Being the number one1 CMS in the world, websites running WordPress are a great target for hackers who want to take control of other people’s websites. Hackers will ask for a ransom, sell personal information that belongs to the site’s owner/s and it’s users, distribute malware, send spam or simply, to eliminate competitors.
One very popular way of getting administrative access to a WordPress site is by attacking the login page.
Thy name is wp-login.php.
We all know it and you should know that everyone knows it. Hackers will use it since it’s the gateway to your site and you should do your best to Protect your WordPress Login Page.
Using a technique called Brute Force Attack, hackers take advantage of a few weak points that come with every WordPress installation. You should harden those weak points as soon as possible to keep intruders outside and your site safe and protected.
In this tutorial, you will learn How to Protect WordPress Login Page from Brute Force Attack
The people over at UpdraftPlus have been hard at work making a Clef alternative. For those of you who don’t know what Clef is, it was one of the best, coolest and most innovative two-factor authentication apps that I have ever seen in my life.
With its blue signature bar-code, Clef managed to become the favorite two-factor authentication app amongst many people in the WordPress community because of the following reasons:
- Easy to pair your WordPress site with your Clef account using your phone’s camera.
- Easy to log in using your camera by scanning their uniquely designed barcode.
- Ability to hide login form, disable passwords and make Clef the only way to log in.
- Set up timed sessions.
- Sign out of your WordPress site from the app.
Now that it’s gone, people are looking for an alternative. There’s one company out there that dared to make a Clef alternative and that company is called UpdraftPlus.
So let’s take a look, who are they? What do they do? And how are they going to make a Clef alternative that is worth using?
Clef and BruteProtect have put together this WordPress Security Checklist to help you ensure you’re following best practices when you deploy your site. Follow along and be safe!
I guess I couldn’t leave Clef alone for more than a week, and I felt the need to write another article about it.
This time it’s about things that you can do yourself to protect your site and do it while having the Clef plugin installed and running.
I’ve been using Clef for quite a while now, and I saw only amazing things from it.
And thanks to Clef and BruteProtect I’m able to protect my site even more with this amazing list.
I absolutely encourage everyone who use WordPress as there blogging platform to check it out and do everything in it one by one to give your site maximum security.
I’m sure a lot of people who really care about their privacy, securing their accounts in every possible way, have Two-Factor Authentication enabled.
A lot of online services these days are implementing this feature. Buffer was the last service to enable this feature after they were compromised.
For those of you who don’t know what Two-Factor Authentication is you can read my article here. I explain what Two-Factor Authentication, different types of authentication and the sites that support it.
Two factor authentication is a way of verifying a user’s identity using two factors: 1) something they know, 2) something they have. It’s a second layer of security to ensure that no one can access your account. You can think of it as a second password.
If you have a bank account and used online banking, then you have used Two factor authentication. It’s the code that is sent to your phone to verify your identity. This is just one way of getting that code, out of five.
The other way is by using a Two factor authentication app. An example of that would be 1Password, Authy or Google Authenticator. Services like Google, MailChimp and Lightning Base allows you to pick an app as your authentication method.
You can also get the code by an automated phone call, an email or by a hardware token such as the RSA SecureID.