Recently, Hesham of FamousBloggers.net had an unfortunately incident of his domain name being stolen. Fortunately, four days later, he is now back up and sailing away. This issue was resolved relatively quickly, primarily due to his determination of getting back what is rightfully his, and because he took action, rather than waiting for things to unfold. You can read the full story about his journey here and how he got his site back up here. Its read is highly recommended as there are many things you can learn, should this ever happen to you. I actually recommend you to bookmark it for future reference, just in case.
What Lesson Can You Learn From This?
Sadly, most of the time, we only learn and take action once “bad” things happen. What happened to Hesham just proves that there is no sure fire way of protecting our assets from deliberate attacks and online thieves. They exist and they are out there, ready to do you harm without hesitation.
From all this, I can not stress enough the importance of “protecting” your assets. This goes for your domain names, hosting accounts and your websites (specially WordPress). As I said, there is no such thing as 100% guarantees, but you can take steps to make it difficult …
- Remember the saying “don’t put all the eggs in one basket”? – If you have several domains, try as much as possible to put them on different and reliable registrars. This is particularly true for your main domains. While it is convenient to have everything under the same “roof”, the eventual damage control you need to do will be much worst. If you can, have two or three different hosting accounts and avoid having your main domains and hosting account together. For example, I have my main domains in one registrar and hosting in another.
- Make use of “ALL” security measures that are provided to you. If they have a two step authentication, use it. If they allow you to lock your domains, use it. Is there something else they provide, use it. Use them ALL
- Create ridiculously complicated and long passwords – Yeah, this is your first line of defense and by creating strong passwords, you make it difficult. This post shows you how to create a strong and unique password. It is an old post, but unless you find another way of doing it, this works perfectly well. If you do have some cool techniques, please share them below in the comment section.
- Keep all your receipts, payment proofs, and just about anything, that can prove you are the owner of your asset.
- If you do suffer from any unfortunate incident regarding your online assets, don’t wait for someone else to solve your problems. Be active and do it yourself if need be – Pursue your interest and get it done.
How Strong is Your WordPress Security Measures?
Don’t think that someone is trying to hack to your site? Think again. Install and implement this WordPress security measures and wait a week. You will be surprised as to how many email notifications you will get from failed attempts to hack your site. I receive more than 50 per week from all of my sites and that of my clients. That’s scary!
Some things to NEVER forget:
1) Always update your WordPress software at soon as possible. This is probably something that many of you fail to do, because of your fear about compatibility and all that stuff you read about. The question you should ask yourself is why are there updates? There are three main reasons for an update:
- New features – yep. These are all welcome additions
- Bug Fixes – yep. These two are welcome.
- Security Vulnerabilities – Yep. This is the most important of them all. When a vulnerability is discovered, WordPress will immediately fix it and send out the updates. You do know that these are made public and everyone, and I mean everyone knows that the previous version has vulnerability issues. Guess who else knows about this… If you guessed, hackers and evil doers, you guessed right? What do you think they will be doing? Exploit that vulnerability, period. So, forget fear and backup your site, before the upgrade. But always do the upgrade.
2) Backup all your files. Don’t rely only on one place or method. If your hosting provider does it, good. But, create another one on your local drive and another on an external storage device. This is the so called “Grandfather, Father and Son” method. The frequency is for you to decide because it depends on how often you update your site.
3) Be very careful when installing free plugins and free WordPress themes. Make sure to run some diagnostics first or find out about it before anything else. Some plugins and WordPress themes may contain some “vulnerabilities” that allow hackers to take control of your site.
That’s it! Will all the above provide you with 100% insurance that your assets will be safe? Absolutely not, but implementing some or all of them will certainly be better than doing nothing at all. Obviously there are more ways to keep your assets protected and I highly encourage you to do more of your own research. I only hope that this never happens to me or anyone else. Play it safe.
Matt Alhaarth
Very scary what happened at famousbloggers but good to hear it has been resolved successfully. I’ve used Bulletproof Security plugin since having a malware attack some time ago and this incident prompted me to pay for Protected Registration on my sites too.
Julie Robert
Security is an ongoing process and you cannot ignore this as it is valuable for your assets. There is a huge group of hackers and to defeat them you have to become up-to-date with new technologies and techniques. If some vulnerable points are accessed by them then don’t wait for helping but try to immediately resolve that issue with no wasting of time. Quick response is the best solution of these problems.
Tommy Stan
You might want to mention 2-Factor Authentication also. I think this is the type of wake-up call that many need to kick this complacent attitude about authentication and passwords. There continues to remain the need for more preventative measures to be put in place. For example many of the leading web hosting providers are giving users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim the verification process makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your site(s) are secure. I’m hoping that more providers start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.
Joe Seals
Thanks for the informative read. It is very unfortunate that most of us only take action once it’s to late or while we are in the middle of the storm. But like auto insurance, we should be protected before we get into the mess.
Thanks for the read! Very useful!
fanstap
oh, those must have been 4 awful days for him
thank you so much for writing this post
every blogger must read it
Chris
Yes, security is very important. And it concerns not only strong passwords, backups and updates. We also shouldn’t remember passwords in our FTP clients…
Thanks for sharing,
Chris
Anton Koekemoer
Hi Again DiTesco,
Yes – I happens to more people than one would originally think – Especially since wordpress is so easy to use and set up, webmasters tend to forget about the security side of their website. And yes – having your domain name stolen is most probably one of the worst things than can happen – luckily his hosting provider was very helpful and took almost immediate action after they were notified. Horrifying experience I know…
Bhavesh
after reading this post i find that security is most important factor in blogging and this article is really helpful for me .. thanxxx for sharing …..!!!!
Shiva @ Blogging Ideas
Quite a nutshell checklist to follow for securing out website and domains. I think nowadays there are too many hackers out there on the prowl that we really need to keep our sites and domains secured.
There are many plugins and also tweaks out there that we can follow to make WordPress more secure and also for domains probably we can add more security measures like Whois privacy and two step authentication and so on. Thanks for the tips Ditesco.
Kimsea
Thanks for sharing! I am newbie to blogging I just bought a domain and hosting. I am currently using wordpress blog that is great to hear about blog security from you.