While no email account or blog can every be 100% secure it makes sense to prevent what you can by preparing for the worst. How secure is your WordPress blog? Staff has measures in place to protect password guessing or “brute force” attacks but what are your habits? It’s critical recognize that most hack attacks succeed only because the blogger in question did not prioritize security.
UPDATE: To add another layer of home security WordPress has implemented two step authentication a second step to the log-in process that no one but you can access.
Breaking into computer systems for malicious intent is nothing new. Hack attacks have increased since posting my email and posting by voice were implemented. Those who have experienced an email account hack attack or a blog hack attack know how aggravating it can be to deal with the aftermath. One hack attack can destroy all the work you have done and the time it will take to repair the blog and the damage and your blog’s reputation will be costly too.
Sometimes hacking is immediately obvious and sometimes it’s not. A theme change, a post you did not publish, a scrambled or empty blog is easily spotted. But if you don’t maintain and track your links then links to illegal sites embedded in your images, links changed to direct visitors to malware sites instead of the sites you linked to, or even comments that appear to have been made by you that weren’t may not be spotted immediately.
Prepare for hack attacks
1. Computer security software
Make sure your computer security software, including security patches and firewalls are up-to-date. Configure software for automatic updates and be sure it’s always functioning. For laptops, be sure to use encryption software. You can protect your home or work network by ensuring you have a strong password set up. Create unique user accounts for all so each person has to provide his or her username and password before accessing the network. Secure your wireless home network, Set up a network security key, change the advanced to limit access settings, and turn on firewall protection. Use a router to connect your network to the internet and change the default SSID immediately when configuring wireless security on your network.
Be the only Admin on your blog. Have more than one Admin account yourself, and be sure the username and passwords for your accounts are unique. Restrict users to the minimal level of access required by assigning appropriate roles.
3. Backup your content
There are several means available that you can use to backup your WordPress.com blog content.
The Safe Bet – Use an Offline Blog Editor
Raincoatster’s copy and paste work around
- Highlight all of the post (Control A on windows) and copy it to the clipboard (Control C) and, while everything was still highlighted, click “Publish”.
- Even if you lose the post, you’ll still have it on the clipboard and it’s the work of a moment to do another.
Subscribe to Your Blog’s RSS Feeds
Periodically Export Backup Copies
Subscribe to your RSS Feed and Back-up using Feedburner and Gmail
4. Strong passwords
A strong password containing both numbers and letters is one of the first lines of defense against hacker attacks. Make sure your password cannot be associated with you in any way eg. it doesn’t contain your name, address, or date of birth. Use a Password manager, review your e-mail accounts and blog accounts, set strong passwords and use a unique strong password for every account. Do not share your passwords or PINs with others. Never use the same password on multiple accounts. If you used the same password multiple places, then your account can be easily compromised.
“Add a phony email address to your list of contacts [in your email account]: firstname.lastname@example.org. This email address will likely be the first contact alphabetically in your address book, so will be the first recipient of a spam email from a hacker. You will receive a mail failure notice immediately that the email wasn’t delivered. This is also a quick way of checking to see whether changing your password on your email account was effective.” —What To Do If Your Email Has Been Hacked
5. Secure connections
Avoid logging into important accounts and providing personal information and details over an unsecured Wi-Fi network. The state of security for most home Wi-Fi networks was nearly non-existent only a few years ago. Today wireless network “hotspots” in public areas like internet cafes and restaurants, airports, hotels reduce their security settings so it is easier for individuals to access and use these wireless networks. Hackers increasingly target those open Wi-Fi network connections to steal data.
6. Secure Log-in and Log-out
Use SSL encryption at blog login or administration pages.
Always “log out” to terminate your access to your accounts.
“If you are not logging out of every account each time you use it, you are putting yourself at risk, gambling your online reputation, money, and more. This is because leaving yourself logged in to a social network, bank account, or anything that requires a username/password leaves your account vulnerable to infiltration by hackers. Basically, not logging out is the equivalent of leaving your car unlocked or your wallet unattended in public.” — Why You Should Always Log Out of Your Accounts
If you do use another computer, delete your “Temporary Internet Files” or “Cache” and clear your “History” after you log out of your account.
Do you know how to react to a hack attack?
- Go here > Users > All Users and delete any user that does not belong there.
- Disable post by email.
- Disable post by voice.
- Go to your email program and change the password to a very strong one.
- Change your blog account password to a very strong one.
- The email address your register your username account with is your unique identifier at WordPress.com. You have two separate email address settings:
Blog notifications for the admin (like comment moderation, Likes, new subscriptions, etc) are sent to the email address at Settings -> General in the Dashboard.
Personal notifications (like comments on your post, subscription emails, and upgrade renewals) are sent to the email address at Users -> Personal Settings in the Dashboard.
In your account settings enter a mobile number for recovery purposes.
Keep your blog and email accounts safe and backup your content, so you don’t log-in one day to find your blog is publishing content laden with viruses, malware, obscene material, or that your original content has made into word salad or deleted.
- Pinterest Has Been Locking Accounts In Response To Hacks, May Not Know The Cause Of Security Breach (techcrunch.com)
- 20 Percent of Microsoft Log-in Data Compromised (hotforsecurity.com)