You are here: Home / Blog

WordPress Attacks – What they are and How you can deal with them

April 17, 2013 By

WordPress-AttackYou may have heard in mainstream media that there have recently been “attacks” against WordPress websites. These attacks have actually been going on for a while, but have significantly escalated over the last week or so.

The purpose of this post is to

  1. try and clarify the problem, by putting it in simple terms
  2. identify what impact it may have on your site
  3. offer some advice what you can do to try and protect your site

What is the problem ?

The simple explanation of what is happening is that many WordPress sites are  being subjected to a “Brute Force Attack” to try and find valid login details.  The sites affected seem primarily USA based sites, and there don’t seem to be significant issues (yet) on Australian based web servers.  The coordinated attack is running from 1,000s of different PCs, in different locations and with different IP Addresses .

Essentially the attack will try to login to your website using as many username and password combinations as possible in order to find a valid login. It’s as if someone was trying to guess the combination on a combination lock, but rather than being limited to a single guess every few seconds, they could make hundreds or thousands of guesses a second while never getting tired.

Details of this attack have been widely reported (do a Google search for “WordPress Attack”)

What might the impact be on your site?

There are two threats to your sites during this attack: a threat from the login attempts and a threat if a login is successful.

Attempted Logins

Each time WordPress handles a login attempt, your server’s resources are being used. If the attack starts to send numerous login attempts a second, your site’s performance can suffer.  This puts a load on the server and can impact on the performance of other sites also hosted on that server. As a worst case scenario the host provider may suspend your account.  The Australian based hosting service that In a day now uses is aware of this issue and has already taken steps to minimise disruption to your website.

Successfiul Login

If the attack is able to successfully “guess” the login to your site, then your entire site and server could be compromised. If the compromised account has an Administrator role,they could add new files, modify existing files, add additional users (in case the password of the compromised user is changed), inject malware into your site, or even turn your hosting account into a spam bot to extend the capabilities of this brute force attack..

What to do about it

We have outlined below some steps you can take to minimise the risk or at least lessen the impact of this type of attack.

Good Password

As a first step, we highly recommend you log into your WordPress site/s and change the password to something that meets the security requirements specified on the WordPress website.  These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).

DON’T use the admin username

We always recommend that you NOT use (or even create) the default admin username.

However if your login ID is admin (or if it even exists on your site – check this by going to the Users section on your dashboard). remove the username “admin” from the site. By far, this is the biggest vulnerability that is being exploited in this attack. So, if you have a user with a username of “admin” on your site, it needs to be either removed or renamed ASAP.

The easiest way to rename the user is to replace it with a new user. This can be done in the following sequence of steps:

  1. Create a new user with the same role as the “admin” user. This is typically the Administrator role. You may have to use a different email address when creating this user as each user must have a unique email address.
  2. Log out.
  3. Log in as the new user.
  4. Delete the “admin” user.
  5. When asked what to do with the posts and links owned by the “admin” user, select the “Attribute all posts and links to” option, choose the new user from the drop down list, and click “Confirm Deletion”.
  6. Once the user is removed, you can change the new user’s email address if a different one was used to create it.

Limit Logins

We suggest that you install and activate a plugin such as Limit Login Attempts plugin as it helps protect against brute force attacks. It protects the site by blocking login attempts by a specific IP once that IP has failed too many times in a row.  Note: because this particular brute force attack comes from many different IP addresses (possibly thousands) this will help but not prevent the problem entirely.

Filed Under: WordPress Tagged With: , ,

Don’t play the waiting game with YOUR website !!!

November 28, 2012 By

Despite a general acceptance of how important having an effective online presence, nearly half of Australian small businesses fail to launch their website within the 1st 6 months of operation, and 15% actually put it off until their second year of business.  Nearly a third (29%) of Australian SMEs don’t even have a website at all- indicating  a remarkably slow take-up of online by small business owners.

According to Snap who recently announced the results from their survey of more than 250 SME owner-managers on how small businesses are adopting online technologies – websites and online are rated as the second most important marketing channel – more important than marketing, PR and having a showroom or shop front.

There is also a growing interest in  “DIY Websites” among business owners,  with nearly a third (30%) choosing to create and manage their own websites.

More than two thirds of the survey respondents have chosen to have some involvement in the development or management of their websites, while a little under 30% depend on friends and family for assistance.

The study also asked business owners what they thought of a supplier or partner with a badly designed website – Almost 60% said it reflected badly on the company, and 47% said it made them less likely to use that company’s products or services

Most Australians are now active online, so to compete, it’s increasingly important  for Australian businesses to have a web presence too.

If you have been considering establishing a website for your business, NOW is the time to act… don’t wait until your competitors get a significant lead.  Creating your website doesn’t have to be a complicated , confusing or expensive exercise.  In a Day can guide you through the process of creating, managing and “taking control” of your own website.

For more information see our Website In a day Workshop, or Contact us for a chat.

 

 

Filed Under: Investing in Websites, Training News

SixthSense technology is here

October 19, 2012 By

Check out this amazing video about how online will be merging with reality over the coming few years.

Pranav Mistry has got to be one of the most gifted visionary and inventors in the world who stands at the forefront of futurism.

Sixth sense technology is here and pretty soon we will all have access to these mind-blowing, open source tools to blend real life with the online world.

 

 

Filed Under: Videos

Public service lay-offs increase website training needs

October 4, 2012 By

It was reported today on Startupsmart (Public service lay-offs fuel surge in franchise enquiries), that the 14000 planned retrenchments and redundancies in the Queensland public service has resulted in a significant increase in enquiry rates for people looking for franchising opportunities :

“Retrenched Queensland public servants have contributed to a renewed interest in franchising, according to Retail Food Group, which saw a 64% spike in inquiries between June and August.”

Domain and hostingWebsite Training In a Day

In a Day has also experienced an increase in people looking for opportunities to establish their own home based or online business, and have had lots of “ex public servants” wishing to learn how to create and manage a new business website on their own.

Our Website In a Day workshop is designed specifically for website beginners and guides you through the process of registering a domain, setting up hosting, creating email accounts, installing WordPress and creating and updating content (including pages, images and posts).

Filed Under: Training News, Website In-A-Day, WordPress, Workshops Tagged With: , , ,

QLD Public Service Job Cuts – NOW is the time to Re-Skill !!

September 15, 2012 By

The recent announcement of the retrenchment of 14,000 Qld public service employees will mean that 1,000’s of people are likely to be looking for new jobs over the coming months.

The 14,000 job cuts announced in the Qld State Budget is made up of 10,600 redundancies and another 3400 in axed temporary contract workers and vacant positions.

Qld Public Servants Re-training?

Queensland Premier Campbell Newman has said that employees deemed to be surplus to requirements will have a choice about whether to be redeployed to another position or to take a generous voluntary redundancy payout.

It expected that those public sector employees being made redundant will receive counseling, retraining and support in being redeployed (or finding new jobs), but many accepting redundancy packages may largely be left on their own.

Online Business Options

In a Day has Training already started to see an increase in inquiries from public sector employees looking at work options outside the government. Public servants nervous about their futures in government roles, are considering other employment opportunities.

Establishing an online or web related business is becoming an increasingly popular – either as a replacement or supplement to their traditional “job”.

Learn to Create a Website

Domain and hostingIn a Day’s Website In a Day Workshop is a great way for absolute beginners to learn quickly and efficiently how to create and manage their own website. The skills and experience gained in this one day, hands on workshop provide an excellent grounding in establishing an online business and can even provide the skills required to start developing websites for your friends and family.

Advanced Website Training

We also offer more advanced training in a variety of web and business related areas (e.g. WordPress, Marketing, Copywriting, Blogging, Graphics, Search Engine Optimisation, eCommerce, etc..) that can be customised to meet your specific needs. We can provide advanced training one on one or can develop specialist training workshops for small groups.

If you’d like to find out more about how you can re-skill and give yourself greater opportunities in establishing and running your own online business, please contact us today.

 

Filed Under: Investing in Websites, Training News, Website In-A-Day, Workshops Tagged With: , , ,

Creative Strategies for Improving Traffic to your Website

September 7, 2012 By

No matter what the primary goal of your website (selling products, promoting services, providing information, generating leads, etc..) , there is one aspect which is common to almost all websites – the need for traffic – usually the more the better.

One of the best ways to get traffic to your site is obviously via search engines, but many traditional Search Engine Optimisation “tactics” designed to improve rankings and increase traffic are no longer effective.  Changes in the way that Google and other search engines determine which sites should rank for which keywords, are changing regularly. SEO strategies such as Content Amalgamation (gathering content from other sites and combining and restructuring it for use on yours), or aggressive Link Building (generating large numbers of links from 3rd party sites) – which used to be effective – can now actually have a negative impact on your rankings.

Search Engine Algorithms are Changing

The “job” of search engines is to provide the best possible results for any given search query.  If they fail to produce useful results users will start to look elsewhere for their web searches.  Google and other search engines are getting smarter at recognising websites that use strategies to artificially raise their profile in an attempt to improve rankings and traffic, and essentially most tactics designed to “trick” the search engines into providing good rankings are ultimately doomed to fail.

How Can You Improve Rankings

So how should you go about improving the rankings and traffic for your website?  The approach I recommend is deceptively simple…. Give users something that is actually useful…. If you focus on strategies designed to help your users (rather than tricking the search engines), your rankings and traffic WILL  improve – guaranteed, and you will not suffer dramatic drops in rankings at some stage in the future when the search ranking algorithms change again.

What Do Your Users Want ?

The type of content that you provide on your site will depend on the product/service you offer and the target market you are trying to reach.  But whatever it is, it needs to be :

  • Unique – DON’T Copy and Paste content, write it yourself (or have someone write it for you).  If necessary  find some good content elsewhere and rewrite it in your own words.
  • Keyword Rich – your content MUST contain the keywords and keyword phrases you are trying to rank well for… If you don’t even mention a keyword on your site, how can you hope to be found for it in search results.
  • Useful  - there are a whole lot of things that can allow your content to be considered useful including : Informative, Entertaining,  Educational, Controversial, Funny, Shocking, Thought Provoking, Emotional, Cute, etc…

Ultimately though, the one rule to remember is if it is good for your users, it will be good for your rankings.

If you’d like to learn more about effective SEO strategies and how you can Optimise your own WordPress website… see our SEO for WordPress Workshop.

Filed Under: Investing in Websites, Training News Tagged With: ,

School Holiday Workshops – Web Development Courses for Teenagers

July 18, 2012 By

We often get asked by parents if our Website In a Day training workshop is suitable for kids.  It certainly is, and over the last year or so have we have had a number of teenagers attend our workshops – and done extremely well.

Tech-savvy teenagers have been brought up in the digital/online world.  They have little fear of technology and are full of confidence when it comes to using online tools and resources, so tend to thrive in our workshops.  They are also used to taking direction and (when motivated) can actually achieve much more than adults who are sometimes cautious or even “scared” of the technology.

We have in fact had so much interest in web training workshops for kids, that we have decided to establish some school holiday workshops designed specifically to meet the needs of teenagers.

Many of our adult students create a website for their business – obviously the average teenager does not (yet) have a business, but there are many other things they could find a website useful for :

  • A Hobby based website – news, info and resources related to a hobby or sport they are passionate about
  • A Personal Blog – their own perspective on day to day life as a teenager
  • A Portfolio Site – an online portfolio of art, fashion, writing or music
  • An Online CV – an outline of skills and experience to assist in getting a job
  • A Business website for their parents business – what better way to get the kids involved in a family business than to have them help out on the technology side (and learn some skills along the way)
  • a Start to their own online business – for the budding entrepreneur

We are in the process of developing our teen friendly workshops, and will add more information, and publish scheduled events when they are ready.  In the interim, if you are interested in having your kids learn how to create and manage websites, or have any suggestions as to what types of training might be suitable, please feel free to contact us.

Filed Under: Courses and groups, Investing in Websites, Training News, Website In-A-Day, Workshops Tagged With: , ,

Keywords Matter – a Lot !!!

June 21, 2012 By

These days, most website owners recognise that to achieve decent search engine rankings (and the important traffic they generate), unique, fresh, keyword rich content on their website is important.

You also probably understand that the content should be focused on keywords that are relevant to the products/services that you provide.  However, it can be a challenge to work out exactly  what keywords you should be targeting, and what types of content  are likely to be best for optimising your website.

You could probably rattle off a list of what you think are the important keywords for your site – but how do you know that these are the phrases that your potential customers are likely to be using on Google ?  Often, the “important” keywords that owners come up with are terms that they use in the day to day running of their business – which may be quite different to the ones used by  customers.

Keyword Research is Critical

Keyword Analysis is one of the first (and most important) activities that you should undertake when optimising your website.  Effective Keyword Research makes use a variety of tools and techniques to identify and analyse actual search volumes of keywords (for searches undertaken by real people on the internet) that are relevant to your “important” keyword phrases.

An initial goal of Keyword Research is to identify those keyword phrases related to your business  that are searched most often.  These high volume keyword phrases (which may very well include keywords that you probably hadn’t thought of) provide an excellent basis  for defining the structure of your site, and inspiration for  creating content.

Explaining “How To” undertake Keyword Research is way too big a topic to cover in this brief article,  so:

but make sure that you do something towards identifying your primary keywords today !

Filed Under: Workshops Tagged With: ,

WordPress version 3.4 Released

June 14, 2012 By

The latest  version of WordPress 3.4 (codenamed “Green” in honor of guitarist Grant Green) was released on 14th June.  This is a fairly significant release with a swag of new features and functionality as outlined below :

WordPress Theme Customisation

The biggest change in WP 3.4 for users is the theme customizer.  This new features (found in Appearence >> Themes and then clicking on the customise link) allows WP administrators to play around with various looks and settings for either the currently active theme (or a theme you are considering switching to) without publishing the changes to the live site.  The options available for this feature are theme dependent.

It’s al;so now easier to browse thorugh the themes you have installed.

WordPress Customised Headers

If you are using a theme that supports custom headers, it is now possible to select images from the WP media library to modify your header images, and it is now easy (without hacking code) to choose the height and width of your header images.

WordPressTwitter Embedding

WordPress support for twitter embeds has also been given a big boost: simply paste  a Twitter permalink on its own line in the editor and and WordPress 3.4 automatically it into a fabulous embedded Tweet.

See the Official WordPress 3.4 Release video below with a summary of the new features :

Filed Under: Training News, WordPress

In a Day Workshops coming soon to Sydney

May 6, 2012 By

We’ve been very pleased with the results our graduates have achieved in Brisbane and on the Gold Coast this last 12 months,and are now looking forward to take our fabulous hands on training workshops across Australia.  We’ve had a number of enquiries from Sydney about our hands on workshops, so in June 2012 we will commence running training courses right in the heart of Sydney.

So far we have penciled in the following hands on training workshops, which will take place at a central Sydney CBD training facility at the end of June :

  • Website / WordPress Training (Sydney) – The Website In a  Day Workshop teaches you everything you need to know about creating and managing your own simple WordPress website. We guide you through the process of registering a domain, setting up hosting and email accounts, installing WordPress and creating and updating your own pages and posts.  At the end of the day, you will walk away with a fully functional website, and will have the skills and experience yo need to manage the site on your own.
  • SEO for WordPress Training (Sydney) – Out of the box, WordPress is already pretty Search Engine Friendly, but there are plenty of things that can be done to help improve your rankings, traffic, sales and inquiries.  This SEO for WordPress In a Day workshop guides you through the process of optimising your WordPress website.  You will learn which SEO Plugins are the best to use, and how to set them up, you will also learn content creation strategies and get loads of hints and tips about improving your website rankings.
  • Web Analytics Training (Sydney) – Our Web Analytics In a Day Workshop will demystify Google Analytovs for you, by guiding you through the most important features and functions of the New Google Analytics Interface.  We will be working with your own LIVE data and you will get to review, analyse and interpret your own website usage statistics and make decisions on how you could be improving the effectiveness of your website.

To celebrate the launch of In a Day into Sydney, we are offering  special package deals if you book into two or more workshops.  Please Contact Us, or phone Rob direct on 0408 797 361 for more information.

Filed Under: Training News, Website In-A-Day, Workshops
«Older Posts