Tag Archives: Wordpress

WordFence to the Rescue!

Over the weekend, I added WordFence security to the site. WordFence is a free (with premium option) service that provides backend security and monitors a WordPress site and prevents all sorts of bad things from happening. It has a slew of options and services that can be configured in any way a user would like, providing some peace of mind.

As you can see, the services and options it provides are many:

WordFence options

WordFence options

It has, for example, a firewall that prevents unwanted actors from gaining access to your site, however as with any good firewall you can whitelist sites or block sites as you see fit. It also claims it learns as time goes on, however I’m not able to test that at this time.

WordFence firewall

WordFence firewall

I’ve had this site for several years now, so as you can imagine with all the posts and photos and links there are a lot of potential hazards, and the service did a complete scan to be sure everything was on the up and up. It found a potentially malicious link in one of my posts from two years ago, and although the link was simply giving credit for a header image and not actually malware, I deleted it anyway. It scans everything for malware, the aforementioned malicious links, and any other problems and ranks what it finds in terms of its severity. I’m glad to say this site, to paraphrase Tangina Barrows, is clean.

Clean!

Clean!

There are many, many, many options. This kind of thing can often result in a performance deficit, although I haven’t noticed any slowdown at all. On a curious side note, I was asked to download my .htaccess file before WordFence scanned my site and implemented itself which I thought was strange. If you’re not familiar, .htaccess is an Apache-specific file placed in a directory of a website that specifies some site functionality, such as redirects or even password access without having to modify the server settings; WordPress itself states that it “uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof,” and .htaccess functionality cascades to all subdirectories (it can be overridden with another .htaccess file in a subdirectory, but that’s for another post). Why they wanted me to download that they never specified, but I did and ended up not needing to worry.

Another interesting thing about the .htaccess file is that it has been around FOREVER!

So with that sidetrack out of the way, the site is now more secure than ever, WordFence is running in real time, and I’ve already received some emails telling me about the login attempts they’ve blocked (from both Germany and France – I’m worldwide!) and how smoothly my site is running. I’m very happy with it so far. If you have a site and are interested, it’s very easy to install and can be done from the ‘install plugins’ section of the WordPress backend.

Nice try, but I have WordFence!

Nice try, but I have WordFence!

A post from the new phone

Just a couple of posts ago I wrote about how I  was feeling rather melancholy over having finally given up my beloved Windows phone, which I have used for many years and did so with pride. It had served me well, and I actually am still using it for some of its offline functions, but I broke down and finally jumped ship to the Android-powered Galaxy Note 5.

Why am I telling you this if I already told you a couple of posts ago? Along with the vastly improved selection of apps (confession: I’ve been playing Pinball Arcade – almost perfect recreations of actual pinball machines.  Don’t miss out!), I discovered a WordPress app that lets me post from my phone. I can’t imagine I’ll be doing that a lot, but I figured I may as well give it a try. Incidentally, those links should link to the Google Play store which was a test of this platform and my ability to use it, but depending on how you’re reading this they may not work. So be forewarned!

This WordPress site is clean

And we don’t have analog TVs anymore, so that’s a plus considering we don’t want a visit from the ‘TV People‘ (If you’re not a fan of the scary, I’d be careful with that link).

Anyway, I noticed through the Ars Technica feed there on the right hand side of the page that researchers in Finland had discovered a bug in WordPress 3’s comment system that could allow someone to include malicious JavaScript code in a comment, providing the attacker with all kinds of fun things to do. As the article states, by using this code, someone could create a new administrator account with a new password, change the old password locking the old administrator out, and have complete control of the site to do anything they want, including attack visitors and commenters.

It’s exceptionally similar to the way an SQL Injection attack works (remember SQL?), which we’ll talk about in class, except instead of trying to get a database to fess up its contents it attempts to wrest administrator control from the actual site administrator. We need JavaScript, though – how can we get ants to chase our cursor without it?

Luckily for us, this site runs on WordPress version 4.0.1, so we’re not at risk of this vulnerability. I just wanted to make this short post in case anyone saw that and had concerns, which I suspect was exactly zero of you. Continue on, people!

Major update to WordPress

Over the last week we’ve talked a lot about WordPress, the Content Management System (CMS) that I use to manage this website and all it does. It’s much better than the Blogger website I used to have for the class, and although it’s functionality is exceptional there were always little nagging things that would get on my nerves. This included menu bars that would scroll off the page when writing posts, difficulty embedding videos, and intermittent support for shortcodes to name a few. You can see a screenshot of what the backend looks like below, taken while I was writing this very post!

This is how it looks from my end

This is how it looks from my end

This morning, however, as I was doing some standard maintenance, I received a notification that the entire WordPress platform was ready to be upgraded to version 4, and apparently would fix all the issues that I mentioned above, as well as a slew of others. No more toolbars scrolling off the screen, no more excessive configuring of embedded videos, no more troublesome media management.

I upgraded and gave the new version a test run, and…nothing changed. The media libraries function exactly the same, the toolbars still scroll off the page, and I still have to dig into the HTML of the page to embed videos. After some investigation, it appears that the update didn’t apply for some reason, and I am still looking in to it. It works on a locally hosted version of the site (one running on a PC I have at home for testing purposes) and it works on the old site for this class hosted over at WordPress, but not this one.

(UPDATE: I was contacted by GoDaddy and they told me they are propagating the update through their system and it should go live in the next 24 hours. That seems like a long time to me, but we’ll see how it goes. It still isn’t showing, but for now I will give them the benefit of the doubt.)

On the other hand, if you are thinking about setting up a blog of your own and experimenting with the platform, you’ll get the new features and that will make the overall experience much less daunting and easier to learn, so I would absolutely still recommend doing it if you’ve thought about it. Anyone who has registered at WordPress.com (which should be all of you) can set up a blog over there, and it’s a good introduction to the process. Remember, even huge, global companies use it on or with their websites, plus it’s a good way to share any interests you have with others while having some control over the content.

Here’s the video announcing the new features (which I had to embed using straight HTML, of course, including manually specifying the dimensions).