Some Initial Steps to Secure Your WordPress Site

Like anything securing your wordpress site can completely take over your life, however for most people the reality is that a couple of quick, simple and free steps will eliminate the majority of attacks on your site. As anyone who has experienced a successful attack, it can be extremely frustrating and time consuming to clean up an infected site so it’s worth taking a little time to put some simple security precautions in place.

computer-150097_640

As mentioned this is not a complete list, if you search online you’ll literally find hundreds more security steps you can take but in reality most attacks are based on the ‘low hanging fruit’ concept. If your site is more secure than most then they’ll move onto the next target, in reality many of the hackers have limited technical ability.

So what can you do to secure your site?

First step – is never use the default admin user account. Go into your wordpress user settings and create a new administrator account with a new username, also make sure it is completely unrelated to your site. So stay away from generic ‘admin’ type names or those with your site name in the username. Many attacks will involve brute forcing the default username – so if it doesn’t exist you’ll already be more secure than the majority of default instalation websites. Choose a longish, obscure administrator name and you’ll go a long way to securing your site.

Second Step – passwords. Yeah, sure it’s obvious but it’s surprising how many people neglect this step – make it longish, include non standard characters like hashes or symbols and throw in a number or too that you can remember easily. The most common attacks on wordpress sites are trying to brute force the admin account, which means just trying huge combinations of usernames and passwords to ‘guess’ the right ones. The first two steps should make this substantially more difficult.

Third Step – Keep your wordpress installation up to date. That goes the same for any themes and plugins, if security risks are found the updates will hopefully close them. If you run old versions of software you’re probably running with a built in security hole.

Fourth step – you should try and minimise the number of plugins you install on your wordpress site simply because each one introduces a potential security risk. However there is one free wordpress plugin that is definitely worth using for security purposes. Although there is a paid version too, the free version of Wordfence is pretty good. You can use it to scan your wordpress installation to check for malware or infected files, plus it can automatically monitor and block logins. It works great against brute force attacks because after several failed logins it will automatically block the IP address, this means that the attacked would have to keep rotating their IP address to keep the attack going which requires a huge investment in VPNs and proxies to break the average login credentials. Download Wordfence and run it on all your sites.

That’s it, not I’m not suggesting this is the complete checklist for securing wordpress but for someone who has run 40 or so sites now for a decade, these simple steps will protect you against the majority of attacks. If you find a site does get targeted or under constant attack there are many more steps you can take but this is a great starting point.

The BBC Fights Back – Blocking VPNs

Have you ever noticed that all the free stuff on the internet is becoming harder to find? The web used to be awash with all sorts of wonderful content available to everyone, no restrictions and costing absolutely nothing. It epitomised the free sharing ethos of the internet and there were some incredible resources made available to anyone in the world. Perhaps it’s my older, cynical side but that really doesn’t seem to be the case any more. Sure there are still some great, uncensored and filtered sites available but they seem to be coming rarer by the day.

Even for those sites which weren’t always accessible for whatever reason, there was usually a quick and simple alternative or workaround. Take the following situation, I had to spend a few months in Australia last year and after a few weeks watching Aussie TV began to miss the BBC and the other UK TV stations. Now although the BBC iPlayer is normally blocked outside the UK there were usually methods to access BBC iPlayer in Australia. Ok, so some of these were a little underhand but there were even legitimate, official options.

For instance you could hop over to the official BBC iPlayer Global channel on YouTube which had lots of great content, although now you’ll just find the following message –

BBC Global iPlayer is is now closed. We would like to thank all of our subscribers for using the service.

Yep the miserable so and so’s have closed that YouTube channel and stopped posting programmes there. You could also find lots of ahem ‘unofficial’ copies of shows posted on YouTube as well, these have all mysteriously disappeared in a swarm of copyright infringement notices. No worry there’s still options, you can fire up a proxy server or buy a VPN online for a few bucks and your problem was solved, again that’s now not nearly as simple.

The reality is that in common with most of the big media sites online, free unfettered access to content is a thing of the past. The BBC iPlayer is following the trend and spending a lot of time and effort in restricting access to their site from anywhere outside the UK at least without paying lots of money first. There are commercial versions of the site being launched of course but usually cut down versions with high subscription costs. The BBC are now even actively blocking commercial VPN services something that they have always turned a blind eye to previously. Now many of the more high profile commercial ‘watch TV’ VPN services are locked in a seemingly never ending battle with the people who run the Beeb’s IT infrastructure. They block the IP address of the VPN services, and then the VPN companies desperately switch servers to try and avoid the restrictions for their customers.

In reality this battle is one that you can probably avoid by making sure you pick a more low-key VPN service which doesn’t advertise BBC and TV watching as their primary use. All the VPN services will allow access to the BBC if they’re not blocked so just find a ‘security’ focussed one and you should be good to go. Who knows where it will end though, the reality is that these services can still be blocked quite easily if the techies start looking at numbers and figures of users connecting on specific IP addresses.

He’s Using a Proxy Server

Although people who use Programs like Identity Cloaker obviously have a much higher level of privacy and security than anyone else, there are still certain limitations that the truly paranoid should be aware of. If for example you use a proxy or VPN from the confines of another network (perhaps corporate or academic) there are still logs created just like when using an ISP.

The logs are generally created to monitor access to the internet and would normally consist of client address (your computer or device) and the server address (the web site or resource you are visiting). In addition there would normally be more specific information regarding specific files, web pages or resources accessed. If you use a proxy or VPN server however this changes slightly as we can read below.

Instead of listing all the web sites and the addresses of those servers, when you are using a proxy or VPN the only remote address that will be listed is that of the proxy itself. No other information will be available if using a VPN (a necessity for encryption) just the single address. This in itself causes a little problem in that if the logs files are analysed it is possible to deduce that the connection consists of a proxy or VPN server simply because of the existence of a single address.

IN order to mitigate this, then this address should be rotated so that the connection simulates a normal web connection. The following video demonstrates how to achieve this with an IP Rotator.

When this function is enabled in Identity Cloaker, the address of the remote connection would change periodically simulating the function of a normal web browser and making the use of a VPN much less visible. Remember though although people with the right skills carefully analysing the logs could determine that a VPN might be being used, they would be unable to determine any more information than that especially is an IP address rotator program or script is being used.

Netflix and the Smart DNS Fight

SMart DNS is the innovative new technology designed to stop ordinary people getting blocked from their favorite web sites. Many of us discover these blocks when travelling or on holiday, for me it happened years ago when I tried to log onto the BBC website to watch the news and was told because I was not in the UK I couldn’t watch it. I was annoyed, I paid my license fee at home so why should it matter where I happened to be.

Nowadays it’s even more common and in fact most of the larger web sites use geo targeting or blocking to some extent. I certainly don’t think there is a big media site that allows unfettered access to their content to the whole world. Smart DNS changed this and offered an alternative to the usual fix of connecting through a VPN server. Smart DNS doesn’t route your whole connection it just filters the location specific requests and therefore has little impact on your own connection.

If you want to see how Smart DNS works – then this video illustrates how it can be used to bypass these blocks.

As you can see the only modification required is to the DNS settings on your device which is why Smart DNS is so much easier to implement on different devices like Smart Phones, media streamers and even Smart TVs. Unfortunately there does seem to be a downside which has been illustrated by the efforts of Netflix to block use of Smart DNS servers and codes.

The first efforts were successful although not completely, Netflix started to roll out updates to the various Netflix interfaces on device like the Roku. These updates hard codes the addresses of public DNS servers like Google DNS, which meant that any DNS settings you configured would be ignored as the servers were already hardcoded in the the device. This stopped SMart DNS working with Netflix and people were unable to change regions or access Netflix in a country where the media giant hadn’t established a presence. It also was rather unpopular with the owners of these public DNS servers as their servers became flooded with so many DNS requests from millions of devices.

It appeared that they backtracked and removed the static DNS entry requirements. Whether this remains the case, we’ll have to see – Many of the media giants seem more concerned with SMart DNS than they were with VPNs probably because it has the potential to be used on a much wider base of devices and even pre-installed on new hardware without the owners knowledge. Cretainly if the Smart DNS settings are set up a router like this, they’ll effect every device on that network.

Bye, Bye Proxies – Streaming Television Online

For years, the BBC has been one of the few companies that didn’t seem that bothered about blocking non-UK access to it’s online content. All the big media sites of course restrict access based on your IP address, but some seem to enforce these restrictions more than others. Hulu for instance has always had quite an aggressive stance towards people hiding their IP address to watch from outside the US. This has attitude has slowly seen the simple proxy become less and less useful for bypassing geo-blocks. Most systems now can automatically detect the use of a proxy server and will block this directly.

The BBC has now changed it’s stance completely and now is actively blocking these tactics and a simple proxy server will no longer suffice. This is presumably linked with the BBC having to become rather more aggressive with it’s commercial efforts due to a cut back in public funding. THe BBC has opened a new ‘online store’ where you can buy much of it’s content and downloads individually so allowing millions to watch for free is clearly not in that interest.

But fear not, there are still options and in some cases it’s probably for the best. The problem with proxies were that they were extremely easy to set up but very difficult to secure properly, which meant that the internet was awash with badly configured proxies often installed on hacked servers. To use the hacked servers particularly was extremely risky as they were often used to steal users credentials and data. A VPN is a different story and there are now a whole range of inexpensive, fast VPN services which offer the chance to both secure your connection and bypass geo-blocks. Here’s a simple introduction into one of them on this video – Streaming UK TV from Anywhere.

The program demonstrated is a secure VPN (although can run in different modes) which means that it cannot be detected by all these media sites. You should remember though that nothing is completely undetectable, even when the VPN cannot be detected – they can detect when multiple connections are streaming to specific IP addresses. Most of these VPN services share IP addresses with users because the costs would be much more to provide exclusive addresses to each user.

What You Need from a Secure VPN

Like everything in life, with computer security you get what you pay for. Unfortunately most people don’t look at things like this and usually pick based on the nearest to free that they can get. Take for example Anti Virus programs, there are literally millions of people who use free or very cheap services who have about as much chance of stopping your computer being infected with malware as my grandmother does of setting up a wireless access point (i.e none whatsoever). This attitude will only really change if they suffer the extreme hassle both in time and money of having their computer infected and possibly their personal accounts raided too.

It’s the same using a VPN (virtual private network), people think that they are all the same and if you are using a VPN then your internet connection is both secure and private – which is a long way from the truth. Have a look at this video for some introduction – Most Secure VPN Service

The points are important, logging (or lack of it is crucial), if you use a VPN which doesn’t deal adequately with the logs then you are safer without using them. Worst still VPN costs lots of money to run and support, some free proxies and VPNs are not run by some wealthy, benevolent technology company (surprise, surprise). They are run on hacked servers by cyber criminals who offer the service because it’s a simple way to steal all your credentials and help them selves to your bank accounts or identity.

VPNs do offer security, they do offer a level of protection that is unparalleled on the internet but only if they’re on properly configured hardware and run by technically competent staff- which of course costs money. Before you connect to that free proxy or VPN ask yourself this –

why is this company or person paying thousands of dollars a month to provide me with a completely free secure VPN service?

Hopefully if you’re over 15 then it might occur to you that there’s another agenda. Stay safe, don’t use free proxies and VPNs they could end up costing you big time.

VPN Speed and Security is Important

Of course on the internet there is a temptation to look for the cheapest version of something, however when you’re talking about VPNs and proxies then this is almost certainly a huge mistake.    Whatever the reason you’re looking for one, then VPN speed and security are of paramount importance.

Consider these two thoughts:

  • A slow VPN/proxy will make everything you do online happen at a snail’s pace.
  • An insecure VPN/proxy could put you at risk from identity theft.

The simple fact is that the moment you connect through a proxy or VPN server, anything you do online is routed through that server.   That is everything, every user account, email, password – whatever you do online it will be going through that server.

Which is one the reasons there are so many free hacked proxies and VPN servers around on the internet.  You may think that the cost of using one of these servers is speed, after all it’s free so it will be slow but the real cost is you are paying the price with your identity.

First of all the speed – look at the impact a normal fast VPN like this will have on your connection.

The impact that a fast, well configured and maintained VPN has on your connection is negligible – in fact often they can speed up your connection by compressing the data. Of course free services are never going to do that, it takes time and money to host and run fast servers like this and the majority of free proxies are on cheap unmanaged hosting with adverts to support them or are on hacked servers and financed in a more sinister manner.

Imagine you’re a cyber criminal who has just hacked into a network of servers at a community college in the US. How can you make money from these servers before they are discovered? Well one of the easiest options is to set them up as free proxies or VPNs and then let them loose on the internet. Wait until people start using them and then simply log all activity on the servers, sifting through the transactions looking for email addresses, usernames and passwords.

Pretty soon you’ll have a host of account names and passwords to all sorts of sites including home banking, paypal, ebay and hotmail. Any of these can be used to steal money and goods very easily, all from the comfort of the thieves desktop. It’s a pretty good model for cyber crime, relatively safe from getting caught and potentially hugely lucrative if you get access to a few bank and paypal accounts. Some people have had thousands drained from their accounts in this way simply because they are often completely unaware it’s happening until it’s too late.

So remember using free, unregulated proxies and VPNs to do anything online is a huge risk to both your privacy and wealth.

BBC iPlayer Blocks Proxies

For years now, the BBC has been fairly laid back in it’s enforcement of it’s online content.  However this has now changed –  for the first time the BBC iPlayer has begun blocking UK based proxies and VPN servers which are used to watch it’s content.

Just to summarise, currently live streaming of the BBC and it’s catch up service the BBC iPlayer is not accessible if you’re trying to access from outside the UK.  What happens is that the BBC site checks your IP address when you connect and if it’s registered outside the United Kingdom then you won’t be able to watch anything. However for years many millions of people have used a proxy or VPN service to hide their real location and watch all the BBC stuff normally.   These services merely reroute your connection through the UK and so technically you’re able to access the content without any problems.  It is estimated that millions of people currently use some form of these services to watch the BBC online.

BBC without a UK Address

It’s exactly  the same as all the other big media sites – Netflix for example had quarter of a million people watching from Australia before it was even available there.  VPN services like Identity Cloaker have become increasingly sophisticated allowing you to switch countries with a click of a button.  This effectively sidesteps any country restrictions no matter where you happen to be based.

Of course, the media companies don’t like this and have waged an on-going war on these services.  Simple proxies are now detected and blocked by most big media sites, and many of them are always adding such services to their block lists.  Over the years companies like Netflix and Hulu have invested heavily in technology to restrict the use of these services whilst pursuing many legal cases against the companies who run these services, the BBC have  overall seemed rather indifferent.

You will always get blocked from outside the UK if you try to stream from BBC iPlayer, but the corporation never made much of an attempt to block access to VPNs and proxies.  They do have a legal department which gets some of the more obvious services closed down, but were never particularly aggressive.  This seems to be changing with the IP addresses of thousands of VPN services being blocked over the last few weeks combined with pursuing many copyright infringements over YouTube too.

Fortunately it’s unlikely this tactic will be 100% effective simply because they providers are able to switch the IP addresses of their VPN servers as quickly as they are being blocked.  It’s best to look for a low-key service which provides UK based VPN servers without advertising the ability to watch these channels.    The only service I use which is currently unaffected is Identity Cloaker, whereas unfortunately many of the IPVanish addresses appear to be blocked whilst accessing BBC iPlayer – they are apparently working on a solution though.

Here’s How to Access Japanese Netflix from Anywhere

This month saw the global expansion of Netflix move into potentially one of it’s biggest markets – yes Japanese Netflix has arrived. It’s often surprised people who have been watching Netflix for years when they touch down in Tokyo that the Netflix button on their phone or media device stops working. After all the Japanese love movies and TV, there’s a fast internet infrastructure across most of the country and a high disposable income.

Why has it taken so long? Well many point to the struggles of Hulu who tried to enter the Japanese market about four years ago and never really got started. The fact is that Japanese viewing habits are actually quite dated, with some reluctance to pay for online entertainment services. Japan has several high quality national broadcasting channels(similar to the BBC) run by NHK and quite a few funded by direct advertising.

Also in Japan, people still rent much of their entertainment on DVDs and BluRay unlike places like the USA and Europe. It is perhaps why Netflix has been biding their time and building up enough Japanese content to support the new service. Well it looks encouraging, and for those outside Japan the majority of Netflix is still in English, some title with subtitles but there appears to be lots of new Japanese content and of course the anime section is packed to bursting.

How to Access Japanese Netflix

It’s probably going to change a lot over the next few years but looks good value for Japanese subscribers at something like $5 a month.   For those of us who subscribe to Netflix in another country, there is a way to check out the Japanese Netflix if you want to see what’s there.  I am hoping to discover a treasure trove of those wonderful old Japanese science fiction/monster movies which I love to watch.

So how to connect to Japanese Netflix if you’re not actually in Japan? Well of course, Japanese Netflix as usual is geo-restricted – that is locked to those people with a Japanese IP address.  However many of us have discovered how to change country on Netflix account simply by switching the location of their registered IP address. It’s not so difficult and here’s a video demonstrating one method of watching Japan Netflix from anywhere in the world.

As you can see, it’s not even necessary to change your IP address completely to a Japanese one (which saves redirect your browsing to downtown Tokyo at the same time). Using a Smart DNS proxy server like the one offered by Overplay you can simply redirect through their control panel to whichever version of Netflix you want. I have’t investigated fully what different stuff is on the Japanese Netflix but I’ll bet there’s some hidden gems there even for English speakers.

Give it a try.

Common Computer Security Mistakes

There’s no doubt that as our use of the internet grows then so do the risks. Computer based crimes such as identity theft are growing at a staggering rate, with huge criminal gangs all over the world expanding into this area.

Anyone is a potential victim however, there are some simple steps you can take to minimize the risk. This video shows you some of the very basic things you can do to help keep you safe.

If you want to go further, there are of course lots of other measures you can take, the use of VPNs or learn how Smart DNS works to hide your identity too.

The reality is that these very basic, simple steps hugely reduce your changes of becoming a victim. The reason being is that online criminals focus on the various easiest targets, simply by keeping your system up to date and never clicking on links in emails will make you much safer.