By Jeffro on March 16, 2012
Perhaps one of the easiest attacks to perform on a WordPress based website is a brute force attack. Sucuri took the time to create a few different honeypots and monitored WP-Login.php to track the various IP addresses as well as the passwords used to break into the site. Their list of passwords attempted is no surprise to me as I’ve seen the same results over the course of a year via the Limit Logins plugin. It all comes back to the use of a strong password. A strong password would look something like this, RCu7R*0#zm. Unfortunately, many forms don’t accept certain characters in passwords so at the very least, add numbers to your password if you can only use numbers and letters.
The reason why this is one of the easiest attacks to perform is because by default, WordPress allows an unlimited amount of tries when logging into the backend. I understand that it’s the users responsibility to use a strong password but at the same time, I feel as though the software could help out by only allowing 3 login tries per IP address, very similar to how the Limit Login attempts plugin works. After 3 failed attempts, the IP address would be locked out for a certain amount of time. The only thing I can figure is this particular enhancement would cause some site owners more grief than peace of mind. Unlimited login attempts has been apart of WordPress since I started using it in 2007 and I don’t see it changing anytime soon, especially since the Limit Login attempts plugin exists and solves the problem so well.
Posted in WordPress | Tagged attacks, force, passwords |
By Jeffro on March 15, 2012
Automattic has announced the launch of a new featured VIP Partner program that will provide more bang for the buck for VIP customers. ∞
Posted in News | Tagged automattic, partners, vip
By Jeffro on March 15, 2012
It was’nt long ago when Posterous looked poised to take a big chunk of market share away from WordPress and other sites such as Tumblr. But alas, Posterous will become yet another internet memory as they’ve announced that the talent behind the service will now be apart of Twitter. While Posterous will remain online for the foreseeable future, users have already started flocking to different services such as WordPress.com, who have experienced a 250% increase in imports from Posterous accounts since the announcement.
Posted in News | Tagged Blogging, posterous, wordpress |
By Jeffro on March 13, 2012
John Baptiste of CatsWhoCode.com has published 10 useful SQL queries that you can use to clean up the database that houses your WordPress installation. Before any SQL queries are run, you should definitely back up your entire website as a wrongly executed query can ruin the database, rendering your site useless. If you’re afraid to execute any of the queries mentioned within his list, there are plugins available that can accomplish the same tasks such as WP-Cleanup but the same precautions must be taken, especially since some of the cleaning plugins are old and may not have the correct table or location to delete data from.
Posted in WordPress | Tagged cleaning, performance, queries |
By Jeffro on March 13, 2012
As I mentioned about a month ago, Jane Wells has been working on a new venture called Jitterbug which aims to be a bakery with a cafe feel complete with WiFi. To help fund this venture and to purchase some equipment, Jane put together a project on KickStarter.com to generate crowd sourced capital. The monetary goal was $15,000.00 and that was reached just 4 days prior to the project expiring. One particular backer was able to pledge $5,000.00 and will have a muffin named after him. The backer was Michael Torbert, the author behind the All In One SEO Plugin.
Congratulations goes out to Jane Wells for a successful kickstarter project. I myself chipped in a hundred bucks but the best thing about it all is that I now have a really good reason to visit Tybee Island, Georgia.
Posted in News | Tagged bakery, jitterbug, kickstarter
By Jeffro on March 9, 2012
Sucuri has published more information regarding the compromising of at least 30,000 domains. Based on their research, they are ruling out the possibility that the attacks are taking advantage of a new vulnerability within the core of WordPress.
The first question is how are these sites getting hacked? On all the cases we analyzed, they either had outdated versions of WordPress, or of a plugin. We can safely rule out any new vulnerability on WordPress itself.
To stay on top of the latest malware threats on the web, you should subscribe to their RSS feed. Perhaps the more people that realize this stuff is happening on a daily basis, the more it will persuade them to keep sites, plugins, and themes updated.
Posted in News | Tagged malware, security, wordpress |
By Jeffro on March 9, 2012
Fresh from WordCamp Phoenix 2012, Lance Willett who works for Automattic and is part of the theme wrangler team gave a great presentation for beginners on how to navigate the vast landscape that is WordPress themes. He covers the gamut such as where to look for themes, commercial themes, things to consider before using the theme on your site, etc. This presentation is truly for the beginner as it has nothing to do with coding. Nice job Lance.
Posted in Themes, Video | Tagged beginners, Themes, wordcamp |
By Jeffro on March 8, 2012
How would you like to experience WordPress functions within your inbox on a daily basis? If so, consider signing up to the WordPress Daily Documentation site. Each day features a different function within WordPress sent to your inbox which contains examples, an explanation of what the function does, parameters, and the usual information you would find via other sources. Since signing up, I’ve received emails covering add_shortcode() and get_the_ID().
There are all sorts of ways to view information related to specific WordPress functions but this method may be especially useful to those who are starting to learn what functions are and which ones WordPress contains. But if you don’t feel like putting your email address on yet another subscription list, there is always the Codex.
Posted in WordPress | Tagged daily, email, functions |
By Jeffro on March 7, 2012
Once again, I want to tell you to not blindly trust theme authors when they say their theme is SEO friendly. “SEO friendly” is just a label they put on their theme and since most of their customers don’t know what to look for to see if it’s actually true, yet know that it’s important, it helps “sell” themes.
Sounds like he’s describing me and I bet a lot of other people as well. Overall, good advice from Joost de Valk with a little bit of self promotion at the end.
Posted in News | Tagged canonical, seo, Themes |
By Jeffro on March 6, 2012
Interconnectit has announced that The Auditor (name to be determined later) has entered the closed beta process and is currently looking for people to test the plugin. The plugin is an event logger that tracks key options and content changes within a WordPress installation and contains a viewer that lets you view what’s been happening on your site. This plugin sounds like the perfect option to determine if things are going on within your website that you were not aware of. The closed beta is limited to a select group of people but if you’d like to participate in the event, you can leave a comment on their announcement post explaining why you’d like to give it a try.
Posted in Plugins | Tagged auditor, beta, Plugins |
Page 10 of 125« First«...5...91011...1520...»Last »
Recent Comments