Today, I checked my email account. I got quite alarmed, and comforted, at what I was looking at. An email looked like this:
Dear Site Admin,
A host, XXX.XXX.XXX.XXX, has been locked out of the WordPress site at http://painterlakes.net due to too many attempts to access a file that does not exist.
Then I started looking at the log files. It absolutely amazes me that with this site being as unknown as it is, and having next-to-no visitors, that I would get the interest of some compromised machines trying to get their way into the WordPress installation. So I’m thankful that I have installed a couple of security modules to the website and I’ll have to see what more I can do to help secure this site.
Speaking of other things security-wise, how many people have turned on two-way authentication for their online accounts? It can be a pain, but given that I have had my email account compromised in the past I have decided that the inconvenience of having to have my phone with me in order to log into my email (or other application) is better than having someone go in and access all kinds of stuff. So Google and Facebook are on my app on my phone that generates codes. Though IMO less convenient, my LinkedIn and my Twitter have two-factor authentication turned on as well using SMS codes. I say it’s less convenient because I can be somewhere with good wired Internet access and zero cell phone coverage. Fortunately Google comes to the rescue here. I have integrated my Sprint wireless phone number with Google Voice, so all my SMS messages come to me not only through my phone but through any device where I have Hangouts running.
Speaking of Hangouts – I have had the “pleasure” of not being able to find my phone (my backup phone – but I’ll save that for another posting) and as such I have not been able to make any calls. At the same time, we’ve changed our home phone service to Time Warner Cable (I’ll talk about their deal later on too). During the switchover, the only phone number functioning was… my cell phone number… and I didn’t have the cell phone. But thanks to the Google Voice integration, I started receiving phone calls on my tablet. Yup, any calls that came in were picked up by Hangouts and I was invited to use that app to answer the call. So, missed calls… I couldn’t escape them any more. I can’t say I didn’t have my phone with me, or the phone was flat (cordless phone). I have less excuses since the computer has Hangouts running, and the tablet has Hangouts running. I guess “I was in the car and didn’t have the phone with me” is the only excuse that’s plausible these days.
But back to security. Given these attempts foiled by the security plugins, and re-checking my passwords and getting the two-factor authentication set up, I feel a bit more secure. Though security and privacy are two separate things, the two do go together. I’m of the opinion that anything on the Internet these days is “fair game” for the likes of the NSA and such… if the government wants to comb through my emails they’re welcome to look at the spam I get (hahaha) and see what kind of person I am. However I don’t want the casual person to be able to access things like that. I want my bank information to be private. I want the bulk of my personal interaction emails to be private. I want Facebook chats to be between me and who I am chatting with (as if I do that anyway). I want to decide what I keep private and what I don’t – and that’s why I need the security tools to do this. They need to do their job, and if they’re not working then my privacy is compromised.
Keep secure. Don’t expect total privacy, but with good security, you should be OK.