Wordpress website experts based in the UK.

Online Security Techniques

Wordpress security can be greatly improved by taking note of some important online habits. In this category we will discuss some important online techniques to reduce the likelihood for having your details hacked or comprimised.

 
showcase web development placeholder image
Online Security Techniques, Security Plugins, Wordpress Security

5 top tips to improve WordPress security in 5 minutes

As you should know by now, making WordPress security easy and stressing it’s importance is something of a passion of ours here at Showcase. So, here are 5 quick fire tips to improving your website security that non-techies can implement in less than 5 minutes. In this article I will talk you through the points and explain the logic behind them, then at the end of the article I’ll provide you the tool necessary to make all this happen without writing a single line of code.

Let’s get started:

  1. NEVER use ‘admin’ as your username. Because some website hosts and many web developers years ago used to use this as the default username, it’s the first thing that hackers (or their bots) try during a Brute Force attack. If they work out that this username is correct, that’s half the puzzle solved for them! Now, WordPress doesn’t actually allow you to change the username on your website – so you have to install a plugin to do it. The plugin we use is “Username Changer” which you can download here.
  2. Upgrade your password. It’s very easy to get into a routine of using simple, easy-to-remember passwords for multiple sites. However, if you think about it that’s exactly what a hacker would like and totally defeats the purpose of a password. We know that passwords are a necessary evil for many people, which is why we recommend managing your passwords via Lastpass as it can help you not only create really strong passwords, but also stores them securely so you don’t have to remember them. Remember, passwords are graded on 3 elements:
    1. Length – you’re looking to have passwords over 12 characters long ideally. Anything shorter than this dramatically reduces the time required to guess the password by an automated machine (or bot).
    2. Characters – ensure you use both upper case and lower case letters, numbers and at least one special character in your password. Also, remember, just because we use capitals at the beginning of sentences in normal text, doesn’t mean you have to in your password. The same can be said for brackets, just because you open a bracket, doesn’t mean you have to close it. Doesn’t an opening bracket look a little like a “C”….?
    3. Readability – Something many are unaware of, but passwords are graded on their readability – so if you were to write it out on a piece of paper, would someone be able to read it? If so, then it’s susceptible to what’s called a ‘dictionary attack’ where a bot would work through the dictionary with some variations of numbers instead of the letters in the word.
  3.  Move your login page. In order to try and hack your website via ‘brute force’ (multiple attempts trying random – or not so random – combinations of characters for the username and password), first a hacker must find your login page. WordPress by default uses ‘/wp-admin’ and ‘/wp-login’ urls to access your login page and we suggest that you move it. By doing this, it’s extremely difficult for a hacker to ‘find the door’ to attack. It’s another layer of complexity that could make all the difference in persuading hackers to look elsewhere for something to break into. Not sure how to do this….don’t worry, read on and I’ll give you a free tool to help you!
  4. Restrict (throttle) the number of login attempts in a certain time period. A brute force attack relies on being able to try a huge amount of combinations of characters in a short space of time. We’re literally talking 1000’s an hour, so they can get through an unbelievable number of combinations. So, if you restrict the number of attempts in say, 5 minutes, then you dramatically extend the time it would take in order to crack the username and password. We tend to stick to 3 attempts in 5 minutes and we’ll lock people out for an hour if they still don’t get it right. Can you imagine how much slower an attack would be based on this?
  5. Add a CAPTCHA to your login page (and other pages). We’ve all seen these ‘annoying’ tests designed to prove you’re human. Solve this maths question, or decipher the letters from this blob, or select all images with a storefront -type questions. Well, throughout this article we’ve discussed the concept of a ‘brute force attack’ and generally, these (and most other types of hack) are carried out by ‘bots’ – automated programs designed to try thousands of attempts quickly – something that a human would struggle to do. So, adding a CAPTCHA to your login page is designed to mitigate this so that only humans can access the site.
We know that passwords are a necessary evil for many people, which is why we recommend managing your passwords via Lastpass as it can help you not only create really strong passwords, but also stores them securely so you don’t have to remember them.

So, we recommend a single plugin that can do all of this for you, and it literally can be done in less than 5 minutes. You can find out how, along with a follow-along tutorial that I created on our AIOWPS page.

SSL is an important modern feature of the online world and it’s being pushed by all the big search engines including Google as it’s a proactive step towards protecting the sensitive information of Internet users.

If you don’t have an SSL certificate, you really should and if you’re not sure, we’d love to hear from you as we can help you install one if you don’t aleady have one.

SSL – What is it and why should you have it?

Improve the overall strength of your passwords and stay secure online with Lastpass.

Key features include:

  • There’s a free version which stores upto 20 passwords which will give you a chance to test just how easy it is to use
  • The premium version costs £12p/a at the time of writing. That’s just £1p/m which is really affordable for most
  • Helps you generate truly random passwords on-the-go and save them, you don’t even need to know what it is!
  • You can share access to others without displaying your password
  • Store other types of secure information such as bank card details

Lastpass – Improve your cyber security

vector - padlock on a screen
Online Security Techniques

Welcome to the Wonderful World of Lastpass

Are you always forgetting passwords?

Do you wish there was just some way to remember all those passwords and make sure they are all secure at the same time?

Say hello to my little friend – Lastpass.

As you can imagine, as web developers we have to remember about a million different passwords – and that’s just for our own stuff.

As soon as you start adding client’s details into the mix, it becomes pretty difficult to remember and find passwords for everything – especially since it would be pretty irresponsible for use to write these down!

We needed a solution – and boy, did we find it!

Last year, while looking to solve this tricky situation we stumbled upon Lastpass.

This basically (and most importantly) acts as a list of all your passwords for websites.

It’s secure and simple to use. But it’s much more than that.

Very quickly we discovered the browser add-ons which are free and means that when you navigate to websites, when you have the add-on, it pre-populates the username and passwords for you!

Amazing!

Not only that, when you navigate to a new website and register, you are provided with the option to save the details automagically!

This saves us 100’s of hours a year alone!

Not only this, there are a load of other REALLY useful features which are worth shouting about.

 

Best Features of Lastpass

  • Generate ridiculously tricky passwords
    • We would always recommend using passwords which make no sense, are at least 12 characters long and use special characters – in the interests of security.
    • However, it’s not always practical to remember loads of passwords which are deliberately difficult to remember!
    • Lastpass saves you from this because a) it generates the password and b) it saves it for the site so you don’t ever need to remember it.
  • Cross Device
    • Whilst this may sound techy – it basically means that you can download the free app on mobiles and tablets.
    • This means that you take your passwords with you everywhere you go.
    • What about if my tablet or mobile is stolen I hear you ask – they’ve thought of that!
    • Dependent on the device, you will either be asked for a password, pin code or (my personal favorite), a fingerprint to unlock the app.
  • Sharing
    • For us, this is crucial.
    • The ability to allow others to access our stuff without revealing our passwords is indescribably useful!
    • Need to let your developer into your hosting temporarily? Share access with them then revoke it when ready!
  • Pricing
    • Not only can you get started for FREE, but even the pro version is ridiculously inexpensive at $12 a year!
    • That is $1 a month folks to resolve this forgetting passwords issue. It’s a no-brainer really!

This really is the solution many of you have been searching for.

Also, there are alternatives out there which a quick google could locate, but we’re unable to recommend them due to not using them.

However, if you work with us, you will be urged to look at using Lastpass for your own privacy and peace-of-mind and it will stop you losing or forgetting passwords on ANY DEVICE – full stop.

Enjoy 🙂