FREE Cloud Anti-Spam and FireWall for WordPress Website

FREE Cloud Anti-Spam and FireWall for WordPress Website | Protect Your WordPress Website from Spam | WP Security In the battle against relentless spam, CleanTalk emerges as a formidable defender for your WordPress website. This top-rated anti-spam plugin offers a universal solution without resorting to tiresome CAPTCHAs or intricate puzzles. CleanTalk seamlessly integrates with your site,…

New malware backmonetizeich

The malware was detected in July 2023 by analysts at Defiant, the company that created the Wordfence security plugin for WordPress. The analyst observed that malware came "with a professional-looking opening comment" purporting to be a tool for caching, which site users use to lessen server strain and to make page load times faster. The malware creator cunningly pretends it is a caching tool to appear deliberate to allow it to escape during manual inspection. The Defiant released a detection signature for its users of the accessible version of Wordfence and added a firewall rule to protect Premium, Care, and Response users from the backdoor. Rogue admin hijacks WordPress websites with new malware backmonetizeich, which negates routine authentication procedures used to access a system. The malware pretends to be a legitimate caching plugin, allowing hackers to create an administrator account named superadmin' with admin-level permissions to control every website activity. The malware takes down the primary user and removes infection traces. It contains bot detection that serves search engines with different content, such as spam, causing them to index the compromised site for malicious content. The primary admins observe sudden increases in traffic or reports from users complaining about being redirected to harmful locations. The hacker replaces victimized website content by changing posts, inserting spam links or buttons, and redirecting visitors to malicious locations. However, it serves admins with original content to avoid detection. The hacker activates or deactivates arbitrary WordPress plugins on affected sites remotely, hiding its tracks to go unnoticed, and checks for specific user-agent strings that let attackers start malicious functions remotely. It's always recommended to WordPress open-source software users to use strong and unique credentials for admin accounts, keep their plugins up to date, and remove unused add-ons and users.

How to Secure Your WordPress Login Page from Hackers

[et_pb_section fb_built=”1″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_row _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}”…

Comparative review of best #WiFi Adapters with monitor mode and packet injection capabilities for #KaliLinux for real-world.

Reposting this from a friend bc I think it is VERY important to know of this, and for immigrants, and other possible victims of the ICE Raids happening right now

Here’s to also a very huge edit, from the list of very helpful people who have been reblogging and providing more info.

I’m not as well informed but I will be relaying the information and tagging each person who added onto this post:

@onthedriftinthetardis -

The phone number in the first photo is ONLY for Orange County, California!

Look up your local ACLU affiliate here

@6feetunderwater -

It always makes me nervous to see a reporting phone number passed around without any links to verify it, so the number in the first pic can be found on the site for the Orange County Rapid Response Network, which is "an interconnected system of non-profit and grassroots organizations, civil rights attorneys, law school clinics, and individuals working together to respond to dehumanizing immigration enforcement activities and policies in Orange County"

@geekerypeekery -

The second warrant is not fake, but is an administrative rather than judicial warrant, and has no constitutional authority to bypass Fourth Amendment protections - in other words, it does not entitle the bearer to enter and search your home. It simply authorizes agents of the issuing department to contact you. Always ask to see the warrant before opening your door!

In addition to the ACLU links, try contacting the National Immigration Law Center https://www.nilc.org/wp-content/uploads/2020/09/Warrants-Subpoenas-Facts.pdf

@american-anger -

The phone number listed here is specific to Orange County in California, but you can look up other California counties here:

CALIFORNIA RAPID RESPONSE NETWORKS

@beaniebaneenie -

Unpleasant reminder: within 100 miles of the border (which is home to 200 million people and virtually all major cities in the US), ICE does not need a warrant to enter your home, your car, to search anything, or even to arrest you.

You are not automatically safe just because they don't have a real warrant.

The best and safest thing you can do is learn to have escape routes- quick ways to get out of the house or area you're in if you find out ICE or CBP are around. Those of us who do have documentation? Time for us to step the fuck up.

Film any interaction. Every interaction. If you're able, step into the conversation and be a Karen/Kyle- weaponize your privilege for Good. If you get asked about people? Use positive but vague statements so you a) cannot be caught in a lie, and b) do not give any information away.

"I don't know them that well, but I don't tend to socialize much. They seem great to me."

"I can't remember the last time I saw them."

"Maybe they speak another language, I can't remember details. But I picked up Duolingo during the pandemic and tons of other people did too."

"I'm not sure."

"I'm sorry, I can't help you."

Even if you're somewhere the 100-mile Exception doesn't apply and a warrant is in fact needed? I don't expect ICE and CBP to play by the rules for long, if at all. I fully expect this to get ugly, and fast.

Cheeto has already declared an emergency of national security at the border, and is mobilizing the military to have jurisdiction over a huge swath of the country. It's essentially tantamount to martial law. And it's only been four days.

Gear up for a long, hard fight. This is gonna be a marathon, not a sprint.

— I am leaving all of this as an edit because on the off chance someone does find the posts that have these people specifically reblogging, I don’t want it to be too late. So I’m comprising it all here

Here are a few other people’s reblogs I thought were important:

Thank you @onthedriftinthetardis @6feetunderwater @geekerypeekery @american-anger @beaniebaneenie @bunnychiffon @dubiouslynamed @trisockatops @witchy-disaster for contributing and helping me make this a more well-informed post. Thank you so much

Breaking the Blockade: Tactical Innovations in Scarborough Shoal

WPS News Staff Reporter Baybay City, 1/25/2025 In recent months, the strategic waters of Scarborough Shoal have been under intense scrutiny. A determined group of Filipino fishermen, alongside the Philippines Coast Guard (PHCG), have devised innovative surface tactics to challenge a blockade, leveraging civilian craft for military-like maneuvers that have captured international…

WP Engine is a well-known managed WordPress hosting provider.

It offers a range of features and services tailored specifically for WordPress websites, making it a popular choice among businesses, bloggers, and developers who seek reliable, high-performance hosting solutions.

WordPress hardening is essential for protecting your website from security threats like hacking, malware, and unauthorized access. Key strategies include regular updates of the WordPress core, themes, and plugins to patch vulnerabilities. Implementing strong passwords, two-factor authentication, limiting login attempts and more. By adhering to these best practices, you can fortify your WordPress site against potential security breaches.

Read more.

ALL IN ONE WP SECURITY (AIOS): Como PROTEGER SITE WordPress contra Hacke...

So. Okay. I use my personal computer for work. This is not an ideal situation, and it's a holdover from Gary refusing to buy work computers for anyone when we went remote. I do not recommend this. You should not do this. If you are a business, you should not allow your employees to do this. It's a security issue for you and for your employer and is, all around, a bad idea.

My company installs an RMM agent (a program that lets us remotely manage the device and to view the screen in certain circumstances) on all of our client computers; you need the agent to do some server access stuff, so sometimes I have to have the RMM agent on my computer and get joined to our environment. When I'm done doing whatever it is, I uninstall the agent because I don't want my boss to have remote control software on my personal device. If you are using your personal computer at work, you should not allow your employer to maintain remote control software on your personal device.

My computer has a dorky name. I usually name my computers dorky things. This one is called Atredies and the last one was Gandalf and the one before that was Hende Nicholas and the one before that was Robocop. This, notably, does not match our office's pattern of "BN-1508," or even Gary's standard of "Work-Related-Concept" ("Shipping") or "First Name" ("Maddy") for naming our office computers. So sometimes I'll be sitting in the virtual office and someone will look up from doing device approvals and will say "What company has a desktop named Atredies" and I'll be like "us, the sleeper has awakened, let me on" and everyone is like hey Alli you're a huge dork and I'm like yeah.

So here's the thing. You should not be using your personal computer as a work computer. If you are using your personal computer as a work computer, you should not allow your employer to leave control programs installed on the device. If you do have control programs on the device, it's good to make sure that your computer is VERY VERY VERY identifiably *not* a computer owned by your employer. If your employer gave you an old computer that was being decommissioned, you should make sure to do a fresh OS install and you should make sure to rename the machine something that will make it easy to see it's your machine.

This post is brought to you by the lady whose gifted-from-her-job 12 year old laptop named "WP-1644" we just bricked because the client didn't maintain an inventory list and when they couldn't identify the user they decided it was stolen.

How to Protect Your WordPress Database from Cyber Threats

Introduction Your WordPress database is the backbone of your website, storing critical data such as user information, posts, pages, comments, and settings. If compromised, your site could suffer data breaches, downtime, or even total loss of content. Cyber threats like SQL injections, brute force attacks, malware infections, and unauthorized access can put your database at serious…

ক্লাউডফ্লেয়ারের ওয়েব অ্যাপ্লিকেশন ফায়ারওয়াল (WAF)

আপনি যদি একজন ওয়েবমাস্টার হন তাহলে ওয়েবসাইটের নিরাপত্তা আপনার শীর্ষ অগ্রাধিকারগুলির মধ্যে একটি হতে হবে। আপনার ওয়েবসাইট ক্লাউডফ্লেয়ার এ যুক্ত থাকলে ক্লাউডফ্লেয়ারের ওয়েব অ্যাপ্লিকেশন ফায়ারওয়াল (WAF) এর মাধ্যমে আপনার সাইটের নিরাপত্তা আরো উন্নত করতে পারেন। কিভাবে রুল তৈরী করবেন?আমরা ওয়েবসাইট লগইন করতে গেলে যেন ক্যাপচা চাই এমন একটি রুল তৈরী করে দেখবো। প্রথমে ক্লাউডফ্লেয়ারে লগইন করুন এবং…

View On WordPress

The first days of Boss Politics Antitrust

Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.

"Boss politics" are a feature of corrupt societies. When a society is dominated by self-dealing, corrupt institutions, strongman leaders can seize control by appealing to the public's fury and desperation. Then, the boss can selectively punish corrupt entities that oppose him, and since everyone is corrupt, these will be valid prosecutions.

In other words, it's possible to corruptly enforce the law against the guilty. This is just a matter of enforcement priorities: in a legitimate state, enforcers prioritize the wrongdoers who are harming the public the most. Under boss politics, priority is given to the corrupt entities that challenge the boss's power, without regard to whether these lawbreakers are the worst offenders. Meanwhile, worse wrongdoers walk free, provided that they line up behind the boss.

This is how Xi Jinping prosecuted his purges in the run up to his lifetime appointment as Party Secretary (2012-2015). Xi prosecuted the guilty, but not the most guilty. The public officials who were defenstrated and/or imprisoned during Xi's purges were all corrupt, but they were also the power base of Xi's rivals. Meanwhile, corrupt officials in Xi's own orbit were untouched:

https://web.archive.org/web/20181222163946/https://peterlorentzen.com/wp-content/uploads/2018/11/Lorentzen-Lu-Crackdown-Nov-2018-Posted-Version.pdf

Trump is a classic boss politician – that's what people mean when they call him "transactional": he doesn't act out of principle, he acts out of self interest. The people who give him the most get the most back from him. This means that Biden's brightest legacy – militant antitrust enforcement of a type not seen in generations – is now going to become "boss antitrust," where genuine monopolists are attacked under antitrust law, but only if they oppose Trump:

https://pluralistic.net/2024/11/12/the-enemy-of-your-enemy/#is-your-enemy

We're now living through the first days of boss antitrust. Remember all those monopolistic tech billionaires who donated millions of dollars to Trump's inauguration and arranged themselves in a decorative semicircle behind him on the dias? Trump just went to Davos to speak up for them, arguing that EU and other offshore prosecutions of these companies were attacks on "American businesses" and saying he would defend them with the full might of the US government (this is the same government that, under Biden, secured multiple convictions against these same companies for monopolistic conduct):

https://gizmodo.com/trump-returns-big-techs-ass-kissing-at-davos-2000554158

The Federal Trade Commission has lost its Biden-era chair, the extraordinary Lina Khan, who did more in four years than all her predecessors did in the preceding forty years, combined. The new chair is Republican Andrew Ferguson, whose first day on the job was a bloodbath, in which he killed off multiple, significant actions aimed at producing real, material benefits from Americans who are being absolutely screwed by corporations:

https://prospect.org/politics/2025-01-24-executive-action-reaction-day-4/

Ferguson killed off a public comment process on "surveillance pricing," where companies spy on you and then reprice their goods based on their estimation of how desperate you are:

https://pluralistic.net/2025/01/11/socialism-for-the-wealthy/#rugged-individualism-for-the-poor

Uber pioneered this when they started increasing the cost of cab rides for riders whose phone batteries were about to die. But other companies took it way further: McDonald's is co-owner of a company called Plexure that sells companies the ability to charge you more for your normal order at the drive-through if you've just been paid:

https://pluralistic.net/2024/06/05/your-price-named/#privacy-first-again

But surveillance pricing is even worse for workers than it is for shoppers. Nurses in the USA increasingly work for Uber-like nurse-on-demand apps like Shiftkey, Carerev and Shiftmed. These apps can buy nurses' financial data from the unregulated data-broker industry, and then offer nurses with overdue credit-card bills lower wages, on the grounds that they're so desperate they'll take a paycut:

https://pluralistic.net/2024/12/18/loose-flapping-ends/#luigi-has-a-point

Ferguson also killed off a notice-and-comment action on predatory pricing – when companies sell goods below cost in order to destroy competitors, then drive up prices. This is what Uber did, setting $31b of Saudi royal money on fire over 13 years, losing $0.41 on every dollar they brought in. This killed off all the regular taxis, and convinced city governments to abandon public transit investment on the grounds that Uber was cheaper than a bus. Once they'd captured the market, Uber doubled the price of a ride and halved the wages that they paid drivers.

So this is what Ferguson has killed off. In its place, Ferguson has instituted an internal action, aimed at rooting out "DEI" and "wokeness." The agency's top priority right now is running a snitch line where FTC officials can rat each other out for being anti-racist. This isn't just offensive, of course – it's also deeply unserious. Even if you stipulate that "woke" has some meaning (it doesn't, but go with me here), then killing off all the "woke" at the FTC will not make Americans more prosperous, let alone protect them from corporate predators.

In his dissenting statement, FTC Commissioner Alvaro Bedoya didn't mince words:

Andrew Ferguson could have made his first public act as Chairman a motion to study the rising cost of groceries. He could have acted on a pending public petition from a group of wall and ceiling contractors to investigate how lawbreaking contractors can effectively rig contract competitions in the commercial construction industry. He could have moved to investigate a pending public petition from shrimpers from Louisiana, Mississippi, and Alabama to investigate potentially false and misleading claims about shrimp imports from India that are farmed with forced labor and shot full of antibiotics…

I have met with corn growers and cattlemen in Iowa. I have met with shrimpers in Biloxi. I have met with pharmacists in Knoxville, grocers in Tulsa, and patients and their doctors in Charleston, West Virginia. I met with the men who build Miami’s million-dollar skyscrapers in 110-degree heat.

Let me tell you what they didn’t talk about: “DEI.”

What they do talk about is how powerful companies are skirting or abusing the law to force farmers, workers, and small businessmen to do what they want, when they want, or else. How the government isn’t doing anything about it. And how they’re going broke because of it

But Chairman Ferguson seems uninterested in the challenges that regular human beings face.

https://www.ftc.gov/system/files/ftc_gov/pdf/bedoya-statement-emergency-motion.pdf

Bedoya is still hanging in there at the FTC; these administrative agency appointments outlast the presidents that made them. It's common for agency heads to step down when there's a changeover – Lina Khan didn't stay – but the commissioners often hang in there. I hope Bedoya stays at the FTC: he's one of the good ones and we're all better off for his presence.

There's one Biden agency head who hasn't left, and surprisingly, it's one of Biden's best appointees: Rohit Chopra, head of the Consumer Finance Protection Bureau. Chopra is the first CFPB head to explore just how much power this new-ish agency has, and has seen his far-reaching, muscular regulations upheld unanimously by the Supreme Court.

Trump's corporate backers hate the CFPB, and Elon Musk really hates the CFBP, and crypto grifters really, really hate the CFPB. Ironically, the demonization of the CFPB seems to be the key to Chopra's enduring tenure. According to David Dayen at The American Prospect, no one in Trumpland wants his job. The Supreme Court ruled in 2020 that presidents can fire CFPB heads, but there's no one who wants to replace Chopra and take their turn in the barrel:

https://prospect.org/economy/2025-01-24-rohit-chopra-still-has-a-job/

Chopra's using his time well: he's brought a flurry of new actions, most lately against the credit bureau giant Transunion. And in the final weeks of the Biden administration, Chopra launched a whole boatload of enforcements, investigations, and other actions against the most predatory companies in America. As Dayen notes, over the past four years, Chopra has forced American rip-off businesses to pay back $6b in stolen loot, and to cough up more than $3.2b in fines.

Replacing Chopra is hard for Trump in part because Trump has imposed a federal hiring freeze. That means that anyone who replaces Chopra has to already be working for the US government, and all the finance grifters are cashing out of the government to go work for giant financial institutions they've been carrying water for while drawing a public salary. Even the people who might take the job can't, because then no one could be hired to do their job – for example, there's a ghoul at the FDIC who'd fit the bill, but if he takes over from Chopra, then the FDIC will have just two members. If the GOP stooge on the FCC quits to take the job, then the Democratic commissioners will have a majority. You love to see it, really.

But – as Dayen points out – they're almost certainly gonna give Chopra the axe eventually. When they do, the CFPB will continue to do some enforcements. It's likely that Ferguson will eventually direct the FTC to do something apart from peering under their beds looking for "woke." When they do take action, they'll probably take action against companies that are wildly, lavishly corrupt. After all, that describes basically all of American big business, a sector that has festered thanks to 40 years of antitrust negligence.

It will be tempting for Trump's opponents to decide that if Trump hates these giant, evil companies, well, then, they must be good. Think of when "progressives" fell in love with the "intelligence community" just because a couple spooks decided they hated Trump. The FBI isn't your friend, folks – this is the agency that tried to blackmail MLK into killing himself:

https://en.wikipedia.org/wiki/FBI%E2%80%93King_letter

The enemy of your enemy? Still your enemy, provided that they're a big, predatory monopolist. Boss politics is about punishing corruption – selectively. Trump-style antitrust is going to target a ton of bad businesses. That won't make them good.

Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/01/24/enforcement-priorities/#enemies-lists

The United States has given its blessing to a plan by Syria’s new leadership to incorporate thousands of foreign jihadist former rebel fighters into the national army, provided that it does so transparently, President Donald Trump’s envoy said according to Reuters.

Three Syrian defence officials said that under the plan, some 3,500 foreign fighters, mainly Uyghurs from China and neighbouring countries, would join a newly-formed unit, the 84th Syrian army division, which would also include Syrians.[...]

Two sources close to the Syrian Ministry of Defence said Al-Sharaa and his circle had been arguing to Western interlocutors that bringing foreign fighters into the army would be less of a security risk than abandoning them, which could drive them into the orbit of Al-Qaeda or Islamic State.

3 Jun 25

Breaking the Blockade: Naval Surface Tactics at the Scarborough Shoal

WPS News Staff ReporterBaybay City, 12/26/2024 In the azure waters off Scarborough Shoal, tension simmers as captains of the Western Pacific Squadron (WPS) prepare to break the blockade imposed by Chinese naval forces. Drawing upon time-honored strategies and innovative tactics, these maritime leaders are gearing up for what may be the region’s most defining naval engagement of the…