Make Money from Blogs » Login

WordPress security tips (part 5) – Plugins to secure your blog

ashish — Thu, 26 Nov 2009 14:14:29 +0000

There is a huge amount of information available on the internet for helping to secure your WordPress blogs, including using plugins that have been shared by helpful people. What is required is for you to be vigilant, read up current WordPress security issues, and keep your blog updated to the latest WordPress version.

Limit Login Attempts Plugin:
Wordpress currently allows anybody to attempt trying to login multiple number of times, and this can be seen as a problem in terms of security. Major ecommerce, banking and other such sites have restrictions that accounts get locked if people try to use a wrong combination of account ID and password, and this is very useful since it prevents people from trying to do a brute force attack. However, with WordPress not having such a restriction, it becomes difficult to prevent this type of attack if somebody is trying to attack you. However, there is a Plugin that allows you to restrict the number of login attempts. This is the “Limit Login Attempts” plugin available at this location (link).

Features
- Limit the number of retry attempts when logging in (for each IP). Fully customizable
- (WordPress 2.7+) Limit the number of attempts to log in using auth cookies in same way
- Informs user about remaining retries or lockout time on login page
- Optional logging, optional email notification
- Handles server behind reverse proxy

Semisecure Login Reimagined Plugin:
This plugin needs JavaScript to work, and if JavaScript is enabled, it will encrypt the password from the client end before it is sent to the server, and is then decrypted at the server end. If no JavaScript, then the password is sent in clear text. Available on this site (link)

Is this really secure?
Short answer: No, but it’s better than nothing.
Without SSL, you’re going to be susceptible to replay attacks/session hijacking no matter what. What this means is that if someone is able to guess or learn the session ID of a logged-in user (which would be trivial to do in an unprotected wireless network), then essentially they could do anything to your WordPress site by masquerading as that user. The point of this is to prevent your password from being transmitted in the “clear.” If someone is in a position where they can learn your session ID, under normal circumstances, they’d also be able to learn your password. The proper use of this plugin removes that possibility.

Changing your Adsense password

ashish — Sun, 30 Aug 2009 05:00:35 +0000

When Google started with Adsense, it allowed users to have a non-Gmail account with a separate password; it was only later that Google started linking everything to a Gmail account and password. For people, it can be a bit confusing as to what they need to do if they are unable to access their Adsense account because the password does not seem to work. There are others who prefer to change their password on a regular basis to keep it secure.

How do you change your password from within Adsense ?

1. Log in to your account at https://www.google.com/adsense
2. Click the Login Information [edit] link
3. Enter your current and new passwords in the fields provided
4. Click Save Settings to update your password, or Cancel to return to the previous page without saving.

If you want to reset your Adsense account and currently don’t remember your account password, or the one that you have does not seem to work, then you should go to this url:

https://www.google.com/adsense/assistlogin

If you have more queries regarding to Adsense, then you should go to this Google Adsense help page:

https://www.google.com/adsense/support/bin/topic.py?topic=8431

WordPress Hack Block: Login Lockdown

ashish — Tue, 04 Aug 2009 16:09:26 +0000

What does somebody do when they try to figure out your password for WordPress account ? They try multiple attempts at your password, and WordPress allows an atacker to make multiple attempts. Would it not help you if you could get a report whenever somebody makes multiple attempts to access your login account. Here is one WordPress Plugin that helps you in this effort. The plugin is proactive in these security measures, since it directly blocks access from an IP range if there are a number of invalid login attempts from that range.
Page to read more and download (link here)

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.

WordPress Hack Block: Limit Login Attempts Plugin

ashish — Sun, 02 Aug 2009 19:21:42 +0000

WordPress allows any number of attempts at login, so if somebody is trying to do a brute force dictionary attack onto the admin section of your site, at some point, they may suceed. But the basic issue is, why are you making it easy for hackers to do so; you should set a limit on the number of times a wrong login can be attempted on your site. Here is a plugin called ‘Limit Login Attempts’ that allows you to do this. Get it from this page (link)

Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Features:
Limit the number of retry attempts when logging in (for each IP). Fully customizable
(WordPress 2.7+) Limit the number of attempts to log in using auth cookies in same way
Informs user about remaining retries or lock out time on login page
Optional logging, optional email notification
Handles server behind reverse proxy