Last week Twitter discovered a breach in their system that could have allowed someone to download the passwords of every user of their platform. They send out a message recommending that everyone change their passwords as a just in case measure, while indicating that they didn’t think anyone else had discovered the issue.
this would be an interesting password
There was a lot of grumbling about it; not the breach itself but in the need to create new passwords. I understand it; I hate changing passwords all the time myself. However, I don’t think my issue is the same as the issue of many others. Continue reading Easy Ways To Create Tough Passwords→
This post about the Limit Login Attempts plugin for WordPress blogs was initially written back in 2009. However, at that time I didn’t really talk all that much about how it worked or its settings, nor did I put images on my blog back then.
By now, almost everyone should have heard about the hacking of the adult cheating site Ashley Madison. Because the hackers decided to release all the information online (actually, I have no idea where they released it because I didn’t care), it’s caused a lot of grief and scandal and a few suicides; come on now, really?
As stupid as it is to join a site like that in today’s world, especially once we hear of all the website and corporations that have been hacked, what seems to be even more stupid are the most common passwords used on the site. Those passwords are: 123456, 12345, password, DEFAULT, 123456789. According to Gizmodo, the only bad password not listed in the top 25 of 2014 was ‘DEFAULT’. The password ‘123456789’ was in 6th place on their list; the other two in the top 5 were ‘qwerty‘ and ‘12345678‘.
Good grief; no wonder so many people seem to get hacked so easily. I mean, I know right now it’s very difficult to stop people who really want to get into your accounts but why make it too easy for them?
Now, I’m not going to act like I’m totally perfect; at least not in the beginning. I never used any of the passwords listed above (thank goodness I wasn’t quite that dumb), but I wasn’t above having very short passwords initially, as well as common names of things that might have been easy to figure out. Then again, back in the day there weren’t as many people hacking into accounts and there weren’t as many sites so we could get away with it.
What made me start changing up my passwords was having my business email account hacked. I never thought about it all that much until I was getting bombarded with email… from myself! lol I’d set up the email account in 2002 and given it a fairly easy password. However, I’d also started using a script on my site that I found online which turned out not to be all that secure.
Thus, I knew a lot of emails were going out in my name, which was painful enough, even after I removed the script. For a few years everything dwindled down and I thought I had it all fixed… until it started up again, this time way more intense than before. It took my hosting company to finally contact me and tell me they believed my account had been hacked for me to realize how stupid I was and to change up all my passwords, making them tougher & harder to break.
On one level that’s perfect; on another… well, I’m betting many of you know the other side. We create tough passwords but if we have a lot of things to get into it makes them difficult to remember. As I sit here right now I know that I only know the username and password for 3 of my 5 blogs, and for maybe 3 or 4 other websites I participate with in some way; that’s it. I’ll admit that I have a file on my computer that has all that information, and for many others I use Keeper, which is on my smartphone and mainly keeps passwords for wifi spots in restaurants I visit often.
We all need to either create very strong passwords or change our passwords at least every 90 days. Some IT authorities believe we should change them every 30 days, and many of you who work in corporate know that’s what you end up having to do.
However, even this might not be enough to keep you from having a bit of grief. I know this because last night I went to GoDaddy to update my subscription for this blog and, even though I’d changed my password a few months ago, I was blocked because apparently there’s someone out there trying to get into my account… probably not me personally but using software trying to get into multiple accounts. Luckily GoDaddy shuts it down after so many attempts, but it seems that changing my password does no good because you can’t change your account number without canceling your account and starting again; nope, I’m not doing that.
Since we can’t attain perfection across the board I warn you to do something to protect your interests. For me, I’d gone with harder passwords so I don’t have to constantly change them. When it comes to your blog, many of you might have missed my post about Limit Login Attempts since I wrote it in 2009, or my post on the Top 10 WordPress Plugin Recommendations I wrote here in May, which includes the one above and a couple others that will help you protect your blog.
Be smart with your passwords and usernames; protect yourself.
All of us have heard these tales of someone finding out that their email or website or blog or whatever has been hacked into by some nefarious rogue (you know, sometimes my language is just so strange!), taken over, and that’s that. Sure, you can recover, but it can be a hassle and a mess.
by Denise Mattox
This idea of security can be taken to extremes. Many folks I talk to seem to worry more about spam than they do about security. Y’all know how I am in making things easy for people to read what I have to say and comment without anything blocking your way, and I expect to continue doing that, even though by the time you read this I might have added the GASP Anti-Spambot plugin.
Anyway, security is a different thing. For the most part there are two things you can do for your WordPress blog to help protect yourself. One I wrote about just over a year ago and it had a lot of comments and reads, but I think I need to bring it back to the forefront again. I wrote about a WordPress plugin called Limit Login Attempts, which will automatically block anyone who tries to get into your account after so many attempts. You can change the settings any way you want to, but it’s a great deterrent towards those who might be trying to guess your password over and over.
This came to fruition last Monday when I received an email telling me that someone had been blocked from trying to get into my site. It had to be a bot, I expect. It tried 4 separate times, each 20 minutes apart, which is how I have my settings. After those times, it then blocks the IP address from trying to login for another 24 hours. It gave me the IP address and the name of the person or bot that tried to get in as well.
No, I didn’t follow it back to see what it came from. My thinking was that it could be a malware site as well; why take that chance? But it proved to me that it worked, and worked well. That was probably one of the smartest moves I’ve ever made.
The other way to protect yourself is to make sure you have a long or complicated password. User names are also recommended by some to be long and complicated, but my brain just can’t handle too many complications. And truthfully, you don’t even have to go for too complicated; long works just as well. Making one or two letters capitalized does wonder. Throwing a number somewhere in there works also. With a WordPress blog, it will tell you when you’re creating a password whether it’s strong or not as you go along. I’m betting some people ignore that, but it’s a smart thing to do.
That’s it from me for the day; protect yourselves y’all!