woman browsing on the internet

WordPress Security Guide: Protect Your Site from Cyber Threats with George Lerner’s Expert Tips

Welcome to the companion webpage for my WordPress Security Presentation. This page provides comprehensive details on all the topics covered during the presentation.

Hello, I’m George Lerner, your guide through the intricate world of WordPress. Whether you’re a course creator, a life coach, a passionate blogger, or an aspiring website owner, the digital landscape can often feel like a maze.

My course, “WordPress Websites: From Overwhelm to Mastery”, is tailored to transform your experience of making and marketing your website or online course. I will cover the most confusing or frustrating or overwhelming parts of making and maintaining your website, so you know what to do and how to proceed, with confidence and mastery.

In this introduction to my full course, I will explore actionable security advice for WordPress users, from beginners to advanced developers. Let’s dive in!

Are you ever plagued by the fear of your WordPress website being vulnerable to cyber attacks and potential data breaches? Do you sometimes lie awake at night, worrying about the devastating consequences that a hacked website could have on your business or personal brand? 

Imagine the peace of mind you’ll experience knowing that your website is impenetrable, your visitors are safe, and your hard work is secure. Get ready to say goodbye to sleepless nights and hello to a worry-free online presence.

Most website attacks are against any website they can find — hackers probably probe your site hundreds of times a day. It’s time to take control and safeguard your WordPress website like never before.

  • Overview
    • This presentation is designed to provide straightforward, actionable steps and advice for enhancing the security of your WordPress website.
    • I will also cover security topics directly affecting your website, though outside of WordPress.
    • This is tailored to a wide range of people, from those just starting your WordPress journey to highly experienced website developers.
    • I will focus on security measures that you can implement directly on your WordPress site and those services you use associated with your website.
  • What Will Not Be Covered Here
    • I will not delve into areas that are solely controlled by your website hosting company, content delivery network, or other technical things you can’t control. If hackers get into those companies, there’s nothing you can do about it.
    • Nothing about the intricacies of security in plugin development. While this is a very important part of WordPress security, it is only for developers.
    • I also won’t cover attacks on you or your company specifically. There are many ways of finding out about a company, sometimes as simple as keeping an “open ear” at the local café. If a world-class hacker group or government intelligence agency wants your information, they are going to get it.

Why Worry About Security?

In today’s digital age, where cyber threats are becoming increasingly sophisticated, it’s crucial to protect your online presence from potential hackers and malicious attacks. 

Even if your content doesn’t seem enticing to hackers, your hosting account is valuable. Therefore, securing your WordPress site should be a top priority.

  • The Importance of Prioritizing Security
    • Even if you believe that your content isn’t of interest to any hackers, it’s crucial to understand that your hosting account itself holds significant value. Many hacks are to control your site, not to get information.
    • Hackers can exploit your site to generate revenue by placing ads, or links that could potentially enhance the ranking of another site.
    • If they crack your password, it provides them with a blueprint to breach other websites more effectively. People tend to make passwords the same ways, or even use the same passwords.
    • They can use your account as a storage space for their customers to download files, thereby saving on their storage expenses.
    • Furthermore, the computing power of your account could be combined with thousands of other accounts, to launch a massive attack on a high-value website.

Hackers Using Your Site Among Thousands

Hackers can coordinate thousands of computers to guess passwords of millions of websites, making it hard for security software to track the attacks. To counter this, ensure you have software that checks for unauthorized changes on your site and alerts you to change your password promptly.

  • Understanding the Way Hackers Think
    • Hackers often orchestrate large-scale operations involving thousands of computers attempting to crack passwords of millions of websites. Each hosting account tries a random password from their list against a random website from their list.
      • Due to the sheer volume of IP addresses involved, even robust security software on thousands of websites might struggle to track which computer is attacking where on the network.
      • Moreover, these attempts may not even register as an attack, as they may appear as sporadic incorrect password attempts from unknown IP addresses, too infrequent to raise any alarms.
    • The solution to counter such “password cracking gangs” is not to limit your security measures to a few aspects of your website.
      • For instance, even if someone manages to obtain your password, you should have software in place that checks for unauthorized installation of new plugins or modifications to existing plugins or themes, or new admin users.
      • This way, even if they know your password, they can’t do much damage.
      • You would be alerted to change your password, and any unauthorized changes they made could be promptly deleted.

Is There a Single, Foolproof Defense? No.

A fundamental principle of website security is to deploy multiple strategies for detecting and thwarting attacks. Given that hackers continually refine their attack methodologies, it is imperative that you employ a variety of defenses to counter them.

  • Choose a reliable hosting provider with strong security measures
  • Create strong and unique passwords for all accounts
  • Regularly update plugins and themes to fix security vulnerabilities
  • Install a website application firewall for blocking password-guessing attacks, preventing malware, detecting bad people accessing your site.
  • Use secure connections (HTTPS) for your website, and for your Wi-Fi router
  • Separate your website delivery server from your website making server
  • and More

Use Excellent Hosting – security, support, speed

Choosing a hosting provider that focuses on security, is crucial. Select a hosting provider endorsed by those in your WordPress community who manage client sites.

They see more problems on more sites, including sites with problems from the hosting company before the client moved to them; they have fixed more problems, so they know what to look for; they know about more plugins, more themes, and types of websites with more needs.

The best hosting companies offer WordPress-specific excellent security, great support, and fast page load times.

  • Choosing the Right Hosting
    • Ignore social media comments, ads, and people who are not sure what their hosting company provides.
    • Ignore people who say they’ve been with a host for years with “no problems”. This means they likely have not been checking for problems, and likely don’t know if they have already been hacked.
    • Ignore hosting companies that don’t offer specific enhancements for WordPress sites. Security, technical support, page caching, database configuration, and more, must be fine-tuned to WordPress needs.
    • Outdated server software is an immediate disqualifier. Update your PHP version to the latest version available on the host. (As of February 2024, look for version 8.2 or 8.3) https://www.php.net/supported-versions.php says PHP7.__ does not get active support, nor updates “for critical security issues only”. Must be recent versions for database (usually MySQL or MariaDB), Linux, server (usually Apache or NGINX; don’t use IIS), server caches, etc. If they don’t know how to reliably update their software, they don’t know how to prevent errors on your site.
    • Opt for hosting within your budget that offers both superior security and exceptional customer support. Technical support quality is strongly tied to security quality; the company has to be skilled at both.
    • The best hosting companies also ensure rapid page load times, even for intricate eCommerce sites via slow mobile phones.
    • Here are some top-notch hosting services you might want to consider: 10Web (glerner.com/10web), SiteDistrict.com, SiteGround, A2 Hosting. These hosting companies are reasonably priced, billed annually at about $120, and for most sites nothing else is needed.
    • There is one (and only one) free hosting to ever consider: wordpress.com offers free hosting that is reliable and secure.
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Newsletter

Subscribe to my newsletter and learn when “WordPress Websites from Overwhelm to Mastery” is open.


Your email address is only used to send you my newsletter and information about my course. 


Unsubscribe anytime using the link included in every email.

We use Brevo as our marketing platform. By clicking below to submit this form, you acknowledge that the information you provided will be transferred to Brevo for processing in accordance with their terms of use

Content Delivery Network – speed and security

A Content Delivery Network (CDN) like Cloudflare can deliver pages fast to your visitors while blocking “bad visitors” before they reach your hosting server. This not only reduces the resources your hosting account uses but also improves your site’s security.

  • The Role of a Content Delivery Network (CDN)
    • A CDN not only ensures swift page delivery to your legitimate visitors but also bolsters security.
    • Services like the free version of Cloudflare can effectively block a significant number of “bad visitors” before they even reach your hosting company’s server, reducing the resources consumed by your hosting account. You won’t get charged by your hosting company for hacker “excess traffic” or CPU or RAM use.
    • Hackers are exposed to cached pages of your site, not the WordPress program that generates your site. If the CDN determines any of your pages have changed, it requests updated copies of them from WordPress.
    • Consider upgrading to a paid version of Cloudflare, only after you have secured top-quality hosting and your site is making you money.
    • A CDN maintains a network list of malware signatures and current hacker IP addresses, enabling it to detect a hacker anywhere on the network and block them across the entire network.
    • However, it’s important to note that a CDN doesn’t replace all the comprehensive security measures provided by tools like Wordfence.

Wordfence — Many More Ways of Preventing Hackers

Wordfence offers additional security features that a CDN won’t, such as Two-Factor Authentication, blocking repeated password guessing attempts, Web Application Firewall, email alerts for plugin/theme updates, and scanning for modified plugins and themes.

  • Leveraging Wordfence for Enhanced Security Measures
    • Update Wordfence automatically when a new version is released?
      • Enable this, to stay up to date with the latest security features.
    • Two-Factor Authentication: That mildly annoying “type in a code” really works, to add an extra layer of security.
      • Use 2FA included with your anti-virus, or Google Authenticator.
    • Block Repeated Login Attempts: Prevent repeated attempts to guess passwords. Also, block common usernames hackers will guess, such as ‘admin’, ‘administrator’, or your domain name.
    • Web Application Firewall: This feature is still crucial even with a CDN, as it blocks additional types of malicious visitors. If a hacker figures out one way to bypass security, have another security rule still blocking it.
    • Email Alerts: Get notified when there’s an available update for a plugin/theme, especially if it includes a security patch.
    • Disable Code Execution for Uploads directory
      • This is vital for security, as it prevents hackers from executing any files in that directory.
      • Many plugins allow uploading files, always in the uploads folder. Hackers can try to upload malware.
    • Scan for Modified Plugins and Themes: This feature compares your plugins and themes against the WordPress Repository, alerting you to any unauthorized changes. It also alerts you to plugins that haven’t been updated in a long time or have been removed from the Repository, indicating potential security risks, and future server or WordPress updates could be make the plugin incompatible.
    • Report New Administrator Users: Get alerts when new administrator users are created, especially if you didn’t authorize it.
    • Report Files with Sensitive Information: Wordfence will notify you if files containing sensitive information (like wp-config.php or backups) are accessible from the Internet.
    • For a detailed guide on how to set every Wordfence setting, visit my website at glerner.com/wordfence.
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Newsletter

Subscribe to my newsletter and learn when “WordPress Websites from Overwhelm to Mastery” is open.


Your email address is only used to send you my newsletter and information about my course. 


Unsubscribe anytime using the link included in every email.

We use Brevo as our marketing platform. By clicking below to submit this form, you acknowledge that the information you provided will be transferred to Brevo for processing in accordance with their terms of use

Top Settings of Wordfence

I have another page for every setting of Wordfence, and here are the most important ones.

  • Update Wordfence automatically when a new version is released?
    • Enable this, to stay up to date with the latest security features. Automatically updates Wordfence to the newest version within 24 hours of a new release.
  • Where to email alerts
    • Put your webmaster’s email address, or whoever should receive technical emails about security issues and plugin updates. You can add multiple email addresses here and separate them using commas.
  • Disable Code Execution for Uploads directory
    • This is vital for security as it prevents hackers from executing any files in that directory.
    • Many plugins allow uploading files, and always in the uploads folder. Hackers can try to upload malware.
  • Web Application Firewall Status
    • When you are first installing Wordfence, you will want “Learning Mode”. This gives Wordfence an opportunity to see what your plugins do normally. Also can use Learning Mode to test if a new plugin isn’t working because Wordfence is interfering — but always consider Wordfence might be right to block something, maybe it is the plugin that is bad. After a learning period, Wordfence switches to “Enabled and Protecting”.
  • Protection Level
    • You always want Extended Protection enabled
  • Enable brute force protection
    • Enable blocking “brute force” login password guessing attacks, trying millions of passwords.
    • Don’t have another plugin that does the same thing; disable that other plugin or that feature in the other plugin. Wordfence does this in the WAF.
  • Immediately lock out invalid usernames
    • The list of “invalid usernames” should include “admin”, “administrator”, “webmaster”. Hackers know these are the most common user names for when a WordPress website is first created. Another common username is your domain name.
    • If you use admin or another “top pick” by hackers, log in with an administrator account, make a new administrator account with a better user name (e.g. your name followed by several random characters) and make a nickname in the Users account to display on your pages & posts (never display your login name on your site, only display a nickname). Then, delete the old admin user, and WordPress will prompt you for a username to assign that user’s posts to. Then add the now-deleted username to Wordfence’s list of usernames to block.
  • Prevent the use of passwords leaked in data breaches
    • I set this to ‘For all users with “publish posts” capability’
  • Enforce strong passwords
    • Set to ‘Force admins and publishers to use strong passwords’
  • Prevent users registering ‘admin’ username if it doesn’t exist
    • This is Important, so you can immediately ban any IP address trying to login with the default WordPress user name.
    • Do not allow anyone else to make the user ‘admin’, as they could fool others to disclose sensitive information.
  • Participate in the Real-Time Wordfence Security Network
    • Let Wordfence on your site take advantage of knowledge from the entire Wordfence network, including hostile IP addresses and malware detection.
  • In Scan Options, the entire General Options section
    • Exception: these two entries
      • Scan files outside your WordPress installation
      • Scan images, binary, and other files as if they were executable
      • You don’t need these. If you like, you can occasionally run a scan with these set, and then un-check these again.
  • Wordfence Emails
    • Regularly scan through the emails Wordfence sends you. This will help you get familiar with what is normal and identify any abnormal activities or suspicious behavior.
    • Pay attention to the “Top 10 Failed Logins” section, as it may indicate a customer forgetting their password. Ignore the other failed logins, they are blocked hacking attempts.
    • Keep an eye on the “Recently Modified Files” list. Take note of any files that you don’t recognize or that seem out of place. While most of the files will be normal and harmless (mostly cached files or .css style sheets), watch out for any unknown files that could be a sign of hackers trying to gain access to your website. Wordfence is better than most security plugins, not often listing a plugin update as “modified”; it checks plugin files against the WordPress Repository.
    • I ignore “Top 10 IPs Blocked”, and “Top 10 Countries Blocked”; there is nothing to learn from those. “Recently Blocked Attacks” will likely be dozens to thousands every day; say “good, Wordfence is working”. If you are using excellent hosting and a CDN like Cloudflare, more attacks will be blocked before getting to Wordfence.

Password Keeper — logins and other structured data, secure

A Password Keeper will automatically create, securely store, and manage complex passwords for all your online accounts. It also provides a secure repository to safeguard several types of sensitive information, such as hosting account info, FTP connections, SSH keys, credit cards, software licenses, and notes.

All information is encrypted with your “master password” before being transmitted across the Internet; as long as your master password is “lifetime secure”, hackers can’t get your unencrypted information.

What a steal

What’s happening: You might want to change your passwords ASAP.

Here’s why: Last month, nearly 10 billion passwords were uploaded on a hacking site. It’s being called the largest password leak of all time.

What it means for you:

It’s much easier for someone to empty your bank account, run up your credit cards, or steal your identity if they can access sites where you’ve stored financial and other personal info.

So consider updating your passwords—a strong one is 12 characters long with a mix of numbers, symbols, and lower and uppercase letters, says the Federal Trade Commission.

Don’t reuse passwords from site to site, and avoid sharing them on calls or in emails or texts.

Enabling 2-factor authentication, which requires an additional step beyond entering a password to access an account, might also help shore up your logins.

from Fidelity Smart Money newsletter, August 20, 2024
  • The Importance of a Password Keeper for Secure and Convenient Password Management
    • Traditional methods of coming up with “strong” passwords can now be cracked within minutes to days. The top 1 million passwords, and top million username + password combinations, are readily available for hackers as “password cracker dictionary entries”.
    • Use a password keeper software to generate and remember long, random passwords.
    • Create a unique password for each website. You should not use your bank’s password on your local pizza restaurant’s website.
      • There are exceptions for alias domain names for the same site. For instance, Google owns YouTube and you log into YouTube with your Google account. Password keepers are aware of common aliases, and you can specify others if you need to.
      • It’s best to create a new password for your testing site when you copy your production site, though setting up an alias is acceptable.
    • Information to Store in Your Password Keeper:
      • Not just passwords, they have predefined fields for many types of information, and note fields for each.
      • Store your SFTP connection, SSH keys, hosting company info, domain registration info, email hosting, credit cards, Wi-Fi passwords, and more.
      • You can also store website client contact info (if you don’t have dedicated software for managing contacts), their social media details, everything you want to keep for making their webpages, social media accounts, videos, ads.
      • Store your Google ReCaptcha keys, software licenses, payment processor info, and any other information you want to access anywhere.
    • Choosing the Right Password Keeper Software:
      • Avoid using browser password storage, or iCloud or similar services to synchronize passwords on your browser. It’s too easy to have unsynchronized passwords on your different devices. They can’t store all the types of data that password keepers can.
      • The best antivirus programs for Windows or OS/X usually include password keepers.
        The Best Antivirus Software for 2023 | PCMag https://www.pcmag.com/picks/the-best-antivirus-protection
        The Best Free Antivirus Software for 2023 | PCMag https://www.pcmag.com/picks/the-best-free-antivirus-protection
        Most work with several operating systems (Windows, OS/X, Android, iOS).
      • LastPass.com is a free and cross-platform password keeper. Its paid version offers better sharing options and supports multiple devices.
      • Install the app on your phone and desktop, and add the browser extension in each of your web browsers.
    • Securing Your Password Keeper:
      • Make your Password Keeper’s Master Password “lifetime secure”, easy to type, and unforgettable. Visit glerner.com/password for tips on creating such a password, such as picking a “movie mini-scene” and describing it in 5 to 7 words, preferrably including a word not in the “top 5,000 words of the English language”.
      • Keep your phone or computer locked when not in use and set your password keeper to lock after a brief period of inactivity.
    • Make hackers guess both your username and password simultaneously. Don’t use “admin” as a WordPress username; see above “Immediately lock out invalid usernames”.
    • Turn off your browser’s saving passwords. Don’t get confused by having passwords in two places. As you login to a site not yet in your password keeper, it will ask to save the new password; once the password isn’t needed in your browser’s password storage, you can delete it from the browser.

Secure Connections to Your Website

Always use secure connections like HTTPS, SFTP, and SSH to protect your WordPress logins and connect securely over insecure Wi-Fi. FileZilla and most other FTP programs offer SFTP, so you should always use secure FTP. Ensure your home and office Wi-Fi uses the latest security protocols.

  • Ensuring Secure Connections to Your Website (HTTPS, SFTP, SSH)
    • Always use HTTPS to protect your WordPress logins. Over HTTP, your WordPress username and password are transmitted from the login form to your site without any security.
    • Always connect securely, even over unsecured Wi-Fi, by using HTTPS, SFTP, and SSH.
    • Use FileZilla for SFTP and avoid plain FTP. If your hosting company doesn’t offer SFTP, it’s time to switch.
    • Implement the latest Wi-Fi security protocols on your home and office Wi-Fi networks.
      • Disable WPS (Wi-Fi Protected Setup) on your router. Exception: for a few minutes while you’re connecting someone.
      • For the best security, set your router to use WPA3 + AES-CCMP/AES-GCMP if it has it, or else WPA2 + AES. As you move down the list (WPA2 + AES, WPA + AES, WPA + TKIP/AES, WPA + TKIP, and worst WEP), you’re getting less security for your network.
    • Consider isolating your “Internet of Things” (IoT) devices (like security cameras, refrigerators, thermostats) from your computers.
      • IoT devices, like an Internet-enabled baby monitor, are powerful computers connected to the Internet, often without sufficient security measures, or even with known insecure software.
      • These devices can communicate with unknown servers and receive new tasks if they’re hacked. In large numbers, they can launch significant attacks.
      • Place these devices on a separate Wi-Fi router, connected to your main router, with guest permissions for internet access. They should have no access to your computers on the main router.
      • To stream videos from your phone to your TV, disconnect your phone from your main Wi-Fi and connect it to the IoT Wi-Fi.
      • For more information on how to use more capable routers to prevent IoT devices from attacking each other, and restricting internet access for your IoT device to a whitelist of allowed domains, visit Beyond Three Dumb Routers – pcWRT.
      • For more on securing IoT devices, see Steve Gibson’s Three Router Solution to IOT Insecurity – PC Perspective.

Plugins and Themes

I know, you were wondering when I’d mention this, right? Update plugins and themes frequently and only install ones recommended by your WordPress community experts. Avoid plugins from outside the WordPress Repository and minimize the number of plugins you use. For themes, opt for block-based ones like TwentyTwentyThree or TwentyTwentyFour, Spectra One, or Kadence.

  • Adopting Best Practices for Plugin Management
    • Regularly update your plugins and themes, at least twice a month.
    • While a bad plugin update can be fixed in minutes, fixing a hacked site typically requires the expertise of a professional, such as Wordfence or Sucuri. If Wordfence alerts you to a plugin update that includes security improvements, update promptly.
    • Consult with your WordPress Meetup or user group for expert recommendations on the best plugins for specific purposes. For instance, the Arizona WordPress Meetup https://arizonawp.org/ has an active Slack channel.
    • Only install plugins from the WordPress Repository, with the exception of paid versions of plugins in the repository. Avoid plugins from “plugin shopping malls” that lack quality checks, update frequency, and malware protection.
    • Do not install plugins based solely on social media posts or advertisements.
    • Minimize the number of plugins you install. Delete any you’re not using.
    • Be aware that any plugin can have security issues. Check Wordfence emails regularly and promptly update any plugins with identified security issues. If a plugin has a security issue that isn’t swiftly resolved, replace it.
    • Learn how to install a specific version of a plugin in case you need to undo a bad update. For example, the wp-cli command allows you to update or install a specific version of a plugin; or you can download a version and install it as a “new” plugin.

Choosing Themes (only the Best)

Use themes such as TwentyTwentyThree, TwentyTwentyFour, Spectra One, or Kadence.

  • The color palette and fonts are the easiest elements to customize in a theme. If you find a website with colors you like, instruct your “computer person” to add those colors to your theme’s palette (in theme settings, theme.json, or as a child theme).
  • Don’t select a theme for its pretty images. You’ll likely change all the images anyways.
  • With Full-Site Editing, you can create your own site header and footer, modeled after any site you like. This is part of the Block Editor. You can even design different header/footer for specific pages.
  • These are block-based themes that have been extensively checked for security, and coded for fast site speed, which is crucial for user experience and search engine ranking.
  • Only use a theme that pays attention to accessibility, including working for your site visitors who can not use a mouse or need high-contrast color combinations or screen readers.

Test and Learn on a Separate Site

Use a Testing Site, so making mistakes while learning, doesn’t affect your website. Try a new plugin, or a new layout, or a new color palette, without breaking anything.

  • Local Development: Professional developers in the AZ WordPress Meetup highly recommend Local for local development. Free, cross-platform.
  • Lando is another local development tool, ideal for bug testing. It offers even more options than Local does, for different versions of Linux, database, WordPress, and PHP. Free, cross-platform.
  • Enable full debugging options on your testing site. Make sure these are logged to a file and not displayed on the screen.
  • Most top-tier website hosting companies offer an easy way to create a clone of your current website, known as a “staging” site.

Email Security and Delivery

  • Managing Emails Effectively
    • Be cautious of phishing attempts and suspicious emails. Use email reader programs that alert you to the sender not being validated (Google Workspace and Zoho are among these). Don’t trust email links; for example, your bank will have important notices if you log into their site directly instead of using an email link. If your software says the message is spam or phishing, it usually is; if it says something more serious you should avoid every link.
    • Ensure that your emails originate from your domain name, not your email service’s domain name or your Internet provider. “Email Sender Reputation” matters!
    • Utilize services like Brevo, Google Workspace, or Zoho to send emails. This applies to all your newsletters, password reset requests, order confirmation emails, and other transactional emails.
      • These services enhance the delivery rate of your emails.
      • Your recipients are more likely to respond to your emails if their email software verifies your identity.
    • Set up your DNS records to include MX, DMARC, SPF, and DKIM. With these, your customer’s email software can verify your emails came from your domain, not a spammer. Spammers can easily pretend their email came from your account, putting anything in the “To:” and “From:” fields of emails. These DNS records are where you connect your email sending service to your domain’s email.
    • Consult your Domain Registrar and Email Hosting company for assistance in setting this up.
    • Never purchase email lists, that is unnecessary and damages your email reputation. Always require people opt-in to your email list. The best way to avoid being “blacklisted” is to “send high-quality content, relevant to people who opted-in to get it”.

Further Resources

  • Further Resources for Enhanced Security
    • Reach out to your WordPress Meetup or user group, or the AZ WordPress Meetup’s Slack channel, for security advice and recommendations. Arizona WordPress Meetup top right corner link to the Slack channel.
    • Utilize the Wordfence support forums and subscribe to their newsletters for regular updates and insights.
    • Report any security bugs through the Wordfence secure bug reporting channel.
    • Explore the Wordfence YouTube channel for a wealth of information and tutorials on securing your WordPress site. Visit Wordfence YouTube for more.

Posted

in

by

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.