18 thoughts on “Are You Broadcasting Your Log-In Details to the World?”

  1. Mohammad Landseer

    Hi there! This is kind of off topic but I need some guidance
    from an established blog. Is it tough to set up your own blog?
    I’m not very techincal but I can figure things out pretty quick.

    I’m thinking about setting up my own but I’m not sure where to start.
    Do you have any points or suggestions? Many thanks

    1. Hi,

      Thanks for stopping by. 🙂 No, setting up your own blog isn’t tough at all although it can be daunting for beginners. The most important things are having a firm idea of why you’re doing it and what you want to accomplish with it, making sure that you take the necessary security measures right from the start (some of which are mentioned in the above post) and keeping on top of your maintenance.

      There is a variety of ways to host a blog such as WordPress.com, Blogger, Tumblr, etc, but I would strongly advise to purchase your own domain name and hosting and self-host a WordPress blog on there. That way you have total control over it. For hobby blogs things like Tumblr are ideal (although you still never have complete control), but for a blog that’s going to be used for business then self-hosting is really the only way to go.

      I go into the details some more in my e-book “Why Not You?” that talks about how to get started with the basic of making money online. You can pick up a copy for free by using one of the opt-in forms here on my site. I also provide some training via a free e-mail course and I will very soon be releasing a complete over-the-shoulder beginners course that will actually show you from the absolute ground up how to set up a blog and use it for starting your own online business (if that’s what you want to do). Again, this will be available for free and exclusively to subscribers.

      Hope that helps a little. 🙂

      All the best!

      »Glenn«
      Glenn Shepherd recently posted…When Your Business Hands You LemonsMy Profile

  2. Hi Renard,

    I would want to believe the same thing. However, an enormous number of WordPress users have no clue about the importance of not using “admin” as their username, especially when they are placing themselves in the hands of third-party installation systems such as Fantastico.

    The thing I found, though, was something even more ‘under the radar’, which is the fact that some installations configure your user nicename as being the same as your login name, thus creating a big security risk. I’m usually on the ball with this kind of stuff, but this one caught me out. Thankfully I discovered it before anything bad happened.

    It’s very true, hackers are getting more and more innovative. Despite our best efforts they can still sometimes get past our security measure, but it makes sense to make things as difficult as possible for them so as to limit the chances.

    Thanks very much stopping by and commenting. I wish you a fantastic week ahead. 🙂

    »Glenn«
    Glenn Shepherd recently posted…Five Essential Reasons to Attend Live EventsMy Profile

  3. [ Smiles ] Glenn, I would want to believe that the average website administrator should be intelligent enough to change his or her default username.

    For the record, you brought up some excellent points.

    Could you remember “Heartbleed”? It was a piece of spyware that stole countless passwords and personal data from websites and computer users around the world.

    You and I can only do so much to protect our accounts and the truth is: hackers are getting more innovative by the minute.
    Renard Moreau recently posted…We All Want Increased Traffic To Our BlogMy Profile

  4. Hey Glenn,

    So you didn’t share with us how they’re finding this information so we can test that out ourselves. I’d like to see if it’s coming up in the search engines before I go to these measures once again.

    My username, name and nickname are all different. They are also none of the above and no hacker will easily crack that one, trust me. I also have a very long and secure password as well so I honestly believe I’m pretty well protected. They also can’t even get to my login page so I’m covered there too.

    Thanks for letting us know about this Glenn but I’m still confused how they’re finding this information out! (Scratching my head…)

    ~Adrienne
    Adrienne recently posted…Jon Morrow Told Me It Is Okay To StealMy Profile

    1. Hi Adrienne,

      Thanks for stopping by and I apologise for causing any confusion!

      It seems that the author/user_nicename is sometimes visible when a post comes up in search engine results whereas other times, it isn’t. I’m not sure why this is the case – it could be to do with plugins or how WordPress is set up itself. I could definitely do with trying to find out why this is but for now, I don’t know.

      At any rate, what I do know is if the author slug does show up when a post comes up in a search engine result, you want to make sure that it isn’t showing your username. If your user_nicename is set to be the same as your username then this is exactly what will happen and it needs to be changed. From what you say, Adrienne, it sounds like you’re already covered.

      But for example, go to Google and type “author/admin”. You’ll see a whole stream of people’s websites that appear to have not had the username changed from “admin”. So what this means is, if one of those posts popped up as a result of a search and a hacker attempted to log in with “admin”, they wouldn’t get an “invalid username” error message and would thus know that they had the correct username for that site.

      So in the same way, if someone’s user nicename is the same as their username (which is what is set by default, depending on installation), if a hacker attempts to login with that name and doesn’t get the “invalid username” message, they’ll know they have the correct username and then only the password remains for them to hack rather than both the username and password.

      Precisely what a hacker would search for in order to specifically bring up results containing your user_nicename, I don’t know. To be quite honest, I can’t actually remember exactly what it was that I was doing when I noticed the issue. All I know is that I saw my posts appearing in the search results as glenn-shepherd.com/author/ and then my username, which I soon set about changing! The bottom line is, you don’t want your username to be stumbled upon, even by accident.

      I hope that’s helped a bit and not made things even more confusing!

      Regards,
      Glenn
      Glenn Shepherd recently posted…2 Keys to SuccessMy Profile

  5. Hey Glenn,

    the vast majority of us are very complacent about this I think. I know I am for sure. But now, while it’s on my mind, I’m going to go in and do the changes. I reckon I’m ok as I have a ‘strong’ psw according to the new WP algorithm. Surprisingly, my old psw, which I thought was strong before the latest WP version, turned out to be actually ‘weak’.

    So now, I doubt if anyone would get in. But just for double safety, I’m gonna do the changes you suggest right now.

    Thanks for the invaluable information Glenn.

    Cheers,

    Paul
    Paul Henderson recently posted…The Tortoise and The HareMy Profile

    1. Hey Paul,

      You’re right, many of us are complacent about these things, which is all well and good until something goes horribly wrong! It’s good that you have a strong PW but I’d highly recommend that you make the other changes if necessary.

      While it can be true that if a hacker really wants to get in then they’ll find a way, we need to make sure that we’re not making life any easier for them. It’s like having a car – we may have a good, strong steering wheel lock and feel confident that it would be unlikely that our car would be stolen, but would we want to do half the job for a potential thief by leaving the doors unlocked?

      My philosophy is, if you have the ability to take precautions or make things more difficult for a hacker/thief, then make sure you do so!

      Thanks so much for your visit and comment, Paul. Always appreciated and a pleasure 🙂

      Regards,
      Glenn
      Glenn Shepherd recently posted…Are You Sending Your Visitors Away?My Profile

  6. Hi Glenn,

    Great post, I just checked PHPmyAdmin and fortunately my user name, nice_name and my display name were all different anyway, however, I did change my nice_name to my display name to keep things simple.

    Perfect instructions too, I would never have know how to change that.

    Best regards

    John.
    John recently posted…Four Figure Days With The iPro Partner Program!My Profile

    1. Hi John,

      Well done for checking, it’s always a good idea to check these things if we’re not sure. As I mentioned in my post, I wasn’t even aware of this until recently!

      Thanks for stopping by, buddy 🙂

      Regards,
      Glenn
      Glenn Shepherd recently posted…How to Remove Gmail TabsMy Profile

  7. Jeevan Jacob John

    Great points, Glenn.

    I usually use my own name for my username (I did do that for my previous blogs. I hadn’t thought of changing it – making it something unique. But, this time I have done that). I am also planning to use WordFence for security – to monitor and block hackers; I have already installed it. All I need to do now is look at the settings, before I launch the blog in Jan 😀

    As for display name, WP itself allows us to change the display name (Users >> Your Profile). I think that should do the trick. It has worked for me 🙂

    Anyways, thank you for sharing the tips, Glenn!

    1. Hi Jeevan,

      Thanks for your input. I’ve heard good things about WordFence and have been using it myself for a short while. All seems good so far!

      You’re absolutely correct, you can change your display name from within WordPress. However, what you need to be careful of is the “user_nicename”, which is the slug that gets tagged onto posts/pages and is visible in the search engine results.

      For example, if I hover over my name at the top of this post where it says, “Published on 29/10/2013, by Glenn Shepherd in Tips & Tricks” then in my Firefox window (it may display differently according to your setup, browser, etc) I see :”glenn-shepherd.com/author/GlennShepherd” in the info bar at the bottom of my browser. This can also show up in search engine results. Now, this is fine because “GlennShepherd” is not my username, it’s my user_nicename.

      HOWEVER – if you don’t take care to set your user_nicename then you may find that it’s actually your username that appears for the whole world to see! So again, for example, let’s say that my username is “myusername” (it isn’t!) and my user_nicename is also “myusername”. What would show up for the author slug would be: “glenn-shepherd.com/author/myusername”. Therefore, if a hacker tries to log in to my site with “myusername” they wouldn’t get an invalid username error and would thus know that they have the correct username and all they now need to crack is the password – 50% of their job is done!

      Now, depending on your installation, it could be that you can set your user_nicename at the point of installation of WordPress. However, if it’s an older installation, it’s likely that your user_nicename was set the same as your username by default. In either case, it’s still worth logging into your phpMyAdmin just to make sure.

      I hope I’ve clarified things a little and not made things more confusing with all that!

      I look forward to your blog launch in January, Jeevan. Don’t forget to stop by and let me know when it’s live 🙂

      Regards,
      Glenn
      Glenn Shepherd recently posted…Get My Brand New, Free E-Book!My Profile

    1. Hi Brian,

      Thanks so much for stopping by and leaving a comment 🙂

      If your nicename isn’t the same as your username then you should be okay. One would hope that an auto installer such as Fantastico would set things up more securely by default, but it appears that it doesn’t, or at least not in all cases. It’s certainly worth taking the time to check or to tweak things a little yourself when setting up a new installation. This is something that I didn’t do but will definitely ensure that I do in future!

      Kind regards,
      Glenn
      Glenn Shepherd recently posted…Four Figures in One Day! Why Not You?My Profile

  8. Ben Solomon

    Hey Glenn,

    Very good points.

    As an IT SysAdmin and someone who has studied network security and Ethical Hacking, I can attest to the fact that too many people not only just use default ‘admin’ or ‘administrator’ or ‘root’ accounts, but also set very easy to hack passwords. My advice to anyone is to not only have a random or hard to guess username for all accounts, but also to have a complex password of atleast 8 character length. Complex meaning, atleast one of each of the following – Letter in Caps, small letter, number and a symbol. Also using ‘dictionary’ words for passwords is a very bad idea, the are too easy to break with software.

    Hope your post acts as a warning to many other IM-ers out there.

    In saying that, I should probably do a post/video on passwords and general security.

    Ben.

    PS. feel free to add my bit about passwords to your post, if you think it will add value to your readers. 🙂

    1. Hi Ben,

      Awesome to hear from you as always, buddy 🙂

      Thanks so much for your input. You’re right, having a good password is absolutely essential. In Daniel Cid’s post that I referenced above, he talks about some common passwords that are being tried by hackers. I found it very interesting that you’d think that some of them are complex enough, but apparently they’re not!

      I think that you should definitely do a post on passwords and security. Coming from someone with your expertise it would be a valuable resource.

      Regards,
      Glenn
      Glenn Shepherd recently posted…Get My Brand New, Free E-Book!My Profile

      1. Just read that article. It does correlate with my experience with clients using such passwords. I have addressed that in the article, although there is always a lot more that can be written about it. 🙂
        Ben Solomon recently posted…Eliminating DistractionsMy Profile

Leave a Reply to Glenn Shepherd Cancel Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge
RSS
Follow by Email
Twitter
Visit Us
Follow Me
YouTube
YouTube
LinkedIn
Share
Instagram