Reaktiv Blog

WordPress Security: Explained as Movies (Part 2)

This is my house, I have to defend it
Kevin McCallister

Tweet This

WordPress security does not have to be a passive activity. With a bit of understanding, you can take some measures that will greatly reduce the likelihood of an attack. There are many tools that you can utilize to help protect yourself from future threats. This article is a continuation of WordPress Security: Explained as Movies Part 1 with more movies and more security tips.

Please note, spoilers may be ahead

My Cousin Vinny

My Cousin Vinny is a 1992 comedy set in a small Alabama town. The movie starts with two New Yorkers being accused of murder on their way back to college. Needing a lawyer, one of the men calls his New York lawyer cousin, Vinny, for help. Vinny doesn’t want to let his cousin down, however he has never won a case and has only worked on personal injury lawsuits. The judge on the case wanted to check Vinny’s background as a lawyer before allowing him to represent his cousin. Since Vinny hadn’t had much experience as a lawyer, he had to invent a new name to give the judge. This allows Vinny to continue helping his cousin while his background checks are underway. The movie continues through the trial as Vinny proceeds to help his cousin.

This aspect of My Cousin Vinny relates to the importance of two factor authentication. Two factor authentication ensures that the person accessing their account, is in fact the correct person. If the account was compromised, chances are the phone or email on the account hasn’t been. If Vinny had to deal with two factor authentication with today’s web standards, chances are he would have been caught in his lie at the beginning.

The Bodyguard

The Bodyguard starts when a popstar, Rachel Marron (Whitney Houston), is approached and threatened by a stalker. As a result, she hires a former secret service agent, Frank Farmer (Kevin Costner), to act as her bodyguard. Frank reluctantly accepts the offer. The movie follows the pair as issues arise trying to protect a high profile celebrity.

A bodyguard determines who is allowed or not allowed to interact with any person. They block out threats, much like a firewall. A firewall is an application or service that monitors incoming and outgoing traffic between two systems and either allows or blocks that traffic based on security rules.

A firewall can be applied at the server level as well as at the application level. At the server level, hosting companies can set up firewall rules to help protect your site. At an application level, third-party security companies provide firewall plugins to help monitor and protect WordPress. Firewalls have a list of who is allowed and who is not, much like the bodyguard in the movie.

Meet the Parents

Meet the Parents is a movie that revolves around a young man, Greg Focker (Ben Stiller), who meets his girlfriend’s parents for the first time. Greg hopes to propose to his girlfriend, but her father wishes the complete opposite for the couple. The prospective father-in-law, Jack Byrnes (Robert De Niro), is a former secret agent. With access to his secret agent tools, he begins to investigate and interrogate Greg. This movie follows the pair and displays how interesting their relationship ultimately becomes.

A security issue with WordPress is poor user access management. WordPress has different user roles with different levels of access. There are times when an employee or user is given a high-level account with access to all or most of the WordPress settings. Generally, there might not be an issue with this. However, the issue arises when the user no longer works for the company or no longer requires that level of access. Many times, that account is left as is on WordPress.

Pruning or downgrading of users with administrator privileges is key to minimizing the risk to high-level accounts becoming compromised. A good rule to follow is that active accounts should be given admin access. In Meet the Parents, the prospective father-in-law still had his access to his former tools from his secret agent job. If he had to return the items that he acquired from his past job, life for Greg would have been a lot easier. Fortunately, WordPress has a much more pleasant way of managing user access.

 

Rear Window

This 1952 Alfred Hitchcock classic follows an injured news photographer who believes he witnessed a murder from his apartment window. Being confined to a wheelchair, L.B. “Jeff” Jefferies (James Stewert), spends his time watching his neighbors from his window. He believes it’s all fun and games until one day he believes that he witnessed his neighbor’s murder. With a plan to catch the suspect, he soon finds that his own life may be in danger.

Rear Window serves as an example of the benefits of enabling monitoring on a server. Monitoring will send an alert based on rules looking for suspicious activity. When something out-of-the-ordinary is detected, the proper parties are alerted to take quick action. Some popular examples of monitoring services include New Relic and monit. Also, hosting companies may provide alerts through their own monitoring systems. Many times these services are available to you as a customer.

 

Home Alone

Home Alone centers around an 8 year old boy, Kevin McCallister (Macaulay Culkin), who gets in trouble the night before his family leaves for a Paris vacation. The next morning the family races to catch their plane, forgetting Kevin at home. Kevin wakes to an empty house and assumes that his wish came true to make his family disappear after being upset about getting into trouble. However, the fun ends when two burglars try to break in and rob his home.

The movie follows Kevin around the house, laying traps for the two burglars. This demonstrates the importance of securing your house, or in our case, web hosting. Insecure web hosting leaves your site exposed to vulnerabilities. Even if you take all of the steps above, a server with security threats is open to possible attacks. Ensuring the hosting company has measures in place to monitor and protect from attacks is a must today.

 

 

Overall, WordPress security requires an active role in protecting your website. There is never a one-size-fits-all solution, but with a few tips and tricks you can definitely make it harder on would-be attackers. Hopefully this article provided some additional tools to help you protect your WordPress site.

Leave a Reply

Written by:

Mary Cadwell is a Senior Developer at Reaktiv.