Good Afternoon!!!!

My name isJohn Parkinson

I live in Eastern OhioIT Manager for engineering firm

25 computersAll levels of usersNetworkingRepairUpgradeTrainingProgramming (a little)

Jack of all tradesMaster of none!

Twitter - @jwparkinson

jwparky@gmail.com

wpknut.com

Please leave feedback!!!

@jwparkinson

#wccbus

Or use hashtag

#tallguywith

grayhairandglassesandapotbelly

WordPress user for 5 years

I am a ‘user’ not an expert!

Personal, work and a club websites. Also, helped setup 2 other websites for Belmont County 911 center and

Belmont County Emergency Management Agency (EMA).

WordCamps in Ohio

How many WordPress beginners?

Dealing WithLockout

What is a Lockout?

A Lockout happens when a user tries to access a website with an incorrect username or password.

After multiple unsuccessful attempts, a user is Locked Out.

Brute Force Attack

In a brute-force attack, the attacker, or BOT, tries to enter a system by trying out a series of username/password combinations to gain access.

Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin.' They are, in short, an attack on the weakest link in any website's security:

You!Or in this case……ME!!!!

Reverse brute-force attackIn a reverse brute-force attack, a single (usually common) password is tested against multiple usernames or encrypted files. The process may be repeated for a select few passwords. In such a strategy, the attacker is generally not targeting a specific user. Reverse brute-force attacks can be mitigated by establishing a password policy that disallows common passwords.

Not to be confused with aDenial of Service – DoS - attack

A method of attack which involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.

In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

http://list25.com/25-biggest-cyber-attacks-in-history/1/

WordPress.org has2,300 Security Plugins

in the Repository

Security Plugins will limit the number of login attempts and notify the

website owner of a lockout.

All of the Security Pluginsin the world won’t do

you any goodif…….

LookFamiliar?

Login to theDashboard – User – Your Profile

And hereIt is!

The Fix

Logon to your website host.

Go to File Manager

Go to wp-content/plugins folder

Rename Folder

This disables security plugin

Open new tab then

Login to website and add new user with administrator privleges.

Log out and then login using new username & password.

Delete old username

Go back to File Managerand change the name

of the security plugin backto original.

Correct Practice

Have root access to your cPanel.

Two users with admin privileges on your WordPress website.

A user for adding content only.

Use good password practices

No Dictionary Words, Proper Nouns, or Foreign WordsNo Personal InformationA strong, effective password requires a necessary degree of complexity.• uppercase letters such as A, B, C;• lowercase letters such as a, b,c;• numerals such as 1, 2, 3;• special characters such as $, ?, &; and• alt characters such as µ, £, Æ.

Password Generators

https://www.grc.com/passwords.htm

https://identitysafe.norton.com/password-generator

http://www.whatsmyip.org/random-password-generator/

Questionsor

comments

WordPress TV

2,300 videos from WordCamps all over the world!

Typical WordCamp

• Let’s say 3 to 4 Tracks• And 3 sessions each in the morning and

afternoon• Videos are initially edited by WordCamp

volunteers• 24 presentation videos to be sent (uploaded)

to WordPress TV

WordPress TV Moderators

• Speaker name• WordCamp location• Check for sound and video quality• Speakers slides• Presentation description• Schedule for publication (usually 3 or 4 a day)

The End

Make sure to thankthe organizers, sponsors

and volunteers

Slides can be found at:

http://www.slideshare.net/slideshow/embed_code/34150560

Or type ‘jwparky’ in search box and then ‘user’

Thanks for suffering sitting throughmy presentation.

Please leave feedback!!

Enjoy the rest of the sessions!John