Unfortunately missed the March Manchester WordPress User Group, due to #McrFRED being held at the same time, fortunately this time it wasn't the case and I was able to attend.
Here's the low down…
Starting topic, The WordPress Bot Net Attack…
Mike does a great job at explaining what it's all about, how to protect yourself from it and make your site more secure.
It was / is a distributed attack on a lot of sites around the world.
The same attacks are targeting Joomla and others as well, not just WordPress.
The scripts are generally trying to crack your passwords using 'admin' as a username. Firstly using dictionary words, then any combination of letters / characters.
There are plugins that can help such as: https://wordpress.org/extend/plugins/limit-login-attempts/installation/
These can limit login attempts, bar people for 20 minutes via IP and if they get 3 bars in a row, bar time will increase.
However… the recent attackers have 90,000+ zombie PCs, with different IPs, so unfortunately in this instance limiting login attempts won't work.
The answer? Use strong passwords.
https://grc.com This guy originally created SpinRite to fix HardDrives 'back in the day' and is an expert when it comes to security.
On his site, there's a 'GRC's Interactive Brute Force Password “Search Space” Calculator'. It can calculate the expected time that it will take to crack a password. Pretty nifty. https://www.grc.com/haystack.htm
There's a few password generators and saver apps out there, Mike recommends Last Pass: https://lastpass.com
Personally I use Wallet, there's others out there as well, doing a similar job: http://www.acrylicapps.com/wallet/
Also, Google Authenticator can help out, creating 2 factor authentication and can send txt messages to aid authentication: https://wordpress.org/extend/plugins/google-authenticator/
Yubico is another good step to ensure security and will let you take things a step further giving you a 'One Time Password' via a USB stick acting as a keyboard, you can find out more here: https://www.yubico.com/products/yubikey-hardware/yubikey/
Mike gets technical and explains how to exclude a category / categories in WordPress:
Many posts suggest modifying the 'loop', however this is bad practice as 4 queries, will be called; count, post, meta and terms, so then if you run 'get_posts', it will then need to re-query.
Mike suggests a better way and adds code to the 'functions.php' running much earlier on in the query process and because he's awesome, he kindly posted up the code here: https://z1.tl/cats
He also wrote some code, that looks cool and previously I've used a plugin to do this allowing users to access certain aspects of the site, and, again, because he's awesome, he put the code online: https://z1.tl/11n
Wrapping up there's the 10 Year WordPress Anniversary Meetup in Manchester, looks like there's two, so might be an idea to join forces?
Also 'WordPress Wonderfulness' which I believe is taking place in the middle of July at Lancaster Uni:
/wiki.wpuk.org/Main_Page#WordCamp_Lancaster_UK_2013 (no longer online)
Finishing up, I mentioned to Mike that I've moved away from WordPress to Octopress and how I love Markdown so much. He mentioned that he actually wrote a lot of early WordPress stuff in Markdown and BBcode something I hadn't heard of before and uses: http://markedapp.com/
We both agreed that writing that stuff is awesome, but try giving that to the average client to update :stuck_out_tongue_closed_eyes:.
Awesome, super chap, cheers!
Like this post? Hire Me!