Information Security Asked by George on August 10, 2020
I have a MediaWiki website in Hebrew;
As common with MediaWiki websites, it has lots of content and rebuilding it in case of a disaster isn’t feasible.
I chose to give that website a Global TLD (a non Israeli X.il
TLD) because:
Although I have quite a strong email password (>12 lowercase-uppercase-numbers password) which isn’t stored on my computer system but rather solely on my human memory;
I still fear a kidnapping of the website by hijacking of my email password.
If someone hijacked my NameCheap account and/or my SiteGround account and/or my MediaWiki website but not my email account, than I guess I could log in and change everything back to normal (likely by using a backup), but as I currently don’t clear web browser passwords from the main browser I work with (and would prefer to keep handling this way), I do fear an hijacking of my email account (say, by a MITM attack) and then of all the rest, till complete kidnapping of my website.
How to protect a website from being kidnapped as described above?
If you are afraid an attacker might login to one of your accounts, it is best to ensure that all accounts have strong and unique passwords (e.g by using a password manager) and have 2 factor authentication enabled. This way, if the attacker gets a hold of your password, he can not log in as he does not have the 2FA device.
As for your website, make sure you have proper working backups and test these periodically. Also ensure the backups are at safe locations which you control and can not be accessed by an attacker if he has hacked into your site/host/email.
Apart from protecting your accounts, also make sure the systems hosting your website (and the platform itself) are up-to-date.
Answered by roy.stultiens on August 10, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP