Wordfence Launches New Security Feature: Real-Time IP Blacklist

WordFence

We are happy to report that Wordfence has just launched a new security feature for its premium customers – real-time IP blacklist! This new feature will work to block thousands of malicious IPs from hacking your WordPress website. This will significantly cut the risk of your site being hacked and will lighten your website load times and improve site performance as well.

Over the past year, the developers at Wordfence have heavily monitored, collected, and analyzed data from malicious hacking attempts on WordPress websites. They were able to use these results to build a new security feature that will immediately find malicious IPs and block them instantly.

When a potential attacker is blocked from the website that is using Wordfence, this is what they will see:

If a legitimate visitor gets blocked, they are able to report the false positive by clicking on the “Report Problem” button and then copying & pasting the encoded text into the report. The Wordfence response team receives the report and responds quickly to record and fix the false-positive.

This new real-time IP blocking feature enhances Wordfence as it works to prevent attacks. If an IP that is on the blacklist attempts to get access to your site, it becomes blocked from your site permanently and immediately. This means the malicious attacker can’t access anything on your site or use site and server resources.

Keeping your website secure is one of our top priorities and we couldn’t be happier with this new feature from Wordfence!

Last Week’s Cyber Attack on DynDNS and What this Means for You

Last week, DynDNS – a major DNS provider was hit with a large Distributed Denial-of-Service (DDoS) attack. As a result major websites like Twitter, Spotify, Etsy and many other sites were knocked offline.

What is a DDoS attack?

The goal of a DDoS attack is to overwhelm a server or servers so that they no longer work and essentially, shut down. An attack is typically started by a cluster of servers that targets and sends out multiple requests by bots to a server or group of servers in order to shut down the operations on the targeted servers.

What does this mean for you?

By now, I am sure you are wondering what all of this means for you. Is your website or online banking site vulnerable to these kinds of attacks?

First, you need to know that all services hosted online are vulnerable to attacks.

Second, we here at CU*Answers do not use public DNS services like DynDNS because we have our own DNS infrastructure. So, while this means that we were mostly safe from the cyber attacks from last week, it doesn’t mean that we are completely invulnerable to this kind of thing.

We mitigate these risks by doing the following:

  • All our servers are housed in SSAE16 Certified Data Centers
  • Our servers are secured by using the latest standard server-hardening techniques and security software
  • We take a proactive approach to server management. Therefore, our servers are heavily monitored 24/7. Additionally, we take care to make sure that our servers are updated regularly

As cyber attacks become more sophisticated, we are consistently adapting our security procedures to be able to prevent and stop any threats.

Is Your WordPress Website Secure? It is With Us!

WordPress

In the previous article we posted from Credit Union Times that addressed whether or not WordPress websites are secure, they noted the following:

“At its core, WordPress is extremely secure (see wordpress.org/about/security). In fact, when compared to competitors, WordPress is probably the most secure content management system on earth. While the popularity of WordPress does mean more people are trying to hack it, WordPress has been remarkably successful at resisting attacks. If you study the history of WordPress security, you’ll see that WordPress software is NOT the security issue you should be worried about (source: managewp.com/is-wordpress-secure). The security threat you should be worried about is yourself. WordPress users are the security issue, not WordPress.”

They made a list of best practices to follow for making your WordPress website secure and here’s how we have responded:

Keep Your Website Updated

We do this automatically! As part of our hosting platform, we schedule regular weekly updates to the WordPress core software and plugins. It is why we specialize in WordPress!

Host Your WordPress Website on Secure Servers

We’re not the cheapest hosting option around and we know that. But we’ve built hosting architecture and network security specifically for Credit Unions!

Create Unique Usernames and Passwords

Each website account is created with unique usernames and passwords. We wouldn’t trust it any other way.

Limit Login Attempts & Use a Premium WordPress Security Plugin

Our number one goal is to keep your website secure, which is why we have installed and configured the Wordfence security plugin on all of our sites.  Wordfence helps manage login attempts and auto-bans unknown users who try to attempt access to the site by dispensing brute force attacks.

Use Trusted Third-Party Plugins Only

We properly vet each and every third-party plugin that is installed on all of our credit unions’ websites. We don’t as a rule, install or activate untested or low-scoring plugins.

Did you know that out-of-date plugins can pose a potential security risk?

This is why we issue regular plugin updates along with the WordPress core software. This ensures that your plugins are always up to date and helps keep your site safe from hacking attempts.

Back up Your Website Every Day

All of our credit union websites are on a regular back-up schedule. We believe in having a solid disaster recovery plan in place for life’s unexpected occurrences.

In addition to all of these great recommendations from Credit Union Times, we also go above and beyond this:

  • 24-hour automated monitoring
  • Proactive server management
  • Layered levels of security at the network level, the server level, and the application level
  • All websites are hosted on servers that are housed in a SSAE16 Certified Data Center
  • Soon to be announced free SSL certificates for any sites hosted with us
  • As an added bonus, the leader of the Web Services team has written a book on WordPress Design, Development and best practices!

We understand the unique needs of our clients and strive to always be pushing forward with the latest best practices in website security, design and development.