Ever wonder what it’s like being the Director of Innovation at one of the world’s most visionary companies? Wonder no more. We sat down with Jesse Friedman, Director of Innovation for Jetpack at Automattic. We picked his brain on all things Jetpack, WordPress, Automattic, open source, botnets, and woodworking.
Continue reading → Meet Jesse from Jetpack: Director of Innovation, Entrepreneur, Writer, and Botnet Fighter
Cybercriminals don’t only target large companies.
The unfortunate reality is that small businesses are just as likely to be attacked and usually have fewer security measures in place. Most hackers use automated bots that scour the web looking for easy opportunities. They don’t discriminate based on the popularity of a site and are so prolific, as reported by ZD Net, that they make up 20% or more of all web traffic!
Continue reading → How to Protect Your Small Business Site from Cyber Attacks
Most businesses benefit from having well-designed websites. But what happens to the small business owner who is working with limited time and resources for managing a website?
Fortunately, the team behind Jetpack recognizes the importance of maintaining the health of your website without having to spend extra money on third-party website maintenance services, or devoting time you don’t have to routine tasks like making backups or monitoring your logins.
Let’s review four of the most useful WordPress maintenance features that Jetpack offers, and how you can use each one to save time.
Continue reading → Routine WordPress Maintenance is Easy With Jetpack
Your login page is the most vulnerable part of your website. It is the perfect target for a brute force attack — the most common form of online hacking.
A brute force attack is the most rudimentary form of hacking: it employs bots that try different combinations of usernames and passwords until they find the right one. These are called malicious login attempts and can affect your website’s performance.
Each time a visitor lands on your website, their IP address makes an HTTP request to your website’s server. When bots are constantly visiting your login page in an attempt to crack your password, the number of HTTP requests spikes. All this website traffic will slow down your site, or worse, cause your server to run out of memory.
Choosing strong login credentials is the first step to better web security — on any site. Change your username from “admin” to something unique. “Admin” might be simple to remember, but it’s also easy to hack. Avoid using passwords that contain a version of your own name or a word in the dictionary. Choose a passphrase with a mix of numbers and letters or use a password manager that will generate secure passwords and save them for you.
If you have Jetpack installed on your site, you can enable Secure Sign On and use the same credentials you use for WordPress.com to sign in to self-hosted WordPress.org sites quickly and securely. You can choose to make this the only way to log in and disable the default login form completely.
It’s not just your blog content at risk during a brute force attack. If a hacker successfully accesses your administrator account, your entire server could be compromised. That’s why every Jetpack plan includes protection from brute force attacks, including distributed attacks that use many servers against your site.
When an IP registers too many failed login attempts, Jetpack will block that IP from accessing the login form, quickly limiting HTTP requests before they slow down your site. Your site will be protected, and you can see the number of attacks that Jetpack has stopped with a widget in your self-hosted site’s dashboard.
Next Steps: Compare plans and choose the right one for your site.
Website security is important, although it can seem daunting or tedious — it doesn’t have to be. These six simple and effective best practices will help you protect your WordPress website from malicious, unwanted attention (hint: Jetpack can help!).
Continue reading → Securing your Site with Jetpack
You may have read the recent news report from Sucuri about the latest vulnerability to your WordPress XML-RPC file: Brute Force Amplification Attacks via WordPress XML-RPC
Brute force attacks against XML-RPC are one of the oldest and most common types of attacks to your site. Recently, according to Sucuri’s post above, attackers have found a way to “amplify” these attacks – making it easier for attackers to try and break into your site.
How can you protect yourself from brute force attacks?
Simple. Use Jetpack’s Brute force protection module.
Sam Hotchkiss, one of our Jetpack developers, wrote an article today on his blog going over the more technical details on how this new attack method works and how Jetpack protects you from this new threat.
If you’re running Jetpack with brute force protection enabled, you don’t need to do anything to keep yourself safe from this. We’ve already got it taken care of for you!
