Keep Your Blog Safe From Hackers With a Strong Password
Posted by Keith LuntMar 18
Protecting your blog with a strong password is essential. How can you create a strong password and what else can you do? And what can happen if you don’t?
If a hacker was to get hold of your blog’s main admin password then they could take control of your blog. From simply adding posts that link to their own website, to loading virus software onto your readers’ computers and even getting you to unintentionally host phishing pages, there are loads of prizes a hacker can take if they access your blog.
And for you – well if a hacker gains access to your blog you can lose all of your hard work!
How a hacker gains entry
A hacker will gain entry to your blog in a couple of ways. First, they might use key logging software to ‘watch’ you type in your password. You protect yourself here by anti virus software and secure connections. But, this is a difficult way to get access to your blog.
The other way is to simply ‘guess’ your password. A hacker will use a program to constantly try different possible passwords to log on to your admin – known as a brute force attack. A simple password will not take long to guess and that is why a strong password is essential.
‘Simple’ passwords
Using something as simple as ‘pass1′ is very insecure. Why? Well if the hacker starts at a, the aa, then ab and so on it will not take them long to get to your password. However, even ‘Pass1′ is harder to guess as the attack needs to look at upper and lower case letters.
Stronger passwords
But even both of these examples are very weak. The longer the password is the longer it will take to go through all of the combinations required to guess it. Stick to lower case letters and numbers and there are 36 characters per position. Include upper case characters and unusual characters and that can jump to 70 or 80 combinations. Expand that to an 8 character long password and the combinations possible becomes 80 * 80 * 80 * 80 * 80 * 80 * 80 * 80! Trying to go through these combinations becomes a lengthy process, during which hopefully the attacker gives up and tries elsewhere.
Send the hacker elsewhere
There are two further tricks to make sure the attacker moves elsewhere. First of all do not use a simple to guess user id. For example, in WordPress, do not use ‘admin’, which is the default. Now the hacker has not just to guess the password but also the user name.
The second security trick is to install a plugin that will block out a hacker from attempting new passwords, such as Limit Login Attempts. This detects a brute force attack and locks out the hacker for a period of time. Suddenly, not only are they trying a lot of combinations but also taking days between guesses.
If you want to keep up with our latest posts, just follow us on our RSS feed, join our weekly newsletter or follow us over at Twitter. Please do join in - it is totally free and only the best posts are passed to you!
Also, leave a comment below. We are a 'DoFollow' blog, so it is well worth your time. Thanks for calling in.
-
Securing Your Blog With A Better Password It sounds simple, secure your login with a good password. So, why do so many people struggle? I know of...
Protecting WordPress From Brute Force Hackers So, what can we do to protect out blogs from brute force attacks, where hackers just spend ages trying out...
Limit Login Attempts And Lock Out Hackers One way hackers will try to hack into a target website is by running a program that tries thousands of...
Choosing A New WordPress Admin Name If you want to make sure that you beat brute force hackers, then you must change your admin userid. Here...
Blog Protection From Hackers If you are writing a blog then you have to be aware that you could be the target for hackers...
Ways Hackers Can Attempt To Attack Your Blog If you are worried about the security of your blog (and if you own a blog, you should be), then...
Locking Down Your WordPress Admin Login If someone is going to attempt to attack your blog through brute force, a good password and an unusual admin...
A Good Looking Idea, Not Quite There The last time I wrote I was talking about signing up to postlinks.com and the account problems. Still no joy,...
How to Prevent Someone Hacking Into Your Blog No-one wants to see their blog hacked, a random message on the home page, messages deleted, links to unsavory websites...
What To Look Out For Following A Blog Attack Is it always useful to be on the lookout for the signs of your blog being attacked, even if you...
Wow, thank you for this information.
I think someone hacked into my blog over the weekend as I can’t access it any longer (at the moment).
I was trying to find some useful information to write an article to the ‘hackers’ and post it on my blog when I found your blog:-).
9And no-it doesn’t bother me that I have no access to my blog as there is nothing it which can’t be restored or is too revealing. There is a solution to everything. And I appreciate that I can’t access my blog until this problem has beeen solved as it gives me time to do other things instead…)
I don’t do online banking-and I never will, I just can’t understand ‘why’ people hack into a blog as there is nothing to gain from. when handled carefully…
I have a back-up of all my articles and should I lose my blog it won’t take long to restore it (possibly about 10-15 minutes maximum). It took me a long time to write and to get all the informations I need to open a blog, but a re-building should be done in a very quick time.
I can advise all bloggers to keep their articles on a virus scanned back up disk or in a secure online storage place and to cut out the email addresses from people who post comments on the blog. And as weird as it sounds-but it seems useful to me to use a fake name and address in case of a hacker attack…
I do look forward to receive regular updates from you and I hope you publish my comment after you’ve taken my email address and blog address-to keep it in a safe place:-), if not, that’s okay too. After all there are people out there who walk from door to door (and even people with job’s in post office doing it-and searching rubish…:-)…) who take address details and do an identity theft. Personally I believe that the media is making too much fuzz and inject fear on purpose into people’s minds-as there are millions of way’s to do an identity theft-but the reality is that it can be prevented to a certain degree with the right precautions. Every bank has a ‘card guard’ these days which doesn’t cost much. And it doesn’t cost much either to buy the newest anti-virus and spy software. And it takes only a little bit of time to remove email addresses of people from a blog (there are professional ‘Freelance-companies’ out there who don’t charge much to do this kind of job on a regular basis…) And everyone who doesn’t have the money—well he or she has certainly a small blog like mine and can do it on her/ his own.
Regards,
Karen