If you’re here as part of the Summer Biannual Blogathon Bash for 2013, welcome! (If you have no idea what I’m talking about, you can check out the bash here!) I hopefully have three interesting posts for you to view and work with, and some fun mini challenges to boot! You can join in at any time, and if you still need to sign up to try to win one of the amazing prizes available this round, now is the time to do so! Wishing you all the best blogathon bash ever! Have fun! 🙂
Q: How do you keep yourself completely 100% secure from online hackers, creepy people, and the US government?
A: You can’t. Even if you never touch a smartphone, tablet, netbook, laptop, nor a desktop computer in your life, you’re roughly 90 to 95% secure from identity theft, stolen personal information, stolen funds, etc through “online” means. That 5 to 10% depends on how much your mother and/or BFF loves to add photos of you to their Facebook wall. Heck, you could probably find your house on Google Maps. And we’re not even getting into Big Brother discussions…
So yeah, how do you keep your information as safe as possible while enjoying an online lifestyle?
Let’s start with email…
There’s probably nothing I hate more than hearing that someone has lost their email account. That is stuff nightmares are made of! I don’t know about you, but there are a lot of companies, families and friends that I would have to call if my email was ever broken into.
So I have this way to make it as secure as I possibly can, and I’m not talking about two-step authentication – though ultimately, the two-step method with gmail is THE only way to keep your email 98% secure (if someone steals your phone and tries to hack into your gmail account, there is nothing stopping them.) My method is NOT fool-proof, I still fear for the safety of my email, but I’ve made it as secure as I possibly can.
So to keep my emails secure I do a bit of re-routing. I’ve created a couple email addresses that I use publicly for my site. They’re on my business cards, which I tend to hand out freely, and if I’m required to give someone my email address online, these are the ones that I use to keep connected. They also have 18 character, upper and lower case, numerical and symbol based passwords (and if you can figure out what I’ve blurred out in the image below, that ain’t it, LOL!)
So I have these two email accounts, and you’d think those long passwords would be enough right? Well I guess it could be, but how in the heck am I supposed to remember them? If I had even a smidgen of mnemonic talent, that 18 character nonsensical string would probably be easy to remember, but I haven’t practiced mnemonic tricks in a very long time. Like, back in high school was probably the last time I really tried to make it work, so how do I use these passwords without saving a file on my desktop?
I get GMAIL to save it for me.
This is the most crucial step in creating a safe email environment. And it just might blow your mind.
Create an email address through Gmail (or Outlook, but I completely recommend using Gmail for this, especially if you want to use two-step authentication on top of this method for 98.5% security,) and here’s the trick…
Don’t tell anyone what that email address is.
Like, no one. Not a soul, not a company, not a social media channel. Nada. As far as the online world is concerned, this email address shouldn’t exist. The only three “people” who should know about this address is you and your deity and Google (and if you subscribe to the Church of Google, the latter two are one in the same, so that’ll knock it down to only TWO “people” knowing.)
Why create an email address if no one is going to know about it? Simply consider that email addy as your login to Gmail (and other Google apps if you so choose,) and conduct all of your email business with the branded accounts that you’ve created initially (like my two in the image above.) You can even tell Google that the default email address to talk to anyone with is not the Gmail address you logged in with.
So how to get your email identities into your brand spanking new, uber sekret Gmail account?
Once you’re logged into Gmail, go to Settings > Accounts > and then scroll down to “Check mail from other accounts (using POP3)”. You’ll find a link: “Add a POP3 mail account you own”, and when you click on it a box will pop up to get you started on importing your email account.
Then do as follows:
This is where you tell Gmail to save that 18 character long password that may or may not look like a really long swear word… &$IF**#w^G73(@#h*R
By not leaving a copy of your email on the original server, should anyone happen to figure out your 18 character password (which, WHOA, you must have awesome email, ’cause that’s dedication in password breaking right there!) they won’t have access to your email, ’cause its only sitting in the Gmail account that they know nothing about and have no way of linking back to you! How’s that for cool cookies?
Repeat these steps until all of your email accounts that you want to keep safe are added (well, up to five of them, ’cause Gmail has limits.) Once you’re done, scroll up a bit were it says “Send mail as” and over to the far right you can choose which email address to use as your default addy when you’re emailing everyone under the sun. You will still have access to all of your other accounts, but once you hit the compose button, the first email address in the From line is the one you selected as default.
Of course, to also keep your email and yourself safe, don’t ever open files that you weren’t expecting. If your bank wants you to review information about your account, you can guarantee that the information will be found on the bank’s site. Thanks to dangerous hackers, there isn’t a single bank out there that will ever send out an attachment of any kind. Don’t ever open these! And if you’re not sure if the bank email is legitimate, call up your bank and ask! Or log in to your bank account; if something is wrong, the bank will want you to know when you log in.
Some spam emails have become really crafty and the signs you’re looking for are truly hard to spot. If that happens, copy the entire email message and paste it into Google Search. If someone has received that email before, they will let everyone know about it. And if you’ve received the exact same email, you can bet its 100% spam and potentially dangerous.
Your Blogger Site
Unfortunately, there’s not too much you can do to keep this site safe, other than using long passwords and/or use your uber sekrit account that you’ve made for Gmail above as also your Blogger account. And its cool to do so, as no one needs to know what email address you’ve used to create your blogger account. If you only publish the branded email anywhere you need to on your blog for contact purposes, your uber sekret blog account email will remain entirely unknown.
Here’s how to change to the uber sekret user account for your Blogger blog:
Go into Settings > Basic and scroll down to + Add Authors
Add your uber sekret email account as a new author and then wait for the verification email. It’s best to do the verification in a different browser, or else Blogger will keep you logged in with your old account at the same time… it gets messy.
Not sure if you’ll have to confirm you profile, or if its something that I had to do with the way I created this sample. If you do, be sure that your display name is the same name as your current author name for your blog (you can duplicate without issue.)
See how the names are the same? And both accounts are selected as Admin? You’ll have to change the new account from “Author” to “Admin”. Once that’s done, and while you’re in the new uber sekret account, select the account you want to remove and just click the “X” button. The account will be removed and all posts will be labelled as written by the “new” author.
Some things to take into consideration: if you already use Google+ with your non-sekret account, you won’t be able to transfer this account to the new uber sekret email address, same goes for Adsense (Google only allows you to have one account, and I don’t believe there’s a way to transfer by email.) So while your blogger account will be safe in uberness, this trick doesn’t work with every app, so you potentially will have two separate Google-enhanced accounts.
Your WordPress Site
There are a few more things we can do on WordPress to keep our sites safe. If you haven’t installed Wordfence yet, I whole heartedly suggest you install that plugin the moment you’re done reading here. It keeps a watchful eye on your site and can tell you when files on your site have changed and look sketchy, has its own firewall to block commonly known threats, continually scans for malware and phishing within all of the comments left on your site, login security to limit brute force attacks, etc. This plugin does a lot to keep your site safe for you, ’cause you can’t be watching your site personally 24/7 (you do need bathroom breaks, ya know!)
Additional ways to keep your WordPress site safe:
- For the love of Peter, Paul and Mary, do NOT use “Admin” as your login. The word Admin is what hackers will use first to see if they can get into your site, and they’ll learn pretty quickly if they have the right login name even if they don’t have the right password. If that is your login, stop everything that you’re doing and change it now. (You can change it much the same way as the blogger instructions above; add a new user, turn that user profile from subscriber into an administrator account – you’ll find it in the user profile section, probably near the bottom; and then delete the “Admin” account. All blog posts will be moved from “Admin” to your new user. Also, don’t show your login name on your blog posts. There is a section in the User Profile page to add a “Nickname”. Use this spot to add the name you want to show on every blog post as your Author name, and then be sure to select this nickname from the drop down selection directly below it.
- Delete all plugins that you are not using, and ensure that you’ve got the latest updates for the plugins you do use.
- Delete all themes that you are not using, and ensure that you’ve got the latest updates for the themes you do use.
- Ensure that you are using the most recent version of WordPress.
The latter three bullets are to ensure that there are no security holes in your site that were inadvertently made by others.
So yeah, those are a few tidbits to keep you and your website(s) safe from harm.
Now here’s the challenge…
Do something, anything that proactively keeps your site safe. You can work on anything that is suggested above, or you can create your own safety task. I realise a lot of this discussion can be fairly advanced if you’re new-ish to the blogging world. If you’re a Gmail user, you can look up two-step authentication and see if that method is something that speaks to you. And/or you can simply go through all of your sites and social media channels and change ALL of your passwords, ’cause hey, every time you change a password, a fairy is born and a hacker sheds a tear. It’s totally up to you on what to do, as long as it keeps you safe!
For verification let me know in the comment section below what you chose to do! (And for security’s sake, I won’t be asking for visual proof!) 😉
48 Responses
You are such a smarty pants! And yes that is a compliment!
sharigoss *hearts you* Takes one to know one!
I change up my password for blogger and gmail A LOT! Somehow my facebook account was hacked last year and it really made me mad. So after that I change up my passwords to everything VERY frequently! Thanks for the post! 😀 Love the site by the way
JessicaBlankenship Thanks so much! My site is always a work in progress, but I like it, lol. 😉
And eek, sorry to hear you experienced a FB hack, that’s not cool at all. :/ But yay for keeping up with securing your accounts now!
I am always changing up my password. Looking for ways to make everything safer. I changed my WP login from Admin to a custom one and also set up WordFence. 🙂
Awesome challenge! After seeing so many people who had massive hacking attempts on their blogs lately, this is so timely. I had my personal yahoo email hacked, too. ack. pain in the derriere, you know? So I have WordFence, I changed from admin to (secret) and I didn’t even know to change the nickname – which is now all done. Thank you for all the info. It would be so awful to have my site hacked as I’d be clueless to fix it. OH, and I put captcha on my blog sign-in too. 🙂
savvysuburbanmama Awesomesauce!! WTG on securing up your site! 😀 Am so sorry to hear your email was hacked. Wow, that’s two comments on this post about Yahoo emails being hacked, not good. :/ Hope you have or will get your email account back through Yahoo! *fingers crossed*
I decided to change up my WordPress password. I even created new user as well. I have already added major efforts to protect my gmail account.
I am always changing passwords everywhere but tonight was as good a time as any to change them again!
I added WordFence. Thanks!
And just finished a scan that reminded me to update my Akismet plugin and that one of the theme files I’d installed (but couldn’t delete through the dashboard) had a big error – so logged into my host files and deleted all those extra themes pronto! Thanks!! 😀
I so wish I had done this last week. My yahoo account was hacked, and it is basically all the info I have. It will not let me back in, and you know how fun yahoo is to deal with! I set up a gmail account, but it isn’t letting me import the yahoo info, says I need to be yahoo plus member? I hope to use this idea when I hopefully get into my locked down account.
MelanieWatersSchemanski eek, just reading up on it now (’cause I haven’t used yahoo in ages!) But there are some posts out there suggesting that you would have to pay Yahoo $19.99/year to upgrade to the Yahoo Plus membership, which will allow you to forward your mail over to Gmail. Am sorry to hear your email account was hacked! :/ That is so rough. Keeping my fingers crossed that Yahoo can help you out on getting it back!
What an awesome post. Things I never thought about for my email account!
JamieGall1930 Thanks! I had fun writing it. 🙂
I’ve added wordfence for awhile, and definitely do the 2 step verification with my email address, and have gotten rid of the “admin” on my wordpress site.
JamieGall1930 Yay! So glad admin is now gone! 🙂 That’s one crucial step to keeping your site secure.
I’ve installed wordfence now and have deleted the themes and plugins I no longer use.
I did the following on all three blogs:
Installed Wordfence plugin
Scanned all three blogs
All plugins are updated
Deleted unused plugins
all themes updated
deleted unused themes
updated WordPress
I’ve deleted all the plug ins I’m not using
I’ve deleted all the themes I’m not using
I’m already using the latest version of WordPress
All plugins are up to date
All themes are up to date
Pinned post to remind myself to do other stuff later
I deleted all of my unused plug ins and themes- I never knew they could be a security risk!
TheMamaPirate any plugin/theme could be a potential security risk to your site, so if you’re not going to use them, its best not to keep those doors open kwim? 🙂 People also tend not to update plugins that they’re no longer using, ’cause they think “why bother?” Meanwhile updates are usually security improvements to those plugins, so even if you’re not using that plugin, having it sit in your site’s plugin repository turns it into a dangerous bit of code if its not updated to the latest versions.
Good post. My gmail has decent passwords, and I might look into the two step process later. For the challenge, I went with wordpress safety, and deleted a couple of unused plugins and themes. I also installed Wordfence–looks good! Still going through my first scan. 🙂
Everything is already up to date (diligent about that), and no admin. I cringe when I find out someone still uses that as a username.
audramsilva WOOT! WTG keeping your site secure! 😀 Yes, I’m looking forward to the day that WordPress forces users to create an account username that is not admin right from the get-go.
Every time (now and in the past) that I’ve tried to delete “admin” WordPress won’t let me. Tips?
Other than that, I’ve installed Wordfence (in all the WP work and reading I’ve done – NEVER heard of this. And no one whose worked on my site has installed it!). Cleaning up themes and plugins now.
AlaiaWilliams Generally admin is deleted by first creating a new user (this will be your new login user account,) setting it up as an administrator, then delete the admin account, transferring all posts to the new user. What does WordPress say/do to stop you? Any error codes?
aerynlynne yep, Ive done all that. when I go to delete the admin account, I get this message:ID #1: admin The current user will not be deleted.
There are no valid users selected for deletion.
AlaiaWilliams Ah! Just thought of something… are you still logged in as Admin while doing this? If so, log out and log back in again with your new user.
The thing about email confused me. I need to look at it again later. But I installed wordfence (installed and activated on four blogs at once thanks to ManageWP!) so thank you!
callista83 YAY! Wordfence is awesome, so glad its now installed. 🙂 Yes, I was worried at that the email tip might be confusing, especially on a crazy-fun-filled weekend like we’ve all had! 😉
I have a huge problem with passwords. I’m always forgetting them. So I have to write them down which doesn’t keep them secure. If i had a password like you suggest on gmail what if i want to use another devise to log in? I certainly won’t remember it.
ve3smu If I understood correctly, the long password is for her other emails, not to log in to gmail. So she doesn’t have to remember it.
ve3smu For this method, you would want to rely on gmail for logging in on all devices. Most devices have Gmail or a way to access your gmail account, so you would rely on this login instead of your individual email logins. For instance, my windows phone allows me to add my gmail account within its mail program, and through that all of my other emails also get loaded in when I need to see them. … Does that make sense? 🙂
but if someone takes your device they can automatically log in to your secret gmail. I’m confused I guess.
ve3smu I think I’m confused too, lol. If someone takes your device, regardless of whether you’re using gmail or another email program, and you have it set to automatic login, they will have access to your account. The only way to counter this is to have a wiping program (like Nortons Mobile Security) that will completely wipe your device’s info the moment you tell it to do so (when your device is stolen.) The Gmail password should be secure, but not the 18 character length one that I suggested for your other accounts. A good regular password involves 8 characters that cannot be found in a dictionary, and does not involve any personal information like your name, address, phone number, etc. Its also good to have the password include at least one uppercase, one lowercase letter and at least one number.
I have created secure passwords for all of my blogging related sites, thanks for the info!
Meg WW Awesome! Every bit helps to keep secure1 🙂
Went in and changed all my passwords! Great reminder…Need to look more into the gmail thing. I Work for the US government 🙂 – and they also use a form of “gmail” so my accounts can get confusing….
CrazyCasaK oh yes, the gmail for biz versions can make it a bit confusing for sure! I’ve done this myself in the past, and wound up dedicating two different browsers, one for each “gmail” account so that I could have both open at the same time, lol. YAY for changing passwords! That’s always a great thing to do. 🙂
I installed Wordfence and deleted the two plugins I wasn’t using. Thanks for this challenge!
Kecia08 WOOT! Thanks for reading and securing up your site! 🙂
You know, I am pretty sure it is time for a password change on all my social media and my gmail accounts as well. I will be changing them today. Thanks for all the help and for the tutorial. I don’t think I ever really thought about being blog hacked, so thanks for telling me about that. Great info.
I had my site hacked about a year ago – and it was a nightmare! It was a week before the tech peeps could get it back up again. So- today, since this is a great reminder, I went back through and changed all of my passwords again. I’ve started using a crazy combo – a word that makes sense to me, but then I substitute crazy numbers and symbols into it, to where it ONLY makes sense to me. And – I used to use the same passwords across all of my networks and accounts. Then I realized – shoot, if they get my email and ONE password from hacking a smaller site, then they can probably search around and get into everything. So now it’s a PIA to log in anywhere, lol, but I use tricky passwords everywhere, keep a list of them in a notebook, and change ’em monthly-ish. SO worth the work! 🙂
I’ve used gmail to manage all of my emails all along. I don’t think I’d want to do it any other way! I also installed Wordfence.
Wow thanks for all the info, I will need to read it a couple of times to get it straight