If you're here as part of the Summer Biannual Blogathon Bash for 2013, welcome! (If you have no idea what I'm talking about, you can check out the bash here!) I hopefully have three interesting posts for you to view and work with, and some fun mini challenges to boot! You can join in at any time, and if you still need to sign up to try to win one of the amazing prizes available this round, now is the time to do so! Wishing you all the best blogathon bash ever! Have fun! 🙂
Q: How do you keep yourself completely 100% secure from online hackers, creepy people, and the US government?
A: You can't. Even if you never touch a smartphone, tablet, netbook, laptop, nor a desktop computer in your life, you're roughly 90 to 95% secure from identity theft, stolen personal information, stolen funds, etc through "online" means. That 5 to 10% depends on how much your mother and/or BFF loves to add photos of you to their Facebook wall. Heck, you could probably find your house on Google Maps. And we're not even getting into Big Brother discussions...
So yeah, how do you keep your information as safe as possible while enjoying an online lifestyle?
Let's start with email...
There's probably nothing I hate more than hearing that someone has lost their email account. That is stuff nightmares are made of! I don't know about you, but there are a lot of companies, families and friends that I would have to call if my email was ever broken into.
So I have this way to make it as secure as I possibly can, and I'm not talking about two-step authentication - though ultimately, the two-step method with gmail is THE only way to keep your email 98% secure (if someone steals your phone and tries to hack into your gmail account, there is nothing stopping them.) My method is NOT fool-proof, I still fear for the safety of my email, but I've made it as secure as I possibly can.
So to keep my emails secure I do a bit of re-routing. I've created a couple email addresses that I use publicly for my site. They're on my business cards, which I tend to hand out freely, and if I'm required to give someone my email address online, these are the ones that I use to keep connected. They also have 18 character, upper and lower case, numerical and symbol based passwords (and if you can figure out what I've blurred out in the image below, that ain't it, LOL!)
So I have these two email accounts, and you'd think those long passwords would be enough right? Well I guess it could be, but how in the heck am I supposed to remember them? If I had even a smidgen of mnemonic talent, that 18 character nonsensical string would probably be easy to remember, but I haven't practiced mnemonic tricks in a very long time. Like, back in high school was probably the last time I really tried to make it work, so how do I use these passwords without saving a file on my desktop?
I get GMAIL to save it for me.
This is the most crucial step in creating a safe email environment. And it just might blow your mind.
Create an email address through Gmail (or Outlook, but I completely recommend using Gmail for this, especially if you want to use two-step authentication on top of this method for 98.5% security,) and here's the trick...
Don't tell anyone what that email address is.
Like, no one. Not a soul, not a company, not a social media channel. Nada. As far as the online world is concerned, this email address shouldn't exist. The only three "people" who should know about this address is you and your deity and Google (and if you subscribe to the Church of Google, the latter two are one in the same, so that'll knock it down to only TWO "people" knowing.)
Why create an email address if no one is going to know about it? Simply consider that email addy as your login to Gmail (and other Google apps if you so choose,) and conduct all of your email business with the branded accounts that you've created initially (like my two in the image above.) You can even tell Google that the default email address to talk to anyone with is not the Gmail address you logged in with.
So how to get your email identities into your brand spanking new, uber sekret Gmail account?
Once you're logged into Gmail, go to Settings > Accounts > and then scroll down to "Check mail from other accounts (using POP3)". You'll find a link: "Add a POP3 mail account you own", and when you click on it a box will pop up to get you started on importing your email account.
Then do as follows:
This is where you tell Gmail to save that 18 character long password that may or may not look like a really long swear word... &$IF**#w^G73(@#h*R
By not leaving a copy of your email on the original server, should anyone happen to figure out your 18 character password (which, WHOA, you must have awesome email, 'cause that's dedication in password breaking right there!) they won't have access to your email, 'cause its only sitting in the Gmail account that they know nothing about and have no way of linking back to you! How's that for cool cookies?
Repeat these steps until all of your email accounts that you want to keep safe are added (well, up to five of them, 'cause Gmail has limits.) Once you're done, scroll up a bit were it says "Send mail as" and over to the far right you can choose which email address to use as your default addy when you're emailing everyone under the sun. You will still have access to all of your other accounts, but once you hit the compose button, the first email address in the From line is the one you selected as default.
Of course, to also keep your email and yourself safe, don't ever open files that you weren't expecting. If your bank wants you to review information about your account, you can guarantee that the information will be found on the bank's site. Thanks to dangerous hackers, there isn't a single bank out there that will ever send out an attachment of any kind. Don't ever open these! And if you're not sure if the bank email is legitimate, call up your bank and ask! Or log in to your bank account; if something is wrong, the bank will want you to know when you log in.
Some spam emails have become really crafty and the signs you're looking for are truly hard to spot. If that happens, copy the entire email message and paste it into Google Search. If someone has received that email before, they will let everyone know about it. And if you've received the exact same email, you can bet its 100% spam and potentially dangerous.
Your Blogger Site
Unfortunately, there's not too much you can do to keep this site safe, other than using long passwords and/or use your uber sekrit account that you've made for Gmail above as also your Blogger account. And its cool to do so, as no one needs to know what email address you've used to create your blogger account. If you only publish the branded email anywhere you need to on your blog for contact purposes, your uber sekret blog account email will remain entirely unknown.
Here's how to change to the uber sekret user account for your Blogger blog:
Go into Settings > Basic and scroll down to + Add Authors
Add your uber sekret email account as a new author and then wait for the verification email. It's best to do the verification in a different browser, or else Blogger will keep you logged in with your old account at the same time... it gets messy.
Not sure if you'll have to confirm you profile, or if its something that I had to do with the way I created this sample. If you do, be sure that your display name is the same name as your current author name for your blog (you can duplicate without issue.)
See how the names are the same? And both accounts are selected as Admin? You'll have to change the new account from "Author" to "Admin". Once that's done, and while you're in the new uber sekret account, select the account you want to remove and just click the "X" button. The account will be removed and all posts will be labelled as written by the "new" author.
Some things to take into consideration: if you already use Google+ with your non-sekret account, you won't be able to transfer this account to the new uber sekret email address, same goes for Adsense (Google only allows you to have one account, and I don't believe there's a way to transfer by email.) So while your blogger account will be safe in uberness, this trick doesn't work with every app, so you potentially will have two separate Google-enhanced accounts.
Your WordPress Site
There are a few more things we can do on WordPress to keep our sites safe. If you haven't installed Wordfence yet, I whole heartedly suggest you install that plugin the moment you're done reading here. It keeps a watchful eye on your site and can tell you when files on your site have changed and look sketchy, has its own firewall to block commonly known threats, continually scans for malware and phishing within all of the comments left on your site, login security to limit brute force attacks, etc. This plugin does a lot to keep your site safe for you, 'cause you can't be watching your site personally 24/7 (you do need bathroom breaks, ya know!)
Additional ways to keep your WordPress site safe:
- For the love of Peter, Paul and Mary, do NOT use "Admin" as your login. The word Admin is what hackers will use first to see if they can get into your site, and they'll learn pretty quickly if they have the right login name even if they don't have the right password. If that is your login, stop everything that you're doing and change it now. (You can change it much the same way as the blogger instructions above; add a new user, turn that user profile from subscriber into an administrator account - you'll find it in the user profile section, probably near the bottom; and then delete the "Admin" account. All blog posts will be moved from "Admin" to your new user. Also, don't show your login name on your blog posts. There is a section in the User Profile page to add a "Nickname". Use this spot to add the name you want to show on every blog post as your Author name, and then be sure to select this nickname from the drop down selection directly below it.
- Delete all plugins that you are not using, and ensure that you've got the latest updates for the plugins you do use.
- Delete all themes that you are not using, and ensure that you've got the latest updates for the themes you do use.
- Ensure that you are using the most recent version of WordPress.
The latter three bullets are to ensure that there are no security holes in your site that were inadvertently made by others.
So yeah, those are a few tidbits to keep you and your website(s) safe from harm.
Now here's the challenge...
Do something, anything that proactively keeps your site safe. You can work on anything that is suggested above, or you can create your own safety task. I realise a lot of this discussion can be fairly advanced if you're new-ish to the blogging world. If you're a Gmail user, you can look up two-step authentication and see if that method is something that speaks to you. And/or you can simply go through all of your sites and social media channels and change ALL of your passwords, 'cause hey, every time you change a password, a fairy is born and a hacker sheds a tear. It's totally up to you on what to do, as long as it keeps you safe!
For verification let me know in the comment section below what you chose to do! (And for security's sake, I won't be asking for visual proof!) 😉