Like anything securing your wordpress site can completely take over your life, however for most people the reality is that a couple of quick, simple and free steps will eliminate the majority of attacks on your site. As anyone who has experienced a successful attack, it can be extremely frustrating and time consuming to clean up an infected site so it’s worth taking a little time to put some simple security precautions in place.
As mentioned this is not a complete list, if you search online you’ll literally find hundreds more security steps you can take but in reality most attacks are based on the ‘low hanging fruit’ concept. If your site is more secure than most then they’ll move onto the next target, in reality many of the hackers have limited technical ability.
So what can you do to secure your site?
First step – is never use the default admin user account. Go into your wordpress user settings and create a new administrator account with a new username, also make sure it is completely unrelated to your site. So stay away from generic ‘admin’ type names or those with your site name in the username. Many attacks will involve brute forcing the default username – so if it doesn’t exist you’ll already be more secure than the majority of default instalation websites. Choose a longish, obscure administrator name and you’ll go a long way to securing your site.
Second Step – passwords. Yeah, sure it’s obvious but it’s surprising how many people neglect this step – make it longish, include non standard characters like hashes or symbols and throw in a number or too that you can remember easily. The most common attacks on wordpress sites are trying to brute force the admin account, which means just trying huge combinations of usernames and passwords to ‘guess’ the right ones. The first two steps should make this substantially more difficult.
Third Step – Keep your wordpress installation up to date. That goes the same for any themes and plugins, if security risks are found the updates will hopefully close them. If you run old versions of software you’re probably running with a built in security hole.
Fourth step – you should try and minimise the number of plugins you install on your wordpress site simply because each one introduces a potential security risk. However there is one free wordpress plugin that is definitely worth using for security purposes. Although there is a paid version too, the free version of Wordfence is pretty good. You can use it to scan your wordpress installation to check for malware or infected files, plus it can automatically monitor and block logins. It works great against brute force attacks because after several failed logins it will automatically block the IP address, this means that the attacked would have to keep rotating their IP address to keep the attack going which requires a huge investment in VPNs and proxies to break the average login credentials. Download Wordfence and run it on all your sites.
That’s it, not I’m not suggesting this is the complete checklist for securing wordpress but for someone who has run 40 or so sites now for a decade, these simple steps will protect you against the majority of attacks. If you find a site does get targeted or under constant attack there are many more steps you can take but this is a great starting point.
For years now, the BBC has been fairly laid back in it’s enforcement of it’s online content. However this has now changed – for the first time the BBC iPlayer has begun blocking UK based proxies and VPN servers which are used to watch it’s content.
Just to summarise, currently live streaming of the BBC and it’s catch up service the BBC iPlayer is not accessible if you’re trying to access from outside the UK. What happens is that the BBC site checks your IP address when you connect and if it’s registered outside the United Kingdom then you won’t be able to watch anything. However for years many millions of people have used a proxy or VPN service to hide their real location and watch all the BBC stuff normally. These services merely reroute your connection through the UK and so technically you’re able to access the content without any problems. It is estimated that millions of people currently use some form of these services to watch the BBC online.
It’s exactly the same as all the other big media sites – Netflix for example had quarter of a million people watching from Australia before it was even available there. VPN services like Identity Cloaker have become increasingly sophisticated allowing you to switch countries with a click of a button. This effectively sidesteps any country restrictions no matter where you happen to be based.
Of course, the media companies don’t like this and have waged an on-going war on these services. Simple proxies are now detected and blocked by most big media sites, and many of them are always adding such services to their block lists. Over the years companies like Netflix and Hulu have invested heavily in technology to restrict the use of these services whilst pursuing many legal cases against the companies who run these services, the BBC have overall seemed rather indifferent.
You will always get blocked from outside the UK if you try to stream from BBC iPlayer, but the corporation never made much of an attempt to block access to VPNs and proxies. They do have a legal department which gets some of the more obvious services closed down, but were never particularly aggressive. This seems to be changing with the IP addresses of thousands of VPN services being blocked over the last few weeks combined with pursuing many copyright infringements over YouTube too.
Fortunately it’s unlikely this tactic will be 100% effective simply because they providers are able to switch the IP addresses of their VPN servers as quickly as they are being blocked. It’s best to look for a low-key service which provides UK based VPN servers without advertising the ability to watch these channels. The only service I use which is currently unaffected is Identity Cloaker, whereas unfortunately many of the IPVanish addresses appear to be blocked whilst accessing BBC iPlayer – they are apparently working on a solution though.
Last week Google launched what looks like is going to be a very exciting concept – YouTube Gaming, well when I say launched it’s currently only completely accessible from two locations – although this will obviously change over the next few months. It’s available from the web page and applications running under iOS and Android, although these applications are only available in UK and USA initially.
YouTube Gaming is Google’s rival to the game streaming platform Twitch which Amazon paid a small fortune for last year. Google had been in the running for Twitch so were obviously going to launch something similar. They decided to integrate live game streaming directly into their hugely popular video sharing site – YouTube. Which of course definitely makes sense!
However there is a big problem if you’re based in Germany and want to access the YouTube gaming channel, it’s effectively blocked. Due to a long standing legal dispute between Google and GEMA (Gesellschaft für musikalische Aufführungs), the organisation that pay royalties to performers – you simply can’t access this from Germany. Most German users will not be completely surprised as the dispute means that thousands of videos are also blocked from German computers and devices.
Until the dispute is concluded it’s likely that German users will be blocked from many of the Video giants content, including the Live Game Streaming platform. It’s another reason why VPN switching services have become such an essential tool, all the big media companies are restricting, blocking and filtering access based on your location with increasing frequency. Most of the time it’s down to making money of course, companies don’t like the way the internet creates a global market price – to maximise profits you need to charge different amounts based on the ability to pay.
So German users will simply need to invest in some software that allows them to buy a new ip address. here’s a video demonstration in action.
A few practical precautions can help minimise the possibilities of a CryptoLocker attack. What exactly are our top tips?
Don’t leave it linked to your own PC if you’re not backing up, if you are using an external hard drive. If you’re uncertain check with your own supplier.
— Create files within the Cloud and upload photographs to on-line accounts like Flickr or Picasa (although NSA and MI5 will copy all your stuff!)
— Change to your spam- and virus filtered email service. (It also doesn’t enable you to really send them).
— Do not go to on-line porn sites, which are generally the source of many malware downloads. When clicking on adverts; never open Twitter website links and attachments from those that you do not understand or trust take care. Heh but really this is the internet – go find porn, it’s fine 😉
– – Install the most recent versions of upgrade addons and the internet browsers including Java and Adobe Flash.
— Get reputable antivirus software and make certain you update it often.
— Act fast. Bear in mind it’s likely to take a little time for the encryption to occur, should you inadvertently download a dodgy attachment. Before all of your files are encrypted should you instantly download and run an antivirus programme, like the complimentary antivirus toolkit available from Sophos, it might destroy the CryptoLocker – nevertheless, you’ll forever lose affected files.
— Encrypt the files you specially need to stay private, including records including your passwords or private information, to prevent criminals from reading what is in them. Read this useful “Ask Jack” post to the Guardian technology site to discover more about encrypting your files.
Completely unrelated and about 30 years old – but you might remember it and raise a smile…….
Outside the UK – it will probably seem odd…..
Turkey has for many years shown a very strong desire to heavily censor the internet. They have frequently blocked access to many of the major social media sites like Facebook, Twitter and WordPress. Normally these blocks have been short lived due to public and international pressure.
The recent protests in Turkey though have perhaps given as an insight into the views of their government – with the Prime Minister, Recep Erodogan making this ridiculous quote –
“Social media is the worst menace to society”
Of course if you’re incredibly unpopular and are trying to forcefully implement a religious agenda into a secular country then social media is not likely to be your best friend. The reality is social media is merely a form of communication nothing more and nothing less.
I fear that if the Prime Minister in Turkey continues in power, his aggressive mobilisation of the police against peaceful protesters will be followed soon by some serious ramp up in internet censorship. Two years ago a plan was proposed to impose huge restrictions on Turkish internet users.
The idea was that all users would have to select one of four content filtering packages. These were labelled – family, children, domestic or standard – so basically you chose which amount of filtering was applied to your web browsing. The very worst part was that you would never know to what extent you had agreed as the blocked web sites in each list would not be made public. The web sites would be assigned by the Prime Ministry’s Information Technology Board (BTK) and you can be assured that there would be many thousands of sites in these blocked lists.
Update – There are reports that both Twitter and Facebook have been blocked (03rd June), am going to verify this using my Turkish proxy server.
Here’s a new lucrative, money making profession that could be creating a few millionaires across the globe over the next few years. It goes under various names like internet scrubbers, online reputation management or image repair – and firms are making lots of money especially in China.
Firms and wealthy individuals are paying specialists to ensure that any mentions that appear online are all positive and that any negative comments are removed from view. In China one of the biggest firms of this sort are called Yage Times and are fronted by Gu Genda a 30 year old entrepreneur from Beijing.
In China the number of firms like this are growing. They work something like this, a big company or person may be receiving bad publicity online – perhaps a rumor or potential scandal is being talked about online. Of course this is perfectly natural but in a very connected online society like China this can have a huge impact on a company or individual’s reputation.
So they hire someone like Yage Times to ensure that negative content and discussions are removed or at least fade from view rapidly. This can be very complicated and extremely costly but many firms are willing to pay the price.
Unfortunately it’s not always easy to do this. There are of course ways to make online pages and posts slowly disappear from view by affecting their ranking in the search engines. But if a negative story appears on a popular and high ranking news site or block it’s not going to fade away easily – at least not until it’s been viewed by millions of people.
So what can you do? Well apparently the initial attempts to remove unwanted stories involves bribing the publishers to remove or modify the items. For bigger sites this wouldn’t always work so Yage Times consultants would then forge Government documents enforcing the removal of specific content from their site.
As the Chinese government actively censor huge sections of the web this would rarely come as a big surprise. In fact many Chinese people routinely connect via a US or UK IP address to avoid these filters. It’s another huge growth area ironically because of all the restrictions that have been put in place by the Chinese authorities – here’s one that’s extremely popular – best VPN software.
These tactics have ensured some big profits for companies like these, but not surprisingly the Chinese Government were not impressed – Gu Genda and about 10 others are now in custody awaiting trial for various charges including bribery.
Censorship of the internet is rife in China, but it seems the state would rather keep the monopoly. The story was raised by a Chinese magazine called Caixin.
It is not without irony that many comments and responses to the Caixin story have been deleted or censored shortly after publication!