Book-o-Sphere Flutters ~ May 3rd #Security Edition

Flutter-worthy News

  • Carmel @ Rabid Reads talked about Paranormal New Releases: April 29th – aaaand pretty much broke my bank with all the one-click-buy action provoked…
  • Flutterlicious…

  • Shel @ BiblioJunkies reviewed Burn Bright by Bethany Frenette [Urban Fantasy/Paranormal]
  • KimbaCaffeinate @ Caffeinated Book Reviewer reviewed The Taking By Kimberly Derting [Sci-Fi]
  • NA:
  • Kristen @ Pretty Little Pages reviewed Not Quite Dead by Lyla Payne [Paranormal/]
  • Jesey @ Schmexy Girl Book Blog did a review + quotes cool kinna thing for Destroyed by Pepper Winters [Dark Erotic Romance]
  • KimbaCaffeinate @ Caffeinated Book Reviewer reviewed Killing Sarai By J.A. Redmerski [Romantic Suspense] – and, after reader her review and Christy’s review of the novel last week, got to start reading it at 2 AM…stop staring at me that way, I’m sure other people stalk book blogs at 1,30 AM and start reading books they know they won’t be putting down until The End…you could stop staring aaaany time now…>_>…
  • Kelli @ I’d So Rather Be Reading reviewed Hold Me Tight (Take Me Now #3) by Faith Sullivan [Contemporary/Romance]
  • Adult:
  • Melissa @ Books and Things reviewed Talk Dirty to Me by Dakota Cassidy [Contemporary/Romance]
  • Rainy Day Ramblings reviewed The Other Typist by Suzanne Rindell [Historical/Mystery]
  • Tips&Tricks for the pro butterfly

  • Ash @ NoseGraze talked about Why Your WordPress Site Was Hacked – good tips there on security.

    I’m hoping your site hasn’t beet hacked, but it might. After being the target of an attempted hack this week, I can sure tell you it feels GREAT to know you’ve done your best to be safe. I was always of the “my blog won’t be a target, it’s too modest” kind of conviction. Then there was giveaway hop, traffic surged (as it often does with these things), and I have a sinking suspicion the traffic surge & attack might have been connected somehow. Maybe it’s a coincidence, but I’m not a big believer in coincidences 🙂

    Security Lessons Learned:

    1. I’m telling you from personal experience that having any user with the username “admin” is a really bad idea – it’s the first forced login attempt the attack went with. What came second? The domain name, ie “butterfly-o-meter“. So DON’T use either the generic “admin” or your domain’s actual name as usernames, that’s my advice. If you have, like Ash advises, make yourself new user(s) with he same rights and get rid of those sitting duck targets. I didn’t have either of these, luckily, which made me feel better when I realized I was under attack. Be smart, keep yourself safe to begin with!

    2. Use STRONG passwords! I’m talking letters, capital & not, punctuation marks, numbers, the works! Is it hell to remember? You don’t have to. Keep it written down on your Important Stuff Notebook (preferably a planner or something that exists in real life & you know you always take real good care of, that’s where I keep all my passes & accounts details.). You can also use programs to keep track of them, but I feel my planner which is at home & safe at all times is the kind of data nobody can steal. Am I paranoid? Maybe. Does it help to keep my stuff safer? Definitely.

    If your password is long, complex, lots of different combinations of things, it makes it a lot harder to hack. Unless it’s a personal attack (ie there’s someone brainy enough to be able to hack you that’s attacking your a$$, in which case, my thoughts are you’re pretty much gonna get hacked whatever you do), bots will only try to attack for a predetermined time period, number of tries, etc most likely. Attacks tend to last for a while, generally not very long, trying out your defenses, and then move on to greener, richer grass. Make sure the greener grass isn’t you!

    3. Defense Line Plugins Galore!!
    I’m using pretty much everything I could find & look into, firewall, bad request handlers, login attempts regulators, IP blocking options, the works! As things look now, we seem to have gotten out of the dangerous waters, and I’m pretty sure these plugins did a great lot of work for that!

    I already had up some defenses, which is why I realized we were under attack at the first attempt, pretty much. But as soon as I got the first email alert someone was trying to log in with the “admin” username I don’t have, I knew it was hack bot attack time and doubled down on security, Fort Knox style, as much as I possibly could.
    Be smart about it though, read carefully, mix & match them so they do different things rather than overlapping their action. After installing them, be sure to actually use them, ie configure them! Very few work as “out of the box”, so look around, read around, find out how to configure them and do so. Just having them installed won’t keep you safe, you have to make them work for you!

    I’m not a hardcore coder, but I do speak some code and have some basic understanding of what one thing or the other is. I won’t lie, it helped a heck of a lot to know what I was reading about, looking for, what options I had to consider! But I had to do this extra security setup while under attack, which is not when you should do it!
    If you’re looking for some good tips, check out also Parajunkee‘s post on security, Lock Down Your Blog!, I really like a couple of those options there, combined: Wordfence, WP Simple Firewall, Block Bad Queries, Sucuri, WordPress File Monitor Plus, and consider BulletProof & Better WP Security too. Mix & match, because it’s better to be safe than sorry! Make those plugins work for you:
    – limit forced login attempts, password recovery form use (possibly setting up alerts for when it happens, cause if you’re the only user on your blog, it’s obvious it ain’t you!)
    – setup alerts so you know when you’re under attack – there are things you can do to try and manage it: temporarily blocking malicious IPs, toughening up the security levels all over, etc. It’s a crisis kind of battle plan, it’s good to know when you have to actually use those hardcore-like options!
    – as soon as you realize you are under attack, rethink what email alerts you want to get while it lasts. Depending on how mean the bot is, you could be looking at tens, hundreds, thousands of potential alerts maybe. Only keep active those that are actually helpful to you right now, in crisis mode.
    – eat a lot of chocolate & read something smutty and real good – okay, so it’s not actually a security thing, but it helps keep you our of freak-out-land while you’re under attack, lol

  • Cool Discussions around the garden

  • Danny @ Bewitched Bookworms talked about Super 6 Books that made me laugh
  • Tanya @ Parajunkee did an awesome Book Bloggerista News: April 28, 2014, as usual!
  • Songasm


    9 thoughts on “Book-o-Sphere Flutters ~ May 3rd #Security Edition

    1. Jae Jaggart

      Great post on WordPress security. Ages back I had a WordPress site I thought safe hacked, it is NOT a good feeling. I know others it has happened to as well. Excellent links to other sites and advice too! Jae


    Leave a Reply

    Your email address will not be published.

    CommentLuv badge