Category Archives: Security

Twitter Widget Pro does not update Tweets: one fix

Twitter Widget Pro Stopped updating Tweets
Twitter Widget Pro stopped working.
Twitter Widget Pro fails to update Tweets

Just a quickie for those who are stymied by the fact that the WordPress plugin Twitter Widget Pro seems to work, then stop, or to fail to work at all.

It’s not Twitter Widget Pro’s fault. There might be a conflict with other plugins, something in your theme, or in your .htaccess file.

I’ve just re-discovered the cause of my own issue.

It is a conflict with another plugin. Specifically Better WordPress Security, and even more specifically, one of the rules that are inserted into the .htaccess file when one chooses to add the anti-hacking rules (Ban tab ▶ User and Bot Blocklist ▶ Add Host and Agent Blocklist ▶ [ ] Check this box to enable HackRepair.com’s blacklist feature.).

My fix was to remove the added .htaccess rules. I haven’t taken the time to figure out exactly which one it is, however. That would be a long and tedious testing process.

May I recommend to the developer, should they read these comments to include the above fact in their FAQ? I bet it would save a lot of headaches both in terms of support and for the general users.

Good luck, fine people, I hope this helps.

WordPress Security: Preventing hackers and spammers: Better WP Security, Sucuri and CloudFlare

WordPress security: It’s time to start ramping it up again

My ISP provided me with the following link by ArsTechnica

Huge attack on WordPress sites could spawn never-before-seen super botnet

Ongoing attack from >90,000 computers is creating a strain on Web hosts, too.

WordPress security is a particularly big deal at this moment in time. It’s a huge platform and well recognized enough to be considered worth it’s own attacks by spammers and crackers.

While I don’t know these people, they’ve written an excellent primer on securing your WordPress setup.

How to ward off spammers and crackers?

I had already been using Better WP Security. It’s an excellent plug in, free and donationware. Over a period of about 90 days, it has reported the following to me:

Your database contains 9416 bad login entries.
Your database contains 1530 404 errors.

Interestingly enough, other than the occasional typo on my part, the 9416 bad logins used “admin”. Having not only changed the default user name, but squarely removed it (No user ID 1 in the database) and using strong passwords, I felt relatively secure, and Better WP Security gave me a baseline of this particular activity on my site. The 404’s in this case were pointing to non-existent files (duh!) such as FrontPage files, or various config paths.

Recent spammers are aggressive enough to be considered de facto crackers.

I followed up with this article by Sucuri.net:

Protecting Against WordPress Brute-Force Attacks
http://blog.sucuri.net/

By the way sucuri.net offers a very use malware scanning service. Very handy if you use WordPress security techniques.

CloudFlare

While I’m relatively confident of the security of my site, I’m not one for shunning potential positive layers of services..

Cloudflare stands as a CDN between you and the web. Sign up, and simply change your DNS name servers, and it does the job. The free version offers enough to make it worthwhile to give it a serious try. Cloudflare offers a free and feature-full group of services for the little guy, as well as an extended range of services (such as SSL support) for paid accounts.

Now, with a baseline provided by Better WP Security, we’ll see how CloudFlare fares over the next 90 days. I’ll keep you posted.