Website Changes 8/23/2017 – Comments Turned On, User Accounts and Registration Turned Off.

Good Day to all,    Last week I posted a blog about a code injection attack on my site.  This was because I had turned off my normal security program and used Wordfence.   My mistake – but this enabled hackers to get control of just my blogs.  To not tip my hand to the hackers I will just say the security I am using has never been compromised.

Over the past week there has been over 2,000 hack attempts on my site.   All of them were successfully blocked, but I have learned a few lessons.

First lesson was that I turned of Registration Completely on my Site.   If allow people to register then they have a username and password that the hackers want.   Also the hackers and bots continually attack my login page to try to inject code, or to spam the website.   So the only user on this website will be me.  If a hacker was able to penetrate the security on the login page they could potentially get an Admin Account and cause issues.  WIthout registration turned on there is no way to login into the site, without a username, password, key word and a 9 digit password sent to my phone – so it is locked down.

On Blogs, I was able to turn on comments for all of you, however to comment you must sign in with Google Plus, Facebook, Twitter or a WordPress Account.   I know all of you out there have one of these accounts.   This allows you into the commenting section only on my website – and the spam comments are trashed automatically because my website can determine a human or bot on my site.  So to comment use one of those logins.   They only allow you to access the comment section of my blog and the security areas of all other areas are completely blocked.

So – The good news is that commenting is turned back on –  The bad news is  nobody will be able to register on my site with their own username and password.    Should one of you decide that you want to write blogs, then I can manually set up an account for you.   Nobody has expressed interest in doing this so really it does not make sense to have an account.

So, thanks for waiting until I completed the work on the website.

The security is extremely tight – and the blog has life.

Take Care

Mike G.

Nimaway Web