After conducting an in-depth investigation internally and talking with my friends who are very experienced in terms of security, I would like to recommend you guys several tools that can protect your blog from external attacks.
Before going into details, let me confirm with you all that I will not be trying to get AZBlogTips back as eNom, NameCheap and GoDaddy have complicated procedures and it took me a lot of time and work for clarifications without any progresses. I feel tired of doing these things and I decided to start my blogging career with BlogReloaded.com.
Many bloggers have mentioned about how to protect your blogs from hackers but I will share with you what I have done after being hacked.
1. Use one time password:
To make sure that your blog is fully secure, my suggestion is to use one time password. You will only be one who can get this auto-generated password for every logins. There will be no fixed passwords then it is much harder for hackers to gain access to your blogs. I would recommend you guys to use One Time Password plugin which seems a great tool for secure logins. Another plugin would also be a great alternative is WP Login Security where all members even Admin would be given a one-time passwords with links to email and you have to click on that to confirm your IP to gain full access.
2. Use secure email services:
There are a lot of free email services out there and it is not hard to find one. Most of bloggers are now using Gmail which is very fast and simple, however, most of security experts advise us not to use Gmail for important things like admin email for blogs, PayPal or Domain…It is highly recommended that you should get a Hotmail account to do this as this email service is considered much secure than any others.
3. Use reliable anti-virus and internet security softwares:
It seems to be confused to all of us that which anti-virus tools are really reliable and trusted with great support. I can not say which is the best or worst but I will follow the crowd by choosing the big brands like Norton, McAfee or Kaspersky. Whatever tools you choose to work with, remember that you must update your tools on daily basis and set scanning schedule at least every 3 days. It is ideal to scan your PC on daily basis to have better monitoring of your activities.
4. Use different passwords for your accounts, emails and blogs:
The first reason that I have been hacked was from using one password for all services even my password was very strong with 20+ digits of combination. However, when hackers got it, everything would be gone. I learnt from what I have lost then I would recommend you that don't use one password for all of services that you participated in. Try to use different passwords for each service.
5. Perform daily scanning & updates for your computer:
This was what I have experienced and you should never make this mistake again. I set daily updates for my KAS tool but forgot perform daily scanning until I found out that my Yahoo email password was changed with doubt. Then I immediately performed a scan and caught 3 trojans. These trojans collected information from my PC and sent back to hackers server. Remember to do regular scanning for your computer!
6. Never click or download email/files that email services filtered as spam:
If you are using Gmail or Hotmail services, you will receive hundred of unwanted or junk emails from someone that you have never known. Some of spammers and hackers are very smart and they cloaked senders' email to spoof you with dangerous attachments. Most of reliable email services like Gmail, Hotmail and Yahoo would filter them into spam folders. I made a mistake by clicking on a message with an attachment from UPS service. I guessed it was tracking number for my checks but it was not. It could carry a trojan that affected my desktop.
7. Use password recovery by mobile phone instead of questions where possible:
Email services have several options for password recovery like answering secret questions or using mobile phone. Gmail and Hotmail supports phone features and you should use them if possible. Hackers can guess your secret questions but they can not use your phone to recover passwords. If your countries are not allowed to use phone verification, try to use the most challenging answers for your secret questions.
8. Don't use default WordPress username:
This is very fundamental but many bloggers now still use Admin as username and it is much easier for hacker to find it out. WP 3+ now supports changing admin user at your installation. So, you should change admin username to what you think can be secure from hackers.
9. Never use null/cracked/pirated themes/plugins or softwares:
Many bloggers now can not afford premium or paid softwares and they usually choose cracked or hacked sources to get license. But, they never know that most of pirated softwares has malware and it can destroy your computer or play as a trojan to steal your passwords or credit card information. If you can not afford any software, try to subscribe to blogs where they usually conduct contests or giveaways to get it legally.
10. Never share passwords to anyone:
My advice is not to share your passwords to anyone even your family members. Why? You never know that they can place somewhere or accidentally posted it to their blogs that hackers can find out. Keep it secret for yourself!
11. Check your deleted emails:
Just in case hackers know your email passwords. They usually hack other services like hosting, domain or paypal where that email is used as admin login/user. They will unlock your domains and deleted all notification emails sent by providers to hide their activities. You will never know it until you check your deleted emails and things are then too late. I have been in this situation and I would recommend you not to empty trash but check it first!
12. Locked all domains and use Whois Guard services:
Hackers can not steal your domain if it is locked from your side. I have locked my domain but unfortunately hackers know my pass and email pass then he unlocked that I did not know and performed a quite transfer to other registrar like a legal owner. Keep an eye on your domain or pay some bucks to have Whois Guard service enabled for your domain names.
13. Never share hosting resource with anyone even best friends:
Many of my readers have asked me to share hosting resource with them with many reasons. But, I must say, you should never do this as they can be a messenger to hackers.
14. Be careful with any plugins you use:
Like previous article about WP Status Notifier, you should be careful using any free plugins. Not all plugins in WP directory are secure and safe for use. Take your own risks and check support forums to make sure it is safe!
15. Upgrade to the latest WP version.
Yes, TechCrunch has been hacked by not using latest WP version. You should upgrade to the latest version once it is released to make sure your blog is secure from hackers.
16. Your responsibilities:
You should pay attention to whatever you do to ensure your blog secure and you will never feel sorry for what you have done.
That is all what I will surely do after my blog was hacked and stolen. I have just taken most of these steps and I am going to complete the remaining in the coming time as some of them are paid services while my PayPal account has not yet been restored and refunded.
Good luck and I am happy to hear your suggestions too!
{ 0 comments... Views All / Send Comment! }
Post a Comment