So you don’t get hacked

I love comics

I am an avid comic reader. I have been reading comics since I was a little boy. I started with web comics since 2003. I have never missed a day since then. Any day that I miss reading the comics, I make it up. Sometimes, I might not have a chance to read them up to 2 weeks depending on my engagements, but recently, I always have time for them.

I came back from church today (12-May-2013), opened my laptop and engaged my list of web comics. Cyanide & Happiness was not available. What could the problem be? They that been hacked. Which kind of sick bastard hacks the website of a web comic? Really? What type of publicity stunt is that?

c_and_h_hacked

The horde of Cyanide & Happiness readers have flocked to their facebook page reporting the hack. The page should be restored in no time.

How to ward off hackers

If you run a website, how can you prevent this happening to you? Or remedying it quickly, if it does happen. I will reveal a particular set of activities I perform on my sites. My major activities include:

  • Monitoring my sites as close to real time as possible.
  • Ensure I am using the proper file permissions across installations.
  • Use the latest security plugins.
  • Monitor the content generated by users of the sites. Sometimes, malicious links can be sent in through comments.

I use WordPress for most of my site deployments because of a particular set of plugins available to me.

  • Remote Management: InfiniteWP
  • Security: Better WP Security
  • Commenting: Disqus/Akismet

 

Remote Management: InfiniteWP

wordpress_infinitewp

This is always the first plugin I install in any new WordPress installation. InfiniteWP is a self hosted remote management solutions for WordPress. It allows you to run a copy of InfiniteWP server on your web host while you install the clients on your various WordPress sites.

InfiniteWP allows users to manage unlimited number of WordPress sites from their own server.

Main features:

  • Self-hosted system: Resides on your own server and totally under your control
  • One-click updates for WordPress, plugins and themes across all your sites
  • Instant backup and restore your entire site or just the database
  • One-click access to all WP admin panels
  • Bulk Manage plugins & themes: Activate & Deactive multiple plugins & themes on multiple sites simultaneously
  • Bulk Install plugins & themes in multiple sites at once

 

Security: Better WP Security

wordpress_betterwpsecurity

#1 WORDPRESS SECURITY PLUGIN

Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.

With one-click activation for most features as well as advanced features for experienced users Better WP Security can help protect any site.

Obscure

As most WordPress attacks are a result of plugin vulnerabilities, weak passwords, and obsolete software. Better WP Security will hide the places those vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc.

  • Remove the meta “Generator” tag
  • Change the urls for WordPress dashboard including login, admin, and more
  • Completely turn off the ability to login for a given time period (away mode)
  • Remove theme, plugin, and core update notifications from users who do not have permission to update them
  • Remove Windows Live Write header information
  • Remove RSD header information
  • Rename “admin” account
  • Change the ID on the user with ID 1
  • Change the WordPress database table prefix
  • Change wp-content path
  • Removes login error messages
  • Display a random version number to non administrative users anywhere version is used

Protect

Just hiding parts of your site is helpful but won’t stop everything. After we hide sensitive areas of the sites we’ll protect it by blocking users that shouldn’t be there and increasing the security of passwords and other vital information.

  • Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  • Ban troublesome bots and other hosts
  • Ban troublesome user agents
  • Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  • Strengthen server security
  • Enforce strong passwords for all accounts of a configurable minimum role
  • Force SSL for admin pages (on supporting servers)
  • Force SSL for any page or post (on supporting servers)
  • Turn off file editing from within WordPress admin area
  • Detect and block numerous attacks to your filesystem and database

Detect

Should all the protection fail Better WP Security will still monitor your site and report attempts to scan it (automatically blocking suspicious users) as well as any changes to the filesystem that might indicate a compromise.

  • Detect bots and other attempts to search for vulnerabilities
  • Monitor filesystem for unauthorized changes

Recover

Finally, should the worst happen Better WP Security will make regular backups of your WordPress database (should you choose to do so) allowing you to get back online quickly in the event someone should compromise your site.

  • Create and email database backups on a customizable schedule

Other Benefits

  • Make it easier for users to log into a site by giving them login and admin URLs that make more sense to someone not accustomed to WordPress
  • Detect hidden 404 errors on your site that can affect your SEO such as bad links, missing images, etc.

 

Commenting: Akismet

wordpress_akismet

Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.

Major new features in Akismet 2.5 include:

  • A comment status history, so you can easily see which comments were caught or cleared by Akismet, and which were spammed or unspammed by a moderator
  • Links are highlighted in the comment body, to reveal hidden or misleading links
  • If your web host is unable to reach Akismet’s servers, the plugin will automatically retry when your connection is back up
  • Moderators can see the number of approved comments for each user
  • Spam and Unspam reports now include more information, to help improve accuracy

PS: You’ll need an Akismet.com API key to use it. Keys are free for personal blogs, with paid subscriptions available for businesses and commercial sites.

 

Commenting: Disqus

wordpress_disqus

Disqus, pronounced “discuss”, is a service and tool for web comments and discussions. Disqus makes commenting easier and more interactive, while connecting websites and commenters across a thriving discussion community.

The Disqus for WordPress plugin seamlessly integrates using the Disqus API and by syncing with WordPress comments.

Disqus for WordPress

  • Uses the Disqus API
  • Comments indexable by search engines (SEO-friendly)
  • Support for importing existing comments
  • Auto-sync (backup) of comments with Disqus and WordPress database

Disqus Features

  • Threaded comments and replies
  • Notifications and reply by email
  • Subscribe and RSS options
  • Aggregated comments and social mentions
  • Powerful moderation and admin tools
  • Full spam filtering, blacklists and whitelists
  • Support for Disqus community widgets
  • Connected with a large discussion community
  • Increased exposure and readership

 

 

Author: Esquire

A geek, all round gentleman. Loves food. Funny guy? Hehehe!