I’ve recently posted a series of articles about website security, and specifically WordPress security tips, to my personal website. They might be a bit technical for the Mardesco blog, but you may find it useful or even interesting.
The series begins with a post answering the question, “Why do people hack websites?” I have been asked this a couple of times times by different people, so I tried to answer the question in a thorough yet easy to understand article format.
Next, the series focuses on the demise of an old way of deterring a brute force attack. In the old days, you could just block the IP address of the attacker’s computer. With the rise of the large-scale distributed botnet, an attacker may be able to route their attack through an unlimited number of different IP addresses. Under these circumstances, attempting to block every compromised computer in the world is an exercise in futility. Read all about it.
The follow-up post has the best title in the series. It is called, Zombie Brute Force Attack Bots vs. WordPress. It talks about a recent wave of brute force login attacks that specifically targeted WordPress installations.
The final post in the miniseries attempts to answer the question, “What can we do about it?” There is always hope. You can begin with essential WordPress security, including strong passwords; security plugins; .htaccess directives; and more.
What’s with this other website?
I usually use Mardesco’s blog to talk about strictly-business, marketing type stuff. I also have a personal blog at jesse-smith.net where I talk about more technical points of interest, like WordPress theme development and cross-platform Apache server setup.
Have technical questions? I look forward to hearing from you.