This week’s Tech Tuesday post comes courtesy of the nasty little hacker who hacked into one of my websites and wiped it clean, leaving me with nothing but a bright sparkling new (blank) installation of wordpress.
The rapid expansion of what has become known as the web 2.0 has brought with it many new technological challenges for people who never expected to have any web presence of their own. Whether it’s something relatively simple like working out how to upload a photo to their facebook account or something a little more complex like linking their twitter and facebook accounts, people are being forced to become more tech savvy by the day.
This new era of laymen using technology that would previously have only been understandable and available to the most proficient of tech guru’s has brought with it a new problem:
People simply don’t understand enough about what they are using to be able to understand all of the risks.
The list of risks is too long to go into here but for today I would like to focus on two things that I ALWAYS advise anyone who asks about what they do online:
- Don’t use the same password on multiple websites
- Backup now and backup often!
The first is simple. I know it can be hard coming up with different passwords and then remember them all but the best advice I ever heard was this: Come up with a system and use it for every password you create.
A simple password system might be to use the same basic word every time but then add to it the first three digits of the website name.
For example, you might always use the word BACON as your password. So, if you had to create a password on the Yahoo website, your password might be BACONYAH (bacon + the first three letters of Yahoo) on the Microsoft website it would be BACONMIC (bacon + the first three letters of Microsoft) etc. etc.
Using different passwords greatly reduces your risk of being a victim of fraud. If you use the same password every time, a fraudster only has to learn your password once and they have access to everywhere you go online.
Once you’ve got your password security sorted, the other REALLY important thing to do is back up any websites and blogs you may have.
Exactly how to back up your site or blog depends entirely on how the site is created and where it is on the Internet but there are plenty of people who you can ask for help (me included) who will gladly advise you on how to back your site up. It’s really quite easy, even blogger has a built in system for backing up your blog posts and comments.
Most people don’t think about backing their websites up, even I’m guilty of not doing so. I had no backup at all of the site that got hijacked and it was only because Google still had by pages cached that I could rebuild it.
I won’t be making THAT mistake again… and you shouldn’t either.
Don’t delay, backup now and backup often. Trust me, you’ll be glad you did if ever anything goes wrong!
I installed a copy of WP locally to take it for a test drive. It is pretty nice but I was frustrated with a couple of things. I think it might have more to do with Apache or MySQL though. The maximum password security left a little to be desired for my taste. I have multiple levels of password security. Basic level uses about 8 characters with upper and lowercase letters plus numbers. Moderate security I use about a dozen characters from the same subset plus extra ascii. My secure passwords are about 20 characters long and full ascii including alt+ codes. Unfortunately many systems do not allow the extra ascii characters much less the special alt+ codes. This makes some of my systems vulnerable when I want them to be as secure as I can make them.
This is true of WP. The database can only be secured with letters and numbers. This is a bad thing because even if WP properly secures the database from "easy hacks" the security of the password leaves it open to hacking from a hard crack. Once in the database you can insert serverside commands and the server believes that the database is allowed to ask for almost anything based on the standard permissions. Once that is in place you can go to the database file you created via a guest login (public html access) and take complete control of the server.
There are ways around this but a better password system on the front end would be nicer.
Sheesh. You know, I kind of hope that I get popular enough that someone wants to hack my website. And besides, Nick, don't get knock on WP's security… cause Blogger is nothing special.
Oh, and WP works better on a Linux server anyway. Just so you know. I had a local version too that I played with for a while, and when I set up my hosting, I got Linux and it ran so much better. Big time.
I'm not complaining about how it works, but rather a problem with the maximum password security and how that can allow access to the server. Like I said there are ways to make it more secure.
You are right that blogger security isn't perfect, but they don't allow database access directly because they wouldn't want all of blogger exposed to someone's bad password mistake.
You use WP on Windows? How's that working out for you? I've never tried it, both the servers I use for it run Linux.
More security would be nice but for the people like me who don't know an ASCII character from a Pokemon character, where it is now is just fine! 🙂
It is only being run in local host so I can play around with it. If/when I load it onto a live website I should be able to use the local host copy to make my changes and then after ensuring that the changes are what I want I can load them onto the live site. So far I've been very happy with it as a generic install, but I haven't made any changes, not even theme, to the standard install. It was pretty easy to do.
In theory this will do it for you, http://bitnami.org/stack/wordpress but it didn't work for me. I could have played with it some to figure out the problem, probably permissions or something, but instead I tried a little harder install that worked the first time. http://www.jdavidmacor.com/2007/07/24/how-to-inst… describes how to do it, and the program allows for quite a few other web based utilities to be installed so win win for the geek.
Thanks for the tips! I've backed up my site for the first time now (thanks to you). I will work on that password idea too!
For the first time????
I need to have words with your husband!
these are great tips- good stuff. Thanks Peter.
Thank, Jason. You're a great encourager!
Wait…you can back up your website?
And Dang it! Now I have to go change all my bacon passwords! Thanks, Peter!
So in the very most basic way you know how … how do you back up a website in blogger?
Hi Susan,
I have emailed you some instructions, but I think I may have called you Sarah, not Susan…. Sorry about that! 🙂
Ah, yes, I've run it under Xampp before… I have some spare domains that I use on one of our web servers now so I can test things on the server they're going to go live on later.