Patriotic Federalist

Some idiots are always trying to brute force all WordPress pages by attempting to login as “admin.”  Rather than reinvent the wheel, Immotion explains it pretty well:

What is a Brute Force Attack?

One of the methods to gain information -primarily LOG-IN information – is by using a method called BRUTE FORCE attack.  Basically, as the name suggests, they are not hiding the attack, and there’s no efficiency to the attack. You could say it’s like taking the “shotgun approach.”  It simply is hitting the server looking for one thing, the correct login information for your WordPress site.  Hackers will often infect other computer systems and then set them to attempt logging into the WordPress Administrator.  The illustration below shows graphically how the attack traffic can come from many locations and be mixed with normal website traffic.  The attack can also come from just one location, but the method of trying to crack the login is the same – it is simply going through a sequential search for your login.  Brute force attacks can also increase resource usage of the website.  Therefore, brute force attacks are not only trying to crack through your security, but they are also driving up resource usage when multiple attempts on the WordPress login is occurring.

Preventing WordPress Brute Force Attacks

Since users are no longer using WordPress as simply a blogging solution, there isn’t as much emphasis on user management for the owners of the WordPress site.  And this may also be a contributing factor to the problem.  WordPress Site Administrators should regularly cycle their passwords and review their user lists to make sure that no one has been added that isn’t supposed to be on the list. Especially users added as Administrator-level users.  There are also WordPress sites that do not require that people register to post comments or other actions on the website. To prevent unauthorized access we recommend the following:

• Block access to the WP-LOGIN.PHP  using the HTACCESS file by requiring an additional password
• Block access to the WP-LOGIN.PHP using the HTACCESS file by allowing only specific IP address or range of IP addresses
• Find a plugin that prevents access to the login screen after a particular number of tries.  The plugin should then use an interval of inaccessibility before the next attempt to login would be allowed.

The first two methods using .htaccess are recommended as they will help to prevent excessive resource usage. There is no guarantee of this with the plug-in, unless the plugin can limit access no matter how many times login attempts are being made.  The following information are examples of the code solutions for the .htaccess file as listed above.  You get to .htaccess using Cpanel interface that all hosts provide.  Use the “file manager” to find it then use their “code editor” to add the code.

.HTACCESS method to deny user login using specific IP address or range of IP addresses:

Note:The below code needs to be in the .htaccess file located in the WP-ADMIN folder. If you don’t see one, then create a blank text file and name it .htaccess saving it in the wp-admin folder

<Files ~ “^wp-login.php”>
Order deny,allow
Deny from all

Allow from xx.xx.xx.xx
</Files>

.HTACCESS method to deny user login using additional password for wp-login access:

Note:The code below would be in the .htaccess file located in the .htaccess file located where you have installed WordPress.  If you don’t see one, then create a blank text file and name it .htaccess

———————————————————

Some other common sense things to do to secure your WordPress site

Delete the ‘admin’ account

The default Administrator account on WordPress has a username of ‘admin’. Everyone knows that so don’t use it.  Create another user with admin privileges.  Login with that name to make sure it works and then delete the “admin” user.

Go into the Dashboard » Users » Add New User screen. Create a new user with the role of Administrator. Now log out, and log back in as the new user.

Go to the Users screen again and delete ‘admin’. You can transfer all of the content created by ‘admin’ to your new user account before confirming deletion.

I recommend the plugin “WP Security Login Notification” too.  It will tell you when there are failed login attempts.

1. It Is Not Marriage

Calling something marriage does not make it marriage. Marriage has always been a covenant between a man and a woman which is by its nature ordered toward the procreation and education of children and the unity and wellbeing of the spouses.

The promoters of same-sex “marriage” propose something entirely different. They propose the union between two men or two women. This denies the self-evident biological, physiological, and psychological differences between men and women which find their complementarity in marriage. It also denies the specific primary purpose of marriage: the perpetuation of the human race and the raising of children.

Two entirely different things cannot be considered the same thing.

Continue reading

Oath Keepers is a non-partisan association of current and formerly serving military, reserves, National Guard, veterans, Peace Officers, and Fire Fighters who will fulfill the Oath we swore, with the support of like minded citizens who take an Oath to stand with us, to support and defend the Constitution against all enemies, foreign and domestic, so help us God. Our Oath is to the Constitution. Open to patriotic citizens as well.

by Chris Edwards
Director of Fiscal Policy Studies, Cato Institute, 2002

Any tax system creates a threat to individual liberty because “the power to tax involves the power to destroy,” as Chief Justice John Marshall observed.[1] But the federal income tax and its enforcement harm civil liberties much more than necessary to raise needed funds for the government. Certainly, the IRS performs poorly and too easily abuses the rights of citizens. But ultimately Congress is to blame for creating an excessively complex and high-rate tax system. New laws to increase taxpayer protections and replacement of the income tax with a simpler, flatter consumption-based tax could greatly reduce the following 10 areas of civil liberties abuse.
Continue reading

Great job!!! Proud of your stand:

 

Nearly 13 hours after he started, Sen. Rand Paul, R-Ky., ended a dramatic, old-fashioned filibuster early Thursday morning — having held the floor for most of the day and night to rail against the administration’s drone program while holding up the nomination of John Brennan for CIA director.

Business in the Senate ground to a halt Wednesday as Paul, aided by colleagues from both parties, launched into the filibuster as he challenged the president’s authority to kill Americans with drones.

Paul’s filibuster was longer than most in U.S. history, as most flame out by the 10-hour mark. Paul finished speaking around 12:40 a.m. local time, and his filibuster lasted 12 hours and 52 minutes.

“My legs hurt. My feet hurt. Everything hurts right now,” Paul told Fox News shortly after stepping off the Senate floor, saying he believes “we did the best that we could.”

“I would be surprised if we didn’t hear back from the White House,” Paul said.

Continue reading

  WASHINGTON (CBSDC/AP) — The Obama administration has incorrectly stated on three separate occasions the effect of the $85 billion in sequester cuts.

CBS News reports that the statements came over the past 10 days.

The first time came Feb. 24 when Secretary of Education Arne Duncan said on “Face the Nation” that teachers were getting fired because of the cuts.

“There are literally teachers now who are getting pink slips, who are getting notices that they can’t come back this fall,” Duncan said. He later backtracked, saying he “misspoke” when no evidence was found to his claim.

When President Obama held a press conference about the sequester cuts on Friday, the president said that janitors at the U.S. Capitol would have to receive a pay cut. CBS News reports that Carlos Elias, the superintendent of the U.S. Capitol building and the Capitol Visitors Center, had to email his employees after Obama’s statement saying it wasn’t true.

Then, this past Monday, Homeland Security Secretary Janet Napolitano said that lines at airports grew by 200 percent at checkpoint lines, but those claims were also unfounded.

Despite the misstatements, White House Press Secretary Jay Carney says there are efforts “to muddy” the facts of what the sequester cuts mean.

“[T]here are real people out there who will be delayed or who will have their wages cut or … who will lose their jobs as a result of the sequester, while folks in Washington are arguing over whether this particular impact happened when we said it was going to happen or a week later or a month later,” Carney said during Tuesday’s White House briefing. Continue reading