Wordpress Security
Not sure why this just came back to me, but I have a friend whose Wordpress blog was hacked into and it was a real nightmare for him. Has anyone here had that happen, and if so, how did you deal with it? Also, are there ways to ensure this doesn't happen?
As you may be able to tell, I am a details girl, so I love asking questions and learning all about whatever it is that I am doing. :-)
Recent Comments
11
I have had sites hacked. Hopefully your friend backed up their installation. As Rich said, one of the biggest source for hackers is that default admin. Also, make sure the password is at least 10 to 12 characters long and mix in some special characters, like &,$,*, etc.
But even when you change from the default admin, any post that you make will show your user id. Hackers know this as well. The way to stop this is to make a Nickname within your user settings and then choose that as the posting name. Then, any posts you made/make will show the nickname and the hackers cannot use that to implement their techniques.
Another item is to make sure all plug ins/ themes, WordPress itself is up-to-date. In most cases this can be done right in your Dashboard.
Best Regards,
Jim
Jim,
Can you go into more details about the nickname thing? I'm not sure I understand how to do that. Thanks!
Yes. I can help you with that. In your Dashboard of your Wordpress, there is a link on the left called Users. Either hover over that link and when the other menu items appear for that, choose All Users - Or - click on Users and let the menu items appear underneath the Users tab. Then select All Users. Then, edit the user you want to add a Nickname to (there will be an option right under the user name called Edit.) This will bring the options for the user.
There is an area halfway down the page called Name. If you scroll you'll see a nickname field and it will contain the user name that you created. Change this to something other then your user name. Once you make that change, right below that there is a dropdown with the label "Display name publicly as" and if you look through the choices, you will see the new nickname that you created. Choose that. It will now replace all your posts and any new posts with that name instead of your user name.
Please let me know if there is anything that you did not understand and I'll be happy to clarify.
Best Regards,
Jim
Thanks for those detailed instructions, Jim. Would it be a bad thing to make the nickname "Admin" to fool would-be hackers?
I think as long as you don't have a user created called admin you should be okay. But I can't say for sure if WordPress has something in its internal system that would have a loophole for the username WordPress. So there's a chance you could be taking unnecessary risk in doing so. No way to tell.
Ok, so do I just pick a random nickname? Sorry if this should be rudimentary, but this is all very new to me...
The hosting at WA is constantly monitored for cyber attacks. That said, many people leave the login id user name as the default "admin" which means they're giving away half of the security to a potential hacker. I'd recommend Dean's (@Apina) training on his website here: http://www.apinapress.com/dont-be-an-admin/ Rich.
See more comments
OK, here's my so-called *overkill* technique. !!! Firstly, go into Websites & Hosting, click on Email in the blue bar and create a New Forward, such as admin@sasukhram.com and forward this to your normal email account. Then create a new User on your website and make their name as difficult as a password, ie. 5a5ukhaRam&28; and the password similarly as difficult. Make a real-world written note of it! You should set the level to Admin and enter admin@sasukhram.com as the email address. Log out and log back in as this User. Now create another User, with exactly the same name as your Google Authorship name. Set the level to Author and enter a fake email address. If you now delete the old Admin User, it'll ask who to assign posts to, specify the Author User the one that uses your Google Authorship name. Finally, go back and edit the Author User and enter the email address your Google Authorship is registered under. :) Rich.
I will reread this one tomorrow, Richard. It's just a wee too much for my poor brain to handle at this hour of the night. ;-) Thanks!