In the past, there has not been an easy way for noobs like us to understand what is behind the scene. With File Inspect, this suddenly become a breeze (and you can easily become an expert and boast to your friends).

File Inspect Library is an educational site that provides detailed information of all (if not, most) the processes/files running in your Windows machine. You simply type in the process/file name and it will bring you its description, functionality and whether it is safe to delete/disable them. Cool, isn’t it?

Let’s delve into it further.

When you go to the site – http://fileinspect.com, you will find a search bar, a list of the most popular files and a list of the most dangerous files on the home page.

Type in the process/file name in the search bar to start searching. As you type, it will fetch the results on the fly and displays them in a dropdown list.

The search result is categorize into different status: safe, unsafe and dangerous. A safe file is denoted by a green icon, unsafe with yellow icon and dangerous with a red icon. In some occasions, you will find that there are several entries of the same file name marked with different colors (see screenshot below). The reason being that some viruses/worms disguise themselves as the filename of some important processes and create havoc in your computer.

Click on the search result to get more information.

On the information page, you will find a great deal of information, including what is the process’s functionality, where it is located, is it safe to remove, (if yes) how to remove etc.

At this moment, File Inspect is still in beta version as the developer is testing out the algorithm and making sure the file description is up-to-date. In the final version, there will also be some extra widgets that you can use to show where have all the bad files spread to.

Is File Inspect everything I need to protect my computer?

In actual fact, NO! Unlike any other antivirus or firewall software, File Inspect Library does not safe guard the safety of your computer. It is only meant to be used as an informational hub for you to get educated on the various files/processes running behind the scene. You still have to play your part to install a good antivirus and Firewall software and perform regular system scan.

FileInspect: Learn the Truth About Windows Processes Running In Your Computer originally published on Make Tech Easier (RSS)

Related posts:

1. Easy Ways to Keep Your PC Running Smoothly
2. 3 Free and Useful AntiVirus Software for Windows
3. Free Up Your System Resources With Svchost Viewer
4. Best 101 Free Computer Software For Your Daily Use
5. Using Safari On Windows? You Better Think Twice…

If you are really concerned about the security of your site, this is something that you really need to avoid.

In place of FTP, you can use SFTP (SSH File Transfer Protocol) to create a secure network connection instead. When you are connected via SFTP, all your data are encrypted. Even if they are intercepted, they will only show up as garbage text on the hacker’s computer.

This tutorial teaches you how to connect to your WordPress account (or any other Web server) via a SFTP connection.

A point to note: Not all web host supports SFTP. Do check with your Web host before carrying out the steps below. If your web host does not support SFTP, maybe it’s time to consider another web host that does. Hostgator does the hosting for MTE and they support SFTP.

While there are many FTP clients that support SFTP, the one that I find it the easiest to use and is available for all platforms is Filezilla.

Download and install Filezilla client for your platform. (skip this step if you are already using Filezilla)

Open up Filezilla. Click on the first icon on the Toolbar to access the Site Manager. Alternatively, you can find the Site Manager at the menubar File->Site Manager.

Click the New Site button on the left bottom pane to create a new account.

On the right pane, enter your host name (this is usually the IP address assigned to you by your Web host). In the Port input field, enter 22 (Different web hosts have different ports for their SFTP connection, Hostgator uses port 2222. If you can’t connect with port 22, you may want to ask your web host for the port number).

Under the Servertype dropdown field, select SFTP – SSH File Transfer Protocol.

Enter your login username and password. Click Connect at the bottom to connect to your account. If everything is fine, you should see a popup window prompting you to accept the server’s public key. Click Ok to continue (You may want to save the key in your cache so that it won’t prompt you all the time). You should be connected to your account via SFTP now.

Bringing it a step further

If you are really paranoid about your security, you can use a public/private key authentication to connect to your SFTP network instead. A public/private key authentication allows you to login to your account without any password and also eliminates any chance of a brute force SSH attack.

Once again, not all web hosts allow you to generate public/private key certificate. The following example is based on Hostgator cPanel.

Log into your cPanel. Scroll down until you see the SSH/Shell Access icon.

Click on the Manage SSH keys button.

Click on the Generate a new key link.

Enter your key name and give it a password. Make sure that your password is a strong one. Click on the Generate key button.

You should now see information about your public key.

Back to the main screen, you should see that your public key is listed as not authorized. Click on the Manage Authorization link to toggle it.

Back to the SSH key management screen, download the private key to a secure folder in your computer.

In your Filezilla, go to Edit->Settings. On the left, click SFTP. On the right, click the Add KeyFile button. Navigate to where you store your private key and select it.

Once you have added the private key, click Ok to close the window.

Back to the Site manager screen, remove the password that you have saved previously. Click the Connect button. Filezilla will now authenticate the session with your private key and allow you to login to your account without any password.

That’s it.

Image credit: beefranck

How To Connect To Your WordPress Account Via Secure FTP originally published on Make Tech Easier (RSS)

Related posts:

1. 11 Ways To Secure Your WordPress Blog
2. How To Easily Reset Your WordPress Password via phpMyAdmin
3. Connect To Multiple IM Services With Zoho Chat
4. Sync Your Passwords Across Different Browsers With LastPass
5. How To Create A ‘Maintenance’ Holding Page When Upgrading Your WordPress Blog

LastPass is an online password manager that you can install as an addon in Firefox and Internet Explorer. It encrypts all your passwords with 256-bit AES encryption algorithm and synchronizes them across different browsers and devices. With LastPass, you only have to remember one master password and it will take care of the rest.

When you first run LastPass, it will prompt you to create an online account. This will be the account that they use to store all your passwords. During the registration, you will have to create a strong master password. In case you are wondering how long should your password be to considered strong, there is a password meter that shows the strength as you type in your password. Note that I have used a 42-characters long password and the password meter is still not full.

If you want to let LastPass take full control over your password management, there is also an option for you to disable the default password manager in your browser.

To enable its users to migrate their existing password account to LastPass easily, there is an Import function that you can use to import your browser password setting. It also supports Keepass, 1Password, Sxipper and many other password managers.

The way LastPass works is similar to the way Firefox’s password manager works. Whenever you login to a site, an unobstructive popup will appear to ask you if you want to save the password for this site.

If the password is already in your account, when you go to the site, the login field will be prefilled with your login credential. There is even a auto-login function that you can use to quickly login to your site.

Just like Roboform, LastPass also comes with a form filling feature that you can use to quickly fill up your form. One annoying thing I found is that it shows a autofill pop up every time it detects a fillable form, including email newsletter subscription box. Since almost every sites comes with an email newsletter subscription box, the popup appears every time you visit a new site. This can be very irritating.

Bring LastPass with you everywhere

If you have installed portable Firefox on your USB drive, you can also install LastPass on the portable Firefox so that you have access to your password even when you are away from your computer. This is useful if you are on a travelling trip and need to use an Internet cafe to go online.

Backing up your password

When you save your password in LastPass, the password is stored in an encrypted form in the LastPass server. To avoid the incident where your password is inaccessible when the server is down, you can install LastPass Pocket on your computer and have it export and back up your account setting (including passwords) to your local hard drive.

LastPass currently only supports Firefox and Internet Explorer. The Safari version is on its way while the Google Chrome version is not available till Google released the extension API. LastPass works in Windows, Mac and Linux.

What other ways do you use to sync your password across various browsers and devices?

Sync Your Passwords Across Different Browsers With LastPass originally published on Make Tech Easier (RSS)

Related posts:

1. View Your Website in Different IE Browsers Simultaneously
2. A Fool Proof Way To Remember Thousands Of Passwords Effortlessly
3. Three Easy Ways to Synchronize Your Bookmarks Across Various Browsers
4. How To Login To Multiple Accounts On The Same Website Simultaneously
5. 8 Alternative Web Browsers for Mac

1) Encrypt your login

Whenever you try to login to your website, your password is sent unencrypted. If you are on a public network, hacker can easily ‘sniff’ out your login credential using network sniffer. The best way is to encrypt your login with the Chap Secure Login plugin. This plugin adds a random hash to your password and authenticate your login with the CHAP protocol.

2) Stop brute force attack

Hackers can easily crack your login password and credential using brute force attack. To prevent that from happening, you can install the login lockdown plugin. This plugin records the IP address and timestamp of every failed WordPress login attempt. Once a certain number of failed attempts are detected, it will disable the login function for all requests from that range.

3) Use a strong password

Make sure you use a strong password that is difficult for others to guess. Use a combination of digits, special characters and upper/lower case to form your password. You can also use the password checker on WordPress 2.5 and above to check the strength of your password.

4) Protect your wp-admin folder

Your wp-admin folder contains all the important information and it is the last place that you want to give access to others. Use AskApache Password Protect to password protect the directory and give access right only to authorized personnel.

5) Remove WordPress version info

A large number of WordPress theme include the WordPress version info in the meta tag. Hackers can easily get hold of this information and plan specific attack targeting the security vulnerability for that version.

To remove the WordPress version info, log in to your WordPress dashboard. Go to Design->Theme Editor. On the right, click on the Header file. On the left where you see a lot of codes, look for a line that looks like

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” />

Delete it and press Update File.

Update: In WP2.6 and above, WordPress automatically includes the version in the Wp_head section. To fix this, you can simply install the WP-Security Scan plugin.

6) Hide your plugins folder

If you go to your http://yourwebsite.com/wp-content/plugins, you can see a list of plugins that you are using for your blog. You can easily hide this page by uploading an empty index.html to the plugin directory.

Open your text editor. Save the blank document as index.html.

Using a ftp program, upload the index.html to the /wp-content/plugins folder.

7) Change your login name

The default username is admin. You can make it more difficult for the hacker to crack your login credential by changing the login name.

In your WordPress dashboard, go to Users and set up a new user account. Give this new user administrator role. Log out and log in again with the new user account.

Go to Users again. This time, check the box beside admin and press Delete. When it asks for deletion confirmation, select the “Attribute all posts and links to:” and select your new username from the dropdown bar. This will transfer all the posts to your new user account. Press Confirm Deletion.

8) upgrade to the latest version of WordPress and plugins

The latest version of WordPress always contains bugs fixes for any security vulnerabilities, therefore it is important to keep yourself updated at all times. The latest version is WP 2.6 (as of this post). You can download it here.

9) Do a regular security scan

Install the wp-security-scan plugin and perform a regular scan of your blog setting for any security loopholes. This plugin can also help you to change your database prefix from wp_ to a custom prefix.

10) Backup your wordpress database

No matter how secure your site is, you still want to prepare for the worst. Install the wp-database-backup plugin and schedule it to backup your database daily.

11) Define user privilege

If there is more than one author for your blog, you can install the role-manager plugin to define the capabilities for each user group. This will give you, the blog owner, the ability to control what users can and cannot do in the blog.

11 Ways To Secure Your WordPress Blog originally published on Make Tech Easier (RSS)

Related posts:

1. [Hacking WordPress]: How To Clone And Migrate Your WordPress Blog To New Server
2. Make Your WordPress Blog iPhone Compatible Using WPtouch
3. How To Connect To Your WordPress Account Via Secure FTP
4. 10 Great WordPress Plugins That Turn Your Blog Into A CMS
5. How to Install and Test Wordpress on Your Mac