CLOUDTWEAKS DEMAND GENERATION

Each year we provide a few highly customized demand generation opportunities to partners and going into our 10th year at CloudTweaks is certainly no different. We are on the lookout for technology vendors to collaborate with on a number of initiatives in 2019. 

Sponsorship opportunities will be available for all budgets and sizes including the (premium) thought leadership exposure program or the webinar, podcast, white paper or explainer video lead generation program. 

wp-sec

WordPress Security 101 – Protecting Against Insider Threats

Protecting Against Insider Threats

Continued from part 1 of our 5 part WordPress security series.

A recent Breach Level Index report by Gemalto, a global cyber security solutions provider, is titled “Poor Internal Security Practices Take A Toll” for a reason. The insider threat is the biggest source of stolen – or lost – records in the first half of 2017, according to the report. Accidental loss accounts for a whopping 86% of all stolen records, with over 1.6 billion records compromised in just six months.

Users prefer convenience over security because it’s in human nature to look for easy ways to get a job done. So, if you want to boost your WordPress security, there is one potential threat that you can’t afford to overlook – yourself and your users.

(Infographic Source: Breachlevelindex)

Contributors who have access to your WordPress back end can be a part of your defense, or your weakest link (without ever realizing it). Let’s see how you can safeguard your blog against internal threats.

#1. Good Password Hygiene

WordPress – and common sense – requires that you use strong passwords, but what is a strong password? A WordPress expert Alex Grant says a strong password is complex and easy-to-memorize at the same time.

Password management programs do a great job of generating and storing your passwords in an orderly manner. This option is feasible if you have multiple blogs since you want to avoid re-using one password across multiple accounts.

Even though automatically generated passwords are secure, they are also impossible to memorize. So, many bloggers just default to weak passwords that are easy to crack.

One simple way of creating strong passwords you can memorize is to use a passphrase based on logic known to you alone, for instance:

My_goal_is_2_weigh_50_kilo$

The longer the passphrase, the harder it is to crack, and the easier it is to memorize. Use this technique not only for passwords but also for answers to your security questions.

Tips:

  • Don’t use the names of your favorite sports teams and music bands, or anything that hackers can mine from your Facebook profile.
  • Don’t store your passwords in a Notepad or Word file in plain text. If you need to store them in an electronic format, use encryption programs or password managers.
  • Don’t re-cycle your passwords across multiple accounts.
  • Don’t share your passwords with anyone since you never know how laid-back other people may be about cybersecurity.

#2. Protecting Your Password From Unauthorized Reset

One particular vulnerability that revolves around passwords is you can reset them. If someone gains access to your email, they can reset your WordPress password. If someone can guess – or research – the answers to your security questions, they can reset your password.

So, your password is just a part of the equation, where security of your administrative email account and reasonable complexity of your security answers are equally important.

#3. Locking Out Multiple Sign-On Attempts

As of now, WordPress doesn’t offer the functionality to block multiple sign-on attempts. This creates a risk for someone persistent enough to just try different username/password combinations for hours on end. So, you want to limit sign-on attempts to a certain number you deem acceptable.

Tips:

  • The WP Limit Login plugin lets you set the number of login attempts, define the lockdown time during which the user won’t be able to log in, and enable captcha.
  • Sucuri is a comprehensive suite that also allows you to tweak multiple sign-on settings to your liking.

#4. Restricting User Permissions

For blogs with multiple contributors, it’s best if the contributors only have privileges they need to do their work. You need to create the lowest risk environment, where user permissions are restricted to only the necessary minimum.

Otherwise, one user can mess up intentionally or accidentally, and delete someone else’s post, or mishandle their login credentials and expose them.

If a contributor’s account with minimum permissions gets compromised, the malicious party can only mingle with a very limited amount of content on your blog. If malicious actors access the administrative account, you’re in for trouble.

Tip:

  • Don’t assign temporary permissions to users making some technical adjustments to your blog. Chances are you can forget to restrict that account later on when the job is completed.

#5. Enforce The Use Of Strong Passwords

If your contributors use weak passwords, your WordPress backend is vulnerable. Don’t just leave your users to their own devices – set up restrictions that would only allow them to use strong passwords.

The current version of WordPress enforces the use of strong passwords. But if you run an older version, you can add this functionality via the Force Strong Passwords plugin.

Tips:

  • Passwords must be long and contain at least one number, and at least one special character.
  • Don’t enforce overly restrictive password rules, as this will result in passwords that are hard to memorize. You’d be into frequent password reset requests.

#6. Logging Out Idle Users

One more security vulnerability that comes from users is they forget to log out. When they do, your blog is exposed to great risks. Anyone with access to your contributor’s computer can tamper with your dashboard. So, security best practices suggest that you log out idle users.

Tip:

  • The Idle User Logout plugin lets you choose which user roles get to be logged out automatically after they’ve been idle for a set time. That way, your contributors won’t be losing any data, but your blog would be safe against yet another security vulnerability.

That’s it for today! The next WordPress security roundup will focus on:

  • Internal monitoring systems – WordPress Security, Sucuri, and Wordfence.
  • Security of your web hosting account.

So, stay tuned for more security tips from the WordPress guru Alex Grant.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading brand and thought leadership exposure programs.

RESOURCES

The Developer’s Guide to Azure

The Developer’s Guide to Azure

Develop on a cloud platform designed for you. In this update of the Developer’s Guide to Azure, see how the comprehensive set of Azure app platform services fits your needs. Use it to navigate the architectural approaches and most common ...
HTML5 Speed Test

HTML5 Speed Test

HTML5 SPEED TEST SERVICES There is no made-for-all solution when it comes to optimizing a website for speed, and while putting a cloud platform in place is a good start, every cloud startup should ensure that they have an optimization ...
Cloud And Cybersecurity: 5 Things CISOs Need To Consider

Cloud And Cybersecurity: 5 Things CISOs Need To Consider

The Cloud and Cybersecurity Tomorrow’s digital enterprise is at war today. War not only with external cybersecurity hackers and viruses, but also within the organization itself – a conclusion based on my discussions with information security managers and cloud architects ...
The Future Of Cybersecurity

The Future Of Cybersecurity

The Future of Cybersecurity In 2013, President Obama issued an Executive Order to protect critical infrastructure by establishing baseline security standards. One year later, the government announced the cybersecurity framework, a voluntary how-to guide to strengthen cybersecurity and meanwhile, the ...
Load Testing Tools

Load Testing Tools

Provided is a short list of load testing tools which will test server and application resistance and certainly valuable in order to help test and tweak your company's infrastructure ...
How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

Security Certification Helps Cloud Service Providers If you are a cloud service provider (CSP), you know your customers have a choice as to who to work with, but do you know what will help tip the scales in your favor? ...

CONTRIBUTORS

Multi or Hybrid Cloud, What’s the Difference?

Multi or Hybrid Cloud, What’s the Difference?

Multi Cloud You’ve likely heard about the latest trend in cloud computing commonly referred to as multi-cloud, and it is ...
MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape Mapping the customer journey is one of the biggest strategic shifts currently underway in the marketing industry ...
The New Kids On The Block: Data Protection Officers

The New Kids On The Block: Data Protection Officers

Data Protection Officers The General Data Protection Regulation (GDPR) is officially here. Yet, organizations are still unaware, are ignoring, or ...
Everyone Has Data, but the Ones Who Can Optimize It Will Be the Winners

Everyone Has Data, but the Ones Who Can Optimize It Will Be the Winners

Big Data Strategies Data is ubiquitous, but success apparently isn’t. Companies using big data strategies are running headlong into an 85 ...
Driving Transformation? It is possible to predict the future.

Driving Transformation? It is possible to predict the future.

Driving Transformation Previously, I wrote about the criticality of defining the Vision for your transformation - what is your real objective, how ...
Apcela

Industrial IoT will reshape network requirements

Industrial IoT The hype around IoT may have been surpassed this year by breathless coverage of topics such as artificial ...
Why ‘Data Hoarding’ Increases Cybersecurity Risk

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated ...