How To Remove The WordPress Admin User Account

WordPress Secuirty - Delete Admin Account

If you’ve been on the internet in the past week or so, you’ve probably heard about the spate of “brute force” attacks that have been made on WordPress sites, specifically targeting accounts with the username “admin.” It has always been a security best practice to not use this username, or any other similarly generic one but the recent attacks have highlighted the issue to the masses, which is really the silver lining here.

The reason “admin” is the target is because it is the default username that is assigned upon installation of WordPress. If you install WordPress through your hosting control panel, you are usually, but not always, given a chance to change that before installation, but many unsuspecting folks, especially new users, may not see a reason to change it. So now a hacker has 50% of the information that he needs to get into your site. Since most people use extremely weak i.e. simple, passwords, hackers can automate the submission of zillions of attempts at guessing your password. If your password isn’t strong, they have a good chance of gaining access.

Read More

Speed Up and Secure Your Site With CloudFlare

Speed Up and Secure Your WordPress Site With Cloudflare

The speed at which your site loads is becomig increasingly important. Not only does a speedy site provide a good user experience, but it’s becoming increasingly important from an SEO perspective – site speed is a factor that Google considers in its rankings.

One of the easiest and most effective ways you can speed up your site, particularly if you are on an inexpensive shared web hosting plan is to use a service called Cloudflare. Cloudflare, which you can use for free, will speed up your site, help protect it from spammers AND help make it more secure. Here’s how it does that:

CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

Read More

WordPress Security Alert – TimThumb Image Resizing Script

WordPress Security Issue wIth Timthumb

In recent days a significant WordPress security threat has emerged. The root of it is the ability for unsavory types to compromise a very common image resizing script called TimThumb which is used in many WordPress themes and plugins. Through a security flaw, hackers can find a way into your site and cause havoc. Or, in more specific terms according to Vaultpress:

“The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.”

Are you at risk?

The list of themes and plugins that use this script is too long for any one source to have catalog-ed as yet. Securi has a partial list here. In my own researching I’ve found several major theme vendors to be vulnerable (WooThemes, Themify.me, Headway) although they have acted quickly to update their themes.  WebSite defender has a list of plugins and themes they know to be using timthumb.

Read More