guest post by Kelly Diels
warning: there are lessons and even actionable advice in here, but it is buried inside a story. I write stories because I love you and don’t want to bore you and because if you laugh then chances are that you’ll remember the educational bit, too. There’s actual research that this works – it is not just because I am in love with bloviation but hey, tomato tahmahto.
I have big love for tech. You could not pry my dishwasher out of my house without bloodshed and death, most likely yours. And the internet? Don’t even get me started. I want to french-kiss the web. In fact, I’m pretty sure that’s my job or at least my blog’s mission statement.
Still, I’m more of install (or pay someone to install) and hope-it-works kind of gal. I want the fuss without the muss.
And I have this theory about tech: some key pieces of hardware and software make a huge difference and everything after that amounts to tweaks and hacks. But the good tech, like a great love, (initially) inspires awe, affection, and respect and make your life much better on a daily basis. You think: how did I ever live without you, front-loading washer? We wasted so much time.
And then, after the infatuation fades, you get on with your happily functioning and newly-enhanced life and start taking your love, machines, shockingly-white-whites and programs for granted.
I like it like that. I like low-maintenance relationships (don’t tell anyone) and I LOVE that electricity just works and I don’t have to think about it. I like finding the right things, that work, and let them do that in the background. Nearly invisible function is hawt.
WordPress is one of those key pieces of tech that made a big difference in my life. It is like a long distance lover. I don’t quite understand it and I should probably spend more time with it but damn I like it a lot. It does me right, mostly virtually.
Actually, let’s be honest: I LOVE WORDPRESS. My blog is my boyfriend. I adore it. I spend all my time with it. Because of all the fabulous people who love me up in the comments, my blog sates my unabashed lust for attention – which, in turn, has started saving me from terrible IRL relationship decisions.
(WordPress is saving the world from needy girlfriends. Someone call the Nobel Peace Prize Committee.)
So the thought of someone getting their sweaty, malicious hands on my boyfriend blog and doing dirty things to it makes me nauseous.
It happened to a friend of mine, Kelly Livesay. One of her blogs was hacked and posts and theme modifications deleted. It happened to journalist Helen Mosher. If you Google her name, the first search result is now “Cheap Viagra Online”. This is not – perhaps obviously – what she intended for her blog. It happened to Robert Scoble, who lost two months of blog posts and gained a very serious sense of personal violation.
And that sense of violation is exactly the prompt for this post: the movie The Girl With The Dragon Tattoo completely FREAKED ME OUT (capitalization absolutely appropriate and required).
Do you know The Girl With The Dragon Tattoo? It is the first of a trilogy of books by Swedish author Stieg Larsson who completed this epic series and then promptly dropped dead. It is a gripping book and it almost killed me, too. I read it in five hours.
And then I got my hot little hands on the movie. Lisbeth, the main character and dragon-wearer, is one tough chick. You don’t want to mess with her. She’ll hack you.
Because that’s what she does. Lisbeth is a freakishly talented hacker. She works as an investigator and conducts her investigations from the convenience of her laptop. She gets into your computer and reads your naughty e-mails, your work memos, your sexts, your bank statements, your browsing history, and then uses that information as she sees fit, for her clients, or herself.
And if you’re on her side – I mean, who doesn’t want her to catch the lady-killing villain? (the villain) – then you’re with her, all the way, as she uses her scary powers for good.
So: The Girl With The Dragon Tattoo. Wrenching read, haunting movie. Great entertainment, especially if you’re looking for a new reason to become deeply paranoid about all the ways people can screw with you online.
Robert Scoble’s not kidding when he says that he feels his virtual house was burgled. Thanks to this paranoid movie, I now feel his paranoia pain and I’m deeply worried about my boyfriend blog.
Still, I don’t understand the point of hacking blogs, so I asked my friend Dave Doolin (Website In A Weekend), who knows Serious Stuff about WordPress, code, programming and How Things Work.
Kelly Diels: What’s the point of hacking a blog? Why would someone want to break into a blog and make it say BUY VIAGRA! instead of just building a sex blog to sell Viagra?
Dave Doolin: Honestly, I’m not really sure, but I’ll hazard a guess: it’s cheaper to spray spam by the trillions than it is to create your own site and work at building traffic. It costs next to nothing to hire people to send a e-mails, so even a really tiny conversion rate generates profit.
Kelly Diels: So how do we keep hackers out of our blogs? On your site, you recommend that bloggers change “Admin” to something specific and then delete the Admin user, so I did that, and Amanda Farough told me to make a unwieldy, ridiculous password that is actually a sentence with random capitalization and characters.
Dave Doolin: Yeah, those two things are a good start. You do want a long, complicated password. The other thing that everyone should do is read the WordPress Development Blog and Other WordPress News. They’re both in your dashboard, and they’ll keep you up to date on the latest hacks and security threats.
(I studiously ignore those two boxes in my WordPress dashboard but now, as of right this minute, I’m going to pay attention.)
And, now that I’m paying attention, I checked in once again with Amanda Farough, who is my designer/developer/chief-cupcake-sharer/coder-extraordinaire. She takes care of my site, because, as I mentioned, I like my tech to work but I’m not really inclined to make it work myself.
Kelly Diels: So, Amanda, what are we doing to keep my site secure? And by “we”, I mean you. What advice do you have for bloggers to keep their blogs on the unhacked side?
Amanda: Here’s my security short list:
- Change your .htcaccess to protect your database name and password by adding the following line of code: <FilesMatch ^wp-config.php$>deny from all</FilesMatch>. In the event of someone hacking your blog, they won’t be able to determine where your tables are, protecting you from losing everything.
- WP-DB-Backup is your new best friend. Get it emailed to you once a week or, if you’re really paranoid, once a day (note: Dave Doolin said we should do it once a day and I heart paranoia. That’s totally where I’m living right now. Thanks, Dragon Tattoo conspiracy). Don’t trust your server or your email server. Save copies of the database to your local drive as soon as you get the email. That way, you’ve got two copies: one on your email server and the other on your local drive.
- Update WordPress every single time you’re prompted to. These releases are the blogger’s equivalent to driver updates: they fix holes in security, functionality, and usability. If you’re running 2.8 when we’re on 2.9.2, then run that update. You’ll be glad you did.
And that – according to my friends in the know, because trust me, I didn’t know – is the short story of how to keep your blog safe and out of the sweaty, dragon-tattooed hands of malicious hackers itching to delete your hot copy and sell us sex aids in your name.
WordPress Security Summary:
- Get rid of your Admin user account
- have a long, complicated password
- keep up to date on WordPress tips and news by reading WordPress
Development Blog and Other WordPress News
- BACK IT UP, baby
- Protect your database name and password
- UPDATE UPDATE UPDATE
Join the Dragon Tattoo Blog HUNT - an internet wide scavenger hunt tied to the feature film launch of bestselling book The Girl With the Dragon Tattoo. Win great prizes – free movie tickets, books, movie soundtrack, posters and more. To join the contest, start at the beginning of the HUNT by visiting www.dragontattoofilm.com/contest for full details and the first clue. The Girl With the Dragon Tattoo is in theaters near you starting March 19th.
THE NEXT CLUE:
This site explores everything Apple, but don’t tell Steve Jobs because this weblog is officially unofficial.
Kelly Diels writes for ProBlogger every week. She’s also a wildly hireable freelance writer and the creator of Cleavage, a blog about three things we all want more of: sex, money and meaning.