Title: JacobN's Replies | WordPress.org

---

# JacobN

  [  ](https://wordpress.org/support/users/jacobn/)

 *   [Profile](https://wordpress.org/support/users/jacobn/)
 *   [Topics Started](https://wordpress.org/support/users/jacobn/topics/)
 *   [Replies Created](https://wordpress.org/support/users/jacobn/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/jacobn/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/jacobn/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/jacobn/engagements/)
 *   [Favorites](https://wordpress.org/support/users/jacobn/favorites/)

 Search replies:

## Forum Replies Created

Viewing 9 replies - 1 through 9 (of 9 total)

 *   Forum: [Your WordPress](https://wordpress.org/support/forum/your-wordpress/)
   
   In reply to: [Getting my blogg up a level!](https://wordpress.org/support/topic/getting-my-blogg-up-a-level/)
 *  [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [11 years, 11 months ago](https://wordpress.org/support/topic/getting-my-blogg-up-a-level/#post-4967862)
 * Hey Bente,
 * Nice slick looking blog you’ve got there! Seems pretty easy to navigate from 
   a UI stand point, and it looks like you’ve got the basic SEO stuff down with 
   your Title, H1 and H2 tags. Your permalinks look to be nice and search engine
   friendly as well.
 * From the technical side I’d look at this GTMetrix report and work on possibly
   optimizing and scaling your images to make your site as fast as possible which
   search engines love.
 * [http://gtmetrix.com/reports/www.travelwithallsenses.com/nyx0xh0c](http://gtmetrix.com/reports/www.travelwithallsenses.com/nyx0xh0c)
 * For instance on this POST I’m about to mention you have the Plugin Yet Another
   Related Posts Plugin that is adding “You Might Also Like”. It’s using this image
   which is 315KB and 650×443 in size:
 * [http://www.travelwithallsenses.com/wp-content/uploads/2013/03/MG_0797.jpg](http://www.travelwithallsenses.com/wp-content/uploads/2013/03/MG_0797.jpg)
 * It’s only displaying it at 120×120 but still loading the entire image. So GTMetrix
   estimates you could knock off 94% of the file size if you just created a 120×
   120 version of the image.
 * One thing you might want to watch out for is unique and accurate descriptive 
   ALT text on your images also. For instance on this post:
 * [http://www.travelwithallsenses.com/travel-safe-secret-pocket/](http://www.travelwithallsenses.com/travel-safe-secret-pocket/)
 * Here is your ALT text in order of the 3 images:
 * Travel safe with a safe pocket!
    Travel safe with a safe pocket, easy to make.
   Travel save with a self made safe pocket.
 * This could seem like keyword stuffing to Google in some cases, so you might want
   to use ALT tags to actually describe what is going on in an image. Here’s Google’s
   own Matt Cutts on the topic:
 * On that page, I’d use ALT texts like this instead:
 * passport on travel safe pocket
    travel safe pocket in sewing machine travel safe
   pocket in pants
 * Google’s algorithms are getting more and more advanced and the more you can describe
   your page content to them, the more likely they are going to pull up your page
   for related searches. For instance you might think you’re targeting “travel safe
   pocket”, but if a human Google’s “how to create a pocket with a sewing machine”
   because you’re being more descriptive to Google about your page content it might
   also allow you to show for that query.
 * Anyways not really seeing too much else to improve on, great stuff, it’s easy
   to navigate around and looks good too!
 * – Jacob
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[App Store Assistant] Cannot redeclare GetChildren(), aws_hash_hmac(), and aws_signed_request()](https://wordpress.org/support/topic/cannot-redeclare-getchildren-aws_hash_hmac-and-aws_signed_request/)
 *  Thread Starter [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/cannot-redeclare-getchildren-aws_hash_hmac-and-aws_signed_request/#post-4653430)
 * Sure no problem at all, thanks for taking a look 🙂
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Fast Secure Contact Form] cache/xedmdvy4vnroflyJ.php file has changed – malware code injection?](https://wordpress.org/support/topic/cachexedmdvy4vnroflyjphp-file-has-changed-malware-code-injection/)
 *  [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [12 years, 3 months ago](https://wordpress.org/support/topic/cachexedmdvy4vnroflyjphp-file-has-changed-malware-code-injection/#post-4609660)
 * It looks like the **Fast Secure Contact Form** uses the **/captcha/cache/** directory
   to place CAPTCHA challenge responses temporarily.
 * When using the Better WP Security plugin, you can navigate to **Security** from
   the left-hand menu, then click on **Intrusion Detection**.
 * If you scroll down to the **File Change Detection** section, there is a **Include/
   Exclude List** drop-down that you should set to **Exclude**. Then below that 
   in the **File/Directory Check List** field type in an exception for the Fast 
   Secure Contact Form cache directory like this:
 * `wp-content/plugins/si-contact-form/captcha/cache`
 * That should stop you from getting alerts about files in that specific directory.
 * – Jacob
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[LightStart - Maintenance Mode, Coming Soon and Landing Page Builder] wordpress update 3.5.2, maintenance mode slow down site.](https://wordpress.org/support/topic/wordpress-update-352-maintenance-mode-slow-down-site/)
 *  [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/wordpress-update-352-maintenance-mode-slow-down-site/#post-3880939)
 * Awesome! Thank you [@mpd2002](https://wordpress.org/support/users/mpd2002/) and
   [@madmakz](https://wordpress.org/support/users/madmakz/) for tracking this down.
   I opened up the **key-check.php** file and looked at the **lrss_check_update()**
   function and located the problem:
 * `$reqUrl = "http://wordpress.cloudapp.net/api/update/?&url=". $request . "&agent
   =". $agent. "&v=" . $v. "&ip=".$ip . "&p=" . $pluginId;`
 * Try to go to that URL and you can see the service is unavailable. So either comment
   out this line and leave the plugin activated (dunno how it affects it) or just
   remove the plugin and it should be good to go!
 * Thanks again! Our customers were having this issue and now I have a solution 
   to give them 🙂
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Blocking Brute Force Attacks](https://wordpress.org/support/topic/blocking-brute-force-attacks/)
 *  [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-brute-force-attacks/page/2/#post-3668730)
 * [@psybertron](https://wordpress.org/support/users/psybertron/)
 * There are still multiple reports of this same WordPress brute force attack continuing
   across multiple providers.
 * It’s not as wide-scale as when it first seemed to really pick up back in the 
   middle of April, but these attacks will probably continue to trickle on for quite
   some time until the botnet as a whole has stopped or moved on to something else.
 * – Jacob
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Blocking Brute Force Attacks](https://wordpress.org/support/topic/blocking-brute-force-attacks/)
 *  [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [13 years ago](https://wordpress.org/support/topic/blocking-brute-force-attacks/#post-3668650)
 * Hey [@patrickhealy](https://wordpress.org/support/users/patrickhealy/),
 * I had linked to an article I wrote on protecting against these type of attacks,
   but WordPress doesn’t want external sources posted here.
 * Basically I’d recommend not relying on WordPress login limit or security plugins
   for this type of attack. If you’re on a Linux web-host, you can just use some
   simple **.htaccess** rules to block everyone out of your admin but yourself.
 * The current brute force attacks that have been taking place, are not POST’ing
   to the **wp-login.php** script with a proper referer being passed. So if you 
   require a proper referer to be passed, this can block those. Then you can lock
   it down even further with IP allow rules to only allow yourself in.
 * If your domain name was **example.com**, and your IP addresses that needed to
   access the WordPress admin were **123.123.123.123** and **123.123.123.124** I’d
   recommend using these rules:
 *     ```
       <IfModule mod_rewrite.c>
       RewriteEngine on
       RewriteCond %{REQUEST_METHOD} POST
       RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com [NC]
       RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
       RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
       RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
       RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.124$
       RewriteRule ^(.*)$ - [F]
       </IfModule>
       ```
   
 * An even further level of protection would be to employ a secondary **.htaccess**
   password, you would want to fully password protect the **/wp-admin** directory,
   and then in your **.htaccess** file in the WordPress root directory you’d also
   add that password protection to your **wp-login.php** script with these rules:
 *     ```
       <FilesMatch "wp-login.php">
       AuthType Basic
       AuthName "Secure Area"
       AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
       require valid-user
       </FilesMatch>
       ```
   
 * Also using the **.htaccess** file you can Google for “country IP blocks” and 
   then simply block entire countries that you don’t want to have access as well.
 * Once you start locking down and securing WordPress this way, I’d then recommend
   simply checking on your website’s access-logs every so often, if one IP has been
   continually hitting your **wp-login.php** script and getting 403 access denied
   errors from the **.htaccess** rules, you could then start to block them at your
   server’s firewall to prevent any further attempts from even making it to the 
   site.
 * – Jacob
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Blocking Brute Force Attacks](https://wordpress.org/support/topic/blocking-brute-force-attacks/)
 *  [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [13 years ago](https://wordpress.org/support/topic/blocking-brute-force-attacks/#post-3668634)
 * [@jan](https://wordpress.org/support/users/jan/), no problem at all. I’ll keep
   it to just text help going forward 🙂
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Blocking Brute Force Attacks](https://wordpress.org/support/topic/blocking-brute-force-attacks/)
 *  [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [13 years ago](https://wordpress.org/support/topic/blocking-brute-force-attacks/#post-3668632)
 * [@jan](https://wordpress.org/support/users/jan/) my apologies, I wasn’t trying
   to spam, if you read through the link it’s just trying to provide help for people
   having these issues. I had built my guide off of the reference material I had
   seen floating around a lot of places regarding this recent attack.
 * Most of our customers were struggling following codexs and other technical guides,
   so just thought others might also benefit from the easy steps with screen shots
   and what not.
 * I’ll go ahead and stop linking to it, as most people right now are just coming
   to it from Google searches, but figured people directly searching here might 
   benefit as well.
 * Sorry again.
 * – Jacob
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Blocking Brute Force Attacks](https://wordpress.org/support/topic/blocking-brute-force-attacks/)
 *  [JacobN](https://wordpress.org/support/users/jacobn/)
 * (@jacobn)
 * [13 years ago](https://wordpress.org/support/topic/blocking-brute-force-attacks/#post-3668630)
 * I’m not sure if you guys are aware, but there has actually be a recent large 
   scale WordPress login brute force attack going on.
 * _[ Copy deleted. Please stop spamming the forums with your links. ]_

Viewing 9 replies - 1 through 9 (of 9 total)