[wp-edu] WP - security concerns?

Brianne Binelli bbgoldkey at gmail.com
Tue Sep 10 14:08:19 UTC 2013


Thank you very much, appreciate your response



On Tue, Sep 10, 2013 at 7:55 AM, Covello, Steve
<Steve.Covello at granite.edu>wrote:

>  1 – Security alerts are* good* thing. It means the hardening strategies
> are actually working. I get TONS of alerts from my firewall – all of which
> report that the robotic efforts of hackers are being repelled. Security
> alerts do not mean WP is "bad" for security. Your domain will be hacked no
> matter which platform you use, or even if you use plain HTML. There are
> certain vulnerabilities in WP that hackers know about, but these are
> accounted for in the hardening plugins I mentioned.
>
>  2 – You do not need a username named "admin". It happens to be the
> default username WP gives on install, but NEVER use it. Any user can be
> given Administrator privileges. This is how you solve your problem
> (assuming you are "admin"):
>
>    - In your "admin"user acct, change the email address to something
>    different (doesn't matter – it's going to be deleted)
>    - Create a new user with "admin's" old email address.
>    - Delete the "admin" user and ascribe all of "admin's" posts/pages to
>    the new user.
>
> That's it.
>
>   --
> *Steve Covello*
> Rich Media Specialist/Online Instructor
> Granite State College
> 603-513-1346
> Skype: steve.granitestate
> Scheduling: http://meetme.so/stevecovello
>
>
>   From: Brianne Binelli <bbgoldkey at gmail.com>
> Reply-To: "Low-traffic list discussing WordPress in education." <
> wp-edu at lists.automattic.com>
> Date: Tuesday, September 10, 2013 7:03 AM
> To: "Low-traffic list discussing WordPress in education." <
> wp-edu at lists.automattic.com>
> Subject: Re: [wp-edu] WP - security concerns?
>
>   I receive a lot of security alerts on wp.  I do have a Admin user name
> to get into the dashboard do you think this may be causing the problem.  I
> thought you need to create a admin user name.
>
> thanks
> have a great day
>
>
>
> On Mon, Sep 9, 2013 at 8:19 PM, Covello, Steve <Steve.Covello at granite.edu>wrote:
>
>>  Geez - I have had ZERO infections via WordPress in 4 years.
>>
>>  Plugins:
>>
>>  Wordfence Security
>> WP Firewall 2
>> Secure WordPress
>> WP Secure Scan
>> WordPress HTTPS
>> WP Ban
>>
>>  Best Practice:
>>
>>  NO accounts named "admin"
>> htaccess file in wp-admin
>> NO default table prefixes in wp-config, such as "wp_". Change it to
>> "wp_xRwFG_" or whatever.
>> original salt data in wp-config:
>> https://api.wordpress.org/secret-key/1.1/salt/
>> Secure high quality passwords
>> Updated malware scans on user devices
>> Gravity Forms used on all forms, with CAPTCHA
>> SFTP on FTP accounts
>>
>>  Occasionally check on Sucuri.net. If you want to be on top of it,
>> subscribe to their scan service.
>>
>>  There are other hardening plugins out there.
>>
>>  - Steve
>>
>>
>>
>>  ------------------------------
>> *From:* wp-edu [wp-edu-bounces at lists.automattic.com] on behalf of Leslie
>> Melvin [melvin at bard.edu]
>> *Sent:* Monday, September 09, 2013 6:18 PM
>> *To:* wp-edu at lists.automattic.com
>> *Subject:* [wp-edu] WP - security concerns?
>>
>>   Hi Folks,
>>
>>  We have been hosting WP Multisite (for course blogs and as a blog
>> supplement to our program websites) for a few years, with mixed results.
>> Our community (users) love the flexibility of WP, but it has proven to be
>> an unexpected support burden for IT...it seems that all of our
>> website/network hacks have been introduced via WP.
>>
>>  I haven't seen the topic addressed by this group, so it appears our
>> experience is isolated, which would lead me to suspect we are missing some
>> simple safe-guards.  Have any of your institutions dealt with WP-related
>> security issues?  Have you found any successful, secure configurations, and
>> if so, would you be willing to share your experiences with us?  WP is
>> proving to be such a valuable tool...
>>
>>  If so, I will bring our Networks and Systems folks into the
>> conversation, as they could answer specific questions related to our
>> configuration and protocols.
>>
>>  Many thanks in advance!
>>
>>  Best,
>> Leslie
>>
>>     *---*
>> *Leslie A. Melvin  |  Manager, Academic Technology Services
>>
>>  BARD COLLEGE
>> PO Box 5000 | 204 Old Henderson |
>> Annandale-on-Hudson, NY 12504
>> office: 845.758.7496 | http://www.bard.edu
>> *
>>
>>
>> _______________________________________________
>> wp-edu mailing list
>> wp-edu at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-edu
>>
>>
>
> _______________________________________________
> wp-edu mailing list
> wp-edu at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-edu
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.automattic.com/pipermail/wp-edu/attachments/20130910/360f7f6a/attachment.html>


More information about the wp-edu mailing list