Should You Use Domain Privacy?

I will start out by admitting that I hate Domain Privacy.  But I just read a story in Naked Security on February 9th that is causing me to reevaluate my opinion.  It turns out that the new White House press secretary, Sean Spicer, has a personal website at www.seanspicer.com.   The website has been turned into a private site, but the WHOIS record ...

Continue Reading →
0

The Russians Are Coming! Or Are They?

The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.

The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups.    But we have discussed ...

Continue Reading →
0

Shields Up For WordPress Websites and Blogs

mbclogofinal-smallI will be a featured presenter at the MN Blogger Conference, on Saturday October 15, at Concordia University in St.Paul, from 8:15 am to 5:15 pm.  Tickets are $20.

My presentation is titled Shields Up For WordPress Websites and Blogs.

In this presentation you will learn why WordPress sites are an attractive target for cyber-criminals and attackers, why they want to hijack your site, and how ...

Continue Reading →
0

HTTPoxy Poses New Threats For Web Site Owners

A recent article in Naked Security caught my eye the other day about a new web site vulnerability called HTTPoxy.  This stands for HTTP requests and poisoned proxy settings.  Most web site use a technology called Common Gateway Interface (CGI) to run applications such as site search, collect information submitted on web forms, display comments, run a forum, or to display database queries such as pricing in a usable form on a web page.

HTTPoxy Continue Reading →

0

Two Factor Authentication for WordPress

Hardening and securing WordPress websites is one of my specialties.  We have reported previously on three of the best WordPress security plugins, Sucuri, Bulletproof, and WordFence.  I can tell you that each of these plug-ins performed admirably against the continuous barrage of brute force and password reset attacks that my sites have endured.  Security appeared to be strong, but I wanted more.

I have been deploying two-factor authentication (TFA) everywhere I can, in order to overcome the inherent weakness of password ...

Continue Reading →
0

What Happens When Your Website Gets Hijacked part 2

The fine people at WordFence Security have also recently published information on what happens when web sites get hijacked.  They gathered this information by surveying their client and blog readers.  The results are in the infographic below.

what_attackers_do_to_wordpress_sites-1024x573

Taking a site down or site defacement makes up 25% of the malicious actions, which I found surprising.  The other items on the list ...

Continue Reading →
0

What Happens When Your Website Is Hijacked?

I don’t often re-post other people’s web content, but the video below from Sucuri is worth the look if you are interested in learning why an attacker would want your website, and what they could possibly do with it, how that affects your reputation, and most importantly, what you could do to prevent it in the first place.  If you have the time, take a look.  The running time is 25 minutes.  With the Q&A Session, it goes out to 40 ...

Continue Reading →
0

Panama Papers Attackers Exploited WordPress Flaw

panama-papersWe have written before about the importance of properly securing your WordPress website.  According to a recent post on the WordFence blog, the Mossack Fonseca breach, commonly known as the “Panama Papers,” was apparently made possible by an unpatched WordPress plugin, and also a mail program that stored user credentials in plaintext..

This again reiterates the importance of keeping your WordPress version up to date (version 4.5 as of 4-16-2016), ...

Continue Reading →
0

No Fooling – How to Secure WordPress

WordPresslogoI know it’s April Fool’s Day, but this is a straight up serious post.  If you own, operate, host, support, or develop WordPress sites, this article is for you.

We have written a few articles covering the subject of WordPress security.  I recently received an email from John Stevens over at HostingFacts.com, inviting me to review their excellent tutorial, 28 Ways ...

Continue Reading →
0

Crypto-Ransomware Round-Up

cryptolockerSome of the nastiest exploits going around are the many variants of the CryptoLocker and CryptoWall malware that encrypt all your personal files and hold them for ransom.  Payment in bitcoin is required, in amounts starting at $200 and ranging upward to the $17,000 (400 BTC) that Hollywood Presbyterian Hospital just paid to unlock their files.  Or even more.  The amount will be whatever the attackers think they can extract from the victim.

  • The latest ...
Continue Reading →
0
Page 1 of 2 12