January 2018 | Page 2 of 2 | Magento Hosting

CAll Us: +1 888-999-8231 Submit Ticket

How To Harden WordPress Sites Against Brute Force Attacks

18 January 2018
by: admin
in: Uncategorized,WooCommerce,Wordpress
note: no comments

When logging in to a WordPress site, users supply a username and password that WordPress associates with their account. If an attacker can guess the right username and password, they can authenticate in the same way. The process of guessing is called a brute force attack: the attacker tries different combinations of usernames and passwords until they discover one that works.

Brute force attacks are effective when WordPress users choose usernames and passwords that are easy to guess. Criminals use automated botnets — which are usually made up of compromised WordPress sites — to make thousands of login attempts with different credentials.

Towards the end of December, WordFence wrote about the largest brute force campaign they had ever seen. An attacker was attempting to brute force access to thousands of WordPress sites. Once they had access to the site, the attacker installed malware which had two tasks: to compromise more WordPress sites and to run the crypto mining software.

Cryptomining software hijacks the resources of a server to mine cryptocurrency. Cryptocurrencies like Bitcoin and Litecoin are generated by carrying out the computationally intensive math. Cryptomalware uses the resources of compromised machines to do the work of generating coins. In this case, Monero, a cryptocurrency that can be mined with CPUs rather than GPUs, is being generated. According to WordFence, the campaign has created well over $100,000 for the attacker.

Victims of the campaign have their sites compromised and their server resources used to generate coins rather than serving the site. Because the malware also carries out attacks on other sites, there’s a strong chance of infected sites being blacklisted by security companies and browser developers.

Protecting WordPress sites against brute force attacks is straightforward. It’s only possible to guess usernames and passwords if they are simple and if the WordPress site lets an attacker make lots of login attempts.

Use Complex Passwords

The obvious solution is to insist on complex passwords that are difficult to guess. A long, random password takes much longer to guess than a short dictionary word. A random password of 16 or more characters might take millions of years to guess. A short dictionary password like “password” can be guessed in less than a second.

Use Two-Factor Authentication

I advise WordPress site owners not to rely on users to create secure passwords: people tend to choose convenience over security. Installing a two-factor authentication plugin on your WordPress site removes the risk of brute force attacks without relying on users to do the right thing.

There are many TFA plugins available for WordPress. Two Factor Authentication is among the most popular.

Limit Login Attempts

To find the right username and password combinations, attackers have to make a lot of guesses. By limiting the number of login attempts that can be made from an IP address, site owners reduce the likelihood that the attacker will ever guess the right combination.

WP Limit Login Attempts can temporarily block IPs if they make too many login attempts and display CAPTCHA tests to suspected bots.

In 2018, we expect to see more attackers taking advantage of crypto mining malware as cryptocurrencies rise in value. By following the steps we outline here, WordPress site owners can prevent their sites from being used to make money for criminals.

Posted in:
WooCommerce, WordPress

Source link

Hostdedi.net Meet Magento 2018 Recap

After an amazing week of Yoga and meditation in the holy city of Rishikesh right beside Ganga river, it’s time for a Meet Magento India recap!

The day started early setting up the booth with all our swag in the amazing venue Wagento choose for the event.

Brent and Vijay opened the first Meet Magento event in India talking about the local community and how important is India in the Magento ecosystem. Right after them, Mark Lenhard, SVP of Strategy & Growth outlined Magento’s roadmap and announced, among other things, the Magento certification program with new exams to come.

Right now, there are 31 Magento 2 Trained Solution Partners, 1092 Magento Certifications, 1004 Individual Certified Developers and 1025 Magento 2 Trained Individuals. The Indian community is growing extremely fast and quite a few events are planned for this year. The full presentation can be found here.

Right after PayPal keynote presented by Narsi Subramanian breakfast was served and networking started, with lots of selfies included (probably the best of the event). Magento 2 was the most discussed topic of the day and how to make it faster the question I heard the most.

Once the rooms were divided and ready, 3 simultaneous tracks fired up with lots of informative presentations. It was now my turn to present “Making your life easier with the CLI” outlining the new bin/Magento feature included in Magento 2. The audience was quite interested in the available command line tools available out of the box and the possibilities to extend it and add new functionality.

Right after me, David Manners explained what the Community Engineering is doing and how you can contribute to the core. Coming from times where contributing was hard, David explained his role and what OSS meant in the eyes of Magento. More about this topic can be found in Magento’s DevBlog.

After that, I moved to the Shalimar room to hear our own Jeries talk about Understanding Cloud Application Management and our new sister company, https://thermo.io

After a delicious of traditional Indian cuisine and some very warm interactions with the community, Vinai Kopp restarted the conversation with his presentation about Test Driven Development Magento Katas followed by Eugene Shakhsuvarov talking about Magento 2 technical guidelines.

After a long day with lots of new friends, the conference came to an end with Ben Marks remarks and Brent taking the largest selfie ever. I can’t confirm or deny Brent tried to make jokes without much success 😀

It was a long day, but the event didn’t end there. After some sleep, another Contribution day started early in the morning sponsored by Hostdedi where 25 pull requests were submitted to Magento 2 and some more to other Magento repos. Overall, it was an amazing event were we connected with a lot of happy customers who shared with us their success stories using Hostdedi as their hosting provider.

Thanks a lot to all the attendants and sponsors, see you again next year!

Posted in:
Magento

Source link

The Internet’s Best Website Content from December 2017

09 January 2018
by: admin
in: Craft CMS,CraftCommerce,ExpressionEngine,Magento,Uncategorized,WooCommerce,Wordpress
note: no comments

Happy New Year! As we roll into 2018, clean up your databases and get your site ready for this new year. Need some help? Check out this month’s roundup! If you’re looking for the same great articles the rest of the year, follow us on Twitter, Facebook, and Google+.>Enjoy and let us know if we missed anything important in the comment section.

WordPress and WooCommerce

Content Management Systems & Blogging

Design and Development

Magento and eCommerce

3 Things Improv Comedy Taught Me About Starting a Business – Discover the relation between improv comedy and starting, and running a company.

Posted in:
Craft CMS, CraftCommerce, ExpressionEngine, Magento, WooCommerce, WordPress

Source link

The Scoop on SSL Certificates—They’re Not All Created Equal

Your online success is largely based on perception. The good news is you have control over the image you project to website visitors. The bad news is you may not be putting your best web presence forward. We’re here to change that with a quick non-techie primer on SSL/TLS certificates. Let’s Cover the Basics SSL/TLS…

Continue reading →

Source link