Following on from the previous article about not making the admin account easy to spot we can apply the same train of thought to a WordPress blog. The majority of blogs on this site have a single author (this blog included). That means it’s safe to assume that the author of all the articles is the user who has admin rights to the blog.
WordPress used to force people to manually add code to the functions.php file, which is attached to every theme, however they must have noticed a lot of people doing it as they’ve now added a nifty toggle switch on the site which you can use to hide the author’s name. Heres how to find it:
Once logged in to WordPress select “My Site” then “Customize”.
2. Select “Content Options”.
3. Untick the “Display author” box.
Your posts should now have a blank space where the author used to be shown:
Little tips/tricks like these won’t stop any determined attacker, but remember. The longer someone has to spend getting access to somewhere, the more likely they are to give up before getting what they want.
Getting access to the admin account of a system would normally give a hacker total and unrestricted access to anything they wanted to view.
As well as keeping the password private its also possible in most situations to try and keep the username itself private. A lot of systems use a generic firstname.surname or firstinitial.surname naming system for their users and then make a hackers job much easier by naming the admin account “admin” or “administrator”.
If someone saw this list of accounts they now know which account name to try and break into:
By keeping the naming convention the same for all accounts an attacker needs to do more homework before they can figure out which account to try and break into. Anything that results in an attacker needing to spend more resources/time on your systems increases the chance of them giving up and leaving.
Names to avoid:
Anything that looks different compared to other usernames on the system
Can I create a non-admin account and call it admin?
Yes, you sneaky dog! Most people wouldn’t suspect an admin account of being fake and is likely to waste the time of anyone trying to break into your system.
How to change the username in Windows 7:
Each OS will have its own instructions for changing username, heres an example using Windows 7:
Log into Windows using the admin account you wish to change the name of.
Start >> Control panel >> user accounts.
Click on “change your account name”.
Choose a less obvious name for the account and press “change name”.
Your e-mail address is associated with a lot of legitimate services that you want information from.
It can be very annoying then when you come across a dodgy looking site asking for your details in order to access an article or login. There is often no way of you knowing what they will do with your e-mail address after your hand it over.
Even if they don’t sell it onto a 3rd party they might plan on sending daily/weekly/monthly updates about services and offers you don’t care about.
This is where disposable e-mails come into play. Over the last few years several services have been created which allow you to sign up to websites using quick and easy fake e-mail accounts. Both protecting your privacy and keeping your e-mail account free of spam.
Some of the popular ones are:
Guerrilla Mail – Has been around for a few years, allows you to choose a fake e-mail address from up to 9 domains and keeps your e-mail for an hour before deleting it.
10 Minute Mail – Creates a fake inbox that lasts 10 minutes (you have an option to extend it for 10 minute chunks if needed) This one is best for services you only want to sign into once.
Fake Inbox – Creates a fake inbox that lasts 1 hour.
All the above services are simple to use and take a couple of seconds to generate an inbox for you to use for verification. Just remember not to use them for services you may want access to in the future as once they are gone, you cannot get them back.
How do I use a disposable e-mail service?
As an example we’ll take 10 minute mail and go through the process
You come across a website which requires an e-mail address to login. You don’t fully trust the site to not sell your details onto 3rd parties or you suspect they may start bombarding you with offers via e-mail.
Visit 10 minute mail and copy the e-mail address it is showing on the screen
Use this address to sign up to the website you want access to
go back to the 10 minute mail page and wait for the verification e-mail to arrive. Click any verification link given and enjoy using your verified account on the new website.
Forget about your fake e-mail address, it will be deleted in 10 minutes.
EXIF stands for “Exchangeable Image File Format” and is extra data that is attached to any photo taken with a modern camera or smart phone. The data isn’t visible by looking at the picture itself but requires extra software to read it.
It mostly contains information about the camera/phone used to take the photo and what settings were used such as shutter speed, date, exposure mode. The data is useful to photographers who need to know how a specific picture was generated.
How do I see it?
If using Windows you can right click on a photograph and select “Properties”, the “Details” tab should then show you the EXIF data from the photo:
There are also various free pieces of software which can be downloaded to show you the data. The top one from Google is Panda IEXIF2:
There are also online services which allow you to upload a photo and check the EXIF data available:
The majority of the data is harmless. Most people shouldn’t be concerned about strangers finding out what generation iPhone they own by looking up the details of a photo they have posted. The concerns arise when the photo is taken by a device connected to GPS as the users coordinates are then stored within the photo.
If the GPS EXIF data is available, someone can find out where in the world a photograph was taken.This can be very valuable data to someone trying to find out more information about you or your online identity.
If a stranger knows your name is John they have very little chance of finding you in real life, however if they know you are John who visits the same Costa coffee in a specific London street every Monday and posts a photo online they have a much better chance of finding out more.
How can I protect myself?
Luckily in 2016 most social media sites automatically remove EXIF data when you upload a photo. A quick check confirms that Twitter, Instagram and Facebook all remove the GPS data when it is uploaded.
If you are posting to a site which doesn’t strip the data you have the option to manually remove it yourself first.
The easiest way to do this in Windows is to right click on the file, select “properties”and under the “details” tab select ” choose “Remove Properties and Personal information”
There are also free online tools for removing the data before you share your photo:
This blog is started to help inform people about the masses of information that is being stored online about them and their lives. There are countless stores of personal details about your Internet activities and not everyone is aware that they exist, or more importantly, how to get rid of them.
If you’ve got a job interview coming up and want to make sure potential employers don’t see anything that might harm your job prospects or are just someone who wants to keep their private life private this blog aims to build up a collections of guides for how to find out what the Internet knows about you and how to remove it.