How I secured my shit.
I wrote about this sarcastically, but here goes nothing.
I’m doing this, because it was talked about on Twitter, and wellp, here are my secrets.
I joined hacker communities. No big deal.
1. I started joining hacker communities under an alias to learn their ways and how they hack into things instead of reporting them to their hosts (since their hosts do nothing about it anyway).
This probably makes me a hypocrite, but Sean had said something on Twitter once that got me to thinking. Since then, I started joining their communities, carrying on some conversations with them, and learning what makes me vulnerable. It’s not a smart thing to do if you publicly share your IP address, though, and I’m not saying this is like Monopoly’s Get Out Of Jail Free card. 6birds can still get hacked, but I monitor it so frequently that if you tried to login and failed, I’d see it on the list and block you ASAP.
2. I don’t give the WordPress version number.
But I took it off via Better WP Security. People say that taking off “Powered by WordPress” in your footer limits your chances, but I’ve done that and it doesn’t. I’ve also read where people said it literally doesn’t do anything. You should never use an outdated WordPress. Always update. 😉
3. I don’t have a place on my site that says, “ADMIN ONLY”.
Put one of those, and you’re just screaming for trouble. As stated by a hacker, “Always look for a backdoor. So many site owners are dumb and put their log in link on their sites. It’s the easiest way to find the login AND the directory.”
4. I keep up with it constantly, daily, frequently.
Okay, so I’ve got a security plugin. Yeah? IT IS NOT GOING TO RUN ON ITS OWN. YOU HAVE TO TAKE ACTION AS WELL. I mean, do you REALLY want it to run on its own? It wouldn’t know who is doing what. Like, ugh. I hate it when people think that they can install a plugin for WordPress and that said plugin will solve all of their worries. No, it won’t. For example, that plugin that requires you to check a box to confirm you’re not a spammer only works on bots, not human spam. Therefore, having JUST THAT will not wipe out the human spam.
So I have the security plugin, and I watch it, and I take action rather than simply ignoring IP addresses that have “Bad log ins”. I also watch the 404 errors that ring up on my site, and I know the bots. It’s not because I’m a guru (trust me, I’m not); it’s because I have and use common sense. ~
For example, if I said I’m going to hack your site, would you just change your password, or would you change your password and block my IP address?
5. I look up plugins before using just any plugin, and I search hacker communities for that plugin.
I refuse to go back to using Contact Form 7 because of this, no matter how many people tell me it’s secure.
Don’t run more than one security plugin more than once, because they can’t coexist without screwing up your shit.
6. I choose a strong password.
Database passwords can be generated. You’re not really going to use them like you are the actual scripts they’re linked to, so why make them the same/something you can remember easily? Just write them down.
These things don’t make you unable to get hacked; they just help prevent it. I am not responsible for what happens to your site, blah, blah, blah.
In other words, if you’re dumb even after you do these things, I’m so not taking you seriously in the future.