Domain: wordfence.com
Stories and comments across the archive that link to wordfence.com.
Comments · 5
-
More tips for browser makers
(... because I'm sure they read
/. and value my opinion... )1. NEVER hide ANY part of the URL. If the URL extends beyond the size of the location box, give a nice big '...' for people to click on to see it.
2. ALWAYS show a status bar that ALWAYS shows what URL I'll go to if I click a link. NEVER allow ANYTHING to change this behavior.
3. NEVER hide the protocol.
4. Don't allow 'data' URIs in the URL bar by default. https://www.wordfence.com/blog... (This also relates to #1)
5. Don't make SUCH a big damn deal about 'https' -- big green text, giant padlock icons, etc. I've been telling people for YEARS that an HTTPS connection to bankofamurica.ru is worth NOTHING.
This won't solve everything, but the least that browser makers can do is give people the tools they need to help them make good decisions. Long story short, QUIT HIDING SHIT!
6. Bonus: enough with all these new shit TLDs. Is a world where http://blog.google/ exists (note: it does) REALLY a better place than one where it doesn't? Or is it just more confusing?
-
Wordfence recommends not using Cloudlfare
Here wordfence recommends not using Cloudflare:
https://www.wordfence.com/blog..."In Alert TA17-075A, US-CERT is referring to HTTPS interception products that are used on corporate networks. We extend this point of view to any HTTPS interception products, including cloud WAFs."
-
Re:Okay thanks
Here's one more thing that you as a fellow security person, might appreciate:
US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware
The TLDR is that the PHP malware shown in the Joint Analysis Report (JAR) is an old version of P.A.S., whose author claims to be Ukranian. The software itself is freely available from this site: http://profexer.name/pas/download.php
-
Use wordfence or "Disable XML-RPC"
I highly recommend "WordFence", or if you don't want to use that, use Disable XML-RPC. Both of them work to stop this kind of attack.
Wordfence is worth its weight in gold and it's a standard plugin I install whenever I have to do a Wordpress site.
It has lots of useful options and I wouldn't run a Wordpress site without it, period.
-
Yeah, all the time... that's the web
Per a blog post from WordFence ( https://www.wordfence.com/blog... ), multiple logins via XMLRPC are seen individually, so any program that limits login attempts will work as usual.