2014 WordCamp Columbus - Dealing with a lockout

1. Good Afternoon!!!!

2. My name is
John Parkinson
I live in Eastern Ohio
IT Manager for engineering firm

3. 25 computers
All levels of users
Networking
Repair
Upgrade
Training
Programming (a little)
Jack of all trades
Master of none!

4. Twitter - @jwparkinson
jwparky@gmail.com
wpknut.com

5. Please leave feedback!!!
@jwparkinson
#wccbus

6. Or use hashtag
#tallguywith
grayhairandglassesandapotbelly

7. WordPress user for 5 years
I am a ‘user’ not an expert!
Personal, work and a club websites.
Also, helped setup 2 other websites
for Belmont County 911 center and
Belmont County Emergency
Management Agency (EMA).

13. WordCamps in Ohio

14. How many WordPress beginners?

15. Dealing With
Lockout

16. What is a Lockout?
A Lockout happens when a user tries to access a
website with an incorrect username or
password.
After multiple unsuccessful attempts, a user is
Locked Out.

17. Brute Force Attack
In a brute-force attack, the attacker, or BOT,
tries to enter a system by trying out a series of
username/password combinations to gain
access.

18. Unlike hacks that focus on vulnerabilities in
software, a Brute Force Attack aims at being the
simplest kind of method to gain access to a site:
it tries usernames and passwords, over and over
again, until it gets in. Often deemed 'inelegant',
they can be very successful when people use
passwords like '123456' and usernames like
'admin.' They are, in short, an attack on the
weakest link in any website's security:
You!
Or in this case……ME!!!!

19. Reverse brute-force attack
In a reverse brute-force attack, a single (usually
common) password is tested against multiple
usernames or encrypted files. The process may
be repeated for a select few passwords. In such
a strategy, the attacker is generally not targeting
a specific user. Reverse brute-force attacks can
be mitigated by establishing a password policy
that disallows common passwords.

20. Not to be confused with a
Denial of Service – DoS - attack
A method of attack which involves saturating
the target machine with external
communications requests, so much so that it
cannot respond to legitimate traffic, or responds
so slowly as to be rendered essentially
unavailable. Such attacks usually lead to a server
overload.

21. In general terms, DoS attacks are implemented
by either forcing the targeted computer(s) to
reset, or consuming its resources so that it can
no longer provide its intended service or
obstructing the communication media between
the intended users and the victim so that they
can no longer communicate adequately.

22. http://list25.com/25-biggest-cyber-attacks-in-history/1/

23. WordPress.org has
2,300 Security Plugins
in the Repository

24. Security Plugins will limit the number
of login attempts and notify the
website owner of a lockout.

25. All of the Security Plugins
in the world won’t do
you any good
if…….

26. Look
Familiar?

27. Login to the
Dashboard – User – Your Profile
And here
It is!

28. The Fix
Logon to your website host.

29. Go to File Manager

30. Go to wp-content/plugins folder
Rename Folder
This disables security plugin

31. Open new tab then
Login to website and add new user
with administrator privleges.
Log out and then login using new
username & password.
Delete old username

32. Go back to File Manager
and change the name
of the security plugin back
to original.

33. Correct Practice
Have root access to your cPanel.
Two users with admin privileges on your
WordPress website.
A user for adding content only.

34. Use good password practices
No Dictionary Words, Proper Nouns, or Foreign Words
No Personal Information
A strong, effective password requires a necessary
degree of complexity.
• uppercase letters such as A, B, C;
• lowercase letters such as a, b,c;
• numerals such as 1, 2, 3;
• special characters such as $, ?, &; and
• alt characters such as µ, £, Æ.

35. Password Generators
https://www.grc.com/passwords.htm
https://identitysafe.norton.com/password-
generator
http://www.whatsmyip.org/random-password-
generator/

36. Questions
or
comments

37. WordPress TV

38. 2,300 videos from WordCamps all over
the world!

39. Typical WordCamp
• Let’s say 3 to 4 Tracks
• And 3 sessions each in the morning and
afternoon
• Videos are initially edited by WordCamp
volunteers
• 24 presentation videos to be sent (uploaded)
to WordPress TV

40. WordPress TV Moderators
• Speaker name
• WordCamp location
• Check for sound and video quality
• Speakers slides
• Presentation description
• Schedule for publication (usually 3 or 4 a day)

41. The End

42. Make sure to thank
the organizers, sponsors
and volunteers

43. Slides can be found at:
http://www.slideshare.net/slideshow/embed_c
ode/34150560
Or type ‘jwparky’ in search box and then ‘user’

44. Thanks for suffering sitting through
my presentation.
Please leave feedback!!
Enjoy the rest of the sessions!