Don’t Get Hacked!

As some of you may have found out, the incredible graphic and logo designer, David Airey, has been hacked.
You can learn more about it on his post: David Airey.com Hacked.
As well as his post on GMail security: WARNING: Google’s GMail security failure leaves my business sabotaged

This brings up some security issues.
What can you do to prevent hackers?
Well, there are many things you can do, so let’s look at them.

First of all, if you’re using GMail - you’re vulnerable. Check out David Airey’s post on GMail security for more info.

Keep Wordpress Updated

If you’re using a self hosted blogging platform, be it Wordpress or something else, keep it updated!!!
Security issues are resolved in almost every update. Don’t leave your blog vulnerable!
If you’re using Wordpress, don’t be daunted by the update process. It looks hard, but it’s not.

Step 1: Back up your files.
This is something you should do periodically anyways, but you should definitely do it before you update. I had a scare once when I was updating Wordpress. I thought I had lost all my posts! I ended up saving them, but save yourself that scare. It’ll add years to your life. (My New Wordpress Disaster)
You can backup your posts by clicking on Manage > Export > Download Export File.
It doesn’t take much, so do it.
I would also recommend backing up everything that is in your wp-content folder. It’s just an extra safety net that helps keep your mind at rest.

Step 2: Download the latest version of Wordpress.
You can download the latest version of Wordpress on their download page.

Step 3: Deactivate your plug-ins.
This is easy. Go to Plugins on your WP control panel, and click ‘deactivate’ on all your plugins.

Step 4: Upload the new version of Wordpress.
This is the scary part.
Upload the new version of Wordpress via FTP - but do not upload the wp-content folder or the wp-config-sample.php/wp-config.php file.
During that process your blog will go down temporarily. Thus, I recommend you do it late at night and use the Maintenance Mode Plug-In.

Step 5: Update Wordpress
Visit blog root / wp-admin / upgrade.php to update your files.
Make sure to do this. If you don’t, your blog won’t work right. I forgot to do that the last time I upgraded Wordpress and I scared myself half to death.

If you want to learn more, visit the Official Wordpress Upgrading Instructions or the Extended Wordpress Upgrading Instructions.

Get Rid of the Version String

If someone knows what they’re doing, they can figure out what version of Wordpress you’re using and hack into your blog through already known security issues.
If they don’t know what version of Wordpress you’re running, then it will be harder to hack and the potential hacker may just move on.
Thus, access your header.php file (which can be found here: Presentation > Theme Editor > header.php) and change this:

<meta name=“generator” content=“WordPress <?php bloginfo(’version’); ?>” />

To this:

<meta name=“generator” content=“WordPress” />

Protect Your Plugins

Again, if someone knows what they’re doing, they can find out what plugins you have installed and get into your Wordpress through potential plugin security issues.
And again, if the potential hacker doesn’t know what plugins you have, then it will be harder to hack.

Therefore, you should put a blank index.html file into your plugin folder (which can be found here: your wordpress root > wp-content > plugins.)

(Thanks Pingable)

Do NOT Share Your Password

Your password is key. If someone gets your password, or can figure out your password, you’re in trouble.
Use a Password Checker and use a strong password.
Don’t share your password with anyone - and don’t have it on your computer.
Have a stack of 3×5 cards next to your computer with your passwords. Do not use a master password or a password management program.

That’s all I have in the way of security at the moment.
Does anyone have any other pointers?
If so, share them!