Category Archives: Security

A little security tune-up

I recently tweaked a few small things on my various sites, hopefully improving security at least a bit. In case any of you are involved in similar tasks and might be interested, here are a few things I changed.

Previously I had installed self-signed certificates for SSL/TLS use on my site (primarily for admin purposes.) This ensures that I have an encrypted connection with my server and do not send my password over the internet in plain text for people to see. I was excited to see that my web host Hawkhost now supports Let’s Encrypt. So, I got new certificates issued by Let’s Encrypt for my sites. Let’s Encrypt certificates are free and easier to manage.
(I noticed that not all images on my sites load successfully over https – I’ll eventually need to make some changes.)

I also now force WordPress logins and admin sessions to occur over SSL/TLS. (Sometimes I forget to use https when logging in.) Check out this page to learn more about it – you basically need to make a change in your wp-config.php file.
While I was in there, I also enabled “DISALLOW_FILE_EDIT” – I don’t use the editor that much anyway.

I’m also considering enabling reCAPTCHA or Duo for logins, to protect against people/robots trying to guess my password, log in, and do who knows what. From my logs, I can see tons of malicious login attempts and it’s sad to say that’s pretty common behavior on the internet.

Additional security for your accounts

Google and Facebook both have a security feature which will require you to enter a code sent to your phone whenever you log in from a new computer. I highly recommend you to turn this security feature on!

Cracking passwords is getting easier for the bad guys, but turning this feature on will require them to also enter an additional security code sent to your phone, which (hopefully) the bad guys don’t have/can’t intercept!

For more info:
Google 2-step verification
Facebook login approvals

Why? For extra security! It’s no fun if your email or Facebook account gets hacked. Plus, you know don’t want the bad guys learning all this information about you or spamming your friends. It’s especially important to protect your email account because your other important accounts (bank, credit card, Paypal, Facebook, Amazon.com, etc) are often linked to your email account – you don’t want someone who has access to your email account to also gain access to all these other accounts!

(I used to blog about user security for the everyday person, but stopped for various reasons. Feel free to peruse my old userbesafe blog, although I’m sure some things have changed/been updated.)