Security Archives - Page 3 of 4 -

WordPress best plugin for website security

Sucuri

Sucuri is the multi-functioned high profile security plugins which help you to notify the login attempts via email or other means. It helps to detect the malware or any malicious virus codes and clean it on time. It can be scheduled to check your entire website in hours, days or weeks. It provides complete security to WordPress blogs. This plugin usually includes all the security options so you do not have to install any other security plugin, also using too many plugins will slow down your website.

Login LockDown

This plugin is used to protect your website from brute force attacks. Brute force attacks usually attempt a thousand times to login to your dashboard using the different password combinations. Once they get the right one, they’ll take it all. Login LockDown

helps your website to limit the login attempts so that you can only login once, twice or thrice. You can set the number of login attempts to be made while logging in. It automatically blocks the IP which will try to fake login more than 2-3 times in the dashboard.

WP Security Scan

WP security scan is the free WordPress plugin easily available in the WordPress plugin directory. It helps the user to easily monitor the login attempts via email, password change notifications also helps to optimize the website data. It helps you to change the login form links and other secure area by changing their directory or names. It can be programmed to change the .htaccess and other secure files so that it cannot be shown publicly.

Wordfence

The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware. It helps to scan the viruses and malware data in your wp directories and files. This is the most popular security plugin for WordPress. Wordfence starts by checking if your site is already infected or not. If it has been infected it scans it and clears all the complications in your blog. It is a free plugin and also has an open-source license. Its features usually include:

- - Blocking Features
  - Login Security
  - Security Scanning
  - WordPress Firewall
  - Monitoring & Caching
  - Compatibility
Akismet

Last but not the least plugin which is very very important for every blogging website. The attackers are inventing new techniques daily to hack the growing blogs. This is a web server based plugin for checking the spam comments on your blog. When any hacker post a spam comment on your blog, Akismet
will check and verify that whether it is infected or not. It automatically checks all comments and filters the spam one. Comment hacking was newly discovered in the hacking technique. If someone post that code in your blog and you saw it mistakenly, they will get the .htaccess of your website from which they can easily reveal the Username and Password of your wp-admin dashboard.

Systron Micronix offers SiteLock, cWatch Security Solutions for websites.

SSL validity change to one year only

An industry-wide requirement set by Apple and Google, stating that any two-year SSL certificate issued after August 30, 2020, will be distrusted in their browsers.

That’s right: 398 days is the maximum length for a publicly issued server cert. If it’s longer, browsers and other HTTPS code will reject the cert as invalid.

Beginning UTC 12.00 am August 19, 2020, Sectigo will only be issuing one-year (up to 398 days) SSL certificates. And Digicert is highly doing the same at the end of August. Kindly note that this only applies to public TLS certificates. Other types of certificates (e.g. Code Signing Certificates, S/MIME certificates, etc.) will be unaffected and will have the same maximum validity that they have today.

However, any two-year SSL certificate issued before 12:00 am UTC on August 19, 2020, will be valid for two-years (up to 825 days).

Therefore we recommend you renew the certificate and top your certificate validity before the deadline, save time, and trouble for you to go through the validation process next year (especially for OV&EV certificate).

Dropbox Phishing Scam : Don’t Get Fooled by Fake Shared Documents

Hackers use familiar brands like Dropbox to steal login credentials and spread malware

It’s funny how hackers, phishers, and scamsters can be blatantly obvious and inexplicably unpredictable at the same time. I’m saying obvious because they target the most widely used services/platforms and lots of users know what they’re up to — not just security professionals, but many ordinary users know about these phishing scams and what to look for. Phishers might be predictable in going after big names but it’s the unpredictability in their approaches that makes them tick. Time after time, they come up with new ways that help them achieve exactly what they want and make them “successful.” The Dropbox phishing scam is a perfect illustration of this.

What Is a DDoS Attack?

A distributed denial of service (DDoS) attack is kind of like a traffic jam on a website

What is a DDoS attack and what does it mean for your website? Instead of jumping deep into technical details, let’s start with a real-world analogy that makes it really easy to visualize what a DDoS attack is…