2014 wordcamp columbus - dealing with a lockout
DESCRIPTION
2014 WordCamp Columbus - Dealing with a lockoutTRANSCRIPT
Good Afternoon!!!!
My name isJohn Parkinson
I live in Eastern OhioIT Manager for engineering firm
25 computersAll levels of usersNetworkingRepairUpgradeTrainingProgramming (a little)
Jack of all tradesMaster of none!
Please leave feedback!!!
@jwparkinson
#wccbus
Or use hashtag
#tallguywith
grayhairandglassesandapotbelly
WordPress user for 5 years
I am a ‘user’ not an expert!
Personal, work and a club websites. Also, helped setup 2 other websites for Belmont County 911 center and
Belmont County Emergency Management Agency (EMA).
WordCamps in Ohio
How many WordPress beginners?
Dealing WithLockout
What is a Lockout?
A Lockout happens when a user tries to access a website with an incorrect username or password.
After multiple unsuccessful attempts, a user is Locked Out.
Brute Force Attack
In a brute-force attack, the attacker, or BOT, tries to enter a system by trying out a series of username/password combinations to gain access.
Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin.' They are, in short, an attack on the weakest link in any website's security:
You!Or in this case……ME!!!!
Reverse brute-force attackIn a reverse brute-force attack, a single (usually common) password is tested against multiple usernames or encrypted files. The process may be repeated for a select few passwords. In such a strategy, the attacker is generally not targeting a specific user. Reverse brute-force attacks can be mitigated by establishing a password policy that disallows common passwords.
Not to be confused with aDenial of Service – DoS - attack
A method of attack which involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.
In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
http://list25.com/25-biggest-cyber-attacks-in-history/1/
WordPress.org has2,300 Security Plugins
in the Repository
Security Plugins will limit the number of login attempts and notify the
website owner of a lockout.
All of the Security Pluginsin the world won’t do
you any goodif…….
LookFamiliar?
Login to theDashboard – User – Your Profile
And hereIt is!
The Fix
Logon to your website host.
Go to File Manager
Go to wp-content/plugins folder
Rename Folder
This disables security plugin
Open new tab then
Login to website and add new user with administrator privleges.
Log out and then login using new username & password.
Delete old username
Go back to File Managerand change the name
of the security plugin backto original.
Correct Practice
Have root access to your cPanel.
Two users with admin privileges on your WordPress website.
A user for adding content only.
Use good password practices
No Dictionary Words, Proper Nouns, or Foreign WordsNo Personal InformationA strong, effective password requires a necessary degree of complexity.• uppercase letters such as A, B, C;• lowercase letters such as a, b,c;• numerals such as 1, 2, 3;• special characters such as $, ?, &; and• alt characters such as µ, £, Æ.
Password Generators
https://www.grc.com/passwords.htm
https://identitysafe.norton.com/password-generator
http://www.whatsmyip.org/random-password-generator/
Questionsor
comments
WordPress TV
2,300 videos from WordCamps all over the world!
Typical WordCamp
• Let’s say 3 to 4 Tracks• And 3 sessions each in the morning and
afternoon• Videos are initially edited by WordCamp
volunteers• 24 presentation videos to be sent (uploaded)
to WordPress TV
WordPress TV Moderators
• Speaker name• WordCamp location• Check for sound and video quality• Speakers slides• Presentation description• Schedule for publication (usually 3 or 4 a day)
The End
Make sure to thankthe organizers, sponsors
and volunteers
Slides can be found at:
http://www.slideshare.net/slideshow/embed_code/34150560
Or type ‘jwparky’ in search box and then ‘user’
Thanks for suffering sitting throughmy presentation.
Please leave feedback!!
Enjoy the rest of the sessions!John