Decisions Made with Data.

Russian Password Hack

//  by //  1 Comment

Updated November 22, 2021

Reading Time: 2 minutes

Big Business on the Black Market

The Russian password hack has made big headlines of late. In this post I’ll share some of the statistics… but more importantly what you can do to protect yourself and your business’ WordPress website from joining the very long list of victims.

Download your FREE Website Checklist

Russian Password Hack Stats

According to  Hold Security — an Information Security, Assessment, Risk Management and Incident Response Company — they uncovered the data breach of:

  • 1.2 billion passwords
  • 500 million emails
  • 420,000 websites

What tipped them off? Millions of stolen credentials for sale on cyber-black markets. For more details on the Russian password hack incident, the Huffington Post has a nice synopsis.

Personal Password Management

As a consumer, your best defense is making your life more difficult. It’s just too easy to let your Web browser store your passwords and automatically log you into accounts that you frequently access. Your first hurdle is to overcome password laziness. Here are the practices I use to keep my personal data safe:

  • If you can remember a password, it’s not good enough.
  • Use a secure password generator as it can create long, complex strings with various types of characters. The longer the better.
  • Organize passwords in a secure vault. I prefer LastPass.com as it has a paid version that works for desktop/laptops as well as mobile devices.

WordPress Website Security

Getting your website hacked is a nightmare. I’ve heard Webmasters take a nonchalant stance: just be sure you have backups so you can restore. You probably guessed that I don’t agree. Strongly.

Regardless of how big or small, your website should have multiple levels of protection. If you use WordPress, there are several layers I suggest adding to your software installation and maintenance practices in order to avoid a “Russian password hack” situation.

  • Keep the software code clean so routine WordPress upgrades can be completed. Imaging customizing Microsoft Word 2013. When patches are issued, you can’t install them without erasing your customized code. There are better ways of customizing WordPress. Leave the core code alone.
  • Hide your WP version. Hackers look for the version to figure out security loopholes.
  • Change the table prefix. If this is greek to you, have an expert perform an audit and manage this change.
  • Require secure logins by users. That means no “admin” as a default account login. We like 2-step authentication as it adds yet another level of online security.
  • Regular backups make sense for business continuity. I recommend redundant systems.

Were you affected by the Russian password hack? Are you now willing to overcome password laziness?

How can we help?

Launching a WordPress website and need help with security? Or, having trouble keeping your plugins updated?

We are the spectrum group online, and we offer strategic and tactical consulting so you can monetize your online presence. Call us for a complimentary 30-minute consultation to discuss your website’s user experience and translate that into sales.

Ready to Start? Book a Free Strategy Call Now

About Massimo Paolini

Massimo is Co-CEO and Chief Data Scientist. On the web since the 90’s and a Google Partner since 2014, his expertise includes technical SEO, search marketing, marketing analytics/analysis, and online advertising. Massimo has an innate ability to sift through a sea of data, uncovering insights that formulate results-oriented strategies. He has taught Digital Marketing, Google Ads and SEO at UC Berkeley Extension since 2014—and presented at international search marketing conferences like SMXL in Milan.

Reader Interactions

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *