Defending Against the WordPress Brute Force Flood

Last Updated on Tuesday, 23 April 2013 04:21 Written by Scott White Saturday, 27 April 2013 12:00

There has been a massive distributed brute force attack being launched the past few days against every WordPress based website at every hosting provider in the world.

Well over 150,000 different IP addresses are currently attempting to gain access to the admin user’s password in every WordPress site.  By default, WordPress cannot protect itself against this type of attack, but you can protect yourself by following the tips in this email.

Here are the most important ones:

How to Secure your BoonEx Dolphin Site

Last Updated on Tuesday, 9 April 2013 04:33 Written by Henry Soria Saturday, 23 February 2013 12:00

Here are some basic tips to secure your BoonEx Dolphin website.

1) During your installation you must create an administrative profile

Don’t create a profile called “admin” but rather your nickname or first name as “henry”.

This prevents to distinguish the administrator (root) and fraud in connection (however, it is always possible with the admin ID ’1′, but we shall see in another tutorial).

2) Rename the “administration” directory by another name

Managing Notifications with 6Scan

Last Updated on Thursday, 21 February 2013 12:14 Written by Adam Bryner Thursday, 21 February 2013 12:14

In the dashboard of your 6Scan control panel, you can manage notifications for 6Scan.

Once logged into your cPanel, click on the 6Scan icon under the Security section of the cPanel. Once there, click on ‘Dashboard’, and then the settings tab. Finally, click on the notifications tab.

Notifications are managed for each domain that 6Scan is enabled for. You have the following self explanatory notification options.

1. Email me when new vulnerabilities are found on my site
2. Email me a weekly report
3. Send me an SMS when new vulnerabilities are found on my site

That’s it, easy right?

6Scan Security Seal

Last Updated on Thursday, 21 February 2013 10:05 Written by Adam Bryner Thursday, 21 February 2013 10:05

As a 6Scan customer, you can proudly display the 6Scan Security Seal on your website. The 6Scan Security Seal conveys to your users that you take your site’s security seriously, and is proven to increase trust and boost conversion rates.

You can get the appropriate code for the security seal by logging into your cPanel, clicking on 6Scan icon, then Dashboard. Finally, click on settings and the ‘Security Seal’ tab. Simply code the entire code block inside of the tag of your website.

That’s it!

Managing Vulnerabilities with 6Scan

Last Updated on Thursday, 21 February 2013 09:55 Written by Adam Bryner Thursday, 21 February 2013 09:52

By now, you’ve probably already had 6Scan enabled on your website for some time. Chances are you’ve received some sort of notification (SMS, or via Email) that vulnerabilities have been found on your website. Don’t panic, as 6Scan makes resolving these issues easy. As you can see from the screenshot below, I’ve created a test website using an older version of WordPress. 6 vulnerabilities have been found.

Now feels like a good time to mention why you need to keep your scripts/applications updated to the latest version at all times. There’s a few reasons these applications are updated quite often.

1. Release new features and improvements
2. Patch vulnerabilities, and further secure the code

With a subscription to 6Scan (not required) these vulnerabilities can be fixed automatically upon discovery. Otherwise, the free version you simply click each vulnerability and get a detailed explanation of the problem, and how to fix it. See below –

Clicking the ‘Manual Fix’ button opens a popup window that tells you which file to edit, and how to edit it. In the case of this example WordPress installation, upgrading to the latest version would be the best choice rather than manually editing the files. There is also a ‘Technical Details’ link that provides information (if available) about the technical issue related to the vulnerability.

Easy right? That’s it for managing vulnerabilities.