Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Notices

Reply
 
Thread Tools Display Modes
Old 13-04-2017, 13:11   #661
AdamBrunt
Trusted User
 
Join Date: Sep 2000
Location: UK
Posts: 24,472
Thanks: 129
Thanked 259 Times in 175 Posts
Quote:
Originally Posted by ljp View Post
Robots are trying to brute force attack your site. I would install this:

https://en-gb.wordpress.org/plugins/wordfence/

Also check the website logs to see where the traffic is coming from and block it if possible.

You may also want to check your site to check it is correctly updated and hasn't been hacked already.
Thanks.

Will check that out later.

In terms of checking it hasn't been hacked already ... as I say, it only has the "hello world" post on it anyway so I am not sure there is anything worth hacking

UPDATE:

Wordpress has been updated (from within the dashboard)
Wordfence has been installed, left it with the default options and ran a "scan". It found issues with 2 out of date themes (and the log trace mentioned the files didn't match the repo versions ???) which I updated. Running 2 second scan found no new issues.

Hopefully that will stop them

I might even get back to doing something with the site now I have been reminded that it exists.

Last edited by AdamBrunt; 13-04-2017 at 13:35.
AdamBrunt is offline   Reply With Quote
Old 13-04-2017, 13:39   #662
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,135
Thanks: 444
Thanked 1,570 Times in 508 Posts
Also make sure its up to date. The latest version is 4.7.3. Also ensure any plugins are also up to date. Lastly (obviously) ensure the templates are up to date. Some use their own versions of javascript tools or plugins, and could therefore be out of date.

An alternative (probably no better, so jyust an alternative) is iThemes Security. It'lll hide the logon page, block common attacks, block IPs, lock down the logon screen for only certain hours (so you can't use the admin panel at 3am for example), etc, do site backups, etc. Not bad for free.
Chris Locke is offline   Reply With Quote
Old 13-04-2017, 13:41   #663
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,135
Thanks: 444
Thanked 1,570 Times in 508 Posts
Quote:
Originally Posted by AdamBrunt View Post
it only has the "hello world" post on it anyway so I am not sure there is anything worth hacking
Once the little scrotes are in, they have quite a bit of control - using it to send out emails, host illegal files, attack other sites, etc.
Chris Locke is offline   Reply With Quote
Old 13-04-2017, 15:11   #664
AdamBrunt
Trusted User
 
Join Date: Sep 2000
Location: UK
Posts: 24,472
Thanks: 129
Thanked 259 Times in 175 Posts
Quote:
Originally Posted by Chris Locke View Post
Also make sure its up to date. The latest version is 4.7.3. Also ensure any plugins are also up to date.
All done.

Quote:
Originally Posted by Chris Locke View Post
Lastly (obviously) ensure the templates are up to date. Some use their own versions of javascript tools or plugins, and could therefore be out of date.
Not sure what this means - it was pretty much the out-of-box version with no custom / 3rd party templates IIRC.

Quote:
Originally Posted by Chris Locke View Post
An alternative (probably no better, so jyust an alternative) is iThemes Security. It'lll hide the logon page, block common attacks, block IPs, lock down the logon screen for only certain hours (so you can't use the admin panel at 3am for example), etc, do site backups, etc. Not bad for free.
Will also check that out as well.
AdamBrunt is offline   Reply With Quote
Old 13-04-2017, 15:59   #665
Ste7en
Goin' Home to Satan
 
Ste7en's Avatar
 
Join Date: Oct 2002
Location: Stranded in Chihuahua
Posts: 15,238
Thanks: 1,875
Thanked 333 Times in 247 Posts
No pre-installed themes?
__________________
My DVD Collection / My Feedback
Ste7en is offline   Reply With Quote
Old 17-04-2017, 14:55   #666
AdamBrunt
Trusted User
 
Join Date: Sep 2000
Location: UK
Posts: 24,472
Thanks: 129
Thanked 259 Times in 175 Posts
Still getting the occasional site lockout notification but (a) nowhere near as frequently as previously and (b) the emails are now branded with 'iThemes Security'.

Not sure if that is a good thing or not
AdamBrunt is offline   Reply With Quote
Old 17-04-2017, 17:14   #667
ljp
learned 2 ape the motions
 
Join Date: Jul 2000
Posts: 6,394
Thanks: 53
Thanked 128 Times in 107 Posts
Quote:
Originally Posted by AdamBrunt View Post
Still getting the occasional site lockout notification but (a) nowhere near as frequently as previously and (b) the emails are now branded with 'iThemes Security'.

Not sure if that is a good thing or not
If you are with Vidahost you should be able to find a log file that shows you what IP's are trying to brute force your login. It may be an idea to install a plugin that moves the login screen URL to stop you getting locked out.
ljp is offline   Reply With Quote
Old 21-04-2017, 08:05   #668
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,135
Thanks: 444
Thanked 1,570 Times in 508 Posts
Quote:
Originally Posted by AdamBrunt View Post
Still getting the occasional site lockout notification ... Not sure if that is a good thing or not
The site lockout notification should also say why the lockout occurred - tried using 'admin' user, too many login attempts, etc.

On my sites, a bad login attempt is quite rare, so I've set iThemes to permanently ban any bad login after 3 attempts. People can use VPNs to get around IP blocking, but it stops the common bots.
iThemes also allows you to change the 'admin' user. Set up a new user and use that login as the administrator - the hacker has to guess the user as well as the password then. If your site has an 'admin' user, they just have to guess a password.

The default install of WP has default salt values. This means hashes of passwords of all WP websites are the same. iThemes allows you to quickly and easily change the salt values, meaning your hashes aren't the same as everyone elses. This greatly increases your security by magnitudes.
https://ithemes.com/2015/01/21/easil...curity-plugin/

I'd say the notifications are a good thing - always handy to know when your site is getting poked, so you can keep an eye on it.
Don't forget, someone else can get their email hacked, and if they're an admin on your site, your site then is wide open, regardless of what security measures you've got in place. Always good to keep an eye on your sites...

Last edited by Chris Locke; 21-04-2017 at 08:08.
Chris Locke is offline   Reply With Quote
Old 21-04-2017, 08:09   #669
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,135
Thanks: 444
Thanked 1,570 Times in 508 Posts
Just a note that Wordpress has been updated to 4.7.4, so if your sites have automatically updated (which some of mine have... while others are 'stuck' on older versions) just cast an eye over them to ensure the plugins/themes still work, and haven't broken.
Chris Locke is offline   Reply With Quote
Old 02-05-2017, 11:21   #670
driver8
eviscerate your memory
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 10,577
Thanks: 1,795
Thanked 2,044 Times in 863 Posts
Facebook Messenger for WordPress - Envato monthly freebie looks interesting.

Quote:
Based on Facebook Messenger, this plugin runs like an instant messaging system. After 2 mins setup, the blue badge of Facebook Messenger and the button Message Us on Facebook will appear on your pages.
driver8 is offline   Reply With Quote
Thanked 2 times by:
pico_uk (03-05-2017), Ste7en (02-05-2017)
Old 20-05-2017, 19:29   #671
pico_uk
Trusted User
 
Join Date: Oct 2004
Location: Northampton
Posts: 474
Thanks: 21
Thanked 2 Times in 2 Posts
Quote:
Originally Posted by driver8 View Post
I tried ManageWP some years ago, but found it more trouble (and expense) than it was worth. However, I've been running it for a few weeks now and it's much much better - I'd highly recommend to anyone with more than one website.

The biggest improvement is that it's now totally free for an unlimited number of sites for the basic set of features - update all themes and plugins centrally, view visitor stats, clear post revisions, scans for performance/vulnerabilities, and even a free monthly backup (alone, making it worth the effort).

It's a very user-friendly dashboard, and seems rock solid (no crashes, timeouts or errors so far). Recommended.
I've now started to use this more for my clients and looking at using the paid feature but can't seem to find an answer for a very simple question and just wondering if you or anyone had any idea.

The prices show as $/pcm for the pro features but is it possible to be charged in £? If in dollars only then I'm gonna be hit with additional fees etc.
pico_uk is offline   Reply With Quote
Old 22-05-2017, 11:48   #672
driver8
eviscerate your memory
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 10,577
Thanks: 1,795
Thanked 2,044 Times in 863 Posts
It's not unusual for US-based companies to only offer payment in US$, is it ? If you've looked, then it's probably not an option.

A few ideas -

- PayPal ?
- use a CC with good exchange rates (MSE), or a pre-loaded card, or Revolut.
- pay via Godaddy, although you may need to host (something) with them.
driver8 is offline   Reply With Quote
Old 22-05-2017, 18:17   #673
pico_uk
Trusted User
 
Join Date: Oct 2004
Location: Northampton
Posts: 474
Thanks: 21
Thanked 2 Times in 2 Posts
I managed to get hold of their sales department today and as expected they only bill US$.

Their only method of payment is via Stripe, I did think about the GoDaddy option as I have a few domains through them but all the above still applies despite the GoDaddy website mentioning GBP values.
pico_uk is offline   Reply With Quote
Old 09-06-2017, 10:31   #674
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,135
Thanks: 444
Thanked 1,570 Times in 508 Posts
Just a 'heads up' that Wordpress 4.8 has been released, so your site may or may not auto-update. Beware too of plugins that may or may not be compatible with this version.
UpdraftPlus is a good free plugin to backup both the files and plugins of your site, as well as the database.

Quote:
Today there is a new release of the core WordPress open source software, version 4.8 "Evans", named in honor of the great jazz pianist Bill Evans.

https://wordpress.org/news/2017/06/evans/

On the dashboard the news section now lets you know of meetups and WordCamps in your area, so you can get involved in your local community. There are several new widgets for images, video, audio, and the text widget now has visual editing, making editing sidebars much more accessible for non-coding folks and setting the path for our plans with the Gutenberg editor. There's a change to the visual WYSIWYG editor that's hard to describe but hopefully is a joy for you to experience.

Last edited by Chris Locke; 09-06-2017 at 10:32.
Chris Locke is offline   Reply With Quote
Old 29-06-2017, 10:34   #675
douglasb
Suedehead.
 
douglasb's Avatar
 
Join Date: Feb 2001
Location: Exiled in England
Posts: 10,979
Thanks: 144
Thanked 859 Times in 521 Posts
Should I be worried about Gutenberg?

I've had an email from the developers of my theme and it sounds pretty dramatic.

But then this seems OK:

https://kinsta.com/blog/gutenberg-wordpress-editor/

Seems to be the main issue - at the time of this article - is plug-in compatability?
douglasb is offline   Reply With Quote
Old 29-06-2017, 11:36   #676
driver8
eviscerate your memory
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 10,577
Thanks: 1,795
Thanked 2,044 Times in 863 Posts
If it does get forced on us in WP core, I imagine all the WP and theme authors will be working flat out to ensure compatibility. Might be particularly tricky for page builders ?

It seems a strange area to focus on, when there are many other frustrating areas of WP that actually need fixing; top of my head -
- plugins disappearing from the repository,
- insecure plugins still freely available,
- plugins adding their settings page and buttons anywhere they like,
- default image compression,
- so many unwanted blog features,
- lack of automated backups, especially at upgrade time.
driver8 is offline   Reply With Quote
Old 14-07-2017, 12:45   #677
driver8
eviscerate your memory
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 10,577
Thanks: 1,795
Thanked 2,044 Times in 863 Posts
Free for a week from Envato - despite the weird name,
it looks to be a decent theme from a creative team -

Seriously - Business Multi-Purpose WordPress Website Builder
driver8 is offline   Reply With Quote
Thanked once by:
Chris Locke (20-07-2017)
Old 14-08-2017, 15:00   #678
Psycho
Trusted User
 
Psycho's Avatar
 
Join Date: Jul 2002
Location: Croydon, London
Posts: 10,155
Thanks: 814
Thanked 159 Times in 95 Posts
I was just wondering if I should be looking to move any WordPress websites that I have to https?

If so, is that an easy thing to do?

Thanks,

Psycho
__________________
Graphic Design Website: www.ph-design.co.uk
Twitter: @pHdesign2011
eBay Auctions: Nothing at the moment
Trader Feedback: Trader Feedback Thread
Psycho is offline   Reply With Quote
Old 14-08-2017, 15:34   #679
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,135
Thanks: 444
Thanked 1,570 Times in 508 Posts
This link may be useful.
https://designmodo.com/wordpress-https/

HTTPS sites will (eventually) have greater SEO-ness (??!) than non-HTTPS. Guess it depends on whether you're fighting for that #1 position...

Last edited by Chris Locke; 14-08-2017 at 15:36.
Chris Locke is offline   Reply With Quote
Thanked once by:
Psycho (14-08-2017)
Old 14-08-2017, 16:06   #680
Psycho
Trusted User
 
Psycho's Avatar
 
Join Date: Jul 2002
Location: Croydon, London
Posts: 10,155
Thanks: 814
Thanked 159 Times in 95 Posts
Thanks!

I'll probably leave things as they are for now but will have a read up on it.

Psycho
__________________
Graphic Design Website: www.ph-design.co.uk
Twitter: @pHdesign2011
eBay Auctions: Nothing at the moment
Trader Feedback: Trader Feedback Thread
Psycho is offline   Reply With Quote
Reply

Bookmarks

Tags
plugins, themes, Web Design, Wordpress

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Links not working in wordpress???? Guest 48579 Computing Forum 2 28-08-2006 04:41
How to build a website which allows others to build a site ? KeyserSoze Computing Forum 18 08-10-2005 23:14
Wanting to build a website Guest 16622 Computing Forum 8 13-07-2004 18:25

All times are GMT. The time now is 12:50.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Copyright ©2000 - 2018 Poisonous Monkey Ltd. Part of The Digital Fix Network