How I secured my wordpress account!
Cross post — https://www.alightservices.com/2022/12/22/how-i-secured-my-wordpress-account/
On December 22nd at 17:45 IST (12:15 GMT / 07:15 EST), I am doing a live video on showing the security. That’s why they were not able to hack my WordPress although they had a very powerful spying / hacking equipment.
https://www.youtube.com/watch?v=q8dgSUwDBHc
YubiKey Bio:
I have Yubikey Bio, it’s a biometric authentication USB device. Some websites support multi-factor authentication with hardware devices such as Yubikey. The difference between normal hardware keys and Yubikey Bio is the biometric authentication. With normal hardware keys anyone with access to the USB device can login, but with Yubikey Bio — biometric authentication happens i.e Yubikey Bio verifies fingerprint.
Nextend Social Login Plugin for WordPress:
Nextend Social Login Plugin — This plugin allows me to login via Google. There is a little setup in GCP console. But ultimately allows me to use Google login. I have configured in such a way that only admin@alightservices.com is allowed to login using Google authentication. I have secured my Google login to use Yubikey Bio.
Duo Two-Factor Authentication:
Duo Two-Factor Authentication allows further securing the wordpress installation by using Yubikey Bio. There is a little bit of configuration to be done.
In this setup I first need to login into my Google account — admin@alightservices.com, then I am prompted for Biometric authentication. Then I login into wordpress and once again I am prompted for biometric authentication. This way no one else can login into my WordPress account.
By reviewing the logs, there have been several thousand login attempts but all of those have been thwarted with this setup. i.e even with proper password, they can get to the MFA screen but not any further.
India’s R&AW spies have a very powerful spying / hacking equipment. I think it might be invisible drone with very powerful capabilities such as recording video, audio, speakers used for whispering and even mind reading capabilities. With such a powerful hacking equipment, normal usernames and passwords are obsolete. The list of hackers/impersonators/identity thieves might include: erra surnamed people — diwakar / karan / kamalakar / karunkar / erra sowmya / erra sowjanya / zinnabathuni sowjanya / thota veera / uttam / bojja srinivas / mukesh golla / bandhavi / female identity thieves who claim to have my first name — Kanti and their helper pimp Kalyan’s (I am Kanti Kalyan Arumilli — those escorts and pimps tried to break my identity). Some of them have multiple aliases and multiple surnamed virtual identities.
NOT associated with the erra / yerra karan, kamalakar, diwakar, kareem, karan, erra / yerra sowmya, erra / yerra sowjanya, zinnabathuni sowjanya, bojja srinivas (was a friend and batchmate, not anymore), mukesh golla (was a friend and classmate, not anymore), erra sowmya, erra sowjanya, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s.
–
Mr. Kanti Kalyan Arumilli
B.Tech, M.B.A
Founder & CEO
