We all know someone who has had their email or Facebook account compromised. And we all think it’ll never happen to us, but the reality is that it could. Let’s face it, hackers gonna hack. Someone is gonna get bored and come after you. It might not be today but it could be tomorrow and the odds get worse the more well known / popular / successful an author you become.
To combat this, I’ve put together some things you can you do to minimise the risk of your online accounts getting owned. It’s up to you which—if any—of these you decide to implement but it does pay to at least think about them.
Passwords:
- Do create a different password for each account
- Make it a strong password and by that I mean add some numbers and capitals and symbols if they’ll let you. The longer and less predictable it is, the better.
- Don’t use: password <— if you do you deserve to be owned
- Don’t use names of pets, family members (including last names), the name of your street, your birthday, your spouse’s birthday, Justin Bieber’s birthday (really?) or anything else that people can easily equate to you.
- Don’t write it down somewhere.
- Avoid logging into sites using your Facebook or Gmail accounts
- Turn on two-factor authentication wherever it is available – Amazon just implemented this so use it and protect your ebooks and stuff!
Note: if you’re worried you won’t remember your eleventy billion passwords then look at getting an online password manager like 1Password or LastPass. You’ll only have to remember one password that way just please for the love of Bezos make sure it’s a really super strong password >.<
A lot of people use WordPress for their website, which is cool but all it takes is one bored hacker to hack one WordPress site and they can easily apply their newfound knowledge on other WordPress sites. At least until WordPress realises, creates an update to fix it, releases said update and you get around to installing the update—phew!
Another thing about WordPress sites is the more plugins you have makes you more vulnerable to attack. Installing eleventy billion (there’s that number again) plugins increases the attack surface they have to work with. Just like WordPress the plugin developer has to realise their plugin has been compromised, work out how to fix it, create and release an update and then you have to install the update on your WordPress site. This takes time. So if you really don’t need a particular plugin then deactivate and uninstall it. If you no longer use something, deactivate and uninstall.
If you’re now scared of WordPress and all other content management systems out there then your best bet is a basic HTML / CSS site. But even that won’t make your site 100% safe as they still have one trick up their sleeves: DDoS. DDoS stands for Distributed Denial of Service and that’s basically when they send so much traffic to your site that it goes down. If you have a site with forms that link to a database (like WordPress does) then they can inject exploits into your form fields and carry out a DoS (Denial of Service) which can crash your site or cause other sorts of mayhem and mischief.
What should you do if you’ve been owned?
Passwords:
- Change all passwords immediately
- If your email has been compromised and you can’t log in, do a password reset
Your website:
- If your site has been compromised or brought down, contact your host and work with them to get it resolved
- Always make regular backups of your site so you won’t lose any of your data
- If something has been exploited you’ll want to find out what so you can stop it happening again. Your host should be able to help you with this and fingers-crossed it’s something easy, like a plugin on your WordPress site. If it is you can check with the plugin developer and see if there is an update or inform them of the problem so they can fix it. Do not use the plugin until it is fixed. Deactivate and uninstall.
Well I hope that helps or at least gets you thinking about your site and passwords and how to safe guard yourself against hackers.