Let’s Encrypt, the free and open certificate authority that launched in 2016, has issued more than 100 million certificates as of June 2017 and is currently securing 47 million domains. Earlier this year, the web passed a major milestone of getting more than 50% of traffic encrypted. Let’s Encrypt has been a major contributor to that percentage growing to nearly 58%.
Category: Security
Adding Free SSL Certificates to WordPress with Let’s Encrypt
An SSL certificate encrypts the connection between your site and your visitors’ browser so hackers can’t steal personal information. SSL certificates can be cumbersome to install and can be expensive, but this situation is changing.
Let’s Encrypt is a new open source certificate authority that is backed by top companies including Automattic (the force behind WordPress), Facebook, Mozilla, Chrome, Cisco, and Sucuri. The aim of the project is to make installing SSL certificates automated and free for everyone.
wpmudev has everything you need to know about Let’s Encrypt SSL certificates and how to use them with WordPress right here.
Better understanding of the Target breach through Credit Card anatomy
Adrian Sanabria of 451 Security posted a detailed explanation of two different security codes for a credit card: one that we are asked for when paying online or over the phone (card-not-present transactions) and another that is used when the card is actually swiped (card-present transactions). The card-not-present security code is printed on the card; the other one is stored in the card’s magnetic strip.
This is a confusing topic because different terms for both security codes are used interchangeably by merchants, payment service providers, and even card brands themselves. The most resent example of confusion was Target.
It is a somewhat lengthy read but well worth your time: Better understanding of the Target breach through Credit Card anatomy
Adrian not only explains which is which but also provides several examples of both types of security codes for several different payment cards. Those examples show that the two always have different values used for different purposes.
How to Block Bots from Seeing your Website
Jim Walker (The Hack Repair Guy) offers something very valuable to prevent a possibility of a hack: a comprehensive list of bad bots. With a simple directive in the .htaccess file you can hide your site from all bots in the list or edit the list to suite your preferences.
The “bad bots” name is not exactly accurate as it also includes bots that belong to legitimate organizations like McAfee, Mozilla, etc., so it pays to go through the list and removing anything you do not agree with. Alternatively, you may want to add your own items to the list if you identify a new attacker from your access logs; Jim shows you how to do that. But for the majority of us, the list is great as it is.
My favorite security plugin for WordPress, Better WP Security, allows to activate Jim’s bad bot list under Ban Users > Enable Default Banned List. So if your web site is powered by WordPress, it’s even easier to repel bad (and any unwanted) bots.
Cleaning Up Your WordPress Site with the Free Sucuri Plugin
Sucuri who are famous for their great security services came up with a Free WordPress plugin to help with cleaning up a hacked WordPress-powered web site:
Cleaning Up Your WordPress Site with the Free Sucuri Plugin
The plugin may not help mitigate consequences of every hack, but it offers a set of steps that are likely to show you where the problem is. It starts with the Sucuri’s free remote scanner, SiteCheck, and ends with resetting passwords and security keys and offers advise on further hardening your WordPress installation.
Five Easy Pieces of Online Identity
Interesting writing on forming and managing an online identity: Five Easy Pieces of Online Identity
Introduction to Website Parasites
What do parasitic organisms and hackers have in common? They both benefit from their host and harm the host in the process. Learn to recognize parasitic activities and keep your web site healthy and safe.
Exploit-Me
Exploit-Me is a suite of Firefox add-on created to test web applications for Cross-Site Scripting (XSS), SQL injection, and access vulnerabilities. All three add-ons in this suite (XSS-Me, SQL Exploit-Me, and Access-Me) are open source.