Podcast Episode 6: The Brandy Lawson Interview, The News and Facebook Rants

This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy Lawson, a digital agency entrepreneur in Phoenix, Arizona. Brandy is passionate about helping coaches, speakers, and authors who are making an impact on the world. I had a wonderful conversation with Brandy at WordCamp Phoenix that I think you’ll really enjoy.

Here are approximate timestamps in case you want to jump around:
0:37 – The pipdig story followup
8:30 – Jetpack plugin suggestions
14:00 – Mika Epstein blog post
17:30 – Grammarly privacy concerns
27:05 – Healthcare malware
34:00 – Marcus Hutchins update
36:05 – Facebook privacy concerns
54:55 – The Brandy Lawson interview

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast.

This week in the news we cover:

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, and Brandy Lawson as @thefieryfx . Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 6: The Brandy Lawson Interview, The News and Facebook Rants appeared first on Wordfence.

Read More

Podcast Episode 6: The Brandy Lawson Interview, The News and Facebook Rants

This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy Lawson, a digital agency entrepreneur in Phoenix, Arizona. Brandy is passionate about helping coaches, speakers, and authors who are making an impact on the world. I had a wonderful conversation with Brandy at WordCamp Phoenix that I think you’ll really enjoy.

Here are approximate timestamps in case you want to jump around:
0:37 – The pipdig story followup
8:30 – Jetpack plugin suggestions
14:00 – Mika Epstein blog post
17:30 – Grammarly privacy concerns
27:05 – Healthcare malware
34:00 – Marcus Hutchins update
36:05 – Facebook privacy concerns
54:55 – The Brandy Lawson interview

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast.

This week in the news we cover:

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, and Brandy Lawson as @thefieryfx . Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 6: The Brandy Lawson Interview, The News and Facebook Rants appeared first on Wordfence.

Read More

Podcast Episode 5: The Raquel Landefeld Interview & The Pipdig Story

This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community organizer for WordPress, co-founder of agency Mode Effect and a well known and loved personality in the WordPress community. Raquel and I chat about her adventures as a mom in tech, Gutenberg, her approach to networking, what it is like being a WordCamp Phoenix organizer and what she is up to for the rest of this year.

This episode is a bit long, so here are approximate segment timestamps in case you want to jump around:
0:44 – Pipdig Scandal
50:11 – News starts
50:20 – The Florida Man Challenge opsec fail
53:52 – Jetpack suggestion in plugin search
58:08 – Longtime online writer loses funding sources (VioletBlue)
1:05:34 – The EU and article 13
1:10:30 – Interview with Raquel Landefeld

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast.

This week in the news we cover:

  • The Florida Man Challenge asks you to find your Florida Man story by searching for your birthdate along with the phrase “Florida Man” and posting the results on social media. This “opsec fail” entices people to expose their own personally identifiable information which could be used by malicious actors.
  • WordPress developer Mehul Gohil found a suggestion in the plugin dashboard for Jetpack’s CDN, which sparked some discussion on Twitter.
  • Longtime content creator VioletBlue lost her Amazon Associates account, which has been active since 2002 because of the nature of the content she writes.
  • European Parliament recently passed Article 13, thus placing responsibility for copyright enforcement onto online platforms instead of copyright holders.

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, Mikey as @heyitsmikeyv Raquel Landefeld as @raquelandefeld and Jem Turner as @jemjabella. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 5: The Raquel Landefeld Interview & The Pipdig Story appeared first on Wordfence.

Read More

Podcast Episode 4: The Aaron Campbell Interview and the Social Warfare Saga

This week we have an update on the Social Warfare plugin vulnerability, how it was more serious than originally thought, and a feud that has broken out between a security researcher and forum moderators. We also have some interesting data on how WordPress will become more secure soon with code signing. And along with several other news items, we have a spectacular interview with Aaron Campbell, the former head of WordPress security. Enjoy!!

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast.

This week in the news we cover:

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, and Mikey as @heyitsmikeyv. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 4: The Aaron Campbell Interview and the Social Warfare Saga appeared first on Wordfence.

Read More

Podcast Episode 4: The Aaron Campbell Interview and the Social Warfare Saga

This week we have an update on the Social Warfare plugin vulnerability, how it was more serious than originally thought, and a feud that has broken out between a security researcher and forum moderators. We also have some interesting data on how WordPress will become more secure soon with code signing. And along with several other news items, we have a spectacular interview with Aaron Campbell, the former head of WordPress security. Enjoy!!

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast.

This week in the news we cover:

You can find me on Twitter as @mmaunder, Kathy as @kathyzant, and Mikey as @heyitsmikeyv. Please don’t hesitate to post your feedback in the comments below.

The post Podcast Episode 4: The Aaron Campbell Interview and the Social Warfare Saga appeared first on Wordfence.

Read More

WordCamp Phoenix Recap

The first WordCamp for 2019 took place this past weekend in Phoenix, Arizona with nearly 700 attendees, and we were delighted to be involved. In addition to our gold-level sponsorship, Wordfence Threat Analyst Mikey Veenstra spoke on Friday, and our Client Partner Kathy Zant worked for months on the organizing committee to bring this highly successful camp together.

The WordCamp theme was the 10-year reunion, complete with Prom, Homecoming, and Sadie Hawkins level sponsorships, letterman jackets for the speakers, and some gorgeous PE-class t-shirts for attendees.

WordCamp Phoenix and our own Kathy Zant

The educational theme was a perfect parallel to the deep learning taking place in many of the sessions. With so many hosting, agency, and media companies based here, and a vibrant WordPress community over 2,500 members strong, the Phoenix WordCamp committee ensured that the program was on the cutting edge of WordPress development. Even with the deeply technical development track, a robust eCommerce track and a beginner’s workshop meant that there were sessions for everyone, no matter their skill level.

Going Deep with the Hacker Mindset

As with previous WordCamps, we brought hacker culture to the event to help WordPress users “think like a hacker” so they can better defend themselves from the relentless attacks from malicious actors. With lock picking, our team taught hundreds of people how to get into the mental zone for getting beyond security. Hackers are relentless in looking for vulnerabilities in WordPress sites. Site owners have to be relentless in their defensive posture in order to defend themselves.

2019 Wordfence lockpick set

For 2019, we rolled out a brand new “think like a hacker” lock pick set for anyone who could get into one of our basic training locks. We love the look in a beginner’s eyes when they pop a lock for the first time. For those who have never picked a lock or exploited a vulnerability in a website, our default belief system is that everything is secure. We see a padlock on a gym locker, and we think of it as secure. Once someone has seen how security works, they are more adept with securing their own assets. And when we can think like a hacker, we can choose the right tools to secure your online assets including your WordPress site.

On day two, we brought out the strongest locks. We had some contests to see who could get beyond the defenses of some of the strongest locks available. We had quite a few attendees do quite well, including one beginning lock picker that got into our strongest lock.

the monster lock

We have a number of team members who live in the Phoenix area, so we had a a full team at the table. In addition, our Senior Operations Engineer Scott Bisker joined us from the snowy east coast for some fun in the desert.

The WCPHX Wordfence Team

Scott Bisker, Mikey Veenstra, Ram Gall, Nathan Smith

In the video below, Scott skillfully teaches a WordCamp attendee how to pick a lock. Watch and see how fast she gets the lock open.

As with all of the WordCamps we attend and sponsor, we made new friends, learned about their security concerns and gave advice on thwarting increasingly sophisticated attacks. We also shared new tools like Wordfence Central that can help site owners more quickly manage security alerts.

Building Friendships

Because so many Wordfence employees are based in the Phoenix area, along with world-class agencies, hosting providers, and security professionals, we had a little social reception the week immediately following WordCamp Phoenix at the Hotel Valley Ho in Scottsdale. Many of our new friends around the valley joined us for an excellent event.

We had hoped to have it on the Hotel Valley Ho rooftop, but apparently, when we plan a social event at the start of peak tourism season in Phoenix, we summon unprecedented winter storms from mother nature. The superstition mountains were snowcapped, a sight rarely seen in Phoenix.

While it was cold outside, inside we had great conversations, some amazing food including a make your own slider station, and we closed down the hotel bar afterward.

Mark Rudder, Kathy Zant, Mark Maunder, and Mikey Veenstra

Wordfence is uniquely situated as a premier leader of WordPress security with no allegiance to a large corporate entity. This independence gives us something not many other companies have, in that we have friends at many hosting providers, many security providers, and many WordPress agencies and users. We’re here to serve the interests of the greater community as a whole, and our independence allows us to do that.

It allows us to see an opportunity in the security space and bring that to WordPress. It allows us to see connections in the hosting space, and help end users make decisions in hosting that best serve each of their individual needs. It allows us to agnostically see where one WordPress user can benefit from an opportunity and help them make that connection.

Wordfence Social

Phoenix is an amazing city, and we’ll definitely be back to visit and be of service in making those connections again.

Where will we see you next?

We’re planning visits to a select number of WordCamps this year. Keep up with our travels on our new events page.

The post WordCamp Phoenix Recap appeared first on Wordfence.

Read More

WordCamp Phoenix Recap

The first WordCamp for 2019 took place this past weekend in Phoenix, Arizona with nearly 700 attendees, and we were delighted to be involved. In addition to our gold-level sponsorship, Wordfence Threat Analyst Mikey Veenstra spoke on Friday, and our Client Partner Kathy Zant worked for months on the organizing committee to bring this highly successful camp together.

The WordCamp theme was the 10-year reunion, complete with Prom, Homecoming, and Sadie Hawkins level sponsorships, letterman jackets for the speakers, and some gorgeous PE-class t-shirts for attendees.

WordCamp Phoenix and our own Kathy Zant

The educational theme was a perfect parallel to the deep learning taking place in many of the sessions. With so many hosting, agency, and media companies based here, and a vibrant WordPress community over 2,500 members strong, the Phoenix WordCamp committee ensured that the program was on the cutting edge of WordPress development. Even with the deeply technical development track, a robust eCommerce track and a beginner’s workshop meant that there were sessions for everyone, no matter their skill level.

Going Deep with the Hacker Mindset

As with previous WordCamps, we brought hacker culture to the event to help WordPress users “think like a hacker” so they can better defend themselves from the relentless attacks from malicious actors. With lock picking, our team taught hundreds of people how to get into the mental zone for getting beyond security. Hackers are relentless in looking for vulnerabilities in WordPress sites. Site owners have to be relentless in their defensive posture in order to defend themselves.

2019 Wordfence lockpick set

For 2019, we rolled out a brand new “think like a hacker” lock pick set for anyone who could get into one of our basic training locks. We love the look in a beginner’s eyes when they pop a lock for the first time. For those who have never picked a lock or exploited a vulnerability in a website, our default belief system is that everything is secure. We see a padlock on a gym locker, and we think of it as secure. Once someone has seen how security works, they are more adept with securing their own assets. And when we can think like a hacker, we can choose the right tools to secure your online assets including your WordPress site.

On day two, we brought out the strongest locks. We had some contests to see who could get beyond the defenses of some of the strongest locks available. We had quite a few attendees do quite well, including one beginning lock picker that got into our strongest lock.

the monster lock

We have a number of team members who live in the Phoenix area, so we had a a full team at the table. In addition, our Senior Operations Engineer Scott Bisker joined us from the snowy east coast for some fun in the desert.

The WCPHX Wordfence Team

Scott Bisker, Mikey Veenstra, Ram Gall, Nathan Smith

In the video below, Scott skillfully teaches a WordCamp attendee how to pick a lock. Watch and see how fast she gets the lock open.

As with all of the WordCamps we attend and sponsor, we made new friends, learned about their security concerns and gave advice on thwarting increasingly sophisticated attacks. We also shared new tools like Wordfence Central that can help site owners more quickly manage security alerts.

Building Friendships

Because so many Wordfence employees are based in the Phoenix area, along with world-class agencies, hosting providers, and security professionals, we had a little social reception the week immediately following WordCamp Phoenix at the Hotel Valley Ho in Scottsdale. Many of our new friends around the valley joined us for an excellent event.

We had hoped to have it on the Hotel Valley Ho rooftop, but apparently, when we plan a social event at the start of peak tourism season in Phoenix, we summon unprecedented winter storms from mother nature. The superstition mountains were snowcapped, a sight rarely seen in Phoenix.

While it was cold outside, inside we had great conversations, some amazing food including a make your own slider station, and we closed down the hotel bar afterward.

Mark Rudder, Kathy Zant, Mark Maunder, and Mikey Veenstra

Wordfence is uniquely situated as a premier leader of WordPress security with no allegiance to a large corporate entity. This independence gives us something not many other companies have, in that we have friends at many hosting providers, many security providers, and many WordPress agencies and users. We’re here to serve the interests of the greater community as a whole, and our independence allows us to do that.

It allows us to see an opportunity in the security space and bring that to WordPress. It allows us to see connections in the hosting space, and help end users make decisions in hosting that best serve each of their individual needs. It allows us to agnostically see where one WordPress user can benefit from an opportunity and help them make that connection.

Wordfence Social

Phoenix is an amazing city, and we’ll definitely be back to visit and be of service in making those connections again.

Where will we see you next?

We’re planning visits to a select number of WordCamps this year. Keep up with our travels on our new events page.

The post WordCamp Phoenix Recap appeared first on Wordfence.

Read More

WordCamp Phoenix Recap

The first WordCamp for 2019 took place this past weekend in Phoenix, Arizona with nearly 700 attendees, and we were delighted to be involved. In addition to our gold-level sponsorship, Wordfence Threat Analyst Mikey Veenstra spoke on Friday, and our Client Partner Kathy Zant worked for months on the organizing committee to bring this highly successful camp together.

The WordCamp theme was the 10-year reunion, complete with Prom, Homecoming, and Sadie Hawkins level sponsorships, letterman jackets for the speakers, and some gorgeous PE-class t-shirts for attendees.

WordCamp Phoenix and our own Kathy Zant

The educational theme was a perfect parallel to the deep learning taking place in many of the sessions. With so many hosting, agency, and media companies based here, and a vibrant WordPress community over 2,500 members strong, the Phoenix WordCamp committee ensured that the program was on the cutting edge of WordPress development. Even with the deeply technical development track, a robust eCommerce track and a beginner’s workshop meant that there were sessions for everyone, no matter their skill level.

Going Deep with the Hacker Mindset

As with previous WordCamps, we brought hacker culture to the event to help WordPress users “think like a hacker” so they can better defend themselves from the relentless attacks from malicious actors. With lock picking, our team taught hundreds of people how to get into the mental zone for getting beyond security. Hackers are relentless in looking for vulnerabilities in WordPress sites. Site owners have to be relentless in their defensive posture in order to defend themselves.

2019 Wordfence lockpick set

For 2019, we rolled out a brand new “think like a hacker” lock pick set for anyone who could get into one of our basic training locks. We love the look in a beginner’s eyes when they pop a lock for the first time. For those who have never picked a lock or exploited a vulnerability in a website, our default belief system is that everything is secure. We see a padlock on a gym locker, and we think of it as secure. Once someone has seen how security works, they are more adept with securing their own assets. And when we can think like a hacker, we can choose the right tools to secure your online assets including your WordPress site.

On day two, we brought out the strongest locks. We had some contests to see who could get beyond the defenses of some of the strongest locks available. We had quite a few attendees do quite well, including one beginning lock picker that got into our strongest lock.

the monster lock

We have a number of team members who live in the Phoenix area, so we had a a full team at the table. In addition, our Senior Operations Engineer Scott Bisker joined us from the snowy east coast for some fun in the desert.

The WCPHX Wordfence Team

Scott Bisker, Mikey Veenstra, Ram Gall, Nathan Smith

In the video below, Scott skillfully teaches a WordCamp attendee how to pick a lock. Watch and see how fast she gets the lock open.

As with all of the WordCamps we attend and sponsor, we made new friends, learned about their security concerns and gave advice on thwarting increasingly sophisticated attacks. We also shared new tools like Wordfence Central that can help site owners more quickly manage security alerts.

Building Friendships

Because so many Wordfence employees are based in the Phoenix area, along with world-class agencies, hosting providers, and security professionals, we had a little social reception the week immediately following WordCamp Phoenix at the Hotel Valley Ho in Scottsdale. Many of our new friends around the valley joined us for an excellent event.

We had hoped to have it on the Hotel Valley Ho rooftop, but apparently, when we plan a social event at the start of peak tourism season in Phoenix, we summon unprecedented winter storms from mother nature. The superstition mountains were snowcapped, a sight rarely seen in Phoenix.

While it was cold outside, inside we had great conversations, some amazing food including a make your own slider station, and we closed down the hotel bar afterward.

Mark Rudder, Kathy Zant, Mark Maunder, and Mikey Veenstra

Wordfence is uniquely situated as a premier leader of WordPress security with no allegiance to a large corporate entity. This independence gives us something not many other companies have, in that we have friends at many hosting providers, many security providers, and many WordPress agencies and users. We’re here to serve the interests of the greater community as a whole, and our independence allows us to do that.

It allows us to see an opportunity in the security space and bring that to WordPress. It allows us to see connections in the hosting space, and help end users make decisions in hosting that best serve each of their individual needs. It allows us to agnostically see where one WordPress user can benefit from an opportunity and help them make that connection.

Wordfence Social

Phoenix is an amazing city, and we’ll definitely be back to visit and be of service in making those connections again.

Where will we see you next?

We’re planning visits to a select number of WordCamps this year. Keep up with our travels on our new events page.

The post WordCamp Phoenix Recap appeared first on Wordfence.

Read More

Introducing Wordfence Agency Solutions

Throughout 2018, we have had many conversations with agencies and other organizations protecting a large number of WordPress sites with Wordfence. You’ve told us what you need to be more successful, and we’ve responded with many changes to both our licensing and our capabilities.

This post is Copyright 2018 Defiant, Inc. and was published on the wordfence.com official blog. Republication of this post without permission is prohibited. You can find this post at: https://www.wordfence.com/blog/2018/10/introducing-wordfence-agency-solutions/

To start, we added the ability to secure your staging and development environments with a single Wordfence premium license, something you should take advantage of if you have not done so already.

Introducing Wordfence Agency Solutions

Then we changed the way we handle volume discounts to make managing a large number of sites easier. We have a few additional changes coming, one of which we’re happy to announce today: Wordfence Agency Solutions.

With the new Wordfence Agency Solutions program, our client partners are empowered to create custom solutions to meet your specific needs. Our goal is to provide you with what you need to keep your clients safe and grow your business. Some of the services they might offer in your custom security solution include:

  • Auditing WordPress site security to identify and mitigate risk factors on sites.
  • Optimizing Firewall and Malware Scanner attuned to the needs of your sites.
  • Onboarding and Training to help your agency make optimal use of Wordfence.
  • Proactively Mitigating emergent security threats to keep sites safe.
  • Incident Response and Forensic Investigation in the event of an attack to minimize downtime and prevent recurrence.
  • Premium Support from our team of experts.
  • and a Dedicated Agency Partner who understands the particulars of your business needs.

Depending on your situation, you may also qualify for additional discounts.

The initial agencies who have enrolled in Wordfence Agency Solutions each faced unique challenges, and together we identified and implemented a resolution for each case. For example, we started one customer’s engagement with a thorough security audit for 50 of his customer’s sites. In addition to a number of smaller issues we learned that his hosting environment was in need of security improvements.

Our security analysts worked with him as he implemented their recommendations, including changes to his hosting configuration and an optimized implementation of Wordfence Premium. His customers’ sites are now much more secure, and he has the Wordfence security team available to help with any future security incidents.

Partner with Your Security Team

Because no other agency is just like yours, you need a solution reflecting your unique needs. No matter your size, capabilities and requirements, you’ll get to work with a dedicated Client Partner to determine your perfect solution. Our Client Partners are technically adept, have worked in agency roles managing large numbers of sites, and they live up to their title as a Client Partner. Whether you’re facing immediate security challenges or just looking for a streamlined way to offer excellent security to your clients, we’re here to help.

Working together with Wordfence Agency Solutions will help you leverage all that Wordfence has to offer, allowing you to focus on growing your business with the knowledge that your clients’ security is in good hands. This means fewer headaches for you, while giving your current and future clients the assurance that the security of their sites is a priority for your agency.

Qualifying is easy: you just need 20 or more sites in your care.

Learn more about Wordfence Agency Solutions! A client partner is ready discuss your goals.

The post Introducing Wordfence Agency Solutions appeared first on Wordfence.

Read More

Optimizing Wordfence Security Settings: Brute Force Protection

As a part of the Wordfence Client Partner initiative, we’ve recently had some in depth conversations with organizations using Wordfence at scale. These conversations have been enlightening, and we wanted to share some of the stories we’ve heard about how different organizations use Wordfence.

This post is Copyright 2018 Defiant, Inc. and was published on the wordfence.com official blog. Republication of this post without permission is prohibited. You can find this post at: https://www.wordfence.com/blog/2018/07/optimizing-wordfence-security-settings-brute-force-protection/

Wordfence is the most robust security solution available for WordPress site owners, and the number of security features available is unparalleled. This ensures that Wordfence can be customized to be an optimal security solution for your specific environment and security needs.

Wordfence Brute Force Protection

Getting Started with Wordfence

When you install Wordfence for the first time, the plugin defaults to recommended settings that are a perfect starting place for customization. You won’t need to do much else. However, Wordfence is highly configurable, allowing you to tailor how it works to meet your needs.

How our Customers Use Brute Force Protection:

Wordfence includes a number of powerful brute force protection features that can be used to prevent malicious bots from gaining access to your site, including the integration with Troy Hunt’s version 2 of the Pwned Passwords API that prevents access using passwords previously seen in a breach. In this post we will focus on Brute Force Protection and how our customers can customize this feature, based on their security needs.

Factors to consider when modifying your site’s Brute Force Protection settings include:

  1. How adept are your users? Do you have users that forget their passwords often? Are they logging in sporadically and have a high probability of losing their passwords? You’ll want to take them into consideration and allow room for user error.
  2. Is this a high traffic, high profile site that often experiences hacking attempts?
  3. Is your site under repeated attack from brute force attempts?

The following customer scenarios serve as great real-world examples of how Wordfence can be customized to meet specific needs.

Kyle’s Agency Customer Site

One of our agency partners, Kyle, manages a number of WordPress installations for his customers. His customers rarely perform any administrative tasks, but they have editor access in order to add and modify new content. The agency has administrator access, and they have set up Wordfence Premium to protect the site. In addition to the premium features of country blocking and two-factor authentication for administrators only, he has tightened Brute Force Protection. Some of his customers often forget their passwords, and he wants to ensure they can still access the site to post content without causing too much administrative work for his team.

Kyle sets up his sites so that failed logins lockout after 5 attempts, forgot password attempts are set to 10 and a user is locked out for 24 hours. He does not set the site to immediately lock out invalid usernames, but he immediately blocks anyone who uses ‘admin’, ‘administrator’, or any other failed logins he sees. He routinely audits his site’s failed logins and adjusts this setting accordingly.

brute force protection

Maria’s Membership Site

Maria uses Wordfence on a WordPress membership site. She has a team of publishers and administrators and a large number of members who need to login in order to access content. Some of them use good password hygiene, but others do not. Maria’s site is also protected by Wordfence Premium, and she has made some adjustments to her brute force protection settings.

Maria has set her failed logins lockout to 5 attempts, forgot password attempts are set to 10, and a user is locked out for 24 hours. She does not set the site to immediately lock out invalid usernames because she has a large user base. She immediately blocks anyone who uses ‘admin’ or ‘administrator’, but does not go further than that. She uses Wordfence Premium’s two-factor authentication and some minor country blocking to augment her site’s security.

brute force protection

Dave’s Personal Site

Dave has a personal blog. He has one login for himself and no other users. He knows his password, and also has access to FTP in order to easily deactivate Wordfence if he ever locks himself out. He has tightened his Brute Force Protection settings because he’s quite confident in his ability to store his password safely.

Dave sets up his sites so that failed logins lockout after 2 attempts, forgot password attempts are set to 3, and IP addresses that reach these limits are locked out for one month. He immediately locks out any invalid users and also immediately blocks anyone who uses ‘admin’, ‘administrator’, or any other failed logins he sees.

He also uses two-factor authentication to ensure that logging in is difficult for anyone other than himself should his credentials ever be discovered.

brute force protection

Sam’s Small e-commerce Site

Sam has a small e-commerce site that is growing rapidly. He has a number of contractors on the site updating product information. He has users that need to login for various business functions and needs to ensure that everyone can log in, but doesn’t want to risk his site’s security given how sensitive e-commerce data is. He’s invested in Wordfence Premium and requires his administrators to use two-factor authentication for logging in.

Sam sets up his sites so that failed logins lockout after 5 attempts, forgotten password attempts are set to 5, and a user is locked out for 4 hours. He does not set the site to immediately lock out invalid usernames. He has set his Wordfence installation to block any passwords from data breaches to anyone who can publish as well as administrators because of the turnover in the contractors he is using to update product information.

brute force protection

How are you using Brute Force Protection?

We hope this deeper look at our Brute Force Protection settings has been helpful. If you’ve been using Wordfence for a while, how are you using Brute Force Protection? Are there rules you’ve set that work well for your unique site requirements?

Are you seeing any new brute force attack patterns that concern you? Let us know in the comments.

We’ll be covering more ways that our customers use Wordfence in upcoming posts.

The post Optimizing Wordfence Security Settings: Brute Force Protection appeared first on Wordfence.

Read More
Page 1 of 212»