How I woke up to my website being hijacked, and tips to make sure it never happens to you.
WOW! It has been one hell of a morning for me. While I woke up early this morning excited for studying I was instead woke up to a cute email from WordPress telling me my verification email had been changed. So naturally I tried to do what I always do if something is up and change my password. Well not only was my verification email changed, but my account email was changed. Oh, and my password was changed. Oh, and my website (joshuaglaab.com) now only featured articles written by one, Aditya Sarkar. Well, that’s interesting. So I spent most of the morning with the fine people at word press and they sorted me right out so that I could get my website back.
How Did This Happen?
I have a few theories about how our good friend Mr. Sarkar got a hold of my information. Consulting with Firefox it appears my data had been breached not once, but FOUR TIMES! All regarding websites I had used in the past. Not a bad culprit, but there could be other possibilities as well. My frequent use of public open wifi left me at a high risk for a long time. All that needed to happen was one enterprising individual to open a wifi sniffer at a starbucks and just wait for me to input an email/password combo.
How Can I Prevent This?
I will describe the steps I now take to protect my information.
- Randomly generate strong passwords for all websites
- This makes it much harder for a person to get into any account, and by randomly generating all passwords, if one gets lost in a breach the others will be safe.
- Organize Passwords in a secure location
- Since the passwords are WAY to big to memorize I have organized all of mine in a secure account, which is also protected by a monster password and two factor authentication.
- Two Factor Authentication
- This might be the most important point on this list. By requiring your phone to log into accounts it makes it impossible for someone to break in without access to your phone. Even if they get the password they wont gain access to your account, giving you time to lock them out again. Almost every website has an option for you to enable this. I personally set up texting and an authentication app for many of my accounts.
- Install a VPN
- This is your armor for sketchy wifi. Even if someone sniffs your data on the public wifi the VPN encrypts everything you send so the would be hacker only gets a string of gibberish.
Anyway
This has been my story of getting my website hijacked. Make sure you take steps to protect yourself on the internet! Its a mad mad mad mad world out there, so do yourself a favor and put up some defenses.
Joshua Glaab 