Doing business online makes things easier and more convenient for you and your customers, but the internet comes with risks. Throughout the years, cyber threats of varying effectiveness have gained notoriety among online communities. If you are an eCommerce leader or someone handling their own website, you need protection against ransomware and other malware.

What is ransomware?

Ransomware is a cyber threat that encrypts files to make them unusable or prevents a user from accessing their computer. The ones behind a ransomware attack usually demand money from the user so the latter could access the files or computer again — hence the name. Situations like this will cause considerable damage to your website and in turn, your online business operations.

1. Prepare regular backups and a recovery plan
Ensure that you keep a backup of your files so that you can revert to them in case the files get encrypted by ransomware. Your recovery plan should include steps to restore your files or system in case of a large-scale attack.

You should have experts perform regular backups so that you have a copy of your files’ latest versions kept safe. This way, your business can recover faster which is key especially in situations like this, to prevent further loss in sales.

2. Update your OS and antivirus software
Whether you use Microsoft, iOS or some other operating system, keep it updated with the latest patches. These patches or updates address the latest cybersecurity threats that may target the OS or software you’re using.

An updated OS gives you peace of mind because you know it helps secure your computers against ransomware attacks. A gravely outdated OS would leave your system vulnerable to sophisticated cyber-attacks from its lack of relevant security patches.

3. Scan all emails and downloaded files
Ransomware can penetrate your computer through emails or downloads, so be sure to scan these first. Enable email filtering for your computers, in which you set your inbox to automatically block or remove suspicious emails instead of letting them in.

Through email filtering, ransomware scams get removed before they get viewed by your team members in their inbox. An expert can further educate you on suspicious emails and what to watch out for.

4. Restrict non-administrator privileges
It’s good practice to only have a few or one administrator account. This helps prevent the ransomware from completely taking over a team or company’s network of computers.

Restricting privileges means that non-administrator users would not be able to install unnecessary or external applications. This is so whether that user is your team member or a cyberattacker. Only the administrator can perform such actions.

5. Update default or weak passwords to secure ones
Hackers today can penetrate security measures using advanced and insidious methods. One such example is brute-force attacks, in which the hacker uses trial-and-error to correctly guess your log-in information.

They may use a computer programme that exhausts all possible combinations of characters until they successfully guess your password. Since default passwords are the ones that computers automatically generate, these may be easily guessed by a hacker’s computer programme. Make sure to update default or old passwords to secure ones that only you know.

6. Train your team to spot cyber threats
Lastly, don’t forget to cascade information to your team. Make sure that everyone who has access to your company’s computer knows how to spot ransomware and other cyber threats.

Incorporate this information in your onboarding of new members, and remind older teammates if needed. It helps to tap an expert that can explain ransomware protection and other cybersecurity topics in easily understandable ways to your team.

7. Know the devices connected to your network
Besides computers, you must know what other devices might be connected to your network. This could be something as inconspicuous as a smart vending machine or it could be something poorly secured, such as a WiFi printer.

Check if these devices are sufficiently protected against ransomware before such cyber threats attack leave your system vulnerable. This also lets you disconnect devices that are no longer helpful in your operations.

There are so many written articles on the internet where  you have to scroll down for miles just to find the small amount of information that is useful and you are looking for. So annoying!

Big time saver, thank you! 🙂

Securing WordPress & Hardening your Server In a Few Easy steps.

WordPress is one of the most popular content management systems (CMS) in the world, powering millions of websites across the globe. However, its popularity also makes it a prime target for hackers and cybercriminals. Therefore, it is essential to secure your WordPress installation and harden your server to prevent any unauthorized access and protect your site from cyber threats.

In this article, we will discuss some best practices to secure your WordPress installation and harden your server.

1. Keep WordPress Updated
   One of the most important steps to secure your WordPress site is to keep it updated. WordPress is constantly updating its software to fix bugs, add new features, and most importantly, patch security vulnerabilities. By keeping your WordPress software, plugins, and themes updated, you reduce the risk of your website being hacked or compromised.
2. Use Strong Passwords
   Passwords are the keys to your website, and if your password is weak, your website is vulnerable. Therefore, it’s essential to use strong passwords that are difficult to guess. You should also consider using two-factor authentication, which adds an additional layer of security to your website login.
3. Limit Login Attempts
   Limiting login attempts is an effective way to prevent brute-force attacks. Brute-force attacks are a common hacking technique that involves trying multiple username and password combinations until the correct one is found. By limiting login attempts, you can prevent these attacks and protect your website from unauthorized access.
4. Use Security Plugins
   WordPress offers a wide range of security plugins that can help you secure your website. These plugins offer features such as malware scanning, firewalls, and intrusion detection systems that can help protect your site from cyber threats.
5. Backup Your Website
   Backing up your website is essential to protect your site from data loss or corruption. You should regularly backup your site and store the backups in a secure location. This way, if your website is compromised or hacked, you can restore it to a previous version.
6. Secure Your Server
   Securing your server is just as important as securing your WordPress site. You should ensure that your server is properly configured, and all security patches are applied. You can also consider using a firewall and intrusion detection system to protect your server from unauthorized access.
7. Use SSL Encryption
   SSL encryption is an essential component of website security. SSL encryption ensures that all data transferred between your website and your visitors is secure and encrypted. This prevents any sensitive data, such as login credentials or credit card information, from being intercepted by hackers.
8. Remove Unnecessary Plugins and Themes
   You should remove any plugins or themes that are not being used. These can be a potential security risk, as they may contain vulnerabilities that can be exploited by hackers. You should also regularly review your plugins and themes to ensure that they are up to date and do not pose a security risk.
9. Monitor Your Website
   Regularly monitoring your website can help you detect any security issues before they become a problem. You should monitor your website for any unusual activity, such as a sudden increase in traffic or suspicious login attempts. This can help you identify and resolve any security issues before they cause any damage.

In conclusion, securing your WordPress installation and hardening your server is essential to protect your website from cyber threats. By following these best practices, you can reduce the risk of your website being compromised, and ensure that your website remains secure and available to your users.

Good post!

Straight to the point. I like it! 😉

How to disable xlm-rpc in WordPress the non bullshit guide

Tired on long lengthy annoying guides guides where you have to scroll for ages to the end find the solution to your problem?

Well this is not one of them. In short xlm-rpc is a protocol that enables you to blog from your phone and bla bla. (things you don´t need to know or want to know anyway and we won’t bore you with it.) But you don´t need any of this and after since WordPress version 6.1.1. is vulnerable to hackers exploiting and wrecking your WordPress website you should disable it all together and forever. So here is what you need to do disable How to disable xlm rpc-in WordPress:

First off you do not need a silly plugin that will bloat your website and your database. We will do it all through code and it is very easy!

First you need to take the code below and and save it in in a notepad txt document as “wp-disable-xlm-rpc.php”.

This will create something called a “mu-plugin”. If you do not have the folder in your wp-content folder, then create a folder called “mu-plugins”. Then upload and save your new mu-plugin in this folder. This will disable most of the xlm-rpc functionality so it only accepts POST commands. That is fine, not enough as we want to block it completely. 

Now in your servers www root folder (Usually called public_html), where your WordPress installation files are. Look for a file called “.htaccess” and add these lines of code:

and then save the document. You now need to test in your browser and verify that it worked.

E.g. https://mywebsite.com/xmlrpc.php

if your server responds with a 403 forbidden or 404 not found then you have succeeded! 

Congratulation, you just made your WordPress server safer from exploits of the XML RPC security hole that hackers use in an attempt to break into your server.

Protect yourself from WordPress User Enumeration Attacks and how to prevent it.

So what is user Enumeration Attacks?

Well user Enumeration Attacks are several brute-force techniques with the purpose of guessing or confirming login credentials such as usernames, e-mail addresses and passwords. Basically a hacker attempts to guess your login information and they do not of course do this manually but they use computers/servers to randomly scan the internet with bot spiders to din a vulnerable website; you website!

User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication. Two of the most common areas where user enumeration occurs are in a site’s login page and its ‘Forgot Password’ functionality.

The malicious actor is looking for differences in the server’s response based on the validity of submitted credentials. The Login form is a common location for this type of behavior. When the user enters an invalid username and password, the server returns a response saying that user ‘rapid7′ does not exist.

By default, WordPress is vulnerable to such User Enumeration attempts. Of course, bad username and password practices will have an even greater impact on this vulnerability.

The two most common web application targets for enumeration attacks are:

• The login page
• Password reset page

A webserver with poor application security will identify a non-existent username with an invalid username message where is displays that either the user name does not exist or password is incorrect:

This confirms for a hacker/ cyber criminal that the user/password doesn’t exist in the database. Thus this is a way to validate if the user does not exist and keep trying until a combination works and the hacker can successfully login.

How Does User Enumeration Work in WordPress?

Method 1: Author Archives
Perhaps the easiest method to find WordPress usernames is by going through the author archives. To enumerate usernames through the author archives method, simply append an integer (i.e. 1,2,3, etc.) as a value to the parameter “author”. For example, look at the following values:

<codestyle=”color:#000000;”>http://example.com/?author=1 http://example.com/?author=2 http://example.com/?author=3

These values would then fetch the results like the following:

http://example.com/author/admin/
http://example.com/author/user2/
http://example.com/author/user3/

Therefore, by fuzzing the parameter author in the WordPress home URL, multiple author names can be enumerated.

How can you prevent these attacks?

Use a security plugin such as :

• WPMU Dev Defender – https://wpmudev.com/project/wp-defender/
• CledanTalk Cloud firewall: https://cleantalk.org/wordpress-security-malware-firewall
• WordFence – https://wordpress.org/plugins/wordfence/
• All-In-One Security (AIOS) – https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
• BBQ Firewall – https://wordpress.org/plugins/block-bad-queries/
• Really Simple SSL (Their pro version which allows you to lock down vulnerabilities): https://wordpress.org/plugins/really-simple-ssl/
• Require two-factor authentication (2FA) on all users on your website. At least for the administrators, editor and moderation accounts.
• Use strong password that is at least 15-20 characters long and mixed with both upper, lower characters and various symbols. You could use for this purpose a password manager such as Lastpass: https://www.lastpass.com either for yourself or your entire team and set the password policies there too. This will prevent any hackers from finding any weak passwords in your website. LastPass can also generate passwords up to 100 characters making passwords extremely secure.

You can also do further hardening of your WordPress security by blocking user-enumeration through functions.php in your WordPress theme:

Alternatively you could also do it by creating a WordPress MU-plugin:

A MU-plugin is a little custom code plugin that enables the code’s function systemwide. This is very useful and requires a less resources from your servers too than using a plugin for it. It also is beneficial when running WordPress Multisite as all websites created in the system will apply the code simultaneously thus effectively protecting all websites instead of manually applying it to every website’s theme functions.php.

How to activate your MU-plugin:

Once you saved the plugin with a unique name “My-plugin-function.php“.
Now create a new directory in your WordPress installation server folder E.g. the www folder:

Save or create your MU-plugin folder as follows: Path: Your www root folder >>> wp-content >>> mu-plugins

and upload your new MU-plugin to that folder. Once it is uploaded it is activated instantly. That’s it!

You can confirm also that the MU-plugin is activated:

Login to your WordPress admin back-end and click on “plugins” in the right menu pane. Click on “Must Use” and find your new mu-plugin in the list.

Block WordPress Enumeration through the .htaccess file:

You can also block at server level rather than website level and block server requests by adding the this .htaccess code in your server’s www root.

Note: You must change http://mywebsite.com to your own website domain name address!span

Examples of Complex Enumeration Attacks:

LDAP Enumeration: Light-Weight Directory Access Protocol (LDAP) is a protocol used to access directory services – hierarchical structures of user records.

A successful LDAP enumeration attack could reveal the following sensitive information:

• ​Usernames
• Addresses
• Contact information
• Business sector information

NetBIOS Enumeration
Network Basic Input Output System (NetBIOS) is used as an API that enables endpoints to access LAN resources.

Each NetBIOS protocol is comprised of a unique 16-character string that identifies network devices over TCP/IP.

To facilitate NetBIOS enumeration attacks, printer and file services need to be enabled. These attacks occur via port 139 on the Microsoft Operating System.

A successful NetBIOS enumeration attack could make the following attacks possible on the compromised machine.

• The compromised endpoint could be recruited into a Botnet and used to launch DDoS attacks.
• The hackers could execute further enumerate privileged access accounts to gain access to sensitive resources.
• SNMP Enumeration
  Simple Network Management Protocol (SNMP) is a framework for requesting or modifying information on networked devices. SNMP is software agnostic, meaning networked devices can access regardless of the type of software they are running.

Cyberattacks enumerate SNMP on remote devices to gather the following intelligence:

• Traffic behavior
• Remote device identifiers
• Identifying information about networked devices and resources

Reverse DNS is done on the IP address, not the domain name. So as long as the reverse IP lookup works, and returns a domain that then resolves to the same IP address it will be ok.

So you are ok to send as any email address once you have a PTR for the IP address you are sending on. Just make sure you have SPF records for the domains you do send from, since they are checked.