I Got Hacked, Part 2

Getting hacked has been a tiring but rewarding experience. Absurd, yes?

Let me explain. I have spent my entire adult life learning how to be more responsible for myself, my stuff, my projects and my people. Responsibility frees me. No longer am I beholden to others. I am also no longer beholden to my own fears.

Responsibility entails knowledge and a willingness to act on that knowledge.

When I got hacked, I realized I had done something very, very, very stupid.

WordPress is a web-based system that runs through a web database system called MySQL. Structured Query Language is relational-database (data in one field can be related to data in another field through a relationship) that is about 45 years old. Without SQL (and php, but that’s another discussion) wordpress would be unable to save posts and pages and comments.

It would be like a car without an engine.

I run WordPress myself (as opposed to wordpress.com). That means I have access to the MySQL databases attached to my wordpress files.

The gold standard for web security with regard to wordpress (and any website running SQL) is to have one username per website per SQL database. That means the database attached to jaysennett.com should have one username (call it user1); the database attached to homofactuspress.com should have a second, different username (called it user2); and so on, for all my domains.

Why should this be the gold standard?

If a hacker gains access to the database information (which is quite easy to do, actually, since that information is contained in the configuration file that runs wordpress), they can only vandalize/hijack one website.

I’m sure you can see where this is going because that is not what I did. Here’s what I did. Each domain/website had the same username for the database running it. So when they hacked the jaysennett configuration file, they gained access to all three database files.

This is a really, really, really STUPID thing to do. And it is very irresponsible. Not even to my readers, however few they are, but to me! I had wasted my own time and money resources.

I was too smart to know how stupid I was. That’s how stupid I was. But I’m learning and quickly. And the reward has come from becoming responsible for my websites. Websites require responsibility. I’m still amazed that I even have to right such a sentence. Everyone knows houses require responsibility. But websites?

Yes, the website will require maintenance. Yes, security is something you will be responsible for. Yes, having a website is a responsibility.

The Impacts of a Hacked Website, Tony Perez, Sucuri Co-Founder/CEO

Are you a responsible website owner? Do you have security style?

cover for Moxie, Vol. 1 by Jay SennettMy essay collection, Moxie, Vol. 1, will be released January 15, 2018. Preorder your copy today at Amazon, Nook, Kobo and Apple Books.

3 Comments

  1. I only have one website, so I think I don’t run the same risk of the username problem. But the risk I run is not knowing enough about the actual technology of the website and website running in general. I have a friend, a website administrator, who set mine up for me. I need to check with her about a few things and learn more. I dread this, as technology is not my thing. I admire it, but typically from afar. HOWEVER…IF i want a website, I must be willing to learn how to run it or to pay someone to run it responsibly for me, not do things by half measure. Eeeek. Thanks for posting about this, even though the entire subject makes me uncomfortable because of my own abdication of my responsibility Ona.

    1. “Not doing things by half-measures.” I appreciate your candor and your willingness to take responsibility even though it is hard for you.

      The more I think about this topic the more I find it strange that as creatives we all believe we need a website, yet have no idea how they work.

  2. I think that as creatives, we think we need a website whether we know how it works or not because of the nature of communication at this moment in time and space. If I’m lucky (and don’t get hacked) I can share my thoughts, essays, and most important to me, my stories with someone on the other side of the world in a few strokes of a key. Technology right here and now makes that seemingly easy. It is the “seemingly” part that can get us in trouble! For me as a creative, my creativity is in telling stories. My ex was creative in architecture and zie was a techno-detail person. Zie could could figure out a website administration problem or die trying. And would. However, you noticed the noun “ex”, therefore, I can’t utilize that particular creativity to help my less technologically creativity out!

Comments are closed.