea to store your private keys on an offline computer, which will help you keep hackers and malware at arm’s length. After all, you want to keep the system as secure as possible.

Use a Dedicated Hardware

It’s better if you use a dedicated USB key to transfer data between two computers. Again, it will protect your data from potential viruses and hackers.

Use Linux for added Security

If you are looking for the best way to move data between two computers, you may want to use a USB drive. For this purpose, the most secure system is Linux as it is very good at fighting USB-based threats.

Create Backups

You will lose your Bitcoin or wallet if you end up damaging your computer. So, it’s a good idea to create a backup of your wallet someone else. Ideally, you may want to make several backups and store them in different locations.

Use a Powerful Hardware Wallet

A hardware wallet is a USB key that has an onboard computer that runs a special OS. The hardware keeps the private keys secure.

Long story short, we suggest that you follow these security tips when it comes to handling digital currency, such as Bitcoin.

WordPress Security Tips and Hack Defense

From WordPress core, theme and plugin safety, to user name and password best practices and database backups.

Other topics to consider include:

  • layered security measures like using the .htaccess file to enable or disable features
  • limiting file permissions
  • black listing and white listing IPs
  • disable file editing
  • using HTTPS

WordPress Security

If you run a large commerce site and it gets hacked, you can lose valuable customers and of course, money. Web hosts are likely to suspend accounts that are hacked taking your site offline. You don’t want to waste your time patching up a site after hacks or paying hosting when your site is down.

Why is WordPress so successful?

WordPress is the world’s most popular content management system now powering 20% of all websites. It’s success is due to its intuitive interface and the fact that its free and open source. Its features provide endless options for extending functionality through the addition of plugins and the ability to customize your site with themes and widgets. With thousands of paid and free themes and plugins available on the web, the option to create a site that is both functional and uniquely yours is virtually limitless.

Why is WordPress exposed to attack?

These same features are the most common ways that we expose our sites to attack. Because WordPress is open source, anyone can easily explore the core code or search through any of the most popular themes and plugins for hacks. These are items of WordPress that are out of your control.

Your host and WordPress hacks

Unless you pay big money to have your own server for web hosting, you also can’t control the hosting environment your website is run on.

Brute force attack

A brute force attack is also something that is out of your control. While you can’t always stop them, you can put into place measures to limit the damage and make it difficult for someone to successfully hack your site. Even tech giants like Microsoft, Apple and Amazon have had their security breached. No site, WordPress or otherwise, is completely secure. What you must do is recognize where weakness exist and create extra layers of defense to protect your content in the event your site is hacked. Use as many common solutions as possible to help manage the weakening of your site through human error.

A brute force attack can last months and involve thousands of servers world-wide. All hosting providers who offer WordPress are potential targets Hackers use compromised servers and PCs to hack websites’ administrator panels by exploiting hosts with “admin” as account name, and weak passwords which are being resolved through brute force attack methods.

4 Points of Vulnerability

1. host security breaches

2. out of data WordPress core

3. unsafe plugins and themes

4. brute force attacks

Managing your WordPress powered site well is the most valuable security tool available to you.

  • speed
  • options
  • services
  • security
  • backup solutions
  • control
  • server type
  • price point

Choosing WordPress to power your site means WordPress is the foundation of everything on your site. The fact that it is free and open source carries many benefits. But with each update, the exploits of the previous version are made available to the public making previous versions more susceptible to being hacked. Employing backs security through obscurity tactics, you can remove or hide the version number of your WordPress installation from displaying. You can even choose a more simple solution with plugins to hide the version number. This may deter a bot from attaching to your site, but this does not patch holes in older versions of WordPress. Only updating your WordPress installation as newer versions are made available will remove the published exploits.

Updating WordPress is simple (since version 3.7 was released with automatic updates)

In previous versions of WordPress a new version banner would display in your dashboard whenever there is an update available. Now WordPress installs will automatically update to new minor versions without you having to lift a finger. Minor versions are usually for security updates. You will, however, still need to update for to new major versions.

To update WordPress

  1. First things first! Backup your WordPress.
  2. Dashboard
  3. Updates

The biggest threat to your site

The quickest way to compromise your site includes adding poorly, maliciously coded or out of date themes or plugins from untrusted developers or sites. Due to the open source nature of WordPress many themes or plugins are distributed under a GPL or GPN (General Public License) licenses. So its easy for themes and plugins to be forked and redistributed on free WordPress theme and plugin sites with the addition of hidden or malicious code. This code can be as simple as exposing a virus or as serious as exposing your visitors to identity theft.

Before downloading a free theme or plugin:

  1. Research the author and only download from the authors site or the WordPress depository
  2. Ask advise at WordPress.org/support
  3. If you are going to use free trusted plugins or themes, check the version number compatibility listing and verify that the plugin or theme is still being supported and updated. Many themes or plugins are slow to receive updates or are simply abandoned.
  4. If you don’t use it, lose it. If you are not using a theme or plugin, delete it.
  5. Use paid supported themes and plugins (not free).

Experience shows that nearly all WordPress attacks could be defended against and defended by simply using safe, up to date and trusted plugins and themes.

Tips for Protecting Your Home With LED Security Lights

Adding security lighting is the number one step homeowners can take to protect their property from unwanted intruders. Statistics show that burglars bypass targets that are difficult to access without being noticed. A well-designed security lighting system can make would-be robbers think again before approaching your property. This guide will show you how to create an effective, low-cost LED security lighting system for your home or business.

Use many smaller lights rather than fewer, more powerful lights

Big, powerful flood lights are good for open spaces, but can sometimes leave shadows if there are obstacles on your property like buildings and trees. Using a combination of LED flood lights, area lights and wall packs will reduce shadows and blind spots that intruders can use to hide.

Keep lights high and out of reach

It’s important to make it difficult for burglars to tamper with your security system. Many thieves will plan heists for several weeks and finding a way to disable security lights is often a top priority. Even the best security lighting can be rendered useless if an intruder is able to incapacitate the system. Keeping lights high and out of reach will make it difficult for your system to be tampered with. Placing lights high will also soften the light for a pleasant look and increased coverage.

Use Motion Detector Lights

Motion detector lights are an effective way to scare off intruders. Burglars will be on edge during a robbery and having a light flick on as they walk by is often times enough to scare them away. A good combination of LED spotlights and motion detector lights will work to keep intruders off of your property and scare away those who choose to enter.

Focus on Entrances and Exits

Most criminals seek out targets that can be accessed at night without being seen. Ensuring excellent light coverage at all entrances and exits will deter criminals from planning a robbery at your property.

Why LED?

Efficiency: LED lights offer exceptional efficiency and are more cost-effective in the long run. An LED light fixture will use 90% less electricity than an equivalent incandescent. This is also important if your security lights are forced to run on a backup generator. Less energy draw means your lights will last longer on a limited supply of power.

Longevity: A quality LED bulb can have a useful life of 25,000 hours or more. This is more than 25 times long than traditional light bulbs. Safety: LEDs run cooler than conventional light sources and are therefore less of a fire hazard. Durability: LEDs lack filaments or glass enclosures, making them more durable than traditional alternatives. Same colors as traditional bulbs: LEDs can achieve the same colors as traditional bulbs. Use the Kelvin temperature color scale below to help identify the hue a bulb will produce.