Browse > Home / Archive: April 2009

Wordpress Security Plugins

April 23, 2009

When you use Wordpress for a corporate or business website, security always comes up as an issue and for good reason. In what has turned into an ongoing series on Wordpress Security I’m going to review a few very useful plugins which will add an additional layer of security to your Wordpress or Wordpress MU site.

In addition to this article, you might find the two other posts in this series useful:

Blocking Spam with Wordpress

Recovering from a Wordpress Injection (You are labeled an Attack Site)

So here is the added list of extremely useful Wordpress plugins, all of them work well with both Wordpress and Wordpress MU (on my sites at least):

  1. http://wordpress.org/extend/plugins/restrict-login-by-ip/ – Restricts Wordpress admin login by IP address. This is extremely useful since you will likely not want just anyone having access to the authentication login.
  2. http://wordpress.org/extend/plugins/limit-login-attempts/ – limit login attempts and records IP address.’Nuff said.
  3. http://wordpress.org/extend/plugins/wordpress-file-monitor/ – monitors WP file changes and notifies by email upon a change.
  4. http://wordpress.org/extend/plugins/wp-security-scan/ - scans the server for known security issues – this is a definite old standby and should be added to your Wordpress site
  5. http://wordpress.org/extend/plugins/invisible-defender/ – provides protection against SpamBots
  6. http://wordpress.org/extend/plugins/audit-trail/ – tracks changes to the site by user. I find this to be less of a security issue but it is extremely useful if you’ve got numerous authors on your blog. At the very least you know who to smack around if they make changes to your site. :)

Now keep in mind that these will not ensure that you will never have a security issue on your blog or website. But as the saying goes an ounce of prevention is worth a pound of cure (Benjamin Franklin was a pretty smart guy so I’m going with it).

I hope you’ve found these plugins useful. Let me know if you’ve got any additional plugins or techniques you use to secure your sites and ensure smooth sailing!

Cheers,

Dan Nedelko

Reblog this post [with Zemanta]
Related Posts
  • Dan Nedelko's Twitter Updates for 2009-03-13 @nicolelindaman go home rest :) Plus there's a bachelor finale on tonight (if that does anything for ya!) # @problogger I haven't but I'll definitely have a look this evening. # @nicolelindaman You and me both ;o) # Check out the #bachelor Vegas Odds, rumors and predictions - http://bit.ly/OKZ9K......
  • Email Scammers Get More Saavy This brightened up my morning today. I get tons of spam like this but I have yet to have seen one that actually included my real name in the body. A few things about this are very cool: I never knew I had a relative named Michael Nedelko. It's even......
Related Websites

Written by Dan Nedelko · Filed Under Features, WordPress, Wordpress SEO | 7 Comments 

Ashton Kutcher – Twitter Desperation?

April 16, 2009

Share photos on twitter with Twitpic

Social Media Marketing and Twitter in particular is a great way for stars like Ashton Kutcher to generate buzz. In fact it’s great for anyone and any business (when done properly). Now I’m as open minded to all sorts of Internet Marketing techniques but this one strikes me as a bit desperate.

Ashton is basically buying paid advertising on another social network in order to increase his followers on a competing social network. Come on Ashton. As they would say on Twitter: srsly?

UPDATE:

Clearly  Ashton Kutcher using Twitter is not a negative thing. In fact I fully believe in the power of Social Network Marketing and provide channels for self promotion. However, As a business driven marketer and branding expert I’m still not 100% certain if Ashton Kutcher’s campaign on Twitter produced any definable results other than the fact that he got some dedicated airplay on CNN. For a hollywood actor like Kutcher, this is definitely a plus, getting airplay like that will do nothing but promote his own brand, his movies and his career (and positively affecting his bottom line).

I wonder what type of metrics were taken into account except for the number of followers? Was any tracking done on Click Through Rates? How did it affect his Online Reputation? More likely than not, it was purely a branding play. I still think the Ad reduces the legitimacy of his entire Twitter campaign.

Related articles by Zemanta
Reblog this post [with Zemanta]
Related Posts
  • 32Red Active Players Up Revenues Down More interesting financials from online casino operator 32Red. Looks like they had an increase in active players, which is always good (customer service and retention likely get credit for that) but a revenue drop of 11%. Here's a brief synopsis of the interim results: Overall revenues -11.2% to £5.8m, from......
  • Wordpress Injection Attack March 4, 2009 Update: My plan has worked out very well and everything is back to normal without too much of an interruption. My request for Google site review took a total of 12 hours and it was completely handled through Google Webmaster Tools. Google spidered the entire site for......
Related Websites
  • Heroes Why do we need them?  Are they obsolete?  It seems that every time we start to idolize someone and make them larger than life, they disappoint us.  Something comes out that lessons them in our eyes.  Yet, we keep searching. ...
  • Open Enrollment Time :: Trying To Read All The Small Print She says: It's that time of year with my husband's employer...when the medical benefits package comes in the mail and we have to decide which medical benefit option we will pick.  Now, of course, we are very fortunate to have...

Written by Dan Nedelko · Filed Under Internet Marketing, Search Marketing, Social Networking, twitter | 3 Comments 

Blocking Spam with Wordpress

April 7, 2009

After my last article on Cleaning your Site after a Wordpress Injection Attack I figure that it’s time to take the old “an ounce of prevention us better than a pound of a cute” (or something like that). So here is a nice easy way to enhance your Akismet spam protection and quickly and easily blacklist an offending IP.

Personally I get really sick of blog spammers, especially since my blog is DoFollow. It doesn’t stand for the same thing as DoSpam. Very annoying time consuming and potentially harmful – alot of these same idiots who blog spam would also be the same people who will try to inject your Wordpress theme and plugins with Click Counter code.

Anyhow in this post I’m going to use the following plugins:

  1. Akismet (setup properly but that goes without saying.)
  2. WP-EasyBan
  3. WP Security Scan
  4. Secure Wordpress
  5. Redirection Plugin

The first thing you need to do is install all of the above plugins and ensure each of them work. As a side note: I had trouble with WP-EasyBan on Wordpress 2.7.1 but I corrected it. To be honest I am not 100% sure if it was a conflicting plugin issue or a core problem with WP-EasyBan. If you have a problem, contact me or comment here and I will share my fix (I wasn’t able to see “Add Ban” in the user menu but a few changes to the plugin fixed it without any issue).

Ok moving right along.

Let’s say you are getting a substantial amount of Spam in your Spam Bin in Akismet. You will easily be able to tell if it comes from one particular IP address. First go to your Spam Box and identify the IP address – see below:

One: Identfy the IP Address

Next step: Check your Security logs under “Tools -> Security Logs” – now if the person is simply annoying you can skip that step but the Security logs will identify if the user is on a blacklist:

Is the IP already on your Blacklist?

Check your Security Log and Blacklist

Once you’ve done that it’s time to “Add Ban” provided by WP-EasyBan. It’s got a great interface for you to add various options. We want to add a specific IP address (adding a block if IP’s could cause you to block legit visitors to your site.

Adding an entry to your Blacklist

Adding a Banned IP through WP-EasyBan

Also as an ounce of prevention you can set a time limit and maybe you’ll discourage the blog spammers after a period of time. The reason I like this method is that Spammers never give up unless they are certain that their stuff is not getting through. Blacklisting will let you send a message that there is no getting through to you.

As a last note: I like to add a personalized message to these idiots. Sometime I venture into more colourful language depending on how badly one IP is offending my site and messing with my hard work.

Then you can set another site to redirect them to as well. Get creative here you can have fun with this, there is also a sense of satisfaction to mess around with these people.

Anyone else have any tips? Let me know!

Cheers,

Dan Nedelko

Dan Nedelko

Related Posts
  • Internet Marketing Tweets 2009-10-23 Finally got JCarousel integrated completely into my Wordpress theme. That took longer than expected. # Madoff's workplace was rife with cocaine, sex via @cnn http://bit.ly/33DIeT suprise, suprise. # Awesome video about creating a membership site that pulls in $100,000+ a month by Timothy Sykes http://vimeo.com/7140070 # Wow pretty grey......
  • Wordpress Exploit Gumblar .cn Looks like there is another Wordpress exploit out there dubbed Gumblar .cn - I was actually made aware of it through a pingback from Growmap.com on their: Watch Out for Recent WordPress Gumblar PHP Exploit post. These attacks are extremely time consuming to clean up, trust me I've had to......
Related Websites
  • Installing a WordPress Blog If you want to install WordPress on your own server, the first step is to download the necessary files from the website at WordPress.org download. Next, you will use an FTP program to upload the files to your host site....
  • How Using A VoIP Phone Service Can Cost You Your Life VoIP Phones are all the rage. These Internet phones are becoming increasingly popular with the general public as well as among the technologically gifted avant-garde i.e. geeksRus. Chances are high you know someone who uses one or you may even...

Written by Dan Nedelko · Filed Under Features, WordPress | 1 Comment