I just noticed that I have hit a whopping 1% of my storage space. ONE per cent !!! So I had a wander through the posts.
I filter most of my post so that posts from Shadow, Craig, Root, Danithew and others gets labelled with their name. Other multiple mail sources also get filtered. Everything wp related, that does NOT come from those people I have a continung mail with gets labelled as ‘WP’. All the random posts I get through this site asking for help, posts from people on the forums when I give out that address. And I’ve had this gmail account since 10 June – not even 3 months. Just over 600 emails are in ‘WP’ – I knew it was a lot, but not that much of a lot ! (I have since deleted all those files, despite the storage space I still have.)
Now I know posting this bit could be daft, but ….. passwords. In that folder category, I had dozens of site / cpanel / mysql passwords from doing wp work. Lots and lots of them. I helped someone install wp two nights ago, and when I’d done it, mailed him a list of useful url’s and asked him to let me know when he had successfully logged in. He replied by showing his main site url – he’d been hacked, and someone had put some ‘I OwnZ U’ type junk there. No other damage hopefully, and easily repaired. I told him to change his password. It was, I assume, his birthdate. Not a single person I’ve installed for has had a decent password. Often, the mysql and ftp passwords have been the same. (Actually…one person I help changes his password just to let me troubleshoot, then changes it back. Good practice, but the original could still be poor ?). There are sometimes posts on the forum asking about the security of WP, but no-one ever seems to think that their password – which they set – could possibly be at risk. Your password is your weakest link.
Get secure. It’s easy. This program – Any Password – is free. It works. It will generate the password for you, and save it along with a login name / url and notes if you wish. All my passwords are created by this program. A 16 digit password, made up of random letters and characters is far more secure than the name of your pet. WP code is secure, as are the php files (over 20,000 blogs attest to that), but your actual blog is only as secure as you can be bothered to make it. You bothered ?