Category: web security

How to block specific countries from accessing your WordPress site

We all know the potential for the web to reach everyone who is connected to it ( currently around 50% of the world has a connection ) and no less than Mark Zuckerberg realises after gathering over 1 billion monthly users on Facebook he wants to expand the net to try and acquire the next 5 billion using a program he has launched called internet.org. But with the advent of more and more people going online, it doesn’t mean that this is particularly a good thing, not everyone has good intentions and there are countries you are likely to never do business with but want to find a way of hacking your business website or profiting from your misfortune through scam emails or injected code. So the question arises…why let people from these countries on to your website in the first place? In this blog post, I am going to share with you two ways to block specific countries from accessing WordPress based websites.

Continue “How to block specific countries from accessing your WordPress site”

How to create a strong password

Most CMS platforms for websites have a login page where it requires a login and password. If you own or run a website having secure logins has never been more important! In this post I suggest ways of increasing your password security. [divider style=”1″]

Why is a strong password so important?

You spend a long long time making your website. Its content, its media & making it work as efficiently as possible. Others have different ideas…hackers, although many are good, some provide a real threat to your hard work. A hacker can try a brute force attack to infiltrate your digital kingdom.

What a brute-force attack is

A brute-force attack is where a computer tries every possible key or password until it succeeds at infiltrating your website. Nothing like a bit of determination! A simple brute-force attack usually has a dictionary of all words or commonly used passwords and cycles through passwords until it gains access. It can take time to complete BUT just read the next paragraph to see how many passwords can be tested per second…

How long does it take to hack a password through brute force?

This piece of information is really going to shock you…

Individual desktop computers can test over a hundred million passwords per second using password cracking tools that run on a general purpose CPU and billions of passwords per second using GPU-based password cracking tools.

Wikipedia

Scary thought really isn’t it, best change that password from password123 now don’t you think?

The hack clock is ticking

Eventually, after a while the hacker will gain access to your website this way if they are persistent. It can take a few minutes, a few days, a few months, a few years, or decades ( i think most would give up at this point! ).

Want to know exactly how long it takes to hack your password then simply enter it into this website, you might be quite amazed at how secure your password is https://howsecureismypassword.net/ if it doesnt take long it’s time to make a change! [divider style=”1″]

Tips to creating a good and incredibly strong password

Most brute force hacking uses commonly used “words” and natural choices we make like numbers after each other. A good technique is to use a phrase rather than a couple of words. For Example think of the song “If I could turn back the hands of time”

“If I could turn, turn back the hands of time, then darling you, you would be mine”

No, I am not declaring my love to you but I am loving this technique for building a password! What I want you to do is take the first letter of each word in that single sentence from the song and make a password!

If I could turn, turn back the hands of time, then darling you, you would be mine”

IICTTBTHOTTDYYWBM

This password would take 8 million years to hack whilst still being easy to remember by remembering the tune…quite a while i think.

Add some numbers

If you add just three memorable numbers 124 on the end it would take 3 trillion years to hack

Add some funky symbols

add a ? and it would take only 27 quintillion years to hack…so not at all long!

Go the extra mile & Deny Access to your CMS dashboard

Warning before performing this action make sure you have a basic understanding of what you are doing 

What if someone does manage to access your website through brute force, what then? Don’t worry if you do the following steps they can’t access the dashboard of your site even if they guess the password correctly! Bonus.

If you are the only person who needs to login to your Admin area and you know your own IP address, you can deny wp-admin access to everyone but yourself via an .htaccess file.

Create a file in a plain text editior called .htaccess and add:

# Block access to wp-admin.
order deny,allow
allow from x.x.x.x 
deny from all

replacing x.x.x.x with your IP address. 
Your Internet Provider can help you to establish your IP address.
Or you can use an online service such as What Is My IP.

You have completed your first step to lock down

Creating a strong password is only your first step to ensuring your website is less at threat to those with malcontent towards you and your business. There is a lot more to be done and I will be blogging about these things in future blog posts so please, sign up to my rss feed for my blog and receive it in your email so you never miss new information.