WordPress 3.6.1 Maintenance and Security Release

wordpress-3-6-1

WordPress have released a new version of their PHP blogging framwork, Spetember 11, 2013, which contains important

maintenance and security updates. Host Byte recommends that whether you’re hosting with us or not, take the time to update your version of wordpress and avoid the dangers of hacking. Read on for more information about the release

Specifically the new release these security concers:

Block unsafe PHP unserialization that could occure in limited situations and setups, which can lead to remote code execution.
Prevent a user with an Author role, using a specially crafted request, from being able to create a post ‘written by’ another user.
Fix insufficient input validation that could result in redirectin or leading a user to another website.
Adjusted security restrication around file upload to mitigate the potential for cross-site scripting.

For more information on the changes, see the release note or consult the list of changes.

Simple Tips To Secure Your WordPress Blog/Website

With the growing hacking attempts, here goes some simple but useful tips to secure your WordPress blog /sites.

Tip 1 : Don’t use ADMIN as the user name

Use a completely random username with the administrative rights. If you are using admin as the username for the administrator login then you are just giving the main entrance key to the hacker.

Tip 2 : Use Strong Password

Make it complex. Use the combination of upper case & lowercase letters, numbers along with special characters. The weak passwords can be easily cracked by the “Brute Force” attack. Change your passwords often.  Don’t use simple passwords like password, 123456, 12345678, abc123, qwerty, etc.

Tip 3 : Plugin Management

Update all active plugins and delete all inactive ones.  Click on Plugins >> Installed Plugins and click on update automatically to update a particular plugin.  The updated versions of the plugins are just not bug free but they are also more secured.

Tip 4 : Backup Your Data Regularly

Remember your WordPress blog database possess your hard work in the form of post, comments & likes. Perform a daily or weekly backup of your blog/website so that you can restore your blog/website.

Tip 5 : Upgrade to Latest WordPress version

Right now, the latest stable WordPress Version is WordPress (Version 3.4.2). Just check out whether you have updated it or not.  You must be asking why to update when everything is running fine? The WordPress development team keeps coming up with changes and upgrades to fix various security holes, so with an updated version your website/blog become more secure.

Enjoy Blogging!!

8 Ways to Safeguard your WordPress Blog from Hackers

You’ve treated your blog like your baby and nurtured it, complete with pictures and proofread everything you’ve written. You might have an average of 300 posts until date and you’ve invested so much time and sweat in making them perfect.

You also have a decent follower base (100+ followers) and a massive number of comments, at least 5000+ good comments by good people who truly appreciate what you blog about.

The above scenario is an absolute delight, until THIS happened!

We can totally relate to this (not that it’s ever happened to us, touchwood) and to see this happen to your very own blog is a nightmare.

But fear not! We’re here with a set of tips that’ll help you keep your WordPress blog safe and secure :)

1. Take a Back-Up!!

Your WordPress database contains every post, every comment and every link you have on your blog. If your database gets erased or corrupted, you stand to lose everything you have written. There are many reasons why this could happen and not all are things you can control. With a proper backup of your WordPress database and files, you can quickly restore things back to normal.

2. Do you have the latest WordPress Version?

You should always make sure that your blog’s version is up to date. WordPress team creates patches to help fix security holes. Follow wordpress feed to find out about the latest updates or you could simply login to your admin.

3. Delete “Admin” User

Just to make hackers work harder, bin this. Create a new user with administration rights, and give the user a nickname (for public display) that is not the same as the username. Then log out, log back in as the new user, and delete the original “admin” user.

4. Install WP Security Scan

This plugin is the really awesome. It’s simple and automates stuff. It will scan your wordpress blog for vulnerabilities and inform you if it finds any malicious codes etc. If the texts are in green in the admin panel then you should be good.

5. Scan Every Theme and Plugin You Want to Install

This is especially important if you download your themes and plugins from other websites online, or if you’re using cracked plugins and themes. You never know when a sleazy programmer will put a little code in your theme or plugin, or when that cracked software you’re downloading will be virus infected.

Don‘t just wait to get hacked before you realize this, so make sure you scan every theme and plugin you want to install on a regular basis; scan them with your own antivirus before you install them.

6. Create a .htaccess File in “wp-admin/”

.htaccess (hypertext access) is the default name of directory-level configuration files that allow for decentralized management of configuration when placed inside the web tree. .htaccess files are often used to specify the security restrictions for the particular directory.

Open a new text file and paste this –

preg_replace(‘/<\/?p( [^>]*)?>[ ]*/’, ‘ ‘, preg_replace(‘/

[ ]*/’, ‘ ‘, ‘

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

# END WordPress

‘))

Save the file as .htaccess and upload it to your “wp-admin/” folder, i.e., to http://myblog.com/wp-admin/

7. Hide Your Plugins

If you’re not sure whether they’re hidden or not, navigate to http://myblog.com/wp-content/plugins. If you see a 404 error page, they’re hidden. Otherwise, you’ll see them listed.

8. Install Plugin that Monitors Your Files and Notify You of Changes Immediately

You can also tell your hosting provider to help you configure your server to notify you in case there is any change in any of your files at any time, or you can look for a plugin that makes this easy.

A lot of little changes happen to our blog every day, but the reality is that some of them shouldn’t be. It is important for you to make sure you don’t come to know about any of these changes lately, so make sure you regularly monitor your sever and wordpress installation for any changes.

That’s it. Your blog is more secure, and way less hackable. Go make content!