Last year, I wrote an article entitles “Why you need to be more security minded,” with a few security tips that related to the fact that a friend of mine had his Paypal account hacked. Mostly that article was about making sure that you use strong passwords, using a different password on every account, etc. I stand by all of those tips, and to date, I have never been hacked due to a weak password, I can assure you. I use very strong passwords, and I am very security conscious.
Today, I want to revisit security, but from a different angle, mostly. I have two other friends who are currently experiencing security issues on the Internet, and I would like to visit those and offer some tips for you.
My friend who is currently experiencing the most serious security issue on the Internet is a close friend with whom I have daily contact. He, like me, is an Internet Entrepreneur, albeit on a smaller scale than me, in other words, he has fewer websites than I do. In the past, this friend has been one who always enjoyed tinkering with using different Themes on his WordPress blogs. He liked playing around with giving his sites different looks regularly. In the past year or so, he has kind of given up on doing that, though, and stuck with a single theme. Problem is, apparently, he left a lot of those old themes up on the site, just sitting idle in his WordPress files doing nothing.
Why would it be a problem if the themes are on the site? Well, to be honest, a lot of those “free” themes are chocked full of viruses and insecure code. Some actually have malware included in the theme. Others are just so insecure that they leave a wide open door for the black hat people on the Internet to exploit your site.
It is my belief, and his based on what he has told me, that somebody exploited his sites through an open backdoor left in one of these themes that he was not even using. Terrible. His sites have been offline now for 4 days, and still not back. I have offered to help him get things back up and running, and I believe that I will be helping him shortly.
Nothing wrong with tinkering with new themes, but be careful. If you are intent on using free themes that you find on the Internet, I would strongly advise you to only use themes from the WordPress Theme Repository. All themes you find there are free and should be checked out for security before WordPress allows them to be out there. Better yet, in my opinion, use a premium paid theme from a trusted source. In my case, I use only themes from StudioPress and have been using them for years now. You can use themes from trusted companies without fear, in my opinion.
With my second friend who is experiencing security issues, it all goes back to password management, as I wrote about before in the article I linked to above. Recently, I was doing some work for this friend, helping him out with some computer issue (non-security related. During this work, I had a need for some of his passwords, which he gave me. Turned out, every site had the same password! Oops… red lights started going off and sirens in my head. This is a huge security risk. On top of using the same password on all sites, he had a short easy to figure out the password that he was using. This makes matters even worse.
Well recently this friend got hacked, and now somebody has access to every site for which he has a password. A big issue with this is that the hacker will take your password, log into the sites and change passwords on you, leaving you no longer able to access your sites. Bad news. Use long secure passwords Use strong passwords on our sites. You will never regret using a strong password, but you may regret not using a strong enough password! Do yourself a favor and save yourself the grief that is inevitable. Use a strong password!
Don’t leave your front door unlocked!
Think about it like this, if you use a weak password, or if you do insecure things with your websites, you are leaving your front door open for anybody to come in if they want. If you are an Internet Entrepreneur who makes money via his Internet presence and websites, you are putting your livelihood at risk by not being security conscious. Even if you are very conscience about security, it is still possible to be hacked, but why not make it harder on the hackers by making your sites more secure? If you have a secure enough site, most hackers will move on to an easier target rather than waste time trying to break into your site.
Good luck to both of my friends!