When you first install the Wordpress platform, it defaults to the main user being named “Admin”, which is short for Administrator. Now, this is fine for the initial set up of the platform, however, many users simply leave their login as “Admin” which creates a whole set of problems.
Since so many users leave their username as “Admin”, that allows “spammers” and “bots” to “hack” your blog and do a variety of things, such as:
- Delete your blog
- Change your information and steal your blog
- Find/steal any important information in your Admin panel
- Destroy parts of your blog
- Write advertisement postings within your blog
And much much more…
So, to prevent somebody or some created script from getting into your Wordpress blog, simply create a new username once the platform has installed successfully. Then, using the default Admin user, promote this new username you’ve just created to have Administrative privileges as well. Once you’ve double checked that it does, simply delete the default Admin username and you’ll be much more safe from potential hacking attempts.
Also of note - once you’ve created a second username, when you delete the “Admin” username, a message will pop up asking if you want to replace all posts posted by “Admin” to your new username. That way, nothing changed visually on your blog.
And one final thing - when you do create your new username, don’t make it similar to whatever name appears on your blog postings. For example, when you write a post, it will say “Posted by John Doe”. Don’t make your username “JohnDoe” or “JohnDoe1″. Make it something totally different so your username can’t be easily guessed.
I’ve started to notice a great increase in the amount of “shortened” links on blogs recently, and that is starting to become a mild concern. I usually don’t click too many links I don’t trust anyway, but these newer shortened links are a hazard waiting to happen for many users.
These “shortened” links came to popularity around a year ago with websites such as TinyURL starting up. In essence, what these websites like TinyURL will do is take a long URL and make it short (into like 15-30 characters) as opposed to 70-100 of normal URL’s. It’s actually a really great service, especially for those on sites like Twitter and Twitterotti where you’re limited to a particular number of characters. The problem now however, is many blogs are starting to use these services to “mask” or hide their links. I’ve still yet to figure out why, but, it’s really starting to become a concern, one that Daniel of Daily Blog Tips sees as well.
The problem that I see (as well as Daniel) is the abuse factor. These links don’t show where the link is coming from and/or pointing to, so you really have no idea where you’re clicking. That’s a problem. When you click a normal URL on a blog, you can see where it’s pointing to and what website or blog you’ll be redirected to. I like having that power to see where I’m going. Now with blogs pointing their links using these shortened links, you might be clicking yourself right into danger. You could be linked to a website that uses “phising” techniques which is a fancy way of saying they’ll steal your info (anything you could input into that website/blog they could steal…e-mail, bank account, etc). In addition to those, you could also be clicking on some sort of spyware or malware that infects or slows down your system. So, in my opinion, it’s simply best to avoid them totally unless you trust the source. In addition to that, if you are a blogger, I would not recommend placing or using these particular type of links on your blog. Stay with the traditional format and your readers will be much happier.
If you do need to click on one of those shortened links though, there is a website out there now that will test the security for you, which is named Sucuri.net. To visit them, click here.
It’s a problem that most bloggers will face at one time or another. For some reason, people think it’s fun to hack blogs. I’ve never figured out why people enjoy it, but it’s become quite an issue, especially recently as there has been quite an increase in hacked blogs.
When setting up your Wordpress blog, the default username given is “Admin” and many people never change that and keep the simple “Admin” as their blog username. While that’s fine, it also makes your blog much more vulnerable to hackers and their hacking software as you’ve made their job much easier. Now they only have to figure out your password since they’ve already got your username. So my first recommendation is to change the default “Admin” username to something you and only you know.
The second line of defense I would recommend would be the new plugin “Login Lockdown”. This new plugin will counteract any unsuccessful hacker attack by keeping track of their IP address and lock them out for a period of time. You can set up the options and time frames as you wish, but you’ll have detailed report of who, where, and what time your blog was “attacked” as well.
Personally, I think the plugin should be standard in the next Wordpress release, but for now, make sure your blog is safe. Install this plugin before anything bad ever happens to your account.
To download Login Lockdown, click here
Resource: BloggingTips.com
One of the most frustrating things that I’ve dealt with when it comes to blogging is security. I always try to go above and beyond, making sure my blog is secure and even with that - I’ve been hacked TWICE. I’ve lost everything in both hacks.
In addition to making a normal backup of your blog, there is now a very interesting piece of equipment you can buy to turn your blog into Fort Knox.
According to BloggingTips.com, there is now a downloadable plugin that integrates with a Yubikey, making your blog a fortress of security.
For those that are not aware, a Yubikey is a $25 dollar USB password generator. It gives you a one time password and there are a variety of additional options on how to set it up. For example, if you wanted to allow other authors into your blog, you could provide them with your password or give each of them their own individual password.
The Yubikey adds an incredibly sophisticated security system to your blog or website, and the Yubikey plugin allows you to integrate it into your Wordpress blog.
To any blogger who values their blog, I highly recommend this device and the additional plugin.
There is no worse feeling than all of your hard work being destroyed in the click of a button. So, prevent the situation before it ever becomes a reality.
To download the Yubikey plugin, click here.
To visit the Yubikey website, click here.
