Running a website, any website, essentially means you need to become a bit a security hawk.

Granted, I installed this website on a domain name that I registered over two decades ago and from which I have run various sites, subdomains, and web apps. If it isn’t in at least a dozen dark web databases I have utterly failed at self-promotion in those twenty years. But the downside of that success is that yeah, hours after I relaunched this site, there were hundreds of little knocks on the back door as various bots and hackers tried to see how tight the locks were set.

Hackers are an inevitability.

And I’ve been mitigating this by:

• adding various plugins that track sus behaviour and block sus actors from hammering against the wall and brute forcing their way through my defences
• hiding my login page
• disabling the default features in wordpress that automagically publish my login username as the writing credit in my posts and feeds
• setting stupidly strong passwords that mathematically should take longer to brute force crack than the age of the universe

It’s daunting. It’s daunting for everyone, even folks who are seasoned at this, knowing that just behind a fragile digital firewall is some bad actor with a bot farm and nothing better to do that try and break into your digital backyard.

And it’s neither fun nor seemingly fair, but it is normal enough that its not worth panicking about.