I’ve never really worried much about online security. Getting hacked was something you saw on the news or read about in Time magazine. But then I got hacked and everything changed. Let me take you back.
It was December 19, 2014; just a few weeks ago. I was in my parent’s house on Christmas break, when I received a shocking email from my hosting provider, BlueHost, indicating they had shut my site down. Seems they found some malware on my site and in order to protect other sites on the shared server, they locked mine down. I didn’t even know you could get malware on a website.
And just like that, I didn’t have access to something I’ve been contributing to and working on for over 5 years. Over 500 blog posts, thousands and thousands of words, and it was all seemingly gone. Well, not gone, really, but the host had shut it down and I didn’t have any access to it. It’s a strange and awful feeling to be in that position; to have something like that taken away from you.
I ended up having to pay some real cash and spend around 30 hours in the last month to get things fully secure and settled again. Suffice it to say, I’ve learned more than I wanted to know through the school of hard knocks.
So here’s how you can keep your digital life secure:
1. Run an anti-virus/malware on your computer or mac
I have a mac. Have had one for about ten years. Honestly, I’ve never thought about virus or malware because, well, it’s a mac. When my site was shut down, they recommended I run some malware on my mac. I ran a checker, and my heart began to drop as I saw all the malware it was finding. My mac was filled. Ugh.
By the way, you can be virus free, but have lots of malware. Here are two programs I downloaded that helped me clear out the baddies:
What’s the lesson? Drop everything you’re doing and run a virus and malware checker on your pc or mac right now.
2. Update any software you have
Turns out that companies are not sending us reminders to update our Operating Systems because they want to annoy us, but because they have found vulnerabilities that would make it easier for you to be hacked. Stay up to date.
3. Use a password manager
I had been thinking about doing this one for a while, but finally took the plunge. Here’s the reality concerning passwords for most people: you have one basic password for most of your sites. Of course, you might change one or two letters for each different site, but there’s a basic algorithm you use.
Here’s one I used to use: take a word and then use the last three letters (backwards) of a site and add it to that word to make your password. So if your basic word was “vancouver,” your password for Facebook would be “vancouverkoo.” For Gmail it would be “vancouverlia.” Are you seeing the pattern?
This is better than a lot of passwords, but the problem is that if someone finds one of those passwords, they can easily unlock all of your other passwords.
Right now I’m currently experimenting with LastPass and I’m really liking it. If you don’t know what a password manager is, the premise is really simple: it’s a website that stores all your passwords for other websites. All you need to remember is the one password, and it auto-logs you into the sites you have stored.
This video will give you the gist:
There are a few major players in the world of password managers:
and there’s a brand new one from Intel called True Key, which looks quite interesting. This one uses your face as a password.
The bottom line is that right now I don’t know any of the passwords for any of the sites I frequent, because I changed all of them to really complex passwords that LastPass auto-generated for me and then saved. I only know one password, and it’s the password to login to LastPass.
Yes, it’s a scary feeling in the beginning to not know any of your passwords anymore, but it’s also becoming a freeing feeling. It feels nice not having to remember lots of different passwords and I sleep well knowing that all my passwords are really complex. They will never be guessed.
4. If you have a website or blog here are some specific things you need to do as well
Consider this last point the “advanced” section.
A) Install All In One WP Security and Firewall.
- Change your url login. If you have a WordPress site, your default login is mysite.com/wp-admin, for example. Hackers know this and you are making yourself vulnerable to a brute force attack. That’s when someone (or a bot) sits there and manually tries to guess your password. What you want to do is to change your login url to something like www.mysite.com/mycustomlogin. In other words, you don’t want anyone else to know your login url for your site.
- This plugin also allows you to automatically block IP addresses that try to login unsuccessfully.
It has tons of other features and also gives you a rating on how secure your site is. (By the way, I want to publicly thank Jason Lombard. I asked a tech question on Twitter and he really helped me out.)
B) If you still have “admin” as your password you need to change that as well. Use your name, or better yet, something else entirely.
C) Remove the login link from the bottom of your WordPress site. You want to keep this as secure as possible.
D) Change to a WordPress theme that is fully supported
This is what I did recently in the last month. The WordPress theme I had been using, Standard Theme, was no longer being supported, which made me vulnerable. I have since switched over to a theme called Ambiance Pro theme by Studio Press.
E) Get SiteLock.
If you have a self-hosted blog, you don’t really need to worry about this. If you’re hosting your own site through a hosting provider, I encourage you to get this service. This service constantly monitors your site for malware or if its been hacked somehow. It will send you an alert and give you a report on exactly what has happened.
For example, I have two blog posts that generate the most traffic for my site:
What hackers will do is to find popular blog posts you have and inject malware links into those posts. When I received the alert from SiteLock, it let me know that there was one website in particular that was trying to get redirect links; it was one about “Nursing Info.” How they were able to insert it, I don’t really know. My brother, who works in IT, told me that it’s possible to inject those from the comments section, which brings me to my last point.
F) Change from the native WordPress comments.
You probably noticed that my comments section looks a little different now. I switched over to using Disqus as a commenting system. In order to leave a comment now, open need to “sign in” using their account with Disqus, Facebook, or Google. This makes me more secure and eliminates the possibility that a bot can leave a spammy comment or inject some bad links into the post.
G) If you stick to native WordPress comments, you need to use a Captcha system in the comments section.
I’m actually using one of these on my login page to make it even more secure.
Those are some of the main things you need to do to keep your digital life secure.
So what about you? What would you add to the list? To leave a comment click here.
[image by Brian Klug)