Securing Your Blog
Posted by Mitch Mitchell on Jan 26, 2011
All of us have heard these tales of someone finding out that their email or website or blog or whatever has been hacked into by some nefarious rogue (you know, sometimes my language is just so strange!), taken over, and that’s that. Sure, you can recover, but it can be a hassle and a mess.
 |
This idea of security can be taken to extremes. Many folks I talk to seem to worry more about spam than they do about security. Y’all know how I am in making things easy for people to read what I have to say and comment without anything blocking your way, and I expect to continue doing that, even though by the time you read this I might have added the GASP plugin.
Anyway, security is a different thing. For the most part there are two things you can do for your WordPress blog to help protect yourself. One I wrote about just over a year ago and it had a lot of comments and reads, but I think I need to bring it back to the forefront again. I wrote about a WordPress plugin called Limit Login Attempts, which will automatically block anyone who tries to get into your account after so many attempts. You can change the settings any way you want to, but it’s a great deterrent towards those who might be trying to guess your password over and over.
This came to fruition last Monday when I received an email telling me that someone had been blocked from trying to get into my site. It had to be a bot, I expect. It tried 4 separate times, each 20 minutes apart, which is how I have my settings. After those times, it then blocks the IP address from trying to login for another 24 hours. It gave me the IP address and the name of the person or bot that tried to get in as well.
No, I didn’t follow it back to see what it came from. My thinking was that it could be a malware site as well; why take that chance? But it proved to me that it worked, and worked well. That was probably one of the smartest moves I’ve ever made.
The other way to protect yourself is to make sure you have a long or complicated password. User names are also recommended by some to be long and complicated, but my brain just can’t handle too many complications. And truthfully, you don’t even have to go for too complicated; long works just as well. Making one or two letters capitalized does wonder. Throwing a number somewhere in there works also. With a WordPress blog, it will tell you when you’re creating a password whether it’s strong or not as you go along. I’m betting some people ignore that, but it’s a smart thing to do.
That’s it from me for the day; protect yourselves y’all!
Copyright secured by Digiprove © 2011 Mitch Mitchell
Limit Login Attempts
Posted by Mitch Mitchell on Dec 16, 2009
One of our new friends around here is Udegbunam Chukwudi, and he writes a blog called StrictlyOnlineBiz.com. I followed one of his links to his blog to take a look around, and I think he writes a pretty nice blog, so I hope you check it out.
One of his posts was called Secure WordPress Plug-ins, and he gave us 10 WordPress plugins to help us make our WordPress blogs secure. The first one is the one that caught my eye.
The plugin is called Limit Login Attempts, and its purpose is to dissuade those bad folks who know how to write software that can take its time in trying to break both your username and password. As I keep coming across more and more folks who have had their blogs cracked, including some of the big boys, I read that what happens is these weasels somehow figure out your username and password, get into your blog, and that’s that folks.
It made me remember that two of our other friends had their blogs hacked. Peter Lee had written about it last year, though it may not have been the same way, and Yan of Thou Shall Blog also had his blog hacked, and they did figure out his username and password.
The thing is, most of us are too lazy to change our username from Admin. I know I’m bad at this, yet I keep thinking my password is unique enough that it should protect me. But if someone automates software, then I’m gone just like many other people would be. Thus far, the best thing about not having thousands of subscribers is that I figure I’m still under the radar. Then again, I bet Yan and Peter both thought the same thing at the time.
I decided it was time to add a bit more protection to my blogs, so I went to that page, read about this plugin, and decided I liked what it had to offer. The download takes almost no time, and I uploaded it to all my blogs at the same time. But I tested it on this one, just to make sure it wouldn’t mess up my dashboard; it didn’t.
You get to make a couple of decisions with your settings. The first is how many login attempts you’ll allow before it shuts down for a certain number of minutes. It’s defaulted to 4, so I left that alone. The second is how long you want to make people wait before they can try it again. The default is 20 minutes, and I kicked that up to 30 minutes. The next 3 I left alone because I have absolutely no idea what any of it means. The last thing is after how many tries you want to be notified that someone has failed to login. It was defaulted to 4, and that made sense so I left it alone.
I now feel that I have an extra layer of protection, and that will help me sleep better. Of course it’s no substitute for making sure to back up your blog every once in awhile, but it does give an bit more peace to my mind. I think it’s a good idea; y’all should take a look at it yourselves.
Copyright secured by Digiprove © 2011 Mitch Mitchell
I'm Just Sharing is where I share my thoughts on internet marketing, writing, blogging and many other things. You never know what I'll be posting on. So keep coming back, read, enjoy, and buy something! ;)
