Securing our websites
- Thread starter Rigo
- Start date
PCskies
Member
- Reaction score
- 9
- Location
- Florida, USA
I would recommend using a CDN like Cloudflare. They have a free account and is easy to setup. Also, for example if your site uses Wordpress, make sure to keep all plugins and theme updated. Only use plugins that are updated on a regular basis by their author.
tf76
Active Member
- Reaction score
- 130
- Location
- South Australia
Use a custom login page as well, if you are using WordPress.
I use https://en-au.wordpress.org/plugins/wps-hide-login/
Regards,
I use https://en-au.wordpress.org/plugins/wps-hide-login/
Regards,
E Bell
Active Member
- Reaction score
- 88
- Location
- Houston, TX
Make sure you are testing your sites with a vulnerability scanner - https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools
Cloudflare is not a hosting company, it’s a Content Delivery Network. It caches your site in case your actual server goes down and has DDOS protection along with other security features.Great tips folks,
Will do.
About the Cloudflare option, I would prefer to keep my current hosting arrangement but harden up my security options.
Sky-Knight
Well-Known Member
- Reaction score
- 5,164
- Location
- Arizona
My site is crap... largely because I'm terrible at web stuff and I refuse to work with web people that don't have their brains screwed in.
But I've been working on a new site, based on Hugo. I've found it harder two work with than Wordpress, but the site when published is all static HTML content. Which can be stuffed into a CDN for pennies, and has next to no defacement potential.
If you want to protect your site, stop using database driven CMSs to develop it. There are simply better things out there now.
But I've been working on a new site, based on Hugo. I've found it harder two work with than Wordpress, but the site when published is all static HTML content. Which can be stuffed into a CDN for pennies, and has next to no defacement potential.
If you want to protect your site, stop using database driven CMSs to develop it. There are simply better things out there now.
Thanks mate,
When I went to install the plugin you suggested, I checked another one that seemed to include its features + some and ended up installing the alternative - All In One WP Security.
I haven't activated all its features yet. One of them - locking up login on failed attempts - has given some results I'm now trying to make sense ~ someone here hopefully would have a better clue than a newbie like me.
A sample summary of the results is in the attached file ~ what are these organisations trying to log into my backend for?
Or are there crooks using them as a channel to do no goods?
glennd
Well-Known Member
- Reaction score
- 2,526
- Location
- South West Victoria Australia
You're very popular!Thanks mate,
When I went to install the plugin you suggested, I checked another one that seemed to include its features + some and ended up installing the alternative - All In One WP Security.
I haven't activated all its features yet. One of them - locking up login on failed attempts - has given some results I'm now trying to make sense ~ someone here hopefully would have a better clue than a newbie like me.
A sample summary of the results is in the attached file ~ what are these organisations trying to log into my backend for?
Or are there crooks using them as a channel to do no goods?
I've been using WP Cerber Security and I'm very happy with it. It has the option to block access to wp-login.php and/or a custom login page that was mentioned as well as a bunch of other good security tools.
Don't like being popular, prefer being safe and making moneyYou're very popular!
.Thanks mate, WP Cerber Security definitely has more hardening features!
Will definitely set it up.
Thanks again for the tip.
Mick
Well-Known Member
- Reaction score
- 790
- Location
- Cambridge, UK
Similar threads
