Change WordPress Default Admin Username

Do not try this unless you are comfortable with PHPMyAdmin and making changes to MySQL. If not, ask someone to do it for you.

First for precaution measures, get Back up of your whole database.

Why Changing WordPress Admin User Name?

One common security vulnerability in WordPress is User Enumeration, in which an attacker enumerates a valid WordPress user account in order to launch brute force (password guessing) attacks. In order to help discourage this type of attack, you should change your admin username to something harder to guess.

To change your admin username:

Open your web host’s MySQL administration tool (probably phpmyadmin) and browse to your WordPress database.
Locate the users table, in which you will find a user_login column.
One of the rows will have admin in the field.
Change this to something else by editing that row.

Spyware Doctor - Best Anti-Spyware Software

Numerous programs tested against Spyware Doctor detected only small fraction of Spyware and completely removed an even smaller amount. Also most of them were unable to effectively block Spyware in real time from being installed on users PC in the first place.

Spyware Doctor has the most advanced update feature that continually improves its Spyware fighting capabilities on daily basis. As Spyware gets more complex to avoid detection by AntiSpyware programs Spyware Doctor responds with new technology to stay one step ahead.

Spyware Doctor provides protection against identity theft, stealthy spyware, aggressive adware, browser hijackers, malicious ActiveX objects, malware Trojans, tracking cookies, keyloggers, dialers, and other malware. The optional anti-virus module also protects your computer from viruses, worms, Trojan horse threats, and other malicious infections.

Spyware Doctor is capable of detecting and removing hidden processes and files associated with complex threats and rootkits. Using behavioral techniques, rootkits and other items that attempt to hide themselves deep in the computer operating system are effectively detected and removed.

When in monitoring mode Spyware Doctor has been designed to work silently in the background, with little impact to the end user, threats are blocked and removed without any system impact, while only a small alert window is displayed to advise the user it has been protected against an attack. When running a scan, the CPU Priority settings allow users to lower the priority of the scanning in order to reduce CPU usage and impact to the computer while in use. Selecting this option may increase scan time but will ease CPU usage when other applications are running at the same time.

Spyware Doctor Homepage

Exclusive 100 Day Kaspersky Internet Security 2009 Free Offer

Computer Shopper magazine is offering 100 day Kaspersky Internet Security 2009 license for free. You can avail this offer by following the method below:

Go to the following promotion page:

http://www.coverdisc.co.uk/cs249/kis/index.php

Fill in your details and click submit.

On the next page you will be asked a question. Type in also in the field and click submit.

Check your mail. You will get an email from Cover Disc - Computer Shopper in which you’ll find your new Kaspersky Internet Security 2009 serial key.

You can download Kaspersky Internet Security from the following URL:

http://www.kaspersky.com/internet_security_trial

This Exclusive 100-day Kaspersky Internet Security 2009 offer may close soon! So you might do it soon. Kaspersky internet security is the best solution for antiviruses and all kind of online, offline threats as I know so far.

Know About Any Windows File

Inquire About Any Windows File

http://file.net is a file information web site, where users discuss about Windows files. The high quality of all information is ensured by research center, highly professional participants at that website.

This website tells us following things about any windows file:

• That file is important for Windows or an installed application.
• That file seems to be needed for Windows OS or an installed application.
• That file is neither dangerous nor essential. (neutral)
• That file seems to be dangerous.
• That file is spyware, trojan, adware or a virus.

For example explore information about these most discussed and popular files:

lsass.exe
alg.exe
svchost.exe
ctfmon.exe

Also see What is that file - Its good to be sure

XSS or Cross Site Scripting

XSS or Cross Site Scripting
Remote Code Execution
SQL Injections

These are names of same procedure.

Cross Site Scripting

Cross-site scripting (XSS) is a type of web security vulnerability typically found in web applications which allow code injection by hackers into the web pages by finding back doors and insecure and carelessly handled code. When they are done, they can execute code at your website and get your database and website private information.

Preventing XSS Attacks

Some people call it bad code which is said to be cause of vulnerability. There are ways to secure code to prevent such attacks.

• Validate each input used in every form of your website
• Filter special characters from inputs e.g. % , < , > etc
• Encode special characters where needed e.g. & into

  &

  etc.

SQL Injections

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of a web application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

Types of SQL injections

• Incorrectly filtered escape characters
• Incorrect type handling

Incorrectly filtered escape characters

In this type of SQL injection user input data is not filtered for escape characters.

For Example:

"SELECT * FROM users WHERE name = 'userName';"

If userName entered by user is = ‘a’

"SELECT * FROM users WHERE name = 'a'"

Which will bypass user authentication method.

Incorrect type handling

This form of SQL injection occurs when a user supplied field is not strongly typed or is not checked for type constraints.

Writing Secure PHP Code

• Use Magic Qoutes. By using magic quotes you provide extra security to form input by adding backslashes to user input.

  * A backslash becomes \
  * A quote ‘ becomes ‘
  * A double-quote ” becomes “

  To get original data input written by user you use stripslashes. A very good example is here and here.

• Change extension of web pages from php to html in apache by mod rewrite
• Use clean function as below

  <?php
  function clean($string) 
  { 
  $string = stripslashes($string);
  $string = htmlentities($string);
  $string = strip_tags($string);
  return $string;
  }
  ?>

• You can serve php code in html file
  http://bugs.php.net/bug.php?id=27580

More Security Measures

• Never use scripts from unreliable source.
• Always use only updated open source softwares and whenever a security upgrade is available or updated version is available, update your software immediately.
• Never and ever use or set Register Globals ON in php ini settings.
• Validate all inputs in any form at local side and sever side.
• Use web site vulnerability scanner softwares to ensure that website has no backdoors or security holes.
• Use reCAPTCHA for website forms.
• Always backup your web application at regular period.
• Check file and folder permissions (CHMOD) at your web server via ftp. Files must not be executable or writeable.
• Make folders forbidden which have no index file.
• Use Mod Rewrite
• Use redirection wisely
• Create custom error pages

Finally remain updated about security issues, bugs or vulnerability information about PHP by following website.

http://phpsec.org/