Brute Protect – Recommended WordPress Plugin [update]

Update: Brute Protect is now built into Automattic’s Jetpack plugin.

However, as of 2018 – I would recommend using Wordfence. and I have updated all my sites to use it.

If you have a standalone WordPress installation, I recommend adding the Brute Protect plugin. Brute Protect is designed to reduce the chance of your WordPress site falling victim of a ‘Brute Force Attack‘. This is where a nefarious computer system (a malicious bot) continually tries to break into your WordPress account. More >

250,000 Twitter Accounts Hacked

twitter-48  iconTwitter has announced that 250,000 accounts have been hacked in attacks that they say appeared similar to recent attacks on the New York Times and the Wall Street Journal. If the attacks, exposing usernames, encrypted password data, email addresses and session tokens, aren’t bad enough, Twitter’s announcement opens the door for a series of follow-up phishing attacks.

Here’s what to watch out for. More >

Latest Security Alerts

Failed to get content from ''

A Note on security Updates

It’s easy to be overly concerned by the constant barrage of security alerts. The above list provides a brief and constantly updated summary of the latest threats from the US Computer Emergency Readiness Team. More >


Over One-and-a-half-million account details revealed

Ghost Shell Icon The BBC reports that the ‘Ghost Shell’ hacking group have released user account data after it was obtained primarily from government agencies  in the US and Europe.

“The group gathered the data during a series of attacks on NASA, the FBI, the European Space Agency and many other government agencies and contractors.

Included in the dump were log-in names, passwords, email addresses and CVs, plus the contents of online databases.”

The full report can be read here: BBC- Hacktivists Ghost Shell dump 1.6m log-in details on web


Email: “You receive the electronic reservation?” contains a malware attack

“Bogus hotel reservation emails have been spammed out widely, which claim to come from but in reality carry malware designed to infect Windows computers.

Even if recipients haven’t booked a hotel room they might be tempted to open the dangerous attachments, in fear that their credit card has been charged.”

Read more on Sophos Naked Security

Tumblr has temporarily disabled posting due to ‘worm’ infection

Following the infection of many Tumblr sites with a worm today, Tumblr have temporarity suspended posting.

Update: Technical detail on how the worm spread are being revealed

You can read more about the attack on Sophos Naked Security

Hacked Go Daddy sites infecting users with ransomware – Sophos Naked Security Article

There is a report on Sophos’ Naked Security blog of criminals adding sub domains to genuine websites hosted by Go Daddy. The links lead to sites that install Ransomware.

What does this mean to you? As always, make sure your antivirus and malware protection is up to date, and exercise caution if a link is taking you to a sub domain. More >