Who in their right mind uses 3 letters for a password? BOB. LOL!. I've got a password breaker and it takes over 24 hours to scan properly, and it still couldn't get my password.

@jamiewp

Ай бұрын

😬 You'd be amazed - i chatted to Ryan for over an hour and some of the stories 🙃

@naho534

Ай бұрын

can you pass me your password cracker?

@1GiPhoner

7 күн бұрын

His method is not using a password breaker. Its cross checking with a list of other know weak passwords. Totally different concepts.

There are various steps that can be taken with .htaccess as well. You can even protect the .htaccess file itself.

@jamiewp

Ай бұрын

Great points 👍

@murasakistudio

Ай бұрын

@@jamiewp There is a WP expert I know from Belgium called Brecht Ryckaert. He works with one of the big web hosting providers in a senior role and has written a lot about WP security. He even runs a website that helps to recover hacked WP sites I believe. He wrote an eBook for Blocs on .htaccess, which I purchased and picked up some good tips from him regarding website security. There is a section in the book dedicated to WP and he wrote another book focussed entirely on WP security. It's an important topic and a few small steps can sometimes save a lot of stress.

@ShellCode-oo2cu

Ай бұрын

The .htaccess file is protected by the web server by default. The default configuration of the Apache web server is Require all denied This protects access to all files with a dot (hide) in front from external access.

This is a well put together and informative video. Thank you. I'm glad you popped up in my suggestions. I have liked and subscribed.

@jamiewp

Ай бұрын

Thanks Jaden - good to have you onboard :)

Great video. But from what I hear from other WP security experts: there is more to securing a website that just using a security plugin. In short, they suggest security should be done in layers starting from the server layer down to the application layer. But yea, I get it. For beginners using a strong password and a security plugin should work 90% of the time.

@jamiewp

10 күн бұрын

Great points

Great content, Jamie. You are always bringing your A-game.

@jamiewp

Ай бұрын

Thanks Adam 🙏

Amazing video 🙌 congrats!

@jamiewp

Ай бұрын

thanks, this one was lots of fun to make and it was really great to meet Ryan :)

The WordPress automatic updates of plugins and themes are surprisingly robust. I highly recommend it. But you have to enable it. And yes, in some rare situations, an automated update might break functionality until a fix is released. But it's much easier to clean up after a broken update, than a successful hack.

@jamiewp

Ай бұрын

That's a great point 👍 Also tools like the new WordPress.com update scheduler will help wordpress.com/blog/2024/05/20/scheduled-plugin-updates/

Another great video.

@jamiewp

Ай бұрын

Cheers Stu

Welp...a little nerve wracking, but very informative, good to know info. TY, Jamie and Ryan.

@jamiewp

23 күн бұрын

Thank you 🙏

Yikes - great video and public service announcement!

@jamiewp

Ай бұрын

Yikes indeed!

I might of missed it, but might be a good video follow up about how to use that wpscan CLI to test your own or client site setups

@jamiewp

Ай бұрын

Great idea 👍

From many videos I've watched, hardening the server is the first thing one must do. Then add necessary security on WordPress.

@ManosXCount

Ай бұрын

If your Administration Password remains admin / bob -- Hardening Server will not do anything

It would be great if you could make a video on how to protect wordpress with .htaaces without plugin, with all the necessary codes. There is also code for the wp.config file. In addition, you can create a mu plugin or a custom plugin with codes such as smtp, google analytics, CPT and the like, in short, to reduce everything to code and have everything in one place without additional plugins. I would be happy to watch that video. Thank you.

@jamiewp

Ай бұрын

Interesting idea - thank you 🙏

Thanks Jamie. Just a few remarks: I gonna watch the clip again. From what I've seen the strategy is to find a password. There other methods as well, such as : (1) installing the hacker's own file for index.php/index.html in one of the landing directories. That could be countered by installing a dummy index.php and index.html in each directory (dummies wherever the files are NOT IN USE) and then making all of these files (including the functioning files) write-protected (read-only). (2) The site owner should change the username with admin rights to another name, to make it more difficult for the hacker to log in. I had been thinking about using a child theme with a name not obvious related to the parent theme. Would that be sufficient to hide the parent theme name, from hackers? Security is important for e-commerce websites or any website that displays payment information. I see people use QR-codes with payment information and that makes me think, how possible is it for the hacker to overwrite that with his own information? To check a QR-code takes quite some effort since you cannot just eye-ball them?

@ShellCode-oo2cu

Ай бұрын

If a hacker has managed to place an index.html or index.php on the web server, what should prevent him from naming the file phpshell.php? You cannot make the remaining files for Wordpress read-only, otherwise no update would work, whereby the files must be overwritten. Renaming the admin name is of no use, the user ID remains the same, it would make more sense to create a new admin account with which nothing is posted and to delete the old one, in addition you can assign a high user ID to the new admin user in the database.

He uses last pass?!

@MbonisiM

15 күн бұрын

Last pass back then was a bit vul.... I don't know.now

Hi Jamie. I'm concerned about your nice kitty getting too fat. Should I avoid liking? :)

@jamiewp

Ай бұрын

Nope, they are a bit skinny atm 😬 Please like

Nice try 'guessing' the user to hack

@jamiewp

10 күн бұрын

👍