Word Press and Security

On Thursday, April 11 many Word Press websites were under a global brute force flood attack. Our hosting provider alerted us to the security issues and we began working on adding yet more security to your Word Press websites. Thankfully by teaming up with our hosting provider (HostGator.com) we were able to make sure your site was unharmed.

Account Security: Did you know that one of the most common causes for a hosting account to become hacked, or otherwise compromised, is also the most easily preventable cause as well? If you use WordPress, Drupal, Joomla or any other PHP-script, database-driven CMS then it is vitally important that you keep these scripts up-to-date. Failure to do so is literally an open door inviting hackers to gain access to your account. Updating these scripts is as simple as logging into the back-end and clicking on any “update” notification that appears therein. And this is one of the many things we do for you once your site goes live – as maintenance.

Why creative and strong passwords are important!
We know it is difficult and sometimes frustrating to have so many passwords. But please, do not fall down on your passwords and security…a little time now will save you both time and money in the long run. Be consistent in how you store your passwords (we suggest using an address book and a pencil). And remember to change them!

AVOID using:

  • admin
  • maiden name children or pet names
  • password
  • 123456

Characteristics Of A Safe Password

  • cannot be found in a dictionary.
  • contains special characters AND numbers.
  • contains a mix of upper and lower case letters.
  • has a minimum length of 10 characters.
  • cannot be guessed easily based on user information (birthdate, postal code, phone number etc.)
  • don’t use common substitutions, e.g. @ for A/a.
  • if recurring letters within your password, mix your substitutions, e.g. 8 or ( for B/b.
  • have a word and touch type it with your fingers in the etpmh (wrong) location. Keep in mind that you may switch keyboard types.
  • pick a pattern on your keyboard and type it with alternating use of the SHIFT key, e.g. Xdr%6tfCvgz/
  • create individual passwords for every account (not one for all and all for one!)
  • update your passwords regularly

Ways to try and meet safe passwords rules while still making something you can remember:

  • Randomly replace letters with numbers, e.g. shirt becomes 5h1r7.
  • Pick a sentence, i.e. your passphrase, and reduce it to first letters of each word only, e.g. “Can You Tell Me How to Get to Sesame Street” becomes CyTmHtGtSs.
  • Take a word and reverse spell it, e.g. neighborhood becomes doohrobhgien
  • You can test your password strength here:.

Read More:
http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/
http://www.theverge.com/2013/4/13/4218846/massive-botnet-using-brute-force-attack-to-target-wordpress-sites
http://it.slashdot.org/story/13/04/12/1940248/wordpress-sites-under-wide-scale-brute-force-attack?utm_source=rss1.0moreanon&utm_medium=feed
http://www.microsoft.com/security/online-privacy/passwords-create.aspx
http://techcrunch.com/2013/04/12/hackers-point-large-botnet-at-wordpress-sites-to-steal-admin-passwords-and-gain-server-access/

Password Resources:
http://www.makeuseof.com/tag/5-websites-to-generate-a-safe-and-strong-password/
http://www.passwordmeter.com/