I usually wait awhile before doing update posts so the original post gets to be seen by quite a few people. I’ve never, ever posted an update straight after the original post. However, since my last post about how My Blog Was Hacked And What I Did About It I’ve decided that this update was so important I should post it straight away.
Fist off I would like to thank Keith of Public Speaking and Presentations for putting me onto John Hoff and his post about how to easily set up WordPress firewall for your blog. Because of that post I’ve installed the SEO Egghead’s WordPress Firewall Plugin! You see where in my previous post I showed you how to protect yourself from someone hacking into your blogs dashboard this one protects you from the more malicious attacks the sort that uses SQL injection. Without this plugin hackers can hack your files without gaining access to your dashboard. I urge you to read John’s post and to install this plugin.
Since it’s installation I’ve been notified of several attacks on this and one of my other blogs. If I didn’t install the plugin not only would I not have known of the attack my blog may very well have been compromised. Once an attack occurs you get an email notifying you of the file they tried to compromise as well as the IP address of the offender. Apparently all the attacks appear to be “Directory Traversal Attacks” You can read about these and other attacks that a blog may be susceptible to here. Yeah, I know there’s no SEO value in that link but screw SEO, it’s more important that I get this post out as quickly as possible.
Since being hacked and these attacks I’ve decided to change my user name because I admit it, I’ve been a real wanker because I’ve use admin as my user name. Why, because it’s the default and I never thought twice about it. The problem with admin is most blogs use the default and by doing that we’re making it very easy for the hacker to get in. He already has the user name so all he has to work out is the password. How do I know this? Because every email I’ve gotten so far telling me of attempts to gain access to my blogs have used admin as the user name.
Quick Tip: You know you have to change your user name when you get an email that someone has used it in an attempt to log on.
The problem is that you can’t change the name from the dashboard. Apparently you can change it by accessing you database but that’s too damn hard for most people, me included, which is why I found a plugin that will do it for me. You can access this from the dashboard using the Add New selection in your plugin menu. Just type in Admin renamer extended in the search box and you’re good to go. If you have an easy password it’s probably a good idea to change that as well.
If you ever needed to promote a post via your favorite social media site, Twitter, Facebook or whatever, then I would highly suggest that this is the one. it’s probably a good idea to join my list so you do not miss out on these very important updates.