Is Your Podcast Website Panama Proof?
No, some big podcaster wasn’t found stashing money in a tax-proof mattress near the Canal (which says something about the take-home pay of podcasters). But the Panama Papers raise a serious, podcast-related red flag for all of us.
We all know how important our websites are to our brand and our listeners. While a hacker may be disappointed that there are no Social Security or credit card numbers on your site, you’re listeners might not appreciate finding your home page replaced with strings of epithets and four-letter words. (Or, if that’s what your home page looks like, a Mother Goose nursery rhyme instead.)
Three Steps + Fifteen Minutes = Tightened Site Security
Wordfence, an international WordPress cybersecurity firm, reported on its blog that the exploit used to download those millions of Panama Papers documents began with an outdated version of a popular WordPress plugin. The plugin, Revolution slider, was installed on Mossack Fonseca’s website.
Now, before you pile on and compare WordPress’s security to Swiss cheese, WordPress is quite secure. It’s better buttoned up than a custom site written by a developer who hasn’t had years of experience—recent experience—in cybersecurity.
WordPress sites, like all websites, are vulnerable primarily because of…here it comes…human error; and since human error isn’t confined to WordPress users, it’s time to double check the security of your website, no matter what software you use.
Phrase in New Passwords
The number one website vulnerability is weak passwords.
The easiest way to make sure your site passwords aren’t the digital equivalent of a key under the doormat is to pick a phrase or sentence you’ll remember, grab the first letter of each word, and finish with a little upper/lower case, number-for-letter substitution.
For example, “I’ve been making people happy with my podcast since 2015.” That morphs to Ibmphwmps2015. Right away, we have a password that’s not in any dictionary. To an outsider, it’s a string of random characters.
Let’s toughen it up.
Mix upper and lower cases, add a related smiley and we get
IbMpHwMpS:)2015
Hmm, I can put that smiley inside, in place of the “h” for happy and get
IbMp:)wMpS/2015
(I threw in the slash before the 2 to add another special character to the mix).
Add some software that limits the number of failed login attempts and you’ve made it so difficult to hack your site through the front door most hackers won’t bother. There are plenty of sites with keys under the mat.
Get Rid of Gray-Haired Plugins
After password hacking, plugin exploits are the hacker’s choice into a WordPress site. If your site isn’t WordPress-based, did you acquire any new, custom or untested software from your web developer or third party? Treat that software as a plugin. Make sure you’re using the latest version. If not, update now. Not tomorrow or next Tuesday, but now. And keep upgrading every time a new version is released.
I’ve analyzed my server logs and I’m both amazed and disgusted at the number of hits I get from overseas websites (mostly Eastern European and South American) looking to see if I have a particular plugin.
I don’t know for sure but I doubt it’s because they plan to ask me for a review.
Get Rid of Musty ISPs
Make sure your ISP, the company hosting your website, keeps its versions of WordPress, PHP, MySQL, and any other software your site needs, current.
Again, I mean current.
After passwords and plugins, exploits in system software are the way hackers gain access to a site.
Not all ISPs are as quick to upgrade their software as we might hope. So learn the latest versions of the software you use and check them against what your ISP offers. If you find something out of date, check Google. See if the software has known problems.
If your ISP doesn’t seem interested in supplying you with the most secure software available, find another ISP. (Those hacked WordPress sites you hear about? Most of them are running older version of WordPress with known security holes. If I know the versions have holes I guarantee the hackers know it, too.)
These steps might not increase your take-home pay, but they will keep prying eyes from peeking under your mattress.
