When I was in college, one of my business instructors told us students that one of the biggest hurdles to making money in business was procrastination.
Procrastination is the killer of all that is good, if you ask me. But this article is about keeping a secure WordPress blog, so how does this relate?
Read on!
I don't think there's a person out there that after learning just how much of a problem WordPress hacking is that it's a good idea to enhance the security of their blogs. However, something I've noticed over the years is that when it comes to securing their blogs, bloggers seem to be stuck in this reactive state.
They don't do anything until something has been done to them... until something bad has been done to them.
I live in Las Vegas. Las Vegas seems to be on the bad list for just about everything, crime included. It's sad that I don't feel real safe at night, but at least I have a house alarm which makes me feel a little more secure. Yes it is a reactive security feature I've set up, but it's a proactive step. Many people don't install house alarms until guess what?...they get robbed.
Why is that?
Because they get scared. It seems being scared is a big motivator.
Let Me Show You Why You Need to be Careful Online
Since scare tactics seem to be what drives some people to take WordPress security a little more seriously, or at the very least start thinking about the problem, let me shoot a few scare tactics your way.
Let's pretend I'm Joe the Hacker. I have nothing better and more productive to do with my life than hack into people's sites and blogs and make their lives miserable. I don't care about all the hard work and time you've put into your blog, I just want to break it.
Here's some things I might consider doing.
1. Hang out at a local coffee shop or some other public area where there is free Wi-Fi.
After spending a few days and hitting a few spots around town, I finally find a cafe which offers free, unsecured Wi-Fi and to my pleasure, there are a ton of people sitting around each day connecting their laptops to the "free" Internet service. I sit down and use my handy dandy Wi-Fi cracker tool and log myself into people's computers... remember, they're all on a shared network.
From there it's easy, all I need to do is upload a virus or key logger program so I can track your keyboard movements. "Hey look at that, that girl over there is logging into her blog. Here, let me see what she's typing in for her username and password."
Lesson: Don't trust free Internet connections. At least make sure the place uses a secured Wi-Fi connection if you're going to use it.
2. Create fake online profiles
Since I (our fictitious hacker Joe) has nothing better to do with my time, I'll go ahead and set up some fake social media profiles. Here, let me go to your blog and check out who your friends are and who you trust.
Got 'em.
Now let me head over to one of your friend's sites and take a couple screen shots of their blog, personal photos, and note a few names.
Got it!
Now it's time to sign up for a new Facebook account and use this person's name and identity to pose as your friend. Once I get it all set up, I'll be emailing you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever social site).
Cool, now we're friends.
"Hey buddy, I noticed you don't have a secure WordPress blog which can keep the hackers out. I'm doing security upgrades now; tell you what, if you'll do a review of my Facebook page and give me a little feedback, I'll upgrade your blog for you - no charge. I'll just need your username and password."
(see the irony)
Or perhaps it's your computer I want. Instead, maybe I'll just befriend you on Facebook and send a link your way telling you, "You gotta see this video! Click this link here."
Oops, did I forget to tell you that link is not really a video? It's a virus I created just for you!
Lesson: Don't trust anyone online at all times. Yes you might make friends and over time you might even trust them, unfortunately, someone can use that trust against you.
3. Password Guessing
As I (our fictitious Joe the Hacker) know, people have way too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts which all come with logins and passwords you need to remember.
If you're one of the proactive ones, I might find it a little harder to crack your password. But if you're one of the reactive ones, I might just get you.
Did you know that one of the most popular passwords going around these days is 123456?
Lesson: Do I really need to say it?
I understand that since the birth of the Internet as we know it, things have gotten a lot harder to control and secure. People in 2010 assimilate 10 times the amount of information each day than people did in 1980 (that's not a scientific study I did, just logic). I understand it's hard to have a different username and password for all your online profiles, unless you use a program like Roboform or 1Password, which I HIGHLY suggest.
But realize that online security is something you really need to start thinking about. Don't just be the reactive type, take steps to start protecting yourself today. Don't let Joe the Hacker make your life miserable and turn all that you've worked so hard in creating come crashing down in a matter of seconds.
The point of this article is to hopefully get you thinking about how important blog security is.
So, did I put a little scare into you? Or is this just information you accept and figure if it happens, it happens?
John Hoff has been using and blogging with WordPress since 2007. His Learn How To Secure WordPress Site offers a free 10 day video mini course on securing your blog against hackers.
0 comments:
Post a Comment