![Secure WP Password WH [Important] Secure Your WordPress Password Immediately – Global WordPress Brute Force Attack](http://www.vps.net/blog/wp-content/uploads/2013/04/Secure-WP-Password-WH.png "[Important] Secure Your WordPress Password Immediately – Global WordPress Brute Force Attack")
It is highly recommended that you ensure your WordPress login password is a secure password comprising of at least 8 characters and includes special characters (@#$%^&*), a variation of upper and lower case letters, and numbers.
Common Password Example:
secretword123
Secure Password Example:
Z4Tn@V^oes
The big advantage of using a cloud hosting service is the time and money you save by not having to maintain your own servers. In fact, the emergence of cloud options has essentially eliminated the need for small businesses to spend money on server hardware. But even “outsourcing” all of your site hosting and file storage needs does not mean you can take a passive approach to security. There are still a handful of important security responsibilities that cloud consumers must stay on top of in order to protect their data.
Software and Platform Updates
You can be confident that a trusted cloud supplier is constantly working behind the scenes to block attacks on their servers. However, they still rely on customers to play an important role in security. Your tasks begin with maintaining software and service updates as they roll out.
Did you know that the majority of software updates are security related? You are likely familiar with the frequent updates sent out by Windows Operating Systems, Adobe programs, and CMS platforms like WordPress. The important thing here is that you stay on top of these updates to prevent viruses and attacks from entering your network. Now your cloud provider does have additional systems in place to prevent the spread of infected files, but by maintaining every layer of security you will significantly decrease the odds of a major problem.
Security Training
The more employees you have on your network increases the odds of security breach. This is why it is essential for business owners to train all employees on the best practices for network security. From how to identify phising attacks to proper file management strategies, you simply cannot expect your employees to follow protocol unless you have instructed them in detail. A half-day seminar led by your IT manager has the potential to save you several days of lost work if user errors are prevented.
Semi-Annual Audits
Taking a proactive approach to cloud security includes keeping in touch with your provider. Just like a regular checkup at the doctor, scanning your cloud account for problem areas is a pivotal part of avoiding long term issues. Your account manager will do most of the technical work here, but you will need to answer usage questions and discuss strategy. One thing to update during the audit is your emergency contact list. Make sure you have a way to contact the cloud support team at all times. You don’t want to wait until business hours to reach a technician, especially if a problem occurs over the weekend.
Employing the three strategies listed above should be an easy and inexpensive way to maximize the security of your cloud hosting service. Keep in mind that the most important step is to choose a trusted provider from the beginning. But even the best service in the world still requires your company to do their part. Network security is a team effort, and playing an active role will go a long way to keeping your data secure.
This article is brought to the internet experts at http://internet.inmyarea.com We help you save money on residential internet service by comparing the best companies and offers in your region.
We strive to implement the best security practices we can at VPS.NET, to protect your Cloud Servers and Cloud Hosting accounts. It makes our job much simpler. Unfortunately there's one thing we can't control; your computer and your passwords. It's startling the amount of hack jobs we see that aren't caused by anything other than someone installing a trojan on your PC, thereby obtaining your password, or by a simple brute force script aimed at cracking your password. A lot of times what we then see happen, is the hacker will login to your FTP account, upload a mailing script, and send out thousands of spam emails. It makes your site look bad, it gets our IPs black listed, and none of it is any fun at all. So, lets go over a few basic security principles (and these apply to those of us who are on Macs too!).
Strong Passwords
As much as it pains me, ILoveTerry is not a good password. A basic brute force script would be able to crack it in less than 5 minutes. Even I<3Terry is on the weaker side. A strong password is something with combination of uppercase and lower case letters, numbers, symbols and is at least 8 characters long. It also should not contain any personal information, whether it be your name, street address, birthday or even your social security number. If anyone were to every try to gain access to your site, that's where they would start. Your passwords should be random and unique to each site. As easy as it is, don't use passwords over again on multiple sites, otherwise once one is leaked, you've opened yourself up everywhere. If you're still uncertain, here's a post of 500 passwords that you SHOULD NOT use.
Routine Password Changes
Before we even get into changing your password routinely, there's something I have stress - I'd yell it from the mountain tops if Cleveland had any. Change your default password! When we create your account, you're assigned a default password. It's randomly generated and still unique to you, but it needs to be changed. Next up - change your password at least every 90 days. You never know when your password is going to be leaked. By changing your password every 90 days, if your password ever gets out, you're making it likely that they're going to get an old password.
Anti Virus Software
Everyone should be running some sort of anti-virus software. There's no excuse. I know Norton and McAfee love to take over your computer, but there are several others that are entirely non-obtrusive, and do their jobs great. It's not only important to have the software installed, but also to keep your virus definitions up to date. New viruses come out every day, and viruses are modified every day, so you may find yourself unprotected at some point in time and that has rendered the software useless.
Anti-Spyware Software
Some anti-virus software has anti-spyware built right in. That's great. If yours does not, you need an anti-spyware software installed on your PC. Again, no excuse. While most spyware just likes to annoy you, and pop up random ads, there are pieces of spyware that are much more malicious, and like to steal your passwords, and credit card information.
Network Security
I expect that soon we'll see a rise in wireless internet becoming the next tool for hackers to steal your information. It's an absolute must that you secure your network. If you're running strictly a wired network, your much safer than someone running a wireless network, but you're not completely in the clear. A firewall is still necessary; even if it's something as basic as Linksys' SPI firewall. If you are running a wireless network, you've got quite a job ahead of you.
First, change the routers default password. Everyone knows the default username and password on almost all brands of routers are admin/admin.
Second, change the SSID. This is the broadcast ID that your wireless router broadcasts under. Don't make it anything that is recognizable to you! I prefer SkyNet - it's humorous to us nerds, yet no one knows it's mine. If you're okay manually setting up the network, you can even disable the SSID broadcast ID and then no one will see the router unless they manually configure their system to connect to it.
Next implement some sort of encryption policy. WEP is easily broken anymore, as the key is exchanged with each communication. If a hacker were to monitor enough packets being transferred back and forth between your PC and the router, they'll eventually come up with your WEP key. WPA is a much better idea.
Finally, enable MAC address protection. This means that only the devices you have allowed on your network can connect to the network. Unfortunately, this is not an end-all solution, as MAC Addresses can be duplicated. This does however make connecting to your network much more difficult.
Hopefully these tips prevent some of the easy hack jobs that we've been seeing. However as we all know, our security is only as strong as the weakest link so it's important that all of us continually monitor the security of our Cloud VPS, and our home computer network. If any of them are lagging behind, it's bringing down the security of the entire system.
We have partnered with our friends at AppliCure to bring you their fantastic dotDefender Application Firewall (regular pricing of $1,810.00 per annum) for the low price of $15.00 per month (per VPS).
dotDefender Highlights
You can instantly purchase a monthly subscription license form within your VPS.NET CP
Instructions on how to install dotDefender can also be found here
Just another way VPS.NET works to make your hosting life easier.
