I am honored to be presenting at the 2017 ISSA International Conference, October 9-11 in San Diego, CA. This year’s theme is “Digital Danger Zone.” Please join me for networking, education, and fun.
I will be presenting “Shields Up for WordPress Web Sites and Blogs.” This presentation covers the threat of website hijacking, what an attacker wants to do with your website, ...
Continue Reading →
On Wednesday we discussed the importance of backing up your website as part of a larger cybersecurity strategy. Today we are going to look at feature considerations for you as you decide which backup plugin is right for you.
Personally, I have used both Backup WordPress and Updraft Plus, and I have been satisfied with both of them. When you search for backup ...
Continue Reading →
On Wednesday we took a look at a collection of mostly web-based reconnaissance tools. Today we are taking it to the next level and actually attempting to find and exploit vulnerabilties.
Kali Linux – This is a pen-testers version of Linux that comes fully loaded with over a hundred testing applications. Kali can be installed in any old laptop you have laying around, installed as a virtual ...
Continue Reading →
I received an email from Natasha Wentz at MakeAWebSiteHub.com. She had seen my earlier article on securing WordPress, and asked to be added to the resource list. I took a look at the article, and decided that it was too good to bury in a year-old post, and I offered to write this post to feature their article.
I will start out by admitting that I hate Domain Privacy. But I just read a story in Naked Security on February 9th that is causing me to reevaluate my opinion. It turns out that the new White House press secretary, Sean Spicer, has a personal website at www.seanspicer.com. The website has been turned into a private site, but the WHOIS ...
The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.
The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups. But we have ...
Continue Reading →
I will be a featured presenter at the MN Blogger Conference, on Saturday October 15, at Concordia University in St.Paul, from 8:15 am to 5:15 pm. Tickets are $20.
My presentation is titled Shields Up For WordPress Websites and Blogs.
In this presentation you will learn why WordPress sites are an attractive target for cyber-criminals and attackers, why they want to hijack your site, and ...
Continue Reading →A recent article in Naked Security caught my eye the other day about a new web site vulnerability called HTTPoxy. This stands for HTTP requests and poisoned proxy settings. Most web site use a technology called Common Gateway Interface (CGI) to run applications such as site search, collect information submitted on web forms, display comments, run a forum, or to display database queries such as pricing in a usable form on a web page.
Hardening and securing WordPress websites is one of my specialties. We have reported previously on three of the best WordPress security plugins, Sucuri, Bulletproof, and WordFence. I can tell you that each of these plug-ins performed admirably against the continuous barrage of brute force and password reset attacks that my sites have endured. Security appeared to be strong, but I wanted more.
I have been deploying two-factor authentication (TFA) everywhere I can, in order to overcome the inherent weakness of password ...
Continue Reading →The fine people at WordFence Security have also recently published information on what happens when web sites get hijacked. They gathered this information by surveying their client and blog readers. The results are in the infographic below.
Taking a site down or site defacement makes up 25% of the malicious actions, which I found surprising. The other items on the ...
Continue Reading →