Several serious issues surrounding Internet security have raised their ugly heads once again in the past several days if you are unaware. Amongst the greatest concern is, of course, Heartbleed.
Major websites use an encryption method to transmit data users want to keep secure. Computers sometimes send what is called a ‘heartbeat’ signal to check if there’s still a connection at the other end. This week it was reported hackers found a way to send phony messages and trick the computer at the other end revealing secure data.
You are personally likely to be affected either indirectly or directly. The results may be horrific and you should consult this article from Mashable for vulnerabilities and immediately start changing your passwords where they may have been affected. This is especially true on sites where security and privacy are a concern.
Regarding WordPress Security
I have a responsibility to protect the client Web sites I run or administer from known security threats. Here are a few items you should be aware of.
WordPress 3.8 version comes equipped with automatic upgrades to help guard against security issues. It’s not a good idea to disable this function.
However, I still find sites running earlier versions. If you do not know what version your WordPress site runs on and don’t have access to your dashboard follow this procedure. Go to your site landing page and reveal code. Search for “WordPress” amongst the code. The following snippet should be found.
<meta name=”generator” content=”WordPress 3.8.2″ />
If it does not say WordPress 3.8.2 you should take steps to upgrade. This, of course, means first doing a full backup to protect your contents and data. If you do not self administer the site yourself, contact your administrator. First wake him or her out of their coma, then fire them and contact us for future administration!
WordPress: JetPack, Hackers and Spam
A security flaw was revealed this week as well in the WordPress plugin Jetpack. Version 2.9.3 is the current version of JetPack you should be running.
You should have a filter to block live hacker or automated login attempts, especially those coming from overseas. Judy’s party planning site has thousands more visitors than this site does. She has thousands of attempts monthly from automated system attempts. Right now (I keep the counter running since my last dump about 60 days ago) she has almost 3,500 lock outs (and counting) and 38 IP addresses blocked.
Can’t happen to you? Don’t wait until your site crashes or Google alerts you to malicious malware that is installed on site.
Blogging and not using a spam filter? I just dumped 13,136 spam messages. Check your site as well.
Leave your comments, questions and suggestions below. And for other tips and hints….