All posts tagged “Security”

Homeland Security is testing nightmare scenarios where toy drones become flying bombs

Here’s a hypothetical matchup for you. A column of tanks covered in thick armor, capable of firing many bullets of both large and small caliber. On the other side, a bunch of plastic quadcopters you bought at the local Walmart. Who wins? According to exercise by the US military, the drones have it hands down.

Drones > Tanks

This was one of several fascinating factoids from a Wired report on a recent meeting hosted by the Department of Homeland Security, the goal of which was to access just how dangerous these “toys” can be.

Along with DHS and the US military, the Federal Aviation Administration was in attendance. That agency has a mandate from Congress to come up with new rules governing domestic drones by the end of this year. So far…

Continue reading…

The Verge – All Posts

SpaceX settles dispute with US Air Force over national security space launches

SpaceX has announced it has settled its dispute with the United States Air Force and will dismiss standing claims in a US federal claims court. Last year, Elon Musk and Co. accused the Air Force of stifling competition in the Evolved Expendable Launch Vehicle (EELV) program by allowing United Launch Alliance — a joint venture between Lockheed Martin and Boeing — to keep a monopolistic grip on launches. SpaceX has been frustrated with the lengthy certification process as it moves toward eventually competing with ULA. Under the newly reached agreement, the Air Force will “work collaboratively with SpaceX to complete the certification process in an efficient and expedient manner” so the company probably won’t be waiting much longer to fight…

Continue reading…

The Verge – All Posts

Piper’s home security camera can now see in the dark

Piper is one of the newer home monitoring cameras in a category that’s still trying to figure out what it is. Once the solution for checking in on dogs and babies, these small cameras have evolved into something of an ad-hoc security system for a small home or an apartment, offering things like motion detectors, live video with cloud recordings, and a siren to scare away would-be thieves.

But one of Piper’s shortcomings has been a lack of night vision, a standard feature among cameras in its class. This meant that if you wanted to use Piper in your house at night, you were mostly out of luck, short of spending time and money hooking up your home’s lights to its built-in motion sensor.

That’s been remedied with the Piper NV, a new night…

Continue reading…

The Verge – All Posts

“911, My Site Has Been Hacked!” How to Identify and Fix a Website Security Breach

Being hacked is the nastiest thing that can happen to a website owner. How to avoid this go find in the blog post.
MonsterPost

Safeguard Your WordPress Website With The Best Security Plugins

WordPress hosts a whopping percent of the total number of websites live on the World Wide Web; yet, it is surprising to note there’s not clarity among webmasters in terms of website security with WordPress.

Safeguard Your WordPress Website With The Best Security Plugins

Every day, webmasters lose their sleep and their websites’ data to hackers and unauthorized bots. Of course, that means security is a glaring concern for your WordPress website. The implications – you need to be very conscious of the security risks, acknowledge their reality, and ensure that you leverage the powerful security solutions that WordPress websites can use, i.e., the Best WordPress Security Plugins.

Before we touch the largely misunderstood concept of WordPress security with plugins, let’s bust some shockingly widespread myths about WordPress security in general –

Myth 1 – WordPress is not secure.

Just to put things in perspective, take note of the fact that WordPress’ known vulnerabilities increased from a measly 2 in 1988 to more than 6,000 in 2013! Does that mean that WordPress is becoming less secure with time? Far from it – the WordPress development team is super quick in filing out all security vulnerabilities, which ensures that WordPress is among the few CMS and blogging platforms with a strong and secure core. In most cases, WordPress websites fall to hacking attempts because of reasons such as bad passwords, outdated software, shady plugins and templates, and stolen FTP credentials, rather than because of any serious flaw in the WordPress platform.

Myth 2 – WordPress is installed and set up; it’s job done

Not at all; WordPress website maintenance is a long term commitment. At the least, you need to keep your themes, plugins, and the WordPress version itself thoroughly updates. If you ignore this, even if you are not using your website, you can be certain that it will be targeted and compromised very soon.

Myth 3 – I can install the very best security plugins and relax

Don’t even think of it. WordPress plugins are, very simply but, superb tools to automate tasks to a great degree. A plugin does not think, but a hacker does. So, you need to be as smart as the bad guys and foil attempts of hacking by consciously doing everything to ensure the safekeeping of your website. Keeping WordPress upgraded, renaming default WordPress accounts, changing database table prefixes, cleaning up all plugins and themes, upgrading firewalls regularly, making sense of suspicious patterns in website access data – it’s all your responsibility to identify the measures necessary for keeping the website secure; the plugins will then execute the tasks for you.

There are more myths, all far off from the truth.

  • People believe that their websites are too inconsequential to be hacked.
  • Using themes and plugins from WordPress.org is 100% safe.
  • They’ll quickly recover if their websites are compromised.

The point is, WordPress is secure, but since no website on the World Wide Web can be totally secure at all times because of the changing digital environment, the onus of proactively working towards identifying security risks and mitigating them rests with webmasters, and security plugins work their magic after that. Now, let’s learn more about security plugins and using them towards the safeguarding of your cherished WordPress website.

Security plugins – foiling the most common security threats

Understanding WordPress security is about a lot more than just identifying the best security plugins and installing them; you need to really know how WordPress works, how you can safeguard your data, how unauthorized access risks can be reduced, how malicious scripts in themes and plugins can be identified and discarded, and more. Of course, based on your informed decision making about the nature of the security add-on you need for your WordPress website, you will indeed need to know about the best tool for the job.

  • Automating the essential security measures – Millions of WordPress users fail to recognize the need to be smart with their passwords, changing WordPress admin IDs, renaming database table prefixes, and renaming the default WordPress account, and hence fell prey to hackers who leverage the information gaps. Of course, with plugins to automate these tasks, you can expect more security.
  • Foiling SQL injection attempts – Because of the server side scripts and URL based parameters used by WordPress, hackers can use malicious URL parameters to access your databases. Apart from constantly upgrading your WordPress, it is also important to install a powerful plugin that keeps your website safe from such attacks.
  • Being ‘aware’, all the time – Of course, you can’t be sole heartedly dedicated to the monitoring of your website, but can leverage auditing and monitoring plugins for the same, to identify early warning signs of something being amiss with the website.

Sophisticated security plugins for the more secure website administration

Contemporary security plugins offer fantastic features, right from secure logins with limited login attempts, blocked specific IP ranges, and disabled logins after specific attempts to .htaccess file lockers, and security firewalls that can be configured as per requirements. You can also use these plugins to perform functions such as country IP blocking, scheduling scan and quarantining, observing Live traffic right from your website, moderation of spam comments, and more. In this sense, these plugins play more of a housekeeping role and not just a dedicated security role.

What to look for in the best plugins to make your WordPress website secure?

With so many security plugins on offer, it’s important to identify the best ones. Look for plugins that are well written so that they don’t weigh down your website. Also, all-in-one plugins are preferable over niche plugins as the latter could lead to performance issues. Moreover, you’d be well off picking up security plugins with extensive documentation and strong customer support mechanism. Also, frequent and free updates are a great feature that the best security plugins for WordPress offer. To give you a good heads up, here are 10 security plugins that have some concrete services to bestow on your WordPress websites. We’ve arranged them in 3 categories, to remain in sync with the information provided above.

All-In-one plugins for blanket WordPress security

Security Ninja

Security Ninja

Who better than Ninja to protect your WordPress fortress? Equipped with more than 30 security tests along with capabilities to prevent such attacks, Security Ninja is well equipped to keep hacking attempts at bay. Leverage the code snippets included with the package to quickly fix security loopholes, run periodic tests to determine whether everything about your website’s security is in good shape or not, and leave out 0-day hacking anxieties if you’re a new WordPress user, all this and more with Security Ninja. A pretty helpful feature of this plugin is that it is accompanied with extensive documentation and tests descriptions, which ensures that you are able to get a better picture of how exactly the plugin works, so that you can make it work according to you, rather than just live with what it does.

Download Plugin

WP Security Scan

WP Security Scan

For a light yet effective security plugin to run a scan and identify security anomalies with your website, use WP Security Scan. A noticeable feature of this plugin is the speed with which it runs the scan, which makes it a good pick for webmasters operating multiple web projects. Also, the list of vulnerabilities that it prepares is pretty extensive, and is supplemented with possible corrective measures suggestions for webmasters.

Download Plugin

WPOptimix

WPOptimix

Where some webmasters opt for dedicated security plugins based on their understanding of the security risks that their WordPress websites are exposed to, there are others who prefer wholesome solutions. WPOptimix is a good option for the latter, as it blends capabilities spread across secure login management, brute force attack prevention, malware and undesirable code injection prevention, and firewall monitoring to enhance the security quotient of the website.

Download Plugin

iThemes Security (previously known as Better WP Security)

iThemes Security (previously known as Better WP Security)

Among the useful features of this plugin are 2-factor authentication to foil robotized access attempts, automatic malware scanning, users’ password ageing, smart dashboard integration, file change comparison to weed out malicious code injections, and user action logging to ensure that every admin access to the website is genuine. A very special benefit brought to you by this plugin is prevention of brute force attacks by proactively blocking out IP addresses from across the globe, the information of which is dynamically accessed from the iThemes Brute Force Prevention Network.

Download Plugin

Plugins to keep malicious bots, password crackers and spammers away

AntiVirus for WordPress

AntiVirus for WordPress

If you have reasons to believe that viruses, worms and malware are developing affinity for your WordPress setup, it makes sense to install this dedicated antivirus plugin. If you’ve been rather adventurous in experimenting with 3rd party themes and plugins, the case of having a strong antivirus plugin becomes strong indeed. This plugin works by scanning your setup for the presence of malicious injections, and also watches out for such injections in future. Once it runs through all the blocks maintained for the website, it triggers reports to predefined email id about the blocked attempts and the white-listed IP addresses.

Download Plugin

AskApache Password Protect

AskApache Password Protect

If you have reasons to fear that unauthorized access attempts are made at your WordPress website, you might want to consider installing the AskApache Password Protect plugin. Keep automated blog attacks at bay with this multi-layered database protection plugin. The scope of this plugin is to protect CPU resources, data integrity, and database resources by not letting automatic bots access your website. A considerable aspect of the AskApache Password Protect plugin is that it is very frequently updated, which keeps it in good shape for fighting off smarter automated bots.

Download Plugin

WP-DBManager

WP-DBManager

For complete database security and optimization, consider installing this plugin. Among the most important capabilities of the WP-DBManager plugin are database repair, database restore, backing up of the database and deleting backups, emptying or dropping tables and running optional queries. Backups can be scheduled, and the database optimization operations run quickly and with measurable results.

Download Plugin

Akismet

Akismet

Chances are that you’d have heard of this plugin earlier; it’s among the most widely used ones. In all likelihood, Aksimet is all you will need to weed out spam comment makers from your WordPress websites. The plugin directly blocks the worst spammers, reports iffy comments to the moderator, maintains approval history for comments, publishes the number of approved comments for particular users, and exposes cloaked URLs from comments. It’s available in several languages, so you can use it for non-English blogs.

Download Plugin

Must have auditing plugins to take control of the security of your WordPress websites

WP Security Audit Log

WP Security Audit Log

For complete auditing of security aspects of your WordPress websites, use the WP Security Audit Log plugin. Keeping a strong monitoring and tracking on all activities occurring on your multi-site WordPress network, triggering alerts on detecting suspicious activities, and proactive security measures – all this and more make this plugin a pretty effective tool to have, in particular for webmasters who are equipped with the knowledge of making out suspicious activities on their website based on data checks. Generating HTML and CSV reports of the logged data, intensive user behavior tracking, highly configurable triggers and subsequent actions are among the other noteworthy features brought to the table by this plugin.

Download Plugin

The Auditor

The Auditor

Particularly suited for web development service providers who maintain WordPress websites for their clients, this plugin comes with an impressive and intuitive interface. Informative graphs make it easier to detect suspicious activity patterns, detailed log reports enable you to undertake complex analyses, configurable interface of the plugin makes it easier to implement rules based monitoring and subsequent actions, and smart reporting helps web service providers keep their clients happy!

Download Plugin

Visit us at InstantShift.com

PSD to HTML


InstantShift

Leaked CIA documents show how to beat airport security like a spy

WikiLeaks has published a pair of internal CIA documents briefing undercover agents on how to dupe security at airports. The two documents — both classified as “Secret/NOFORN” meaning not to be shared with allied security agencies — give spies advice on how to maintain their cover. They also provide a detailed overview of the covert tactics airports use to vet travelers.

TOP CIA ADVICE: If you’re a spy, try not to look nervous

Although some of the information in the documents is public knowledge, advice on how to avoid being singled out for secondary screening could be useful to a variety of people. These include tourists and travelers trying to get home for the holidays, but also terrorists, drug traffickers, and common criminals. The…

Continue reading…

The Verge – All Posts

Sony Pictures hackers stole 47,000 social security numbers, including Sly Stallone’s

A week after it was brought to a standstill by a hacker group that may or may not have hailed from North Korea, things are getting even worse for Sony Pictures. The hackers that crippled the company’s computer systems have now released a vast hoard of Sony Pictures’ private documents onto the internet. An analysis of more than 33,000 documents showed that they displayed passwords to internal computers, credit cards, and social media accounts, as well as the Social Security numbers of 47,000 current and former Sony Pictures workers.

Among the affected are Hollywood celebrities such as Sylvester Stallone, Rebel Wilson, and Anchorman director Judd Apatow. According to The Wall Street Journal, the Social Security numbers can be found…

Continue reading…

The Verge – All Posts

Now the FBI is asking Congress to weaken iPhone and Android security

FBI Director James Comey has been on a media tour lately, making an anti-encryption pitch to the public. Apple’s new encryption standards, Comey has argued, are an unnecessary hurdle to law enforcement — and the FBI needs an easy way to bypass them. Now Comey is bringing the argument straight to Congress, asking them to update a law to allow backdoors in smartphones.

Continue reading…

The Verge – All Posts

Twitter sues US government so it can release more information about national security requests

Twitter has filed a lawsuit against the US government, alleging that its First Amendment rights to free speech are being violated by rules that prevent it from disclosing the quantity of national security requests it receives. Twitter is currently able to publish the number of national security letters and Foreign Intelligence Surveillance Act orders it receives in extremely broad ranges — such as between “0 and 999” — and it argues that this is not narrow enough. It also argues that it should be able to inform the public of what orders it has not received, whereas currently zero falls within that enormous range.

Continue reading…

The Verge – All Posts

USB has a huge security problem that could take years to fix

In July, researchers Karsten Nohl and Jakob Lell announced that they’d found a critical security flaw they called BadUSB, allowing attackers to smuggle malware on the devices effectively undetected. Even worse, there didn’t seem to be a clear fix for the attack. Anyone who plugged in a USB stick was opening themselves up to the attack, and because the bad code was residing in USB firmware, it was hard to protect against it without completely redesigning the system. The only good news was that Nohl and Lell didn’t publish the code, so the industry had some time to prepare for a world without USB.

Continue reading…

The Verge – All Posts