WordPress Site Health

In my previous post, I mentioned that WordPress automatic updates [above minor level] were not enabled by default. I referred to a WordPress technical article to assist with fixing, but decided to go one step further – utilize the new Site Health tool for WordPress. I used this tool to point me in the right direction on what needed to be done: enable all updates automatically and also to enable the latest PHP version on the back end.

Instructions on enforcing automatic WordPress updates and using the latest PHP can be found here!

WordPress Automatic Background Updates

WordPress updates can be very important, both from a security and performance perspective. Although doing these WordPress, or any, updates can be done manually at any time, why not set them to automatically install? To my knowledge, there is no check box anywhere in the dashboard to achieve this. There are plug ins that can be used, but I believe ‘less is more’ when it comes to plug ins – they can fill up the plug ins directory and even increase the odds of a security breach. So, the best method is to directly edit the wp-config.php file. Minor updates are enabled by default, but there are a couple of other higher level updates needing to be enabled.

The PHP file sits at your hosting WordPress folder location.

Full instructions are contained in this WordPress article.

WordPress Gutenberg

The new WordPress editor, “Gutenberg” has arrived. It is very sleek. Gutenberg is the epitome of object-oriented page building! It is building block driven: literally, you make pages by using Gutenberg’s building blocks, and working within the blocks. It is very sleek!

 

Gutenberg’s WordPress page:

https://wordpress.org/gutenberg/

 

Backdoor in Captcha Discovered

Nothing to see here, folks …

“Backdoor in Captcha Plugin Affects 300K WordPress Sites”

“The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name.

Whenever the WordPress repository removes a plugin with a large user base, we check to see if it was possibly due to something security-related. Wordfence alerts users when any plugin they are running is removed from WordPress repo as well. At the time of its removal, Captcha had over 300,000 active installs, so its removal significantly impacts many users.”

Incredible analysis in the below link. Nicely done by WordFence.

Full article or Blog here

Blocked Countries by WordFence

“China is in the lead” … of blocked countries. My humble website is constantly being sniffed at from the outside. To me it makes no sense on the surface – I have no confidential data or business secrets whatsoever. I do not do eCommerce or any business transactions for that matter. I do not even make poor stock market predictions!

But it makes sense to the potential intruders. These are likely bots just doing recon, searching for WordPress, Plugin or theme weaknesses and other possible pots of gold. Thankfully, I am fully invested in “WordFence”, an outstanding WordPress firewall.

Thousands of Hacked Home Routers are Attacking WordPress Sites

Thousands of Hacked Home Routers are Attacking WordPress Sites

Fascinating blog from WordFence, one of the best WordPress firewall out there. They uncovered attacks coming from various countries and regions. The target is home networks. There is a router vulnerability called “Misfortune Cookie” [really] that is being exploited. It appears many home routers are hacked with this vulnerability and they in turn launch attacks. The tricky part here is that the launched attacks are actually small per home router, so detection is difficult.

The really weird thing is that the IPS are coming from all over the place, but attacks from Algeria [!] are increasing dramatically.

Read the WordFence Blog here

Ukraine In The House

There are hundreds and hundreds of these WordFence Firewall entries on Riguy.Com. I blocked some IPs here and there; that will work for a while. I wonder what these nice people from Ukraine would ever want with my most humble of web sites? Regardless, thanks WordFence [awesome security plugin]!

WFence1

 

WFence2 WFence1

 

Wordfence WordPress Security Plugin

WordPress is so ubiquitous these days on the web, but hopefully more developers will keep up with the security needs of their sites or at least delegate to someone to maintain after their site is built.

This ‘Wordfence’ security plugin is very impressive. It can do a site scan, block IPs or countries [China, anyone?], and give a live screen of current connections. It does much more as well, especially if the free version is upgraded to the paid version.

It has over 1 million installs as of September, 2015. There is a reason for that – even the free tools are very useful and can provide a fair amount of security. I recently installed this plugin on ‘Riguy’ and it is exactly what is needed for a security blanket.

wordfence