Internet security padlockWatching the news yesterday, I thought it might be a good time to remind everyone to practice good internet security.  I know, I know; you can’t go 30 minutes without someone clamoring about hackers.  There’s a reason for that:  They exist.  They’re busy.  And they’re after your site.

If you don’t think you are a juicy target for hackers, and there’s no good reason to get into your blog, think again.  They’re not always after bank accounts, credit cards, or other personal information.  Simply using your server resources can be enough of a reward.

Stay with me here; it’s important to understand this:  Among other things, hackers will try to use your site for what is called a Distributed Denial of Service (DDoS) attack.

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.

Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

As clarification, distributed denial-of-service attacks are sent by two or more persons, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reached an average rate of 28 per hour.[1]

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

(Denial-of-service attack. (2014, November 17). In Wikipedia, The Free Encyclopedia. Retrieved 01:23, November 18, 2014)

Security ButtonWithout you even knowing about it, hackers can be using your site to orchestrate attacks on other, more lucrative sites.  Not only will they have used your site to accomplish this, you may become labeled as “infected” or a spammer.

Most of our current customers have the free version of WordFence installed, which is one of the highest rated free security applications for WordPress.  I customize the security options for you, keeping hackers from using common login names like “admin”, and even blocking forgotten password attempts for usernames that don’t exist.  If you are a customer, and are ever curious how many people have tried to gain illegal access to your site, just ask.  I’ll show you how to find out, or just give you the answer.  For example, one of our customers had over 40 login attempts from Moldova, China, Ukraine, and Russia in the last three days.

WordFence offers a premium upgrade as well.  Among other options available with the upgrade is the ability to block individual countries from even viewing your site, let alone log into it.  Read more about the premium features at www.wordfence.com.  If you decide that the premium version is worth having, just ask.  We get volume pricing on the licenses, currently $20 / year.

One final bit of advice:  Create complex passwords, and change them occasionally.  Ideally, every 90 days, but even I dislike the thought of that.  Read my article on password strength & security for more tips.

Safe Blogging!