Keeping your WordPress Site Safe – The Ultimate Guide!

internet-1181586__340

Running a blog is great fun. It can provide you with hours of enjoyment and can even provide you with lots of money (not the case for me unfortunately). However, there is one big problem that all bloggers and website owners fear… hackers. This article specifically focuses of securing WordPress blog’s but the same techniques can be applied to any website in general.

What are Hackers?

Hackers are people who (in simple terms) break into a computer without your permission. Computer hacking is a criminal offence so is completely illegal.

Hackers can do terrible things and cause lots of damage. Hacking is usually done remotely and, in some cases, you might not even know you have been hacked – sadly.

Many hackers will even change the password to lock you out of your device. This means that you no longer have control over your blog.

Most devices can be hacked. This includes (but not limited to): laptops, desktops computers, smartphones and tablets.

How does this affect me as a Blogger?

Somebody could hack into your blog and PERMANENTLY DELETE work you have spent hours on. Whats more, they could then upload completely irrelevant content which might  be inappropriate.

If you use a Content Management System (such as WordPress), the password could then be changed meaning that the hacker has full control over a blog that you own! Money could even be lost.

Oh dear! What can I do to prevent this from happening to me?

security-265130__340

Lots!

Firstly, don’t use really obvious usernames. For example, don’t use the username ‘admin’ or ‘administrator’. These can be easily guessed and are also commonly used. From my experience, hackers use really obvious usernames when trying to hack into your blog.

Ensure that you have a strong password. Ideally, ensure that your password contains a mixture of uppercase and lowercase characters, symbols and numbers. This will make your password hard to guess.

Another great way to protect your blog is to use something called ‘Two Factor Authentication’. The way this works is that you enter your username and password. You are then sent another number (sometimes by SMS) to enter as an extra security measure. The final number you enter changes each time you login for security reasons. Whilst it can be inconvenient, two factor authentication is great for security as a separate device will be needed in order for access to be gained.

There are many free services that offer two factor authentication. In WordPress, you can get plugins that will implement it into your WordPress site for you. Just search for ‘Two Factor Authentication’ on the ‘Add New’ page (under Plugins).

You can also use something called a ‘Challenge Response System’. A ‘Challenge Response System’ consists of a test that proves that you are a human. This might seem a pointless thing to test for but most hackers use programs that automatically submit data (hackers submit usernames and passwords) using web forms. Humans simply need to enter the letters and/or numbers shown in a box. Only humans can do this because robot can’t read the distorted numbers and/or text. CAPTCHA is an example of a ‘Challenge Response System.’

Do I need an Anti-Virus and Firewall?

Wordfence is a security system for WordPress sites. It scans your site and looks for ‘infected’ files which it then repairs. Another great feature about Wordfence is that it emails you when something (such as a plugin) needs updating and whenever a user logs in. This helps to ensure that your site is unto date and could also tell you that a hacker has accessed your site. It can also let you know if a user has been locked out due to somebody guessing the password wrong too many times.

Wordfence has many other great features but I have only named a few.  This is personally one of my favourite plugs so I highly recommend it. Wordfence is a free plugin but you can also pay for extra features such country blocking.

Personally, I would advise getting some sort of security system as it will help prevent hacking, and other malicious activity, from taking place on your website.

Are Backups really necessary?

Certainly.

If your site gets hacked, a recent backup could save data loss. A backup might not necessarily restore everything but it should restore most of your content should anything go wrong.

Backups are straightforward to complete. I use a plugin called BackWPup. This is a WordPress plugin that will create and store regular backups for you. It only needs to be setup once. Once a scheduled backup is complete, you can choose for the backup to be sent to one of many places. You could send it Dropbox, a file on your web server or even to a separate FTP server. These are only three examples. You can also schedule when the backups occur. For example, you might want your website to automatically backup once a week.

But what if my site does actually get hacked?

Even if you have taken all of the best security measures including the ones I have mentioned, you could still get hacked. I am pleased to say that, whilst people have attempted to hack both my websites, nobody has ever been successful. Even so, here is my advice…

Don’t panic. Panicking will not help one bit. It will just make matters worse.

Try to find a way for you to gain access and revoke the hacker’s access. If this fails, try to recover the site files if they are unharmed. Then completely delete your site and use your site files to set your website up so it was like it was before it was hacked.

If you have a backup, restore to your backup. You might still lose data but this is much, much better than losing your whole website and having to start from scratch.

Summary

I hope that you enjoyed this article and that you will take my advice into consideration when thinking about your website’s security.

DISCLAIMER – Even if you have followed all of my advice, under any circumstances whatsoever can I be held responsible for damage or data loss due to website hacking.

Your Guide to Computer RATs

As we all know, rats are very enjoying pests that get on your nerves. All the stupid sickly things seem to do is run around being an absolute nuisance. But, what exactly is a computer RAT and how can you stop them.

RAT stands for ‘Remote Access Trojan’. It is a trojan that allows a hacker to take over your computer. But what exactly does this mean?

A trojan is a type of virus and a virus is a type of malicious software. Malicious software is software that is designed to harm your computer. So a virus works by damaging your computer. But still what is a trojan?

A trojan (short for trojan horse) is a virus that claims to be free legitimate software. However, one you have this ‘software’ installed on your computer, the software damages your computer. Sometimes, a RAT is installed.

A RAT can be used to allow a hacker to remotely gain access to your computer and take control over it. Some hackers will steal your data. However, RATs are mainly a concern if you have a webcam. Hackers can see and record what your webcam sees. This is a huge privacy issue as you will not easily know if somebody is accessing your webcam remotely.

How do I prevent this from happening to me?

Using a reputable anti-virus and firewall software is a measure that you should definitely take. If you need to pay money, just do it! It will be worth every single penny!

What about my webcam?

If you have a desktop computer, I advise that you unplug your webcam when it isn’t in use. This simple step will not protect your data but it will protect hackers from accessing your webcam.

If you are using a device with a built-in webcam (such as a laptop), cover the webcam with something like a plaster or sticker when it isn’t in use. This is a physical security measure.

I think I have a RAT. HELP ME!!!

Don’t panic! Run your reputable anti-virus software to detect for malware. Most anti-virus software will then remove the malicious software for you! If you are still stuck, take your computer to a repair shop as they should be able to help you out.

I’m wasting my time reading this article because I’m a Mac user and Mac’s don’t get viruses! Am I correct?

Hmmm…

Apple are known for the security of their Mac products. Personally, I have a Mac (with no anti-virus) and have never had an issue with security or had a virus. However, every so often, a new piece of malware designed for Mac’s is released. Apple appear to react to this quickly and before long, they publish an update to stop the malware. For this reason, I recommend that you install anti-virus just in case! You simply cannot guarantee that Apple’s pre-installed anti-virus software will work as well as third party software.

DISCLAIMER – Follow my advice at your own risk. I cannot be held responsible for any harm to either you or your computer data even if you follow my advice!

NEW TUNE RELEASE – Peaceful

On Friday, I was watching the Ultra Festival in Miami (streamed to my iPad using twitch.tv). Whilst I was listening to the epic music, I decided to make another tune using Garageband. Whilst I was watching the festival, I noticed a MacBook Pro! This amazed me so much that I decided that I should make another song. My music making adventure had continued.

A couple of months ago, I made a song called ‘Confusion’ using Garageband (click here to see the blog post). Confusion hasn’t been listened to very often. This made me even more determined to make another song and to do better this time round!

I then began experimenting with Garageband loops. I basically chose two loops that sounded good. I then added additional loops until, eventually, I had what I thought was a reasonably good song. I adjusted the volume levels of each track. The audio pan function was also used so that (at the songs climax) you have a different loop in each ear AND you can still hear the backing track. Happiness was now apparent.

There was only one thing missing at this point in time… a song name. This was by far the hardest part for me because my imagination and creativity is not very good. In the end, I came up with the name Peaceful because I believe the song is quite relaxing so is peaceful.

The final step was for me to export the song as an mp3 file so that I could publish it onto Soundcloud. See below to see the final product. Like Confusion, this song is protected by copyright.