[wp-edu] WP - security concerns?
bbgoldkey at gmail.com
Tue Sep 10 14:08:19 UTC 2013
Thank you very much, appreciate your response
On Tue, Sep 10, 2013 at 7:55 AM, Covello, Steve
<Steve.Covello at granite.edu>wrote:
> 1 – Security alerts are* good* thing. It means the hardening strategies
> are actually working. I get TONS of alerts from my firewall – all of which
> report that the robotic efforts of hackers are being repelled. Security
> alerts do not mean WP is "bad" for security. Your domain will be hacked no
> matter which platform you use, or even if you use plain HTML. There are
> certain vulnerabilities in WP that hackers know about, but these are
> accounted for in the hardening plugins I mentioned.
> 2 – You do not need a username named "admin". It happens to be the
> default username WP gives on install, but NEVER use it. Any user can be
> given Administrator privileges. This is how you solve your problem
> (assuming you are "admin"):
> - In your "admin"user acct, change the email address to something
> different (doesn't matter – it's going to be deleted)
> - Create a new user with "admin's" old email address.
> - Delete the "admin" user and ascribe all of "admin's" posts/pages to
> the new user.
> That's it.
> *Steve Covello*
> Rich Media Specialist/Online Instructor
> Granite State College
> Skype: steve.granitestate
> Scheduling: http://meetme.so/stevecovello
> From: Brianne Binelli <bbgoldkey at gmail.com>
> Reply-To: "Low-traffic list discussing WordPress in education." <
> wp-edu at lists.automattic.com>
> Date: Tuesday, September 10, 2013 7:03 AM
> To: "Low-traffic list discussing WordPress in education." <
> wp-edu at lists.automattic.com>
> Subject: Re: [wp-edu] WP - security concerns?
> I receive a lot of security alerts on wp. I do have a Admin user name
> to get into the dashboard do you think this may be causing the problem. I
> thought you need to create a admin user name.
> have a great day
> On Mon, Sep 9, 2013 at 8:19 PM, Covello, Steve <Steve.Covello at granite.edu>wrote:
>> Geez - I have had ZERO infections via WordPress in 4 years.
>> Wordfence Security
>> WP Firewall 2
>> Secure WordPress
>> WP Secure Scan
>> WordPress HTTPS
>> WP Ban
>> Best Practice:
>> NO accounts named "admin"
>> htaccess file in wp-admin
>> NO default table prefixes in wp-config, such as "wp_". Change it to
>> "wp_xRwFG_" or whatever.
>> original salt data in wp-config:
>> Secure high quality passwords
>> Updated malware scans on user devices
>> Gravity Forms used on all forms, with CAPTCHA
>> SFTP on FTP accounts
>> Occasionally check on Sucuri.net. If you want to be on top of it,
>> subscribe to their scan service.
>> There are other hardening plugins out there.
>> - Steve
>> *From:* wp-edu [wp-edu-bounces at lists.automattic.com] on behalf of Leslie
>> Melvin [melvin at bard.edu]
>> *Sent:* Monday, September 09, 2013 6:18 PM
>> *To:* wp-edu at lists.automattic.com
>> *Subject:* [wp-edu] WP - security concerns?
>> Hi Folks,
>> We have been hosting WP Multisite (for course blogs and as a blog
>> supplement to our program websites) for a few years, with mixed results.
>> Our community (users) love the flexibility of WP, but it has proven to be
>> an unexpected support burden for IT...it seems that all of our
>> website/network hacks have been introduced via WP.
>> I haven't seen the topic addressed by this group, so it appears our
>> experience is isolated, which would lead me to suspect we are missing some
>> simple safe-guards. Have any of your institutions dealt with WP-related
>> security issues? Have you found any successful, secure configurations, and
>> if so, would you be willing to share your experiences with us? WP is
>> proving to be such a valuable tool...
>> If so, I will bring our Networks and Systems folks into the
>> conversation, as they could answer specific questions related to our
>> configuration and protocols.
>> Many thanks in advance!
>> *Leslie A. Melvin | Manager, Academic Technology Services
>> BARD COLLEGE
>> PO Box 5000 | 204 Old Henderson |
>> Annandale-on-Hudson, NY 12504
>> office: 845.758.7496 | http://www.bard.edu
>> wp-edu mailing list
>> wp-edu at lists.automattic.com
> wp-edu mailing list
> wp-edu at lists.automattic.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wp-edu