The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
Cybersecurity governance provides a strategic view of how your organization controls...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
Social engineering is the act of exploiting human weaknesses to gain access to...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Our Help Desk Services provide businesses with fast, professional IT care at an affordable...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
We are experts in supporting manufacturing companies with their cybersecurity posture and compliance needs such as CMMC so they can win DoD contracts!
You may have found that as your practice has grown, IT maintenance, security, and repair...
A better approach to IT support for law firms is known as Managed IT Services...
Cloud computing is transforming the way organization buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human..
The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
Cybersecurity governance provides a strategic view of how your organization controls...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
Social engineering is the act of exploiting human weaknesses to gain access to...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Our Help Desk Services provide businesses with fast, professional IT care at an affordable...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
We are experts in supporting manufacturing companies with their cybersecurity posture and compliance needs such as CMMC so they can win DoD contracts!
You may have found that as your practice has grown, IT maintenance, security, and repair...
A better approach to IT support for law firms is known as Managed IT Services...
Cloud computing is transforming the way organization buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human..
First, let me say I am no WordPress expert. I can set it up and make my way around it to do the things I want to do, like this blog and my other blog playingwithpython.com. Being a network/systems guy, I’m always worried about security. With WordPress there are a few concerns I had that are nicely addressed by a couple plugins that I think everyone should have.
1. Many sites are used to spread malware without even knowing it. To protect against this, you can use WordPress File Monitor Plus. This plugin scans your site for changed files and alerts you when something has been altered. You can then clear the alert if it is OK, or take action to correct your site. Another plugin Wordfence keeps a copy of every WordPress version and every theme on their servers, and they scan your installation comparing it against their database to see if any files have been changed or tampered with. If you alter a file, you can tell it to ignore that change until it changes again. They also scan for many of the known malware.
2. Unlimited login attempts. By default, WordPress allows unlimited login attempts, so anyone can sit there and pluck away trying to get into your site. Hopefully, you have a strong password, but if you have multiple users, do you know for sure everyone does? Also, if there are no limits on logins, it might not matter how good your password is if a hacker has unlimited attempts to figure it out. To address this, you can load the plugin Limit Login Attempts or Wordfence. Both have settings where you can specify how many bad attempts are made before an account is locked. Both have minor differences in the options, but both are much better than allowing someone to keep trying to get into your site.
3. Lastly, it’s probably worth changing the default wp-admin login page. This may not seem like a big issue, but it’s just another layer to avoid someone possibly login into your site. I found a few pages showing how to do this by editing .htaccess, wp-config.php, etc, but that seems like a bit much for something that should be fairly simple, not to mention I couldn’t get it to work (wawawawa). Instead I opted for the plugin, Stealth Login Page. This plugin lets you mask your wp-admin login page. You specify a url to redirect users who attempt to access http://yoursite/wp-admin. For instance, you can redirect them back to your main page. After that, you specify a question and an answer. This will make up the url you will use to actually get to the login page. For example, if your question is “whoami” and the answer is “nobody”, you’re login page would be http://yoursite/wp-login.php?whoami=nobody.
As you can see these are just a few low hanging fruits in the security picture, but I think they’d help secure your site fairly well. Wordfence does a lot more than what is mentioned here, including scanning your site for various vulnerabilities. By using number 2 and 3 together, you not only force someone to guess your password, but they’d also have to guess your question and answer.
If you have any other solutions or WordPress security concerns, I’d be interested in hearing them in the comments.
Learn how SMEs can harness AI's power through leadership commitment, initial tool adoption, ethical…
Explore how educational institutions can effectively use the FCC's $200 million K-12 Cybersecurity Pilot…
Explore why CISOs' investments in security tools aren't translating to better breach detection. Learn…
The Certified Information Systems Security Professional is an information security certification with extremely high standards. Less than 132,000 people worldwide had this certification at the end of 2018.
It has also been formally approved by the DOD and is globally recognized in the field of IT security.
It covers the following topics:
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
This a system engineer certification and tests the user’s knowledge on the following topics:
Windows
SQL Server
Exchange Server
SharePoint
System Center (SCCM)
Lync
The A+ Certification demonstrates that the computer technician has the skill set needed to customize, install, maintain, and operate PCs.
In addition to these certifications, Right Hand also has strategic partnerships with some of the biggest names in the industry like Microsoft, Dell, Citrix, and Fortinet.
What could be more assuring than having these industry giants on your side?
As the name suggests, this certification is for Network Engineers. Everything from the installation and maintenance to troubleshooting of networks including the understanding of all related technologies is a part of the course.
This certification shows that the technician who has passed the Microsoft exam is capable of managing, migrating, deploying, planning, and assessing the technology, security, and compliance needs associated with Microsoft Office 365.
The CompTIA Security Plus SY0-501 course provides certifications in the following topics:
Threats
Vulnerabilities
Attacks
System Security
Network Infrastructure
Access Control
Cryptography
Risk Management
Organizational Security