Okay, as I’ve promised earlier, here’s a quick run down of how I have beefed up the security of this blog in response to the horrendous episode of hack attacks that screwed up my blog, the database and wiped out 6 month’s worth of posts.
Hard to crack passwords for Cpanel and Dashboard.
It’s a good thing I’ve developed the habit of creating passwords that are completely unrelated to my person such as name, date of birth, place where I live, the schools I’ve attended, etc. and manage to remember them. Passwords based on such information could easily be guessed by anyone whose bent on doing me harm even without the use of password-cracking techniques and software because those basic information about me could be easily culled from the web via the various social networking sites I use. Just Google my name and you’d know what I mean.
So on top of that, I’ve also become used to using passwords that are alpha-numeric and containing special characters. Finally, I’ve decided to change my blog’s and my hosting account’s Cpanel password every 6-months to keep hackers and other evil-doers guessing.
Plugins that add layers of security to my blog
Creating hard to crack passwords is just one step in blog security. The next logical step is to install plugins that add more security to your blog. It does not only prevent hackers from gaining entry and using your blog for their evil deeds, it also helps in the prevention of spam.
Login LockDown by By Michael VanDeMar, it adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. I’ve customized mine to limit login attempts to 3 retries within 3 minutes. Offending IP ranges are blocked for two full hours. It’s so effective, it even blocked me when I failed to enter my correct password due to clumsy fingers.
Theme Authenticity Checker (TAC) by builtBackwards. It scans all of your theme files for potentially malicious or unwanted code. Had I known about this plugin earlier, the first hack attack could’ve have been prevented because the hacker injected my theme files with their spam codes. Do check out Jaypee’s review of this great plugin. We highly recommend it.
WordPress Firewall by SEO Egghead, Inc. just like what it’s name says, it blocks suspicious-looking requests to WordPress and provides for a way to white-list certain requests made by us admins and the plugins we use. It’s so powerful because it’s customizable.
Besides from this security plugins, it’s best to always upgrade your WordPress to the latest version because these releases contain bug fixes and security improvements. And never forget to keep backups and more backups of your blog’s database and make sure they’re in working condition.
Has you blog been hacked? How did you secure it and steps did you take to deal with the damage? Do share your tips and stories. Stay safe!
Image by lloydi.