Wordfence Revisited

As I continue to use Wordfence and have started to use it on other sites, I grow to appreciated more and more. I already mentioned the ability to block specific IP addresses in an earlier post “Wordfence Live Monitoring Plugin for WordPress” and some of the reports the plugin is able to generate. Today, I would like to focus on some of the Firewall options in the free version.

Image #1
Image #1

When you fire up Wordfence and look up the options, you will notice that the plugin defaults to Security Level 2. As you can see in image #1,  Wordfence recommends this setting  for most websites.

Shows settings of level 2 default in wordfence.
Image #2

Scrolling down to the Firewall Rules, you will find additional security options (see image #2). These change as you change your security levels. I should also stress that these rules only affect the firewall for your WordPress site and do not change the firewall settings for your computer or server.

I have been personally debating both the level 2 and level 3 defaults. At level 2 they don’t really do anything, and at level 3 they only throttle back a crawler or human being who is searching your website. So rather than staying at the default level 2, I have set some of the option myself to actually block rather than throttle down after what I feel is a reasonable request per minutes. The danger here is you can actually block legitimate crawls by search engines, negatively affecting all the hard work you are someone else has done for search engine optimization (SEO). So you might want to leave these alone unless you are sure you need to need to tweak a setting.

Image #3
Image #3

The other area that is affected by changing the basic security leve setting is the Security Login section (image #3). This area controls the complexity of your users’ passwords and how soon the will be locked out of the site if they fail to enter the correct password.

Again, I find the settings a little lax for my taste, so I have beefed them up over the default level 2 setting you see here. I would be careful how far you tweak this setting or you could be flooded with a lot of users complaining that they were locked out.

Under options you will also find a spot to input an email address. The plugin will then email you when people successfully login to your WordPress Dashboard or when someone has been blocked. So if you aren’t able to watch you site, you at least know if someone has logged into your site and potentially damaged your site.

The most common report I get from Wordfence is a report of someone trying to use ‘admin’ as a user id and was locked out. (A good reason to assign an existing user administrator rights and then deleting the default admin account, or creating a user with administrative powers and then deleting the default admin account.)

I highly recommend this plugin if you have a WordPress site! It is fairly intuitive and does a good job blocking attacks.

 

Wordfence Live Monitoring Plugin for WordPress

log in attempts listing
Just a short list of attempts to break in.

A goal of every blogger and website designer is to have people view and read you site. It is only natural. After all we spend countless hours trying to design a great looking website that is easy to use with content that people want to read.

However, one of the things that will ruin any site, no matter how well designed and how terrific  the content, is a website that is compromised. In other words, outside parties hack the website.

I know this from personal experience. This particular site was hacked and the site gained a poor reputation quickly. It has taken me a lot of work to prove to various people that I have cleaned up the site and it is safe to visit.

 

To help protect this website, and you the reader, I have installed various plugins to help monitor activity on this website. One plugin I have recently installed is Wordfence. While I am still learning about all the program’s features, I am impressed so far.

Wordfence is a plugin that monitors activity on your webpage.  On function is it keeps track of log in attempts. As you can see from the snip from above, I have people trying to sign in as an administrator and gain control of my website. To help prevent this type of break-in, I do not use “admin” as a user on my WordPress website. I also use a password consisting of random letters, numbers, and characters and is longer than 6 characters making it more difficult to break into.

Another function of Wordfence is to track hits on the website. As you can see from the photo below, my site has gained the attention of someone from the Netherlands (most likely a crawler or spider program) who has hit my site 1170 times. While some of these hits are for legitimate reasons, like listings for various search engines, most likely the large number of hits from the Netherlands is not for legit reasons.

Visitors or Hackers
Visitors or Hackers

In Wordfence, I can issue block a particular ip address, preventing a that particular computer from visiting my site. Unfortunately, it is a temporary block if you have the free version.

In premium version you more advance blocking features such as country block. This premium feature allows you to block any hits from a particular country(ies). You can do a simple blanket block, or you customize the block so that legitimate users you know can enter your site.

As I stated before, I am still learning all the programs features, so I can’t give a full review. However, I do urge you do take a look at this WordPress plugin.

XP Hack Not A Good Idea

Windows XP Logo

Apparently there is a registry hack which is a “work around” that allows you to continued to get XP security updates. Well not actually, instead it allows you to pull in Windows Server 2003 updates – which has similarities with Windows XP in its code.  So in theory a portion of the updates should work on your Windows XP machine. However, in there are also differences in the two operating systems, so not all the updates will work and could actually damage your Windows XP operating system.

My advice is not to use it. Disconnect you Windows XP machine from the internet and any network to which you are connected. You may not be able to surf the web or get email, but you have a machine you can use and your data is safe. When you have the money, either upgrade your XP machine or buy yourself a new computer.

For more information on the hack, you may want to visit Maximum PC’s article at:

http://www.maximumpc.com/microsoft_warns_against_using_registry_hack_allowing_windows_xp_receive_security_updates_2014

True Story – Hacker Using Users Email Account to Steal

A person I know recently received a phone call from his bank asking him if he had sent a particular email. The email asked for some banking information but asked the reply be sent to a different email account. The bank was calling to see if the information was correct.

It turns out his email account had been hacked because of a poor password. Once the email account had been hacked, the thieves set up a rule in account to send a copy of all emails to the email account they created. (He was using an account that uses an online version of Outlook to manage the email.( The thieves (or would be thieves) were actually sending emails from his account to make the emails look legitimate.

So the lesson here is if you have any account online, please you good passwords. Also if you have accounts that use a mail manager that allows you to create rules or auto-forward email that you check it periodically. You might find your email going to someone else.

 

Want to Know if Website Has Been Affected by Heartbleed

According to the Google Web Store, Chromebleed is an extension for Chrome that will check to see if the website you are using is affected by the Heartbleed bug. Below is the description from the developer.

Description

Displays a warning if the site you are browsing is affected by the Heartbleed bug

Many HTTPS-secured sites on the internet use OpenSSL. Unfortunately, a major vulnerability in OpenSSL was disclosed – known as the Heartbleed bug – yesterday that put hundreds of thousands of servers at risk of compromise.

Whilst some servers have been patched already, many remain that have not been patched. Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded. If it is affected by Heartbleed, then a Chrome notification will be displayed. It’s as simple as that!

Please note that, in some jurisdictions, site testing can only be carried out with the express permission of the site owner. Please check what the law says in your local area before proceeding to download this extension.

The extension can be download at https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic