Forgot the password for your WordPress blog ? This post will help you to reset your password.
1) Get the reset password link to your email address :
You need to know either the email address or the username and need to have access to your email address (you will receive the reset password link there).
- Go to your WordPress login screen
- Click on the Lost your Password link
- Enter the email address or your username and click on the Get New Password button.
- You will now receive an email with the link to reset your password.
- Enter the new password and click on the Reset Password button.
- That’s it you have reset the password for your blog’s account.
2) Don’t have access to the email associated to your account at the blog ?
You can reset the password from your WordPress database. You will require access to your database.
- Login to your control panel and go to the database manager. Generally you will have phpMyAdmin
- Now choose the database where you have WordPress installed. (If you are not sure check the database details from wp-config.php file of your installation)
- Go to the users table and look for the username for which you need to reset the password
- Now click on the Edit button corresponding to your username
- Enter the new password you want under the Value column next to user_pass field
- Choose MD5 from the dropdown under the Function column next to user_pass field
- Hit the Go button
- The password encryption will not look as the previous one because we chose MD5 and WordPress uses a different hashing method
- Don’t worry. Go to the login WordPress login screen and login with the new password. On successful login WordPress will convert the new password as per WordPress encryption hash.
- That’s it you have successfully reset the password for your account for your WordPress blog.
WordPress team has released WordPress 3.6.1 which is a Maintenance and Security Release
WordPress 3.6.1 is also a security release for all previous WordPress versions and it is strongly recommend you update your sites.
WordPress has been updated to 3.6.1 in Softaculous. You can update your installation with just one click. Here is the guide :
The WordPress security team resolved three security issues, and this release also contains some additional security hardening.
The security fixes include :
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
- Fix insufficient input validation that could result in redirecting or leading a user to another website.
The additional security hardening include:
- Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.
Source : http://wordpress.org
WordPress team has released WordPress 3.5.2 Maintenance and Security Release
This is the second maintenance release of 3.5, fixing 12 bugs.
This is a security release for all previous versions and it is strongly recommend you update your sites immediately.
WordPress has been updated to 3.5.2 in Softaculous. You can update your installation with just one click. Here is the guide :
The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
The security fixes included:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
- Multiple fixes for cross-site scripting.
- Avoid disclosing a full file path when a upload fails.
Source : http://wordpress.org
If you run a high traffic WordPress installation you will want to optimize WordPress and your server to run as efficiently as possible. This article gives a general overview of the avenues to pursue. It’s not a detailed technical explanation of each aspect.
The optimization techniques available to you will depend on your hosting setup. This article is divided into categories according to hosting type.
1) Shared Hosting :
This is the most common type of hosting. Your site will be hosted on a server along with many others. The hosting company manages the web server for you, so you have very little control over server settings and so on. The areas most relevant to this type of hosting are :
- Caching : WordPress caching is the fastest way to improve performance. Plugins like W3 Total Cache or WP Super Cache can be easily installed and will cache your WordPress posts and pages as static files. These static files are then served to users, reducing the processing load on the server. This can improve performance several hundred times over for fairly static pages.
- WordPress Performance : The first and easiest way to improve WordPress performance is plugins. Deactivate and delete any unnecessary plugins. Try selectively disabling plugins to measure server performance. Is one of your plugins significantly affecting your site’s performance?
Then you can look at optimizing plugins. Are plugins coded inefficiently? Do they repeat unnecessary database queries? WordPress has its own caching system, so generally speaking, using functions like get_option(), update_option() and so on will be faster than writing SQL.
2) Virtual / Dedicated Server :
In this hosting scenario you have control over your own server. The server might be a dedicated piece of hardware or one of many virtual servers sharing the same physical hardware. The key thing is, you have control over the server settings. In addition to the areas above Caching and WordPress performance, you can follow the below techniques to optimize your server :
- Server Optimization :
DNS: If you host your DNS on external servers this will reduce the load on your primary web server. It’s a simple change, but it will offload some traffic and cpu load.
Web Server: Your web server can be configured to increase performance. There are a range of techniques from web server caching to setting cache headers to reduce load per visitor. Search for your specific web server optimizations (for example, search for “apache optimization” for more info).
PHP: There are various PHP accelerators available which can dramatically improve performance of your PHP files. This will apply to all PHP files, not just your WordPress installation. Search for PHP optimization for more information, f.e. APC.
MySQL: MySQL optimization is a black art in itself. A few simple changes to the query cache settings can have a dramatic effect on WordPress performance because WordPress repeats a lot of queries on every request. Search for mysql optimization for more.
- Offloading :
Multiple Hostnames : There can also be user improvements by splitting static files between multiple hostnames. Most browser will only make 2 simultaneous requests to a server, so if you page requires 16 files they will be requested 2 at a time. If you spread that between 4 host names they will be requested 8 at a time. This can reduce page loading times for the user, but it can increase server load by creating more simultaneous requests. Also, known is “pipelining” can often saturate the visitor’s internet connection if overused.
Offloading images is the easiest and simplest place to start. All images files could be evenly split between three hostnames (assets1.yoursite.com, assets2.yoursite.com, assets3.yoursite.com for example). As traffic grows, these hostnames could be moved to your own server. Note: Avoid picking a hostname at random as this will affect browser caching and result in more traffic and may also create excessive DNS lookups which do carry a performance penalty.
Source : http://codex.wordpress.org
Currently a large distributed brute force attack against WordPress sites has been occurring. A large botnet with more than 90,000 servers is attempting to get into the WordPress admin dashboard by cycling through different usernames and passwords. The attack is widespread and very vigorous. This attack seems to be so powerful that it is affecting almost every major web hosting company around the world.
Similar large-scale attack had occurred in October of 2012 when WordPress.com disclosed that some 50,000 sites were compromised.
What should we do ?
1. The FIRST step is to login to your WordPress and change your password to something very secure. Here is a guide on selecting a strong password.
2. Install the Limit Login Attempts plugin. This will prevent from the attackers to login after certain attempts even if they manage to determine the combination of your login details.
3. Allow access to wp-login.php only to specific range of IP using .htaccess
WordPress is one of the most popular blog today. As it is the most popular application there are numerous hackers who are honing their skills to make it to the big leagues.
WordPress is pretty secure and they provide frequent updates but we can make the installation more secure by following some simple steps :
1. The most easiest way is to be updated with WordPress
WordPress provides security updates immediately if a loop hole is detected, so being updated with WordPress will help you to be more secure. It hardly takes a minute to update WordPress with Softaculous.
2. Generic admin username
Most users make a mistake by continuing with the default username for the administrator account ie is admin. Its a common username and every hacker would know that. Choose a username other than admin you can use your name i.e. john as your username. You can choose the username on the install form.
3. Choose a Strong Password
Using a simple password is a bad idea. Use a password that is more secure to let the hackers stay away from you. Use a combination of alphabets, numbers and special characters.
4. Secure permissions to the config file
The wp-config.php file contains all the configuration and settings of WordPress, exposing this file to hackers is a very big threat to your blog they could easily inject malware into your blog or delete the content on your blog. The solution for this is to revoke the permission to the config file. The WordPress config file is wp-config.php which located in the root directory of your installation. Change the permission to something safe like 0600 if suPHP is enabled on your server. You can ask your host to confirm which permission is suitable on your server.
5. Backup regularly
Backing up your installation is very important because if your installation is hacked you can restore your installation from the backup. You should always take a back up of your database and files, it is recommended to take a weekly backup of your data there are several plugins that will do it for you or you can use Softaculous to backup and restore your installation.
Make a point to update the plugins when there is an update available. It is always a good idea to be updated. Also, if you are not using a specific plugin, delete it.