Tony — Digital Lifestyle Project

Category: Security (W6)

  • Security 101 for My WordPress: Passwords, Updates, and Backups

    # Security 101 for My WordPress: Passwords, Updates, and Backups

    **Summary**
    This blog is academic, but I treat it like a real site: **strong passwords**, **updates**, and **backups**—no paid plugins required.

    ## 1) Passwords & access (simple and strong)

    * Long, unique passphrases (14–16+ characters).
    * Never reuse passwords across services.
    * Use a password manager if possible.
    * **2FA** wherever the host/platform supports it.

    ## 2) Updates (just the essentials)

    * Keep WordPress core, theme, and **free** plugins up to date.
    * 80/20 rule: **fewer plugins = less risk**.
    * Remove what you don’t use.

    ## 3) Free backups (native tool)

    * Use **Tools → Export → All content** → download `Backup-YYYY-MM-DD.xml`.
    * Store it in cloud and locally (3-2-1 rule).
    * Repeat after publishing important entries.

    ## 4) Comments & spam

    * Turn on moderation.
    * Disable comments on **static pages** (Privacy/Attribution) if needed.

    ## 5) Editorial good practices

    * Only **CC0/CC-BY** images with **proper credit**.
    * No copyrighted material without permission.
    * Link to reliable sources.

    Electronic Security Artwork

    *Image: MarkJFernandes — CC0 1.0 (Public Domain) — Source: https://commons.wikimedia.org/wiki/File:Electronic-security_artwork_(lock_%26_circuit-board_patterns).jpg*

  • Phishing and Other Traps: My 10-Step Protocol

    # Phishing and Other Traps: My 10-Step Protocol

    **Summary**
    **Phishing** steals credentials or money via emails, SMS, or fake websites. Here’s my **practical protocol**—follow it as written.

    ## 1) Red flags to spot fast

    * Artificial **urgency** (“account closes today”), **prizes**, or **threats**.
    * Weird domains (bank-secure-verify.net).
    * Shortened links or unexpected attachments.
    * Grammar/locale inconsistencies.

    ## 2) My 10-step protocol

    1. **Assume suspicion**: never click blindly.
    2. **Check sender** and domain letter by letter.
    3. **Hover over links** to preview the real URL.
    4. **Do not open attachments** you weren’t expecting.
    5. **Go to the official app/website**, not the email/SMS link.
    6. **Enable 2FA** (limits damage even if a password leaks).
    7. **Update** OS/browser/antivirus.
    8. **Report** the attempt (mail provider/service).
    9. **Change password** if you entered anything.
    10. **Monitor** banking/accounts for 48–72 hours.

    ## 3) Social engineering beyond email

    * **Vishing** (phone): never share codes over the phone.
    * **Smishing** (SMS): avoid links; open the official app.
    * **Fake support**: verify the number/channel every time.

    ## 4) Quick security checklist

    * [ ] 2FA on email/social/banking.
    * [ ] Password manager; unique, long passphrases.
    * [ ] Backups (3-2-1).
    * [ ] Automatic updates on.
    **Image**: lock/keyboard (CC0).
    **Credit**: “Credit: Author — CC0/CC-BY — link”.