, ,

Photo by CrisisCorps

Photo by CrisisCorps

Isn’t it ironic? Life is so the opposite of boring I tell you, I just love it! While I was talking about the benefits of blogging in my last post, Alchimia’s blog was being hacked and is now out of service…

Instead of getting all angry and sentimental about this, why not think about what we can all learn from it? Is it possible that one can prevent this from happening? I did some research and although there is no 100% hack-proof solution, it seems that there are some things one can do to make it a little more difficult for our friendly hackers.

Here is what WordPress has to suggest.

1. “Keeping your secrets secret”
Use a difficult-to-guess password. Do NOT share your password and do not use easy-to-guess words or birthdates…

All it takes is one person to guess your password and they can delete every post you ever made. They could deface your site. They could read you emails or hijack your address and impersonate you. They could ruin what you have taken time to build.”

2. Choosing and using good passwords
Invent difficult words or phrases as passwords with capital letters, numbers and special characters. But how will you keep track of all these difficult passwords??? Use can use a password management software to control your passwords they are too difficult even for you to remember.

These are some the password managers we use for our own passwords:

  • Keepass – Open Source, free to download and use. Available for Windows, Mac and Linux.
  • LastPass – Free service with premium option. Available for all major OSs, browsers and mobile devices.
  • 1Password – Paid download. Available for Windows, Mac and iOS, with support for all major browsers.

3. Logging out to prevent public access to your Dashboard
Manually log out from your account each time you shut down you pc or even just the browser, especially if you’re working on a public computer.

If you don’t log out, someone may be able to access your account just by viewing the browser history and going back to your WordPress.com Dashboard.

To log out of your WordPress.com account, select My Account → Log Out from the gray toolbar at the top of any WordPress.com page.

4. Safely sharing control of your site with other users
Determine specific roles for each of your blog’s users. Have only one Administrator and appoint the rest as Contributors, who cannot make significant changes to the blog but can only write or draft posts. Do not even use the Administrator role yourself unless necessary and use the Editor’s role instead for day-to-day business.

“[…] be particularly stingy with the Administrator role. When you make another user an Administrator on your site, you’re literally creating a separate set of keys for your site and handing them to someone else. Not only will they be able to take your site for a joyride,  just having an extra set of keys laying around significantly increases the risk of your site being hijacked.”

5. Using a secure connection to log in to WordPress.com
When you sign in to WordPress.com via a public Internet connection, such as a Wi-Fi connection at a library or a coffee shop, your account may be vulnerable to hijacking.

To keep the bad guys out, you can use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.”

6. Augment your password with an extra layer of authentication
With the Text Messaging feature, you can use any SMS-capable phone as a unique key to your blog. After you sign up for the service, we will send you a one-time code in a text message when ever you try to log in to your blog. You will only be able to complete the log in by entering this code. This means that even if someone gets your password, they won’t be able to log in without getting your mobile phone as well.

Wow… this trully seems like a lot of work but it IS worth it in the long run, isn’t it? Imagine all the stress and disappointment you will put yourself through, if something like this happens to your little blog.

I have to admit that I’m going right to the Settings page on my account and changing all these things right after uploading this post.

Alchimia have informed me that they are already working on fixing things and girls, don’t you worry. Your new blog will be better and more secure than the previous one!! Baci to all of you!

Thank you for reading this and let’s hope that the next post will be contemporary jewellery-related 😉

No pictures were downloaded or copied. They are all linked to their respective websites.

Update: 17.02.2012
Alchimia’s blog is back online! Keep up the great work people! 🙂