10 Ways To Secure Your Wordpress Install

1.Keep your Wordpress install and plugins up to date. Probably the most important task you can perform is to upgrade your Wordpress installation to the latest version. Wordpress will inform you when a new version is available and these days you can perform one click automatic upgrades. The same goes for plugins too.


2.Use a different admin username. Wordpress has an “admin” account by default, so what you will need to do is create a new user with administrative privileges, log in as that user and then delete the old “admin” account. You can transfer all posts to the new account.

3.Create a “posting user” that has no adminstrative privileges. In addition to protecting your blog from unscrupulous hackers, you’ll be protecting it from you!

4.Use captcha where you can. This means for comments and logins.

5.Change your Wordpress table prefix. When installing for the first time, you can specify your prefix as part of the install. If you are changing an existing installation, change Wordpress table prefix will help you. There is a plugin here that will perform the change.

6.Limit access to the wp-admin directory. There are two ways that you can do this: you can limit access to the wp-admin directory by IP (this is no good if you have a dynamic IP or access your installation fro different locations like home and work) and you can password protect the wp-admin directory. Both methods require some jiggery pokery of the .htaccess file.

1.Protect wp-admin directory by IP address:

1.Create a file called “.htaccess” in your wp-admin directory, if there isn’t one already there.

2.Append the following contents where XXX.XXX.XXX.XXX = your outside IP address. Add multiple “Allow from” lines for multiple IPs:Order Deny,AllowDeny from allAllow from XXX.XXX.XXX.XXX

2.Password protect the wp-admin directory:

1.Create a file in your wp-admin directory called “.htaccess” if there isn’t already one.

2.Create a file above your public_html directory named “.htpasswd”. Make sure you put this outside the web accessible directory or someone could read easily your password! Usually this is where you go when you first login to your FTP.

3.Append the following contents to the “.htpasswd” file where xxxx = your username and yyyy = your password:

xxxx:yyyy

4.Append the following to your “.htaccess” file inside your wp-admin directory. Make sure you use the absolute path to the “.htaccess” file. If you don’t know, ask your ISP. xxxx = the username that you entered in your “.htpasswd” directory:AuthUserFile /home/username/.htpasswdAuthGroupFile /dev/nullAuthName EnterPassword

AuthType Basic



require user xxxx



7.Restrict access to your wp-config.php.

There have been cases on web servers where the PHP install gets broken and all PHP files become readable. This is a Bad Thing because your wp-config.php file contains your database username and password.



1.Create a file within your Wordpress root install directory called “.htaccess” if there isn’t already one.

2.Append the following to your “.htaccess” file inside of your wp-admin directory:Order Deny,AllowDeny from All

8.Restrict access to the wp-content and wp-includes directories:

1.Create a file within your wp-content and wp-includes directory named “.htaccess” if there isn’t already one.

2.Append the following to the “.htaccess” file. NOTE: you may have trouble with some plugins with this method:Order Allow,DenyDeny from allAllow from all

9.Use the wordpress online security scanner.

This plugin in conjunction with a CGI script available at Blog Security will perform version checks, XSS checks on your Wordpress template and will inspect your plugins for vulnerabilities.

10.Implement Mod Security:Append the following to the “.htaccess” file within the root of your Wordpress install. These are general rules to prevent some malicious attacks on your site as a whole and are not specific to Wordpress (you might have to do some reformatting because of word-wrap).

See BlogSecurity Wordpress Modsecurity White Paper (PDF)

Regain Lost Windows Password With Linux

Check out this FREE method for retrieving forgotten Windows passwords. I works on Windows XP and Vista (not yet tested on Windows 7).

Ingredients: one Linux live CD (that auto mounts Windows partitions – e.g. Ubuntu, Backtrack, Fedora, openSUSE).



Save the .iso and burn it to a disc.



Boot from the CD and follow these instructions (assuming your are using backtrack, but should be similar for other Linux distributions):



1.Open a Linux terminal and enter the following commands:

2.cd /mnt

3.ls (make a note of the folders listed here. You might need them in the next step.)

4.cd sda1/Windows/System32/ (If this doesn’t work you might have the wrong hard drive: try replacing ’sda1? with sda2, hda1, or hda2)

5.mv utilman.exe utilman.old && cp cmd.exe utilman.exe

6.reboot (and remove the CD)

7.Once rebooted, at Vista or XP log in screen, press the Windows key + U to run CMD with system privileges. Replace the username below with one of your choice – it must not already exist!

8.c:\>net user username mypassword /add

9.c:\>net localgroup administrators username /add

10.Log in with the new admin account!

Turn Any .exe File Into A Service

This method has not been tested with Vista, though it is known to work with 2000/XP/2003 Server.

The following steps will allow you to turn almost any .exe file into a service. Please note that some .exe files will need command line parameters passed to run with functionality.



Log in with administrative privileges and then check that both INSTSRV.EXE and SRVANY.EXE are stored in a directory within the search path.



Take care where you put SRVANY.EXE because it must stay there for the service to run.



1.Open up an MS-DOS command prompt and navigate to where you saved the files.

2.Type the following command: INSTSRV [service name] SRVANY.EXE

where [service name] is the name of the service you are setting up. The service name can be anything you like, but you should make the name descriptive.

3.Remove service example:

INSTSRV [service name] REMOVE where [service name] is the service name.

4.Open up the Registry Editor (Click on the Start Button > Run, and type REGEDIT). Locate the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[service name]



1.From the Edit menu, click New > select Key, and name the new key Parameters

2.Highlight the Parameters key

3.From the Edit menu, select New > String Value, and name the new value Application

4.From the Edit menu, select Modify, and type in the full path name and application name, including the drive letter and file extension

5.Example: C:\Program Files\Network Monitor\netmon.exe

5.Close the Registry Editor.

6.You can now start the service from services.msc.

xHidden Browser in Microsoft Windows XP

Suppose you are working on a PC that has Internet Explorer blocked, but you need to access the internet. Do you want to know the sneaky, double agent method of accessing the internet?




There is a hidden internet browser in the HTML Help Component, accessible from a variety of places. One such place is the standard calculator available to Windows XP (at least). Open the calculator by clicking:



◦Start

◦All Programs

◦Acessories

◦Calculator

◦Help

◦Help Topics

If you then click to the far left of the title bar, you’ll see an option to Jump to URL… – take that. Type in the URL of the website you want to visit, but note that you need to supply the “http://” part or this will not work.

Hey presto – a browser in the right hand pane of the help program. This is Internet Explorer embedded inside the HTML Help application. You may find that Adobe Flash doesn’t work in your hidden browser, but a quick visit to the Adobe site should sort that out.

Opening A Set Of Multiple Programs From A Single Click

If you are a web designer, graphics designer, desktop publisher or even just a basic user of Windows you may have habit top open some specific programs. For example, a web designer will have Adobe Fireworks, Adobe Dreamweaver, Notepad and browsers always opened. He may want this entire file in front of his eyes without need to double click each of the file. Or you may be a graphic designer who wants Photoshop, Illustrator always opened. Or you may be just a basic windows user who surfs net and listen to music and you may want Windows media player and browser opened together without any hassle.


In this tutorial I will teach you how to accomplish multiple file execution from just a single click. This might be just a useless tip for them who might have other method or already knows how to do this. If you don’t know how to do this then read on. If you know, even then read this post and comment for better upgrade.
As we used batch scripting before to accomplish several easy task and tweaks to windows, we’ll again be using batch scripting here. If you don’t know what batch scripting is then search in our blog at the right sidebar for batch scripting and learn basics of it.

OK now let me guide you how to do this.


In this tutorial will assume that you are a basic web user who listens to music while surfing. You’ll basically open all programs you need on hand. For example, you may want Google Chrome, Microsoft word and Windows Media Player always opened.
After you list the necessary programs, we must know where the programs are installed.
You can do this by right-clicking on the shortcut icon and click on properties. In target field you’ll find the location of the program file.

In the above case, the installed location of Google chrome is, C:\Programs\Chrome\Application\chrome.exe

Copy the location of each program in similar ways.
Now open Notepad (Start>Run>type notepad).
In Notepad screen type following information:
Start "" "C:\Programs\Chrome\Application\chrome.exe"

Note: Don’t copy and paste it since it is for demo only.
Do same for all programs.

Note: refer to above syntax again.
When your path is enclosed in quotes, START interprets it as the title for the window. Adding the “” makes it see your path as the program to run.

Now save it as “browsing.bat”(with quotes).

Change the icon if you want.



Double click on the browsing.bat, it will open all the programs that you’ve specified inside it.


You can create similar set of programs to open from single click and have it at desktop.

Hope this tutorial was helpful.

Disable USB Storage Devices In Your Desktop And Get Secured

Have your personal information ever been copied or pirated? It might be your years of project or your secret video; you’ll obviously feel not well when you know that it has been copied by someone by accessing your computer. Most of the files are copied to removable storage media like USB drives.




Today in this tutorial, I am going to show you how you can make USB storage devices totally useless without your permission.



You won’t need any special utility or software, just a tweak in Registry editor is enough to enable or disable the USB drive.



To block all the storage device in your Windows, run registry editor by typing regedit in RUN command.



In the registry editor, at left side navigation pane, navigate to following location:



HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > USBSTOR

Now at the right side double click on Start.

To block USB storage Medias, change the value data to 4.

If you want to unblock USB storage Medias just navigate to the same location and change th value data to 3.







If you don’t want to bother tweaking registry then I’ve made a simple program to Block and Unblock USB device.



You can download it from here.



USB BLOCKER-



USB UNBLOCKER-



Download both of them and open it to toggle between Block and Unblock USB storage media.



You can hide it in desktop or anywhere favorable to you.



Next time I’ll be posting a tutorial about disabling copy and paste. So, don’t forget to bookmark us.



Hope this tutorial was helpful.

How do Email Spam Filters Work

If you are the one who works with emails on a daily basis, you are most likely to be using a SPAM FILTER to ease the job of sifting through a large number of spam emails every day. Needless to say that spam filters do make our job a lot simpler by automatically filtering out the spam without which it is almost impossible to manually filter the junk emails that arrive in millions each day. However, it is often necessary to have a basic knowledge of how spam filters work and on what basis they flag an email as spam.






How Spam Filters Work?

There are different kinds of spam filters:



Header Spam Filters

Header spam filters work by examining the header information of a particular email message to check if it appears to have been forged. The header of every email contains information which tells the origin of the email. ie: The incoming email ID and usually the IP address (server address) of the sender. So spammers often forge the header to input a false sender ID and IP address so as to make it difficult to trace them. Thus if an email is supposed to have a forged header or if the same message is found to have been sent to multiple recipients, it is most likely considered as a spam by many filters. This method of spam filtering is often quite effective, however occasionally it may result in some of the requested newsletters from being misdirected into the spam folders.



Content Spam Filters

Content spam filter is one of the most effective and widely used filter to combat spam emails. They use a sophisticated algorithm with a set of pre-defined rules to determine whether a given email is a spam. They work by scanning the entire text/body of the email to search for specific words and patterns that make them resemble a typical spam message. Most content spam filters work based on the following criteria and check to see



1. If the message speaks a lot about money matter. Commonly suspected words include: lottery, discount, offer, bank account, money back guarantee etc.


2. If the message contains adult terms like: viagra, pills, bed, drugs, hot and so on.

3. If there is any sort of urgency. Most spam emails call for an urgency by using terms such as hurry, offer valid till etc.


4. If the message contains a single large image with little or no text then it is often considered as spam by many filters.


Each content spam filter may have it’s own set of additional rules using which it evaluates each incoming email. In most cases content and header spam filters are combined together to achieve higher level of accuracy.



Language Spam Filters

Language spam filter is designed to simply filter out any email that is not in the user’s native language. Since spammers come from all parts of the world with different languages, a language spam filter can help get rid of those annoying emails that come in the languages that you can’t read!



User Defined Spam Filters

User defined spam filters can be very handy, however they need a considerable amount of time investment in configuring and setting up a set the rules using which the filter works. For example, the user can configure to have all the emails from friends and company to reach the inbox, newsletters to reach a secondary inbox and all those remaining to the spam folder. Here the user must carefully examine the patterns of spam emails that he receives from time to time and needs to set up the rules accordingly. This filter when improperly configured can sometime lead to false positives or false negatives.



Other Types of Spam Filters

Popular webmail services like Gmail, Yahoo and Hotmail combine both header and content spam filtering techniques. In addition to this they also use their own algorithms to combat spam. For example services like Gmail uses “optical text recognition” to identify spammy text inside an image. Also users are provided with an option to “Report Spam” whenever a spam email accidentally reaches the inbox. With the user feedback, the filter learns and becomes more powerful in carrying out the filtering process.

Cell Phone Lookup: How to Do a Reverse Cell Phone Lookup

A Reverse Cell Phone Lookup is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number. At times it becomes necessary for us to start investigating on someone to know their personal details. The reason for this can be many – Some people may go for a cell phone lookup in order to locate their old friends, some to investigate the prank calls or to trace a suspicious number.

There exists a lot of websites on the Internet that offer reverse cell phone search, some claim to be free while others ask you a small fee for the subscription. There also exists a few directories that provide access to both landline and cell phone numbers thereby providing an all-in-one lookup service.

Since most people wish to access this information for free, they go in search of those websites which provide the reverse cell phone lookup service for free. Most scam websites take up this tendency of people as an added advantage and try to attract more and more visitors by promising them to provide the search service at a free of cost. In reality, the visitors of these websites may pick up malware programs like viruses and trojans. So you should be very careful not to visit any of such websites unless you are 100% confident about their legitimacy.Hence in order to do a reverse cell phone lookup, you need to find a trusted website/directory service that provide information which is accurate and authentic.

Even though there is no national cell phone lookup directory available in United States due to various privacy concerns, there are still a number of top quality directories used by various private detectives, journalists and those why are in need to spy on their cheating spouse or children. These companies invest a lot of time and financial resources in gathering mobile phone and landline numbers by using both private and public sources, as well as major cell phone carrier restricted databases.

Thus by using this service it becomes just a cakewalk for anyone to find the details associated with any phone number whether it be a cell phone or a landline. The entire process of finding someone by cellphone number is very straightforward – all you need to do is just enter the phone number that you want to trace down and hit the “Search” button. You will be able to instantly view the information such as the phone owner’s name, age, mobile provider, billing address, previous addresses and more.

I recommend the following cell phone directory to search both mobile & landline and listed/unlisted residential numbers. The site is completely safe and uses a 128-bit secured access to maintain 100% privacy of the uses. All searches remains private and anonymous. Click on the following link to gain access now!



http://www.phonenumberscan.com/?hop=sriki87