August 05, 2014, 10:46 AM — WordPress is one of the most popular blogging tools ever created. Thousands and thousands of sites use it every day, which unfortunately makes it a high profile target for the bad guys. eWeek lists eight things you can do to help increase the security of your WordPress site.
According to eWeek:
In multiple incidents in the last year, self-hosted WordPress user sites were attacked and leveraged as a basis for attacks against others. In March, the pingback URL tacking feature in WordPress was abused in a widespread attack. In June, attackers took advantage of flaws in the Timthumb image-processing library plug-in. Here are guidelines to help users limit security risks in WordPress.
Keep server software updated
Enable automatic WordPress updates
Keep plug-ins and themes updated
Use SSL for logging in
Use two-factor authentication
Use WordPress security plugin tools
Use DDos checker
Follow the official WordPress tips about how to harden your WordPress site
Image credit: eWeek
There are some very good tips in this list. I use WordPress for my own blogs so it's given me some food for thought on how I can better protect my own sites. I'll be checking my blogs shortly to make sure that I've set things up appropriately to help keep them as secure as possible.
One tool that I'm currently using that you should consider is WordFence. It's a free plugin that also offers premium security features if you need them. It has a 4.9 out of 5 stars rating on the WordPress plugin site, so it's clear many people (myself included) really like it.
In addition to the security features, it also has the benefit of including a firewall that can be very useful in limiting or restricting access by bots to your site. You can limit them or ban them for a specified period of time. This can be helpful if your WordPress site is targeted by scraper bots as one of mine was at one point.
Does using Tails make you a target for spying?
Computerworld thinks that using Tails might make you a spy target, and speculates on the vulnerability of the Tails web site.
According to Computerworld:
If I ran a spy agency, the users of Tails Linux would be among the people I most wanted to spy on. Simply by using Tails, they have declared to the world that they want to hide something. As a spy, I would try to trick people into downloading a spyware-infested copy of Tails.
A great way to do that, would be to create a scam copy of tails.boum.org. An evil twin, if you will. One of the tools in the catalog is called HAVOK. It is the second item on page 8 of the document. HAVOK does "real time website cloning with on-the-fly alterations."
You can download Tails 1.1 from the Tails site. If you aren't familiar with Tails and what it's used for, be sure to read the About page for background information. There are links on the side to documentation, help and news about Tails.
Wireshark 1.12 released
The Wireshark blog reports that version 1.12 of the network protocol analyzer has been released.
According to Wireshark Blog:
We are proud to announce the release of Wireshark 1.12.0! This is a fairly significant release for us, as we expect it to be the very last release using the GTK toolkit in the default interface (see this post for our plans to replace it).
Wireshark 1.12 contains a substantial number of fixes and new features, representing just over a year of development effort.
See the release announcement for details on what's in Wireshark 1.12. There are far too many things for me to list here. You can also download Wireshark 1.12 and read the release reaction thread on Reddit.
What's your take on all this? Tell me in the comments below.
The opinions expressed by the author do not necessarily reflect the views of ITworld.