leslie g stewart

Update to: secure your wordpress installations, really

A while back I posted “secure your WordPress installations. really.” and since that time, I’ve been making additional recommendations to the list of WP security plugins I listed in that post, so it’s time for an update.

In that post, I recommended, the following plugins: Login LockDown, Secure WordPress, WP-Malwatch, and WP Security Scan. Ditch Login LockDown, keep the rest. Why get rid of Login LockDown? It hasn’t been updated since 2009, and it’s only reported by its creator to work up until version 2.8.4 of WordPress.

A better replacement, with a lot more features is Login Lock. It still lets you set the number of incorrect login attempts prior to locking out an IP address, but it gives more options like enforcing strong password policies, forcing a password change every 30 days, disallowing the use of old passwords once they’ve been changed, and more.

I addition to the 3 recommended plugins above, I recommend adding the following:
Bad Behavior: This, along with Akismet, can help keep your comments link spam free.

Block Bad Queries (BBQ): This plugin helps protect WordPress against malicious URL requests. It just quietly does its job.

Ultimate Security Checker: This is a very extensive plugin that will alert you to potential issues, and provide you with the info you need to fix them.

A heads-up, that Ultimate Security Checker doesn’t seem to recognize when you have Block Bad Queries installed, and will recommend that you install it, or rather copy the BBQ code it will provide, and create a file with it. The code it provides is identical to the code in the BBQ plugin file, so I suspect that it can’t read the folder the BBQ plugin is in. It’s a minor inconvenience, but not a serious conflict.

WordPress Firewall 2: This plugin is sort of like a visual version of BBQ, in that it identifies and blocks certain types of attacks. Unlike BBQ, it actually notifies you when an attack has been detected and blocked, and tells what type of attack it was. It also provides the IP address the attack originated from, so you can take additional steps to deal with it.

None of these plugins is a substitute for keeping your WordPress core, plugins, and themes up-to-date.

Insufficient no more

If you use Final Cut Express or Final Cut Pro for video editing, chances are you’ve encountered the annoying and puzzling “Insufficient content for edit” error that pops up when attempting to add a transition between 2 clips in your timeline.

This video provides a solution to the problem so you can add transitions to your heart’s content. No star wipe transitions, though, that’s just cheesy.

Click on the image to view the video.

Final Cut Pro Transitions

Can your password lift weights?

Have you been following tech news lately? Actually, you don’t have to follow tech news to have heard about all of the high profile hacking attempts (and successes) and disruptions of late.

While I could go on and on about the sites responsible for keeping your information secure, or not, how the sites we use secure our information is out of our hands.

What you can do on your end, is pretty simple: whenever and wherever you have a login account, use good, strong passwords. It should go without saying that every password you use should be a combination of uppercase and lowercase letters, numbers, and special characters/punctuation, whenever possible. While I appreciate the love we have for our partner, child, parent or pet, using their names is a really, really unwise choice. Using any word found in a dictionary in almost any language would be unwise as well.

Continue reading: Can your password lift weights?

Secure your WordPress installations. really.

In the past 4 weeks, several Media Temple clients have been reported having their WordPress installations hacked. The cause of the hacks is inconclusive. Media Temple is blaming their customers for not having secured their WordPress installations. Their customers are blaming Media Temple, especially since this sort of widespread hacking was aimed at Media Temple users last year as well. More info about the recent Media Temple hack and fixes can be found here: http://wordpress.org/support/topic/was-my-site-just-hacked-found-random-script-in-all-pagesposts

Continue reading: Secure your WordPress installations. really.

Model releases on the go

This quick tip is for filmmakers, videographers, and photographers who make use of model releases. Even if you have verbal permission to film or photograph someone, it’s a really good idea to have the subject(s) sign a release. Normally, this means keeping printed releases with you. I always keep a bunch in my camera bag, but I don’t always have the bag handy, and sometimes I simply run out.

If you have an iPhone or iPod Touch, you can install the super handy app called mRelease. It will allow you to create, store, and email pdf copies of model, location, property, and crew releases. Your subject can sign the release on your iPhone/iPod Touch (a stylus comes in handy for that). If you’re using an iPhone, you can take a quick photo to embed in their release, which makes identifying people in your footage/photos a snap.

mRelease will set you back $2.99, and it’s nice addition to add to your film/video/photography toolkit to keep things organized.

1 3 4 5 6