The Global WordPress Brute Force Flood attack the we experience recently affected litlerally thousands of WorPress sites. Many were recovered. But, many were lost.

In March, on HostGator's Blog, one customer reported having three hundred and fifty sites affected. All this, not to mention, the hours lost by WordPress blog owners attempting to regain access to their sites.

So, what can you do to hep protect your WordPress sites from a similar attack? Well, let's talk about some steps that you can take to add some layers of protection to your installations. As well as, ongoing actions that you can take to secure your sites and information.

Your Initial WordPress Installation

I'm sure that you have heard of the one-click installations for WordPress. You web host likely provides Fantastico, Fantastico Deluxe or a similar application to quickly get your sites up and running. I do all my installations manually. We are not going to cover a complete installation here. We are just going to close some security holes.

When you begin your installation, it is a good idea to open a text editor, like notepad, to copy and paste all of your settings into. Things like the database name, database user name and password. You will need them to complete the installation.

Once you have your WordPress files either placed in a folder in your home directory by Fantastico or uploaded yourself, open the wp-config-sample.php file in notepad or your favorite text editor for a little editing. Do Not use Word or Wordpad.

It will look like this, once opened:
conf-smpl1

Now, copy and past in your DB_Name, DB_User, and DB_Password into the highlighted areas. Then scroll down to the section under 'Authentication Unique Keys and Salts'.

Copy and paste the url, https://api.wordpress.org/secret-key/1.1/salt/ into your browser. This will display a series unique key phrases that are for this installation only. Copy and paste these keys into the highlighted area shown. Be sure to paste these into your notepad file and save later.

conf-smpl2

That done, scroll down just a bit to the 'WordPress Database Table prefix' area. This section is simple. Your table prefix is a series of numbers or letters or a combination, up to six or characters. It's really up to what you put here. Just type yours in after the underscore. Like this; 'wp_XXXXXXXX'.

conf-smpl3

The table prefix basically allows you to run multiple WordPress installations from a single database by assigning each it's own individual table prefix. Whether or not you intend to have multiple instances from a single database, it's still a good idea to fill this in.

Remember to add your table prefix to your settings file!

When you have completed these steps, you will want to save your updated wp-config-sample.php file. But you want to save the updated file as 'wp-config.php'. To do this, in notepad, click 'File>save as' and when prompted, type wp-config.php and save it to your desktop.

Then, just upload the the wp-config.php file to the WordPress installation files and delete the wp-config-sample.php file.

Now you are ready to complete the final steps to installing your new site. When you have completed those steps, go back to your WordPress directory, open the 'wp-admin' folder and delete the 'install.php' file. You no longer need it and it can allow someone access to your site.

If you have already installed your site and did not complete these steps, don't worry. Just follow the steps above and you're good to go!

Useful Plugins for Your Site Security

One of the things that makes WordPress such a popular site platform is it's versatility. There are literally hundreds of themes plug-ins and add-ons to extend the capabilities o the basic platform.

There are five primary plug-ins that I suggest. Until recently, I used the Simple-Login-Lockdown plug-in. But, this plug-in has not been updated for quite some time.

Bad Behavior - Michael Hampton
Deny automated spambots access to your PHP-based Web site.
http://wordpress.org/plugins/bad-behavior/

BulletProof Security - AITPro, Edward Alexander
BulletProof Security protects your website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts
http://wordpress.org/plugins/bulletproof-security/

BruteProtect - Sam Hotchkiss, Rocco Tripaldi
If any single IP has too many failed attempts in a short period of time, they are blocked from logging in to any site with this plugin installed.
http://wordpress.org/plugins/bruteprotect/

TimThumb Vulnerability Scanner - Peter Butler
Keep your instances of Timthumb up to date and free from vulnerabilities simply. Bonus - checks for obvious signs of compromised sites.
http://wordpress.org/plugins/timthumb-vulnerability-scanner/

WordPress Hashcash Extended - Elliot Back
Client-side javascript blocks all spam bots. XHTML 1.1 compliant.
http://wordpress.org/plugins/wp-hashcash-extended/

As I said earlier, there are many plug-ins available. Just as there are as many opinions as to which are the best or not.

A one hundred percent secure site is a dream. If someone wants in bad enough, they will get in. Bottom line!

But, as site owners, it is up to us to make our sites as safe and secure as possible for our visitors and clients.

Until next time!

Technorati Tags: Global WordPress Brute Force Flood, WordPress, WordPress Security

On today's segment of Authority Masterminds on Blog Talk Radio, we had as our expert authority, Willie Crawford discussing Joint Venture Brokerage.

Willie is a very well known JV Broker who has connected many businesses, product and service owners, affiliates and Joint Venture partners together.

We began our discussion with Willie describing exactly what a Joint Venture is. Generally, when we think of a Joint Venture, we think of a product launch.

Actually, a Joint Venture is when any group of people gets together for a product promotion, a product creation, combining or associating products or services or even to promote a cause, such as a particular event or charity.

Then Willie went on to explain the role of a Joint Venture Broker. Suppose that you have a product or service that is a good one, but, you do not have the resources to make it viable. A JV Broker will go out and suggest your product or service to potential Joint Venture Partners and Affiliates.

Once these partners and affiliates have agreed to promote your product, then a product launch is set up. You, the product or service owner, would pay a commission to the promoters. And you would also pay the broker a commission for putting this all together.

Good Joint Venture Brokers are in high demand. Skilled joint Venture Brokers may often receive an upfront fee for the project and a percentage of profits from a successful promotion. That is what makes this business model not only attractive, but also, potentially very lucrative.

There are several ways that a JV Broker can apply their skills. Not only in the online world, but in offline as well. For example, bringing together an offline business and an online business, to complement their particular products or services.

Another example would be connecting an offline business with an online local business promoter. Producing increased sales for the offline business and providing word of mouth expert status for the online promoter.

It's really about having the vision to see the possibilities and putting the business owners together, either online or offline, and because you are able to do that, then you get paid a commission for doing it.

Willie and an associate, Sohail Khan, will be holding a 5 day workshop in Atlanta, Georgia in early May. However, they will accept only a limited number of students. And, as you will see on the website, potential students must schedule a call with Willie or Sohail to qualify for the workshop.

Be sure to listen to the call recording and, as always, be prepared to take notes and listen several times. Willie always over delivers on these calls and there is a lot of good info, if you are a good listener.

While you are here, I encourage you to pick up your free Internet Marketing report. This report is filled with information useful to both online and offline businesses. And is not the same old blah, blah, blah that you've heard a hundred times before.

And that will also put you first in line for notifications of upcoming Blog Talk Radio shows. As well as providing you regular updates to help your Internet marketing businesses.

Thanks so much for your time and participation.

Until next time!

Technorati Tags: Joint Venture Broker, Joint Venture Brokerage, Joint Venture Brokerage Business, Joint Venture Partners, Sohail Khan, Willie Crawford

 Page 1 of 21  1  2  3  4  5 » ...  Last »