WOT Wiki - User contributions [en]

WordPress Plugin

2012-04-21T14:25:19Z

Mentalist3d: /* Adding Ratings to Pages */ formatting change

Blog article: [http://www.mywot.com/blog/320-wot-launches-wot-for-blogs-wordpress-plugin WOT Launches "WOT for Blogs" WordPress Plugin] posted: ''Tue 18 Jan 2011''

Installing the plugin is simple and can be done in one of two ways:
* Search for "WOT for blogs" on your Wordpress Control Panel and it'll be the first result. Follow the instructions on the page.
* Alternatively, you can [http://wordpress.org/extend/plugins/wot-for-blogs/ download a zip file] and upload that to your wordpress control panel.
* Read more about the plugin including support and development: [http://www.mywot.com/en/wordpress-plugin WOT for Blogs - Wordpress Plugin]

Note: Only outgoing links in posts/comments have the WOT rating symbols added to them.

== Adding Ratings to Pages ==

If you wish to add the WOT symbols to external links on your pages, install the plugin into your WordPress site, then edit the plugin script: wotforblogs-config.js

'''The current script is''':

<nowiki>
var wot_rating_options = {
selector: ".post a[href], #comments a[href]"
};
</nowiki>

'''Change this to''':

<nowiki>
var wot_rating_options = {
selector: ".post a[href], #page a[href], #comments a[href]"
};
</nowiki>

This only adds the rating to your page content and should exclude external links on your sidebars, headers and footers. If you want to include the rating symbol on all external links indiscriminately (not recommended) change; #page a[href] to .page a[href]

== WordPress Tips ==

For general advice and tips, see the article: [[Wordpress]]

WordPress Plugin

2012-04-21T14:23:59Z

Mentalist3d: /* Adding Ratings to Pages */ changing formatting for better visual appearance

Blog article: [http://www.mywot.com/blog/320-wot-launches-wot-for-blogs-wordpress-plugin WOT Launches "WOT for Blogs" WordPress Plugin] posted: ''Tue 18 Jan 2011''

Installing the plugin is simple and can be done in one of two ways:
* Search for "WOT for blogs" on your Wordpress Control Panel and it'll be the first result. Follow the instructions on the page.
* Alternatively, you can [http://wordpress.org/extend/plugins/wot-for-blogs/ download a zip file] and upload that to your wordpress control panel.
* Read more about the plugin including support and development: [http://www.mywot.com/en/wordpress-plugin WOT for Blogs - Wordpress Plugin]

Note: Only outgoing links in posts/comments have the WOT rating symbols added to them.

== Adding Ratings to Pages ==

If you wish to add the WOT symbols to external links on your pages, install the plugin into your WordPress site, then edit the plugin script: wotforblogs-config.js

The current script is:

var wot_rating_options = {
selector: ".post a[href], #comments a[href]"
};

Change this to:

var wot_rating_options = {
selector: ".post a[href], #page a[href], #comments a[href]"
};

This only adds the rating to your page content and should exclude external links on your sidebars, headers and footers. If you want to include the rating symbol on all external links indiscriminately (not recommended) change; #page a[href] to .page a[href]

== WordPress Tips ==

For general advice and tips, see the article: [[Wordpress]]

WordPress Plugin

2012-04-21T14:22:54Z

Mentalist3d: provided further information on how to include WOT rating symbol for external links on a page

Blog article: [http://www.mywot.com/blog/320-wot-launches-wot-for-blogs-wordpress-plugin WOT Launches "WOT for Blogs" WordPress Plugin] posted: ''Tue 18 Jan 2011''

Installing the plugin is simple and can be done in one of two ways:
* Search for "WOT for blogs" on your Wordpress Control Panel and it'll be the first result. Follow the instructions on the page.
* Alternatively, you can [http://wordpress.org/extend/plugins/wot-for-blogs/ download a zip file] and upload that to your wordpress control panel.
* Read more about the plugin including support and development: [http://www.mywot.com/en/wordpress-plugin WOT for Blogs - Wordpress Plugin]

Note: Only outgoing links in posts/comments have the WOT rating symbols added to them.

== Adding Ratings to Pages ==

If you wish to add the WOT symbols to external links on your pages, install the plugin into your WordPress site, then edit the plugin script: wotforblogs-config.js

The current script is:

var wot_rating_options = {
selector: ".post a[href], #comments a[href]"
};

Change this to:

var wot_rating_options = {
selector: ".post a[href], #page a[href], #comments a[href]"
};

Note: this only adds the rating to your page content and should exclude external links on your sidebars, headers and footers. If you want to include the rating symbol on all external links indiscriminately (not recommended) change; #page a[href] to .page a[href]

For general advice and tips, see the article: [[Wordpress]]

WordPress

2012-04-21T14:07:14Z

Mentalist3d: /* Recommended Plugins */ adding another security plugin, updated details on WordPress Firewall

As a WordPress user, I have added this page as a guide to some best practices you can adopt for your site, to make it more secure. This guide is just a basics to new, non-technical WordPress users. For more advanced technical users, follow the guide on WordPress (Hardening WordPress) - http://codex.wordpress.org/Hardening_WordPress

==Keep Up to Date==

The first rule is quite simple, keep WordPress up to date, all your plug-ins, and all your themes up to date. Each up-date is usually because a bug has been found and corrected, new vulnerabilities being found and corrected, or just the functionality has been improved. It is important that you keep all aspects of your WordPress site up to date. The most common cause of your site being exploited is due to some part being outdated.

==Remove unused features==

If you have several themes installed, these can still be exploited whether active or not. Once you have settled on a theme for your site, remove any extra themes from your server.

This is also true for plugins for your WordPress site, even inactive plugins can still be exploited, so any plugins you no longer use, delete these files from your server.

==Reduce Spam==
Through your settings in the dashboard it is advised that you disallow the usage of PingBacks as these can be abused by spammers. Also make sure all comments need admin approval before being displayed on the site. There is an option that will allow a user that has 1 approved comment then be allowed to make other comments without prior approval, switch this off, as it is better just to approve each comment as they are made.

==Recommended Plugins==

'''Askimet Plugin''' - http://wordpress.org/extend/plugins/akismet/
Comments are checked against the Askimet web service to see if the comments look like spam. Any spam comments are moved to a spam folder for you to review at a later date. Very good accuracy rate.

'''Stop Spammers Registration Plugin''' - http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
Any email address that is being used to register on your site is automatically checked against the Stop Forum Spam database. If a match is found they cannot register with your site.

'''Project Honey Pot Spam Trap''' - http://wordpress.org/extend/plugins/project-honey-pot-spam-trap/
Invisible links are scattered throughout your blog that only Bots can see these. Their IP addresses will be tagged and this info will be sent back to ProjectHoneyPot.org

'''Secure WordPress''' - http://wordpress.org/extend/plugins/secure-wordpress/
Registered users can have a lot of access to useful information that will help them if they decide to hack your site. This plugin will remove some of that information (as well as doing some other minor tweaks) such as removing update notices to non-admins, removes the WordPress version number, error-information on login page, etc.

'''Login Lockdown''' - http://wordpress.org/extend/plugins/login-lockdown/
Every failed login attempt is logged (IP Address & Timestamp). If a certain amount of login attempts are failed within a short time period then the login function is disabled for one hour (default setting) for the IP range.

'''WordPress Firewall 2 ''' - http://wordpress.org/extend/plugins/wordpress-firewall-2/
This has been updated due to bug fixes on WordPress Firewall. Scans every request made on your site and block suspicious requests and notifies the blog admin of any reported attack on the site. Very handy for reducing SQL attacks against a WordPress site as well as mnay other useful security features.

'''Lockdown WP Admin''' - http://wordpress.org/extend/plugins/lockdown-wp-admin/
Prevent access to WP Admin area by renaming the yourdomain.com/wp-admin/ to yourdomain.com/anythingyoulike/, this is a very handy plugin which hides your wp-admin login area preventing malicious users from trying to access your site through brute force attacks.

WordPress

2010-11-28T02:10:21Z

Mentalist3d: /* Recommended Plugins */

As a WordPress user, I have added this page as a guide to some best practices you can adopt for your site, to make it more secure. This guide is just a basics to new, non-technical WordPress users. For more advanced technical users, follow the guide on WordPress (Hardening WordPress) - http://codex.wordpress.org/Hardening_WordPress

==Keep Up to Date==

The first rule is quite simple, keep WordPress up to date, all your plug-ins, and all your themes up to date. Each up-date is usually because a bug has been found and corrected, new vulnerabilities being found and corrected, or just the functionality has been improved. It is important that you keep all aspects of your WordPress site up to date. The most common cause of your site being exploited is due to some part being outdated.

==Remove unused features==

If you have several themes installed, these can still be exploited whether active or not. Once you have settled on a theme for your site, remove any extra themes from your server.

This is also true for plugins for your WordPress site, even inactive plugins can still be exploited, so any plugins you no longer use, delete these files from your server.

==Reduce Spam==
Through your settings in the dashboard it is advised that you disallow the usage of PingBacks as these can be abused by spammers. Also make sure all comments need admin approval before being displayed on the site. There is an option that will allow a user that has 1 approved comment then be allowed to make other comments without prior approval, switch this off, as it is better just to approve each comment as they are made.

==Recommended Plugins==

'''Askimet Plugin''' - http://wordpress.org/extend/plugins/akismet/
Comments are checked against the Askimet web service to see if the comments look like spam. Any spam comments are moved to a spam folder for you to review at a later date. Very good accuracy rate.

'''Stop Spammers Registration Plugin''' - http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
Any email address that is being used to register on your site is automatically checked against the Stop Forum Spam database. If a match is found they cannot register with your site.

'''Project Honey Pot Spam Trap''' - http://wordpress.org/extend/plugins/project-honey-pot-spam-trap/
Invisible links are scattered throughout your blog that only Bots can see these. Their IP addresses will be tagged and this info will be sent back to ProjectHoneyPot.org

'''Secure WordPress''' - http://wordpress.org/extend/plugins/secure-wordpress/
Registered users can have a lot of access to useful information that will help them if they decide to hack your site. This plugin will remove some of that information (as well as doing some other minor tweaks) such as removing update notices to non-admins, removes the WordPress version number, error-information on login page, etc.

'''Login Lockdown''' - http://wordpress.org/extend/plugins/login-lockdown/
Every failed login attempt is logged (IP Address & Timestamp). If a certain amount of login attempts are failed within a short time period then the login function is disabled for one hour (default setting) for the IP range.

'''WordPress Firewall''' - http://wordpress.org/extend/plugins/wordpress-firewall/
Scans every request made on your site and block suspicious requests and notifies the blog admin of any reported attack on the site. Very handy for reducing SQL attacks against a WordPress site as well as mnay other useful security features.

Online tools

2010-10-01T20:38:00Z

Mentalist3d: added an updated link for scanner2.novirusthanks.org, and left the original link in place

Useful freeware and other online tools. A more detailed list of freeware may be found at: [http://www.techsupportalert.com/ gizmo's freeware] such as this article, [http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm Probably the Best Free Security List in the World]

==Free online single file scanning==

* http://virustotal.com (max file size 20 MB, 42 different antiviruses)
* http://virscan.org (max file size 20 MB, 37 different antiviruses)
* http://scanner.novirusthanks.org (max file size 20 MB, 24 different antiviruses)
* http://scanner2.novirusthanks.org (max file size 20 MB, 24 different antiviruses)
* http://scanner.virus.org (max file size 5 MB, 23 different antiviruses)
* http://virusscan.jotti.org (max file size 10 MB, 20 different antiviruses)
* http://viruschief.com (10 different antiviruses)
* http://filterbit.com (9 different antiviruses)
 

==Free online folder/computer scanning==

* a-squared : http://www.emsisoft.com/en/software/ax/?scan=1
* BitDefender : http://www.bitdefender.com/scanner/online/free.html
* Computer Associates : http://cainternetsecurity.net/entscanner/
* ESET (NOD32) : http://www.eset.com/onlinescan/
* F-Secure: http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/online-scanner/index.html (IE only)
* Microsoft OneCare : http://onecare.live.com/site/en-us/default.htm
* TrendMicro : http://housecall.trendmicro.com
* Panda : http://www.pandasecurity.com/activescan/index/
 

==Anti-Virus / Anti-Malware products free and fully functional==

===Anti-virus===

* avast! : http://www.avast.com/
* AntiVir : http://www.avira.com/ alternate: http://free-av.com/ [[AntiVir Free update problem]]
* AVG : http://www.avg.com/
* Comodo : http://www.comodo.com/
* ClamWin : http://www.clamwin.com/
* ClamAV : http://www.clamav.net/
* Microsoft Security Essentials : https://www.microsoft.com/Security_essentials/
* Panda Cloud : http://www.cloudantivirus.com/

===Anti-Malware===

* Ad-Aware : http://www.lavasoft.com
* a-squared : https://www.emsisoft.com
* MalwareBytes : http://www.malwarebytes.org
* Spybot S&D : http://www.safer-networking.org/index2.html

===Anti-spyware products===

* SpywareBlaster : https://www.javacoolsoftware.com
* Spyware Terminator : https://www.spywareterminator.com
* SUPERAntiSpyware : https://www.superantispyware.com
* Windows Defender : https://www.microsoft.com/windows/products/winfamily/defender/default.mspx

===Intrusion prevention===

* GeSWall : http://www.gentlesecurity.com

===Windows start-up manager===

* WinPatrol : http://winpatrol.com

===Windows system scanner===

* HijackThis (HJT) : http://free.antivirus.com/hijackthis/ (used in conjunction with Malware support forums for troubleshooting system failures)
 

==MX tools==
Check if your [[Internet Protocol Address|IP]] or domain is blacklisted as a source for [[Spam]]

* http://www.mxtoolbox.com/ : Check each MX record (IP Address) against 147 DNS based blacklists.
 

==Spam==
===Spam / PHISH aggregation===

* AbuseButler : http://spamvertised.abusebutler.com
* joewein.de LLC : http://www.joewein.net
* PhishTank : http://www.phishtank.com
* Project Honey Pot : https://www.projecthoneypot.org
* SORBS (Spam and Open-Relay Blocking System) : http://www.us.sorbs.net
* Spacequad : http://www.spacequad.com
* SpamCop : http://www.spamcop.net
* Stop Forum Spam : http://www.stopforumspam.com
* SURBL : http://www.surbl.org
* uriBL : http://www.uribl.com

===Email headers===
* Email Headers
*: How to View them and Include them in Reporting a Spam or Scam
*: * http://spamlinks.net/track-trace-headers.htm
*: * http://www.consumerfraudreporting.org/email_headers.php
* Copy and paste the headers to reveal their source:
*: * http://www.ip-adress.com/trace_email
*: * http://www.find-ip-address.org/email-search/find-email.php
*: * http://www.ipaddresslocation.org/email-tracking/email-header.php
* Decoding the spam; head to eternity - an article courtesy of MysteryFCM aka: hpHosts
*: http://mysteryfcm.co.uk/?mode=Articles&date=25-11-2005

===Reporting Spam===
* Spamtrackers article : http://www.spamtrackers.eu/wiki/index.php/Reporting_Spam
* Sign up for a Spamcop account and report the spam : http://spamcop.net/
* Join others who are fighting spam at IBR : http://inboxrevenge.com/

===Spam Facts===
* The 10 Worst Spam Support ISPs : http://www.spamhaus.org/statistics/networks.lasso
* The 10 Worst Spammers : http://www.spamhaus.org/statistics/spammers.lasso
* The 10 Worst Spam Countries : http://www.spamhaus.org/statistics/countries.lasso

===Anti-spam portal===
* Spam Links : http://spamlinks.net/
*: the anti-spam portal: everything you didn't want to have to know about spam. Whether you are entirely new to the struggle against spam, or are a seasoned professional system administrator, we direct you to the best resources available to counter spam.

===Historical===
* Blacklist of Internet Advertisers : [http://web.archive.org/web/20020124184904/math-www.uni-paderborn.de/~axel/BL/blacklist.html web.archive.org]
*: this is the Blacklist of Internet Advertisers. It is intended to curb inappropriate advertising on usenet newsgroups and via junk e-mail. It works by describing offenders and their offensive behavior, expecting that people who read it will punish the offenders in one way or another.

====Associated forum topic====
[http://www.mywot.com/forum/3331-spam Spam]
 

==Reputation tools==
These tools can help evaluate the reputation of websites. Some are based on user reports, corporate/organization reports or automated tools (links checkers, anti-viruses, sandboxes...)

* ATMA IP Deny list - Peerguardian format : http://www.atma.es
* AVG LinkScanner : http://linkscanner.explabs.com/linkscanner/avg
* Browser Defender : http://www.browserdefender.com
* Google Safe Browsing : http://www.google.com/safebrowsing/diagnostic?site=example.com (replace "example.com" with the IP or domain name)
* hpHosts : http://hosts-file.net
* MalwareDomainList : http://www.malwaredomainlist.com/mdl.php
* MalwarePatrol : http://www.malwarepatrol.net/lists.shtml
* MalwareUrl : http://www.malwareurl.com
* McAfee SiteAdvisor : https://www.siteadvisor.com
* McAfee TrustedSource : https://www.trustedsource.org/en/tools
* No Virus, Thanks : http://scanner.novirusthanks.org (File Scanning)
* Norton SafeWeb : https://safeweb.norton.com
* Phish Tank : http://www.phishtank.com
* Sitevet : http://sitevet.com/
* Unmask Parasites : http://unmaskparasites.com
* URL Void : http://www.urlvoid.com
* Web Security Guard : http://www.websecurityguard.com

* Lenny Zeltser's : [http://zeltser.com/combating-malicious-software/malicious-ip-blocklists.html Blocklists of Suspected Malicious IPs and URLs]
 

==Network tools==

* http://www.aguse.jp/ : whois, DNS, thumbnail, blacklist check, more.
* http://centralops.net/co/ : Free online network utilities
* http://clez.net/net/ : Free complete network tools for online research.
* http://whois.domaintools.com/ : Whois lookup and Domain name search.
* http://www.who.is/ : whois, DNS, more.
* http://ping.eu : online ping/whois/traceroute/port check/reverse lookup/...
* http://www.geoiptool.com/ : Free online geolocation (from server name or IP)
* http://ipinfodb.com/ : Free online geolocation (from server name or IP)
* http://www.robtex.com/ : Swiss army knife internet tool. Check: RBL, DNS, IP, C-net, whois, Route, AS info, and more.
* http://www.intodns.com/ : checks the health and configuration and provides DNS report and mail servers report.
* http://network-tools.com/ : various: ping, whois, DNS, etc.
* http://untiny.me/ : Get real url from shortened URLs like tinyurl.com (and other) without actually following the link
* http://www.just-traceroute.com/ : Traceroute from 4 different locations.
* http://www.herdict.org/web/ : Herdict Web aggregates reports of inaccessible sites
 

==Pharmacy verification==

* http://www.nabp.net : The National Association of Boards of Pharmacy
* http://www.ciparx.ca : The Canadian International Pharmacy Association
* http://www.legitscript.com : LegitScript (USA and Canada)
 

==SSL Certification testing==

* https://www.digicert.com/help : Check SSL Certificate for proper installation.
* https://www.sslshopper.com/ssl-checker.html : Check SSL Certificate, also has a widget to add to your website or blog.
 

==Parental control==

See main article: [http://www.mywot.com/wiki/Parental_Controls Parental Controls]

==List of Noteworthy Internet Explorer addons==

See main article: [[Internet Explorer]]

==List of Noteworthy Firefox addons==

See main article: [[Mozilla Firefox | Firefox]]

==Check for obsolete software==
Scans for outdated software that is vulnerable to exploit codes, etc.

* F-Secure : http://support.f-secure.com/enu/home/onlineservices/fshc.shtml
* Secunia OSI : http://secunia.com/vulnerability_scanning/online/
* FileHippo.com Update Checker : http://www.filehippo.com/updatechecker/
* Plug-In Check for Firefox : https://www-trunk.stage.mozilla.com/en-US/plugincheck/
 

==Miscellaneous==

* Anubis : http://anubis.iseclab.org/ (reports the behavior of a Windows executable and activities in Internet Explorer)
* AutoShun (snort list) : http://www.autoshun.org/
* Better Business Bureau (USA and Canada company verification) : https://www.bbb.org
* Bitzi : http://bitzi.com/ (Collaborative file identification)
* BoardReader domain link check : http://boardreader.com/domain/mywot.com
* JSUNPACK A Generic JavaScript Unpacker : http://jsunpack.jeek.org/dec/go
* Malicious code detection (PDF/Javascript/Flash): http://wepawet.iseclab.org/
* Newly Registered Domain Names : http://domain-daily.com/
* NetworkMiner (Network Forensic Analysis Tool (NFAT) for Windows) : http://networkminer.sourceforge.net/
* Norman Sandbox : http://www.norman.com/microsites/nsic/Submit/en (reports the behaviour of a Windows executable run inside a virtual machine).
* PC Flank Security Tests : http://www.pcflank.com/index.htm (scans for possible exploits you are leaving behind you)
* Pop-up Test : http://www.popuptest.com/ (tests your pop-up blocker)
* Sandboxie : http://www.sandboxie.com/ (reports the behaviour of a Windows executable run inside a sandbox)
* Site Dossier : http://sitedossier.com/
* Snort network intrusion prevention and detection system (IDS/IPS) : http://www.snort.org/
* Spamavert.com : http://spamavert.com/ (obtain spam from this small inbox)
* SystemLookup : http://www.systemlookup.com/ (search engine for CLSIDs, services and etc. listing them as either legitimate or malicious)
* Tor : http://www.torproject.org/ (surf with more privacy)
* VB100% : http://www.virusbtn.com/vb100/index (keep updated on which antiviruses are passing the latest malware tests)
* WebCHeck (UK company verification) : http://wck2.companieshouse.gov.uk/53444b46005755607d6d6b965d400416/wcframe?name=accessCompanyInfo

WordPress

2010-09-22T11:52:48Z

Mentalist3d: /* Recommended Plugins */ added WordPress Firewall

As a WordPress user, I have added this page as a guide to some best practices you can adopt for your site, to make it more secure. This guide is just a basics to new, non-technical WordPress users. For more advanced technical users, follow the guide on WordPress (Hardening WordPress) - http://codex.wordpress.org/Hardening_WordPress

==Keep Up to Date==

The first rule is quite simple, keep WordPress up to date, all your plug-ins, and all your themes up to date. Each up-date is usually because a bug has been found and corrected, new vulnerabilities being found and corrected, or just the functionality has been improved. It is important that you keep all aspects of your WordPress site up to date. The most common cause of your site being exploited is due to some part being outdated.

==Remove unused features==

If you have several themes installed, these can still be exploited whether active or not. Once you have settled on a theme for your site, remove any extra themes from your server.

This is also true for plugins for your WordPress site, even inactive plugins can still be exploited, so any plugins you no longer use, delete these files from your server.

==Reduce Spam==
Through your settings in the dashboard it is advised that you disallow the usage of PingBacks as these can be abused by spammers. Also make sure all comments need admin approval before being displayed on the site. There is an option that will allow a user that has 1 approved comment then be allowed to make other comments without prior approval, switch this off, as it is better just to approve each comment as they are made.

==Recommended Plugins==

'''Askimet Plugin''' - http://wordpress.org/extend/plugins/akismet/
Comments are checked against the Askimet web service to see if the comments look like spam. Any spam comments are moved to a spam folder for you to review at a later date. Very good accuracy rate.

'''Stop Spammers Registration Plugin''' - http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
Any email address that is being used to register on your site is automatically checked against the Stop Forum Spam database. If a match is found they cannot register with your site.

'''Project Honey Pot Spam Trap''' - http://wordpress.org/extend/plugins/project-honey-pot-spam-trap/
Invisible links are scattered throughout your blog that only Bots can see these. Their IP addresses will be tagged and this info will be sent back to ProjectHoneyPot.org

'''Secure WordPress''' - http://wordpress.org/extend/plugins/secure-wordpress/
Registered users can have a lot of access to useful information that will help them if they decide to hack your site. This plugin will remove some of that information (as well as doing some other minor tweaks) such as removing update notices to non-admins, removes the WordPress version number, error-information on login page, etc.

'''Login Lockdown''' - http://wordpress.org/extend/plugins/login-lockdown/
Every failed login attempt is logged (IP Address & Timestamp). If a certain amount of login attempts are failed within a short time period then the login function is disabled for one hour (default setting) for the IP range.

'''WordPress Firewall''' - http://wordpress.org/extend/plugins/wordpress-firewall/
Scans every request made on your site and block suspicious requests and notifies the blog admin of any reported attack on the site. Very handy for reducing SQL attacks against a WordPress site as well as mnay other useful security features.

WordPress

2010-09-01T15:08:38Z

Mentalist3d: /* Recommended Plugins */

WordPress

2010-09-01T15:07:39Z

Mentalist3d: quick guide to WordPress best practices for non technical users in securing their WordPress site.

As a WordPress user, I have added this page as a guide to some best practices you can adopt for your site, to make it more secure. This guide is just a basics to new, non-technical WordPress users. For more advanced technical users, follow the guide on WordPress (Hardening WordPress) - http://codex.wordpress.org/Hardening_WordPress

==Keep Up to Date==

The first rule is quite simple, keep WordPress up to date, all your plug-ins, and all your themes up to date. Each up-date is usually because a bug has been found and corrected, new vulnerabilities being found and corrected, or just the functionality has been improved. It is important that you keep all aspects of your WordPress site up to date. The most common cause of your site being exploited is due to some part being outdated.

==Remove unused features==

If you have several themes installed, these can still be exploited whether active or not. Once you have settled on a theme for your site, remove any extra themes from your server.

This is also true for plugins for your WordPress site, even inactive plugins can still be exploited, so any plugins you no longer use, delete these files from your server.

==Reduce Spam==
Through your settings in the dashboard it is advised that you disallow the usage of PingBacks as these can be abused by spammers. Also make sure all comments need admin approval before being displayed on the site. There is an option that will allow a user that has 1 approved comment then be allowed to make other comments without prior approval, switch this off, as it is better just to approve each comment as they are made.

==Recommended Plugins==

'''Askimet Plugin''' - http://wordpress.org/extend/plugins/akismet/
Comments are checked against the Askimet web service to see if the comments look like spam. Any spam comments are moved to a spam folder for you to review at a later date. Very good accuracy rate.

'''Stop Spammers Registration Plugin''' - http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
Any email address that is being used to register on your site is automatically checked against the Stop Forum Spam database. If a match is found they cannot register with your site.

'''Project Honey Pot Spam Trap''' - http://wordpress.org/extend/plugins/project-honey-pot-spam-trap/
Invisible links are scattered throughout your blog that only Bots can see these. Their IP addresses will be tagged and this infor will be sent back to ProjectHoneyPot.org

'''Secure WordPress''' - http://wordpress.org/extend/plugins/secure-wordpress/
Registered users can have a lot of access to useful information that will help them if they decide to hack your site. This plugin will remove some of that information (as well as doing some other minor tweaks) such as removing update notices to non-admins, removes the WordPress version number, error-information on login page, etc.

'''Login Lockdown''' - http://wordpress.org/extend/plugins/login-lockdown/
Every failed login attempt is logged (IP Address & Timestamp). If a certain amount of login attempts are failed within a short time period then the login function is disabled for one hour (default setting) for the IP range.

Business / Corporation certification

2010-08-31T10:43:31Z

Mentalist3d: Added UK business check and UK Charities check

* Better Business Bureau (Canada and USA) : https://www.bbb.org/

== Canada ==
Non-Profit are classified with: ''Letters Patent (CCA-Part II)'' 
For profit are classified with: ''Articles of Incorporation''

* [http://www.ic.gc.ca/ Canadian Corporation] 
*# [https://www.ic.gc.ca/eic/site/cd-dgc.nsf/eng/h_cs02145.html Not for Profit]
* [http://www.cra-arc.gc.ca/tx/chrts/dnrs/lstngs/menu-eng.html Canadian charity listings]

== USA ==
* [http://www.noah-health.org/en/usmd/state.html Credentials Verification by State]

===Charities===
<blockquote>Publication 78, Cumulative List of Organizations described in Section 170(c) of the Internal Revenue Code of 1986, is a list of organizations eligible to receive tax-deductible charitable contributions. This online version is offered to help you conduct a more efficient search of these organizations.</blockquote>
* http://www.irs.gov/app/pub-78/

===Trademarks===
* United States Patent and Trademark Office: http://www.uspto.gov/
*: patent search : http://www.uspto.gov/patents/process/search/
*: trademark search : http://www.uspto.gov/trademarks/process/search/
* Trademarkia : http://www.trademarkia.com/

==CEO E-mail addresses==
* CEO E-mail addresses : http://www.connectotel.com/marcus/ceoemail.html

== UK ==

===Company Check===
Check the legitimacy of a Business by name or registered number.

* Companies House WebCHeck service: http://wck2.companieshouse.gov.uk
*: Companies House (further info and report fraud): http://www.companieshouse.gov.uk/

===Charity Check===
Check the legitimacy of a UK Charity.

* Charity Commission (England & Wales): http://www.charity-commission.gov.uk/ - Tel: 0870 3330123
* Office of the Scottish Charities Register (OSCR)(Scotland) - http://www.oscr.org.uk/ - Tel: 01382 220446