What Does WordPress, iThemes, Goodwill, Home Depot, and Target Have in Common? Your Identity and Security.

We received a new credit card in the mail today to replace our old one AGAIN. An “unsuccessful attempt” to access our secure security data happened and this is a precaution the bank is taking to protect us. I have no other information so I’m left wondering. Yesterday I received an email supposedly from Home […]

Update to WordPress 3.6.1 Now

It is upgrade time again. Time to upgrade your WordPress. WordPress 3.6.1 Maintenance and Security Release was announced today. It includes fixes to WordPress 3.6 and some security issues, so this is a mandatory update. WordPress.com users are automatically updated, as are all those on managed WordPress hosting like WP Engine. This update applies to […]

The Brute-Force Password Attack on WordPress Sites

My mother emailed me and asked if WordPress was under attack. With all the news of last week’s attack of the Boston Marathon, the attacks on WordPress and other PHP-based web publishing sites was low on the priority list for myself and others, but this is something to take seriously. As we get back to […]

Update WordPress Now: WordPress 3.4.2 Released

WordPress 3.4.2 Maintenance and Security Release arrived today, and it’s time to update. This is both a maintenance and security release, therefore it is mandatory, not optional. Recently, I wrote about keeping WordPress updated for security reasons, and I’m singing the same song again. Don’t wait. Don’t hesitate. Use the automatic, one-click update feature. In […]

Update WordPress Now: Reuters Hacked

It is an old song. I’ve sung it for years. UPDATE WORDPRESS NOW! Reuters was hacked recently and many blame WordPress, though most honest reporters are quick to state that it is the webmaster/site owners fault for not updating. Seems they were running a version from over a year ago. According to PC Magazine’s Security […]

Defying Brute Force Attacks on WordPress Logins

Sucuri, the web security specialists, published “Brute force attacks against WordPress sites,” an in depth look at not just the importance of a strong password but the brute force nature and anatomy of login and registration access attacks. There is a technique known as brute-force attack. Like the name implies, access is gained to your […]

Is Your WordPress Blog at Risk from the Epsilon Email Theft?

I’ve just published news and tips on how to respond to the recent announcement and news about the Epsilon email theft on WordCast, “Epsilon Email Lists Breached: How to Protect Yourself.” I’ve included a list of the companies involved and tips on how to identify email phishing scams, deal and respond to them, and advice […]

Update WordPress Now: WordPress 3.0.4

The last month has seen two WordPress mandatory security releases, and today, WordPress 3.0.4 brings another mandatory update. To update, log in as the Administrator and click the update notification for one-click updates to your WordPress blog. WordPress.com blogs are automatically updated. In writing up “Mandatory Security Update: WordPress 3.0.4 Released for WordCast, I stumbled […]

Malware Found in WordPress Theme – Protect Yourself Now

I’ve just published “WordPress Theme Malware Prevention and Protection on WordCast, covering the recent WordPress Theme dissection of malware by Otto. The article sums up his revealing analysis of how a Theme malware code integrates itself into your site, even down to the server level, through a twisting path of imaginative code. The code reminds […]

Firewalling and Hack Proofing Your WordPress Blog

Blog Security is one of the top security blogs out there keeping an eye on all things blog security and WordPress. They’ve just released two great articles WordPress fans need to check out. First is news of a video and blog post by Guvnr called “10 Tips to Make WordPress Hack Proof. The effort involved […]