2014 WordCamp Columbus - Dealing with a lockout


Published on

2014 WordCamp Columbus - Dealing with a lockout

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

2014 WordCamp Columbus - Dealing with a lockout

  1. 1. Good Afternoon!!!!
  2. 2. My name is John Parkinson I live in Eastern Ohio IT Manager for engineering firm
  3. 3. 25 computers All levels of users Networking Repair Upgrade Training Programming (a little) Jack of all trades Master of none!
  4. 4. Twitter - @jwparkinson jwparky@gmail.com wpknut.com
  5. 5. Please leave feedback!!! @jwparkinson #wccbus
  6. 6. Or use hashtag #tallguywith grayhairandglassesandapotbelly
  7. 7. WordPress user for 5 years I am a ‘user’ not an expert! Personal, work and a club websites. Also, helped setup 2 other websites for Belmont County 911 center and Belmont County Emergency Management Agency (EMA).
  8. 8. WordCamps in Ohio
  9. 9. How many WordPress beginners?
  10. 10. Dealing With Lockout
  11. 11. What is a Lockout? A Lockout happens when a user tries to access a website with an incorrect username or password. After multiple unsuccessful attempts, a user is Locked Out.
  12. 12. Brute Force Attack In a brute-force attack, the attacker, or BOT, tries to enter a system by trying out a series of username/password combinations to gain access.
  13. 13. Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin.' They are, in short, an attack on the weakest link in any website's security: You! Or in this case……ME!!!!
  14. 14. Reverse brute-force attack In a reverse brute-force attack, a single (usually common) password is tested against multiple usernames or encrypted files. The process may be repeated for a select few passwords. In such a strategy, the attacker is generally not targeting a specific user. Reverse brute-force attacks can be mitigated by establishing a password policy that disallows common passwords.
  15. 15. Not to be confused with a Denial of Service – DoS - attack A method of attack which involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.
  16. 16. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
  17. 17. http://list25.com/25-biggest-cyber-attacks-in-history/1/
  18. 18. WordPress.org has 2,300 Security Plugins in the Repository
  19. 19. Security Plugins will limit the number of login attempts and notify the website owner of a lockout.
  20. 20. All of the Security Plugins in the world won’t do you any good if…….
  21. 21. Look Familiar?
  22. 22. Login to the Dashboard – User – Your Profile And here It is!
  23. 23. The Fix Logon to your website host.
  24. 24. Go to File Manager
  25. 25. Go to wp-content/plugins folder Rename Folder This disables security plugin
  26. 26. Open new tab then Login to website and add new user with administrator privleges. Log out and then login using new username & password. Delete old username
  27. 27. Go back to File Manager and change the name of the security plugin back to original.
  28. 28. Correct Practice Have root access to your cPanel. Two users with admin privileges on your WordPress website. A user for adding content only.
  29. 29. Use good password practices No Dictionary Words, Proper Nouns, or Foreign Words No Personal Information A strong, effective password requires a necessary degree of complexity. • uppercase letters such as A, B, C; • lowercase letters such as a, b,c; • numerals such as 1, 2, 3; • special characters such as $, ?, &; and • alt characters such as µ, £, Æ.
  30. 30. Password Generators https://www.grc.com/passwords.htm https://identitysafe.norton.com/password- generator http://www.whatsmyip.org/random-password- generator/
  31. 31. Questions or comments
  32. 32. WordPress TV
  33. 33. 2,300 videos from WordCamps all over the world!
  34. 34. Typical WordCamp • Let’s say 3 to 4 Tracks • And 3 sessions each in the morning and afternoon • Videos are initially edited by WordCamp volunteers • 24 presentation videos to be sent (uploaded) to WordPress TV
  35. 35. WordPress TV Moderators • Speaker name • WordCamp location • Check for sound and video quality • Speakers slides • Presentation description • Schedule for publication (usually 3 or 4 a day)
  36. 36. The End
  37. 37. Make sure to thank the organizers, sponsors and volunteers
  38. 38. Slides can be found at: http://www.slideshare.net/slideshow/embed_c ode/34150560 Or type ‘jwparky’ in search box and then ‘user’
  39. 39. Thanks for suffering sitting through my presentation. Please leave feedback!! Enjoy the rest of the sessions!