{"id":9368,"date":"2014-12-26T02:31:53","date_gmt":"2014-12-26T08:31:53","guid":{"rendered":"http:\/\/jeanschara.com\/randr\/?p=9368"},"modified":"2014-12-26T02:31:53","modified_gmt":"2014-12-26T08:31:53","slug":"tech-stuff-wordpress-security","status":"publish","type":"post","link":"https:\/\/jeanschara.com\/pmtoo\/tech-stuff-wordpress-security\/","title":{"rendered":"Tech Stuff: WordPress Security"},"content":{"rendered":"<p>If you have a blog, what, if anything, do you do to ensure it doesn&#8217;t get hijacked by nefarious web characters? Well, mostly I&#8217;ve trusted WordPress to publish solid software and used a strong password.<\/p>\n<p>Then earlier this month, I was wandering around on the FTP site of my site and noticed some files that looked suspicious on several of my blogs.\u00a0 I grew concerned. One one of my private blogs, I installed a WordPress security plug in called <a href=\"https:\/\/www.wordfence.com\/\" target=\"_blank\">WordFence<\/a>. It only found a generic problem &#8212; one file differed from the original WordPress installation file, but it had been modified by my hosting service. Each of the sites that had the strange files were sites I&#8217;d used the lazy way to install (and have sort of regretted ever since), meaning I let the hosting providers script service install the sites. There&#8217;s nothing wrong with this, but every once in a while, I have to log in to the service from my cPanel and tell it which version I&#8217;ve already updated the site to from my end.<\/p>\n<p>Even though my installs were mostly clean, I like the idea of WordFence keeping an eye on things. In fact, the day after I installed it on my primary site, I looked at the login attempt statistics and saw that someone in Italy had been repeatedly trying to login to my site using the Admin username.<\/p>\n<p>Now, you&#8217;ve probably heard the advice to never use Administrator or Admin as your administrator username.\u00a0 Um. Yeah.\u00a0 I have too, and until I saw those hits, I&#8217;d not done anything about it. When I saw that, I made the change right away. And I am using the WordFence plug in to block anyone who tries to login that way in the future.<\/p>\n<p>What does WordFence do? The free version does quite a lot. It will scan your site and compare the WordPress and theme files against known good ones in the WordFence repository for signs of tampering. If WordFence detects differences, it will let you know.\u00a0 You can compare the original reference file with the version on your site and tell it to ignore or make it match.\u00a0 If you have the paid version, you can schedule these scans. In the free version, you must run the scan manually (click a button to start the scan).<\/p>\n<p>You can look at live traffic on your site. You can block IPs. You can activate a caching option to speed up your site. Premium members can activate two-factor authentication via their cell phones.<\/p>\n<p>Generally speaking, so the individual or very small business owner using WordPress, the free version of WordFence should be fine, but the premium features may be worthwhile to you, depending upon your traffic or level of comfort with risk.<\/p>\n<p>You may or may not decide you need additional security help for your site, but, please, if you&#8217;re using Admin or Administrator for the username on your admin account, fix that but quick.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you have a blog, what, if anything, do you do to ensure it doesn&#8217;t get hijacked by nefarious web characters? Well, mostly I&#8217;ve trusted WordPress to publish solid software and used a strong password. Then earlier this month, I was wandering around on the FTP site of my site <span class=\"excerpt-dots\">&hellip;<\/span> <a class=\"more-link\" href=\"https:\/\/jeanschara.com\/pmtoo\/tech-stuff-wordpress-security\/\"><span class=\"more-msg\">Continue reading &rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[64,55],"tags":[],"class_list":["post-9368","post","type-post","status-publish","format-standard","hentry","category-tech-stuff","category-web-stuff"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/posts\/9368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/comments?post=9368"}],"version-history":[{"count":0,"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/posts\/9368\/revisions"}],"wp:attachment":[{"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/media?parent=9368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/categories?post=9368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jeanschara.com\/pmtoo\/wp-json\/wp\/v2\/tags?post=9368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}