Note: draft article (not beer)

Headaches like

having your email account hijacked

I see more and more often now automatic brute force attacks over a server like mail.
This attacks are getting from hundreds and hundreds of ips at once been world wide distributed to avoid brute force protection counter attack.
It’s not easy deciding if you want to blacklist an ip after 5 failed logins, especially if you have thousands.

I’m writing you this post as a reminder what little things you can take that can make a HUGE difference:

– don’t use email account like [email protected] or support@…, info@… or other easy to guess names.
– don’t use simple passwords especially very well known ones, even known keyboard patterns like 5tgb%TGB and such.

having your blog/website hacked

– I see plugins and themes with serious security issues like SQL injection. Even premium themes for which you pay. Avoid installing un-maintained plugins / themes, and make sure you update them as frequently as possible
– try to avoid using simple usernames for administrator login like admin, administrator, boss, whatever 🙂