Are your Word Press Files safe?

The answer is simple No.

How?

Let me show you. First go to your-blog-url/wp-content/uploads or your-blog-url/wp-content/themes or your-blog-url/wp-content/plugins . What do you see? Do you see content inside the folders? Example below.

If your answer is yes than your Word Press files are not safe. I can see them, download them and use them. No worry my friend, I really do not have such intension but others might have. So what to do?

So what should you do?

Well defending your Blog is quite easy. There are two simple methods. One is by editing your .htaccess. Go to .htaccess file and put “Options – Indexes” on any line and save. This will prevents your WordPress folders from being accessed by anyone. The second option if you only want to restrict access to some selected folders is just by creating an index.html file and uploading it to your desired folder. Say you just want your plugins folder to be the one unaccessible, then go to it and upload the html file. 

The html file can be blank or you can write anything on it. I thought of writing something on it so if you go and visit greatestreviews.net/wp-content/uploads you will see “Dude you are in wrong place. Visit Home Page http://greatestreviews.net/” written there. For me this method is quite nice.

So go on and protect your Word Press files. By the way friends do visit Melvin’s Blog and read his blog post Don’t Let Me Steal Your WordPress Files!  from which the above tricks were taken. He asked his reader to spread this word. Its important and useful, so please spread the word. Melvin says for every 10 blogs that he visits, 7 of them are usually unprotected.

Few days ago two commentators advised me not use Captcha. As we know Captcha is a nice defense against Spam comments. Removing Captcha meant more Spam.  I once even tested what happens if I remove Captcha. The result was devastating, 9 Spam in 2 hours. Luckily Askimet stopped them but didn’t delete them  automatically. So far Askimet has stopped 852 Spam in 3 months.

Spam can destroy you blog. Few days ago I read on The Melvin Blog that a newly started blog (the owner sold his last blog at a high price) has so many Spam comments that the Top commentator is always one person. The name is John . First four were different version of the name John. Well forget about that, we need to focus on how to stop these Spam comments. Now that I was going to remove Captcha my only choice was to install more plugins which would work beside Askimet to stop Spam. I found one nice Plug-in which gave a nice tip and trick.

The Plug-in I found is ‘AVH First Defense Against Spam’ by Peter van der Does. As it says it is really a first defense. It intends to stop spammers by IP address filtering. I am not here to discuss about the plug-in but the tip and trick it gave. Below is the Tip and Trick.

Deny direct access to add comments.

Add the following lines to your .htaccess file above the WordPress section.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{THE_REQUEST} .wp-comments-post.php.*
RewriteCond %{HTTP_REFERER} !.*example.com/.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/ [R=301,L]
</IfModule>
Replace example.com with your domain.

Spammers are known to call the file wp-comments-post.php directly. Normal users would never do this, the above part will block this behavior.

If you have access to your .htaccess file than this is going to be very handy and useful. Try it, but remember modifying .htaccess file is risky. Make a back-up of the original file. Ask you web host if the code is safe if you have any doubt.

I have many a time heard of Scams and I was scammed sometimes too. But I clearly do not know what things can be called Scam. I know that if you are cheated for money it’s a Scam. OK Before I discuss any further I have something to share.

Yesterday I wrote a review on a crazy service called Free Web 2.0 Upgrade . Now this program or service is not yet launched. It will be launched on July 1^st . Read more about it in my last post. Now this program is giving away one million dollars. I know it sounds fishy. As I have stumbled upon this program more than twice in this month, I thought it worth a review. If you have read my last post or have heard of this thing, you might already be thinking if it’s a Scam or is it for real. To be true to myself I do not know. As this service is free I DO NOT HAVE PROBLEM TRYING IT. I received a comment for my last post few hours ago. As I was expecting, the comment said it’s a Scam and gave me two links. I am grateful for those links. It’s a great aid to my reviews. By following the links I reached a forum and a blog. But I still could not verify if it’s a Scam or not.

Now how to determine if something is a Scam or not. This is the main discussion here. First of all, what things can be called a Scam? As far as I know the most common Scams are when you are cheated for money. Most common example of it is, you send money for some services or products but the service or product is not delivered to you. Another classic example being, you get an email promising you won something in lottery and ask for account details. In my earlier posts I mentioned about PayPal Scams and Frauds. Now most of us can easily recognise Scams like this. But there many more Scams as well. I have seen some GPT and PTC programs being called Scams as they did not paid the money. We are able to determine these Scams as they have happened earlier but what about the new ones. There are a variety of them out in the internet. I know there are many sites which provide a list of Scam sites but what if they have not listed the site you are inquiring for. Now do you have any idea or tips on how to determine Scams?

Now I have also one more discussion. I just have a small question for you. Let’s see it as an example. You buy a product or service. Now there is no assurance that the product or service will be helpful. The seller has given some special instruction on how to use his product. He tells you that many have succeeded using that product (He is telling the truth, you do not know about it). You try your best but you are not even able to achieve even 20%. Will you call that product or service a Scam? What’s your answer?

I take for granted that most of you know about PayPal scams and frauds. Mostly the scams are done through emails and phishing websites.

I haven’t seen any phishing website so far. So cannot tell how they look. Even if I knew about any I will not visit it. But I have seen scam mails. I got one into my hotmail account a month ago. I do not remember how it looked. As I knew that these things happen I deleted it. Then I thought I will not be bugged by these. I haven’t received any up to now in my hotmail. I read an article on PayPal Phishing website on 13th of this month. The article was titled Warning: Paypal Phishing Website . I concluded that scams are increasing. And now I recently have received emails in my Gmail account. I have to this point got two of them. I am pleased that those emails landed on my spam folder. Even if they would not have landed there, I would have recognised them as spam. It is so because my Gmail account is not connected to my PayPal account.

By the way the main reason, I wrote this article is that many get scammed by these mails. Yes even if many know about it, they sometime do not recognise it and get scammed. To help you out I took the risk of reading these mails. I took a screen shot as well. The screen shot is just below (click it for a larger view).

If you have been a member of PayPal then you know how the original email from PayPal looks. Now let me tell you these scam mails look exactly same with all the original links. The mail I got said “Attention! Your PayPal account has been limited!” There was even a reference number. It looks like original. Then how to know they are scams.

Well it is simple first look at the address of sender of the mail. If it’s not from PayPal domain it’s a scam. I use a software, Trend Micro eMail ID. It is just 2.5 MB of download. It checks email senders in well know service provider like yahoo, hotmail etc. Whenever I get an original email from PayPal, It shows some icon before the mail which says it is verified. This software works in windows XP. In Vista I installed it in compatibility mode.

Secondly, even if all links outs look original, they are not. The main link which said to activate the Account is the scam part of the mail. It does not point to PayPal. In my mail it pointed to some other domain. It looked like http:// some domain name /PayPal original domain/ .Some person scammed by this as there is PayPal original domain involved. But it does not point to PayPal. Before you click the link you should move your mouse over the link, it will show the destined URL in the status bar of you browser.

I hope you will be safe now. You should follow the steps I have told you. I more advice, PayPal always instructs its user to forward an email these scam mails to them. Please forward these mails to spoof@paypal.com, and delete it from your email account. You are even asked to report phishing websites. You should do what PayPal asks for. It will help to eliminate and decrease the risks. If you have any such incidences please share with us. I would also like to know your own tips on remaining safe from those.

Here are some must read links to know more about Paypal scams

1. Protect Yourself from Fraudulent Emails – PayPal

2. PayPal Email Scam – Web Site Version

3. Learn to Spot Common Scams – PayPal

4. 2 New PayPal Scams