How I Hacked My Friend Diana
This article about how the writer gained access to a friend’s email account (and thus got her bank account numbers, Twitter account, passport numbers…) has a playful and young-feeling writing style. I’m sure that will drive some readers bonkers. But on a tip from Alex of MasterWP, I gave it a read. I found the style charming and the story really illuminating.
This threat model—where a single motivated attacker is going after you personally—is unlikely to be relevant when you think about protecting a generic WordPress site. For generic WordPress, automated attackers from the vast botnets of the internet are a much more likely vector of concern, and so should be more guarded against than some friend or foe researching your old pet names on an old blog.
But those things said, some of you may actually want or need to safeguard against this type of attack, either out of an abundance of caution, or because you know that an ex-, creep, or political actor wants to get you. In either case, by explaining how a pretty average person can attack another, this article does a good service to those who don’t think much about personal security attacks. (I’m among them, if I’m honest.)