We all understand the Internet to be a useful resource. I have a difficult time remembering what I did before I had an Internet connection. You can pay your bills, shop from home, check your bank account’s, and much more. The bad news is that the Internet also poses some very real and dangerous risks.

You can become a victim of identity theft. If you are unprotected, your credit cards, personal or corporate identity, and your bank account(s) could be at risk. Knowing how to protect yourself on the web is important in preventing your online identity from being at risk. If you want to surf the web with peace of mind and have more privacy, anonymous web surfing is something worth considering.

Siam Communication (SiamComm) has launched our first Offshore Privacy Service – Virtual Private Network (VPN) Service.

What is a VPN Service?

A VPN service provides a tunnel connection, via an Internet connection, from your computer to a server in another location. This location could be in another city, state, province or country. All requests for Internet services (websites, email, VoIP, etc.) are routed through this tunnel to the target server. The server then makes the request to the necessary service provider.

VPNs provide a secure an anonymous method for accessing services on the Internet. Every time you make a request, your IP address is available for anyone to determine your location. With a VPN service, your location is protected because the IP address being transmitted belongs to the server.

A VPN server is also configured to protect those that want to try and connect to your computer to steal personal data. Because the IP address belongs to the server, and not to your computer, hackers cannot gain access to your personal computer. The VPN server also contains a firewall that does not allow rogue or suspicious traffic past the server.

The SiamComm VPN Service is available from anywhere in the world with connections to 15 countries for secure and protected Internet access.

We will soon be launching additional services that will also protect your identity and:

• Encrypt your email
• Provide email from an offshore server
• Transfer and Store Files Securely
• Access servers using Secure Shell (SSHv2)

All of our services are simple to setup and use. You do not need to be a geek to understand how to make use of them. Our services also work on many computer platforms and operating systems such as Windows 2000, XP, Vista, Windows 7, Mac OS X and Linux.

If you are looking for protection and anonymity on the Internet, come by and have a look at SiamComm Privacy Services.

Related posts:

1. Domain Name Registration and Management

Related posts brought to you by Yet Another Related Posts Plugin.

Earlier this month, Google announced that they will be expanding the features of the Webmaster Tools portal to include notifications for sites using CMS (content management systems). One of the first groups of web sites that will be notified will be those WordPress Blogs running version 2.1.1, which is known to have several exploits.

The first things this should awaken in most of use is the realization that your website tools and services need to be kept up to date. The latest version of WordPress at this writing is 2.6.3.

The CMS Wire expanded upon this topic, noting that the folks at Movable Type have taken this opportunity to highlight the fact that their system is more secure than the WordPress system.

Related posts:

1. WordPress Security: Keeping your Blog Secure
2. SEO Analysis Tool: Beta Launch
3. Have iPhone, will Blog

Related posts brought to you by Yet Another Related Posts Plugin.

A friend of mine recently sent me a post about a recent WordPress attack on those who host their own blogs. Fortunately, my blog came up clean on the blog cache scanner link pointed out on one of the linking blog posts. But the post highlighted a need to identify methods that need to be implemented by blog owners to help them stay on top of potential threats.

I must say that it still amazes me how, in an environment such as the Internet that allows for so much productive creativity, there are still individuals that insist on putting a huge efforts into destroying the work of others. Just imagine what a better place the Internet might be if that same energy was put to a more productive use.

That said, let’s review some easy steps to keeping your blog secure.

WordPress modifications

Modify the META tag for the WordPress version
With each version of WordPress, hackers make an attempt to find a problem with that version that will help them exploit the blog and possibly destroy it’s contents. Many hackers use a method of searching blogs and determining the version number. If the blog has not been updated to the latest version, they know exactly what hacks they can throw at the blog to break in. A large number of WordPress themes have the WordPress Meta Tag that show the version of WordPress that is running on your blog which is an easy way to get your blog prone to hackers. This tag is in the header.php file that displays your current version of WordPress.

<meta content="WordPress <?php bloginfo(’version’); ? />" name="generator" />

or, if you have the latest version

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /><!-- leave this for stats -->

It is recommended that this line be completely removed.

Recommended plug-ins

Activate the Akismet plugin
Just as spam is a very large problem with email, spam comments are just as big an issues for blogs. This plugin comes packaged with most WordPress installs and should be activated immediately. Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.

WordPress Automatic Upgrade
Keeping your WordPress version up to date is critical to staying on top of hacker attacks. The WordPress team have usually been very quick to fix a vulnerability once it has been identified. WordPress Automatic Upgrade allows a user to automatically upgrade their WordPress installation to the latest version provided by WordPress.org using the 5 steps provided in the WordPress Upgrade instructions. This plugin will even backup your database tables prior to the upgrade and provide the option to download them to your local computer.

WP_DB_Backup
In the event that someone does break into your blog, it is comforting to know that you had the fore sight to backup all of those valuable posts before it was destroyed. All of your WordPress database tables should be backed up on a regular basis. WP-DB-Backup allows you easily to backup your core WordPress database tables manually or on a scheduled basis. You may also backup other tables, not related to the core WordPress install, in the same database.

WP-DBManager
We really like this plugin as it has many more features than any other database plugin we have seen. But this can be a down side to this plugin as well due to the power that some of the features have over your database. This plugin manages your WordPress database allowing you to optimize the database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up and optimizing of database.

WP Security Scan
Sometimes a vulnerability can not be easily detected, as pointed out in the post referenced at the beginning of this post. So a tool that you can refer to , that will check the integrity of your blog is always a helpful item to have in your arsenal. This plugin scans your WordPress installation for security vulnerabilities and suggests corrective actions. It examines the strength of your passwords, file permissions, database security, version hiding and WordPress admin protection/security.

AskApache Password Protect
Adding additinal password protection to critical areas of your blog will certainly discourage hackers. This plugin doesn’t control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.

Login Lockdown
Sometime, hackers will use a ‘bruteforce’ method of attacking a site by have an automated program continue to try and login to your Administration panel. Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

WordPress Scanner
This is another security scanner that requires a plugin to be installed, but is then processed through an external site to determine any vulnerabilities. It is still a work in progress and the developer has made a call to security professionals to enhances its features. We have not yet tried this method and recommend proceeding with some caution if you are a beginner.

Recommended Server preparations

Control what is Indexed
One method is to block WP- folders from being indexed by search engines by adding an entry in your robots.txt file. While this will not discourage all bots, it will prevent your critical files from being indexed in popular search engines. Add the following line to your robots.txt file:

Disallow: /wp-*

Do not allow Directories to be Browsed Publicly
To test this, go to the following web address (http://yourblogurl.com/wp-content/themes/) replacing the ‘yourblogurl.com’ with the website address of your blog. If a list of directories is displayed of the themes you have installed, this means everyone can see this and you need to make a slight change to protect this directory.

Secure your directories by adding a blank index.html file to important directories such as:
/wp-admin
/wp-admin/includes
/wp-content
/wp-content/themes
/wp-content/plugins

Be careful with this one though. In /wp-admin the default file name is index.php, but depending upon you server configuration, your system may look for index.html before index.php. If so, adding an index.html file to the/wp-admin directory could result in a blank page when you access your admin area without a file name ( http://yourblogurl.com/wp-admin ). If that is the case, simply add the index.php file name to the end of the URL ( http://yourblogurl.com/wp-admin/index.php ) when you access your admin control panel.

Limit access to the WP-ADMIN folder
This solution is to restrict access to the folder to only specific IP addresses using a .htaccess file. I recommend this for the more advanced user and should only be used if you know for a fact that you have a static IP address. Otherwise, you risk locking yourself out of your own WP-ADMIN folder. Most users will probably have a dynamic IP address that changes frequently, so this modification may not be suitable.

Recommended Web Sites

WordPress Security Whitepaper
The BlogSecurity website publishes a WordPress Security Whitepaper online and keeps this fairly up to date. They are due out for another update soon, but the methods stated are sound and helpful. The comments are a helpful guide as well.

WordPress Blog
The developers blog at WordPress is fairly quick at announcing and addressing potential threats relating to their platform. Subscribing to their blog is a good way to make sure you are up to date on the latest developments.

References

Noupe Blog – Security Tips and Tricks
Has your Website been Hacked
WordPress users – Watch Out!
WordPress Tip – Remove the Version code

Related posts:

1. WordPress Security: Google to launch new tool
2. WordPress: Sticky Posts
3. Have iPhone, will Blog

Related posts brought to you by Yet Another Related Posts Plugin.