Getting hacked has been a tiring but rewarding experience. Absurd, yes?
Let me explain. I have spent my entire adult life learning how to be more responsible for myself, my stuff, my projects and my people. Responsibility frees me. No longer am I beholden to others. I am also no longer beholden to my own fears.
Responsibility entails knowledge and a willingness to act on that knowledge.
When I got hacked, I realized I had done something very, very, very stupid.
WordPress is a web-based system that runs through a web database system called MySQL. Structured Query Language is relational-database (data in one field can be related to data in another field through a relationship) that is about 45 years old. Without SQL (and php, but that’s another discussion) wordpress would be unable to save posts and pages and comments.
It would be like a car without an engine.
I run WordPress myself (as opposed to wordpress.com). That means I have access to the MySQL databases attached to my wordpress files.
The gold standard for web security with regard to wordpress (and any website running SQL) is to have one username per website per SQL database. That means the database attached to jaysennett.com should have one username (call it user1); the database attached to homofactuspress.com should have a second, different username (called it user2); and so on, for all my domains.
Why should this be the gold standard?
If a hacker gains access to the database information (which is quite easy to do, actually, since that information is contained in the configuration file that runs wordpress), they can only vandalize/hijack one website.
I’m sure you can see where this is going because that is not what I did. Here’s what I did. Each domain/website had the same username for the database running it. So when they hacked the jaysennett configuration file, they gained access to all three database files.
This is a really, really, really STUPID thing to do. And it is very irresponsible. Not even to my readers, however few they are, but to me! I had wasted my own time and money resources.
I was too smart to know how stupid I was. That’s how stupid I was. But I’m learning and quickly. And the reward has come from becoming responsible for my websites. Websites require responsibility. I’m still amazed that I even have to right such a sentence. Everyone knows houses require responsibility. But websites?
Yes, the website will require maintenance. Yes, security is something you will be responsible for. Yes, having a website is a responsibility.
The Impacts of a Hacked Website, Tony Perez, Sucuri Co-Founder/CEO
Are you a responsible website owner? Do you have security style?