Tips to help keep your blog safe:

• Keep all your software updated, not just WordPress. Make sure your plugins are updated.
• Use a strong password. Don’t use words or sequences of characters like “12345″ as your password. Make it a mix of characters and numbers.
• Don’t ever store your database dump online in a place Google will index it. It is very easy to use a Google search to find it.
• If you use public WiFi or a net cafe regularly, use SSL to secure the communication with your blog. Use the secure admin plugin for just this purpose.
• If you use Firefox, install PwdHash. It’s simple to use and works really well.

WordPress MU admins – Fire up phpmyadmin and look at wp_users. Try these sql queries to find weak passwords in your database:

SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘wordpress’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(’12345′);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘qwerty’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘anthony’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘Anthony’);
and because of the season:
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘christmas’);

Scary isn’t it how many people still use simple passwords? I must release that “Strong password” plugin we use on WordPress.com soon. That will certainly help avoid account hijacking.

Related Posts

• No related posts