How and Why to Factory Reset Android to Make it Last Longer
Mobile phones are devices that have consumed our lives.
Having now had a smartphone for a decade, I have come to realise that it is not
just time and attention they consume, my phone is also a big consumer of money.
Originally, I’d bought iPhones, first the 3S, then the 4S,
followed by the 5S. I was on two-year contracts, usually being offered an early
upgrade a couple of months before the contract ended.
Once I reached the end of the iPhone 5S’ contract though, I
had had enough.
The iPhone 6, although a different shape did not provide me
with new features that I could justify the added cost. So I kept hold of the
trusty iPhone 5S, doubling the previous lifespan to 4 years.
Shortly after the 4-year anniversary of my purchase though,
it began to slow down and not hold its battery. It required charging multiple
times a day to cope with my daily Google Maps powered commute and office music
listening.
Making the Jump to Android from iPhone
Having already switched to a SIM only contract two years
prior, I was debating whether to get a new iPhone or make the jump to Android.
After speaking to a few people and a bit of Googling, I bit the bullet and made
the switch.
I opted for the OnePlus 5T. This was a phone with an almost cult-like following. The brand had been a small underdog start-up in an industry dominated by giants like Apple and Samsung. Although, by the time the 5T was launched, OnePlus was a well-established brand.
Choosing Android Because it’s Cheaper
Nonetheless, the phone was fantastic. Fast, easy to use, and practical. Most importantly though, it was about half the price of the latest iPhone (which I think was the iPhone 8 at the time).
My calculation had been that the phone would need to last me
at least 2 years to justify switching from Apple. It could not break, have a
huge drop in performance, or see the battery life get sucked out of it like
juice from a Capri Sun.
This shouldn’t have been a problem at all. I planned to keep
it longer than 2 years, I was hoping for at least another 4.
Problem: Phone is Slowing Down Over Time
With 5 months to go before the magic 2-year date though…disaster.
Not a sudden disaster like dropping it in a puddle or leaving it on a park
bench.
A slow disaster. One that started with the battery draining
slightly faster and then with it beginning to slow down. Opening an email in
the Gmail app suddenly took several seconds, instead of being instant.
While that is certainly a first world problem, it made it
difficult to use as it was hard to tell whether I had just not pressed a button
or if it was thinking about completing the action.
I checked the RAM usage. Fine, the phone had 8GB in total
and never went above 80% used. I cleared cache. I uninstalled apps. I deleted
files I no longer needed. But to no avail.
After some Googling, I couldn’t find others that were having
problems at the same time. This is always a good one to check in case a recent
update is having the same effects on others. After hoping it wouldn’t come to
this, I realised I would have to undertake factory reset.
The factory reset is relatively easy to do. It’s just that
it is time consuming to install all your apps afterwards if they are not backed
up and restored.
Thankfully OnePlus phones are fitted with an app called OnePlus Switch that does all the hard work for you. After running this, I reset the phone to factory settings.
How to Reset Your Android Phone to Factory Settings
Resetting your Android phone is quick and easy.
Open your “Settings” app
Scroll down and tap on “System”
Tap “Reset Options”
Tap “Erase all data (factory reset)”
Decide whether you want to also “Erase internal storage” with the toggle button (WARNING: doing this will delete all of your photos, videos, etc)
Tap “Reset Phone”
And that’s it. After waiting a while for it to be complete, the phone was fast again. Lightening fast. It looks like that magic 2 year mark should be a doddle and my financial gamble with Android will pay off.
When I studied business at university, the business school was filled with three types of student.
The first was there because their parents, friends, teachers, or society had told them they needed to go to university to get on in life. They were there for a good time, and didn’t give too much of a thought for where to go next.
The second type was studying a business degree because they saw it as a stepping stone to getting a career in a large organisation. They (mostly) studied hard and did what they needed to do to achieve their goals.
The third was a much smaller group of students who were studying business because they wanted to start their own business. University wasn’t so much about the certificate at the end, but about meeting people, networking, and finding opportunities beyond the lecture theatre.
I very much fell into the third group. I’d dabbled with different things from the time I started school, and carried out throughout my time at university. This was a time when entrepreneurs were starting to become “sexy”, and I remember hearing people compare them to the rockstars of old. Whether anyone has ever really considered it sexy or not, I’ll leave that to someone else to decide.
I wasn’t just exposed to students in my year though, through my involvement in various different groups and societies, I met several intakes into the business school. And these categorisations worked for every year group.
One thing that was common though, was the third type of student, whether it through lack of experience, egotism, or a corruption of modern life, had a tendency to show traits of wantrepreneurship.
I don’t necessarily exclude myself from this, I certainly did this to some degree as well. But others definitely talked about their “passion” a lot more than I did, while I spent more time looking at numbers.
The term wantrepreneur was coined around this time too, and it made me chuckle a lot at the time…it still does. But it’s also a useful term to know. If you’re looking to set up your own business to get some freedoms in life, then understanding what a wantrepreneur is can help you make sure you don’t become one.
What is a Wantrepreneur?
The word is literally the combination of “want” and “entrepreneur”. It means someone who wants (or even dreams) of becoming an entrepreneur, but often never actually does.
It’s a derogatory term that describes someone who wants the rewards of entrepreneurship, without having to do the work to achieve it. Someone who talks a lot, but does little.
What is the Difference Between an Entrepreneur and a Wantrepreneur?
Here’s how to spot an wantrepreneur in the wild. For the record, I don’t consider myself either of these.
1. Entrepreneurs work, while wantrepreneurs talk
I’ve alluded to this already, but wantrepreneurs spend a lot of time talking and don’t do much “doing”. Talking is necessary sometimes, you need to tell people about your product/service, but there’s little point bragging about non-existent achievements.
Entrepreneurs let their work do the talking. Wantrepreneurs just expel hot air to anyone who’ll listen.
A sure fire sign that someone is a wantrepreneur is that they spend all their time trying to get capital for their business, instead of just bootstrapping it instead. When (if) they ever get that funding, they’ll spend it all and then move on to the next investor before someone eventually pulls the plug.
2. Entrepreneurs love business, wantrepreneurs love products
Entrepreneurs love business. Not just their own business, but the concept of business. They’re excited by buying and selling, about building something, about solving problems, and about seeing their ideas come to fruition.
Wantrepreneurs might talk about their “passion” for their business, but they aren’t prepared to do all the boring stuff that goes along with it. They love their idea, but don’t love the idea of spending all night trying to meet a client deadline.
3. Entrepreneurs focus on their business, wantrepreneurs focus on their own image
Entrepreneurs have a single focus: the success of their business. It doesn’t matter to them how they succeed (within reason), it just matters that they do. They aren’t in it for the glory, they’re in it for the satisfaction (and the rewards that go with it).
A wantrepreneur’s top priority is themself. Their image is more important than the success of the business. Being seen as a “CEO” and all they think that entails is their primary objective. The fact that they’re CEO of nothing doesn’t seem to have crossed their mind.
4. Entrepreneurs fix, wantrepreneurs complain
If they hit a problem, an issue or a setback, entrepreneurs roll up their sleeves and set to work fixing whatever needs fixing. They understand that they are the ones in charge and therefore they are responsible for their own destiny.
Wantrepreneurs complain, it’s always someone else’s fault. They didn’t make a sale because the customer didn’t know what they were doing. They’ve missed a launch deadline because the supplier messed up. They haven’t hit their sales projections because the web designer didn’t build the site exactly how they wanted it.
For a wantrepreneur, it’s easier to make an excuse than to face the reality of their own shortcomings.
5. Entrepreneurs are playing the long time, wantrepreneurs are impatient
Amazon founder, Jeff Bezos said that being an overnight success takes about 10 years. Entrepreneurs understand this. You can’t build a business overnight, it takes years of hard work to make a successful, sustainable business.
That doesn’t stop them, they just keep toiling away, day after day, getting the job done.
Wantrepreneurs don’t have time to wait 10 years. They need the success now because they’ve already told everyone that they are a successful business owner. They won’t stick it out much longer than a few months or a year, then they’ll move on to the next idea.
You’ll spot an wantrepreneur a mile away if they’ve talked about 5 different businesses in as many months.
I recently suffered some big attacks on a WordPress website
that I manage, which forced us to really beef up our security measures. For
anyone running their own websites, security is a really big concern. Below are
the steps I used to stop the attack and protect it for next time. Fortunately,
nothing bad happened as security was already set up at a decent level. This
attack was more of a nuisance, but it could have ended up being much worse.
Below is a guide to protecting your WordPress site, based on
the techniques I have deployed to protect mine.
Why Should I Use WordPress?
WordPress is great for many reasons: it’s simple; easy to
use; has plugins for just about anything; and of course, it’s free. Being open
source has allowed it to be all of these things and has seen it become the most
popular Content Management System on the internet.
Why Attack WordPress?
However, the open source nature and popularity also make it
an attractive target for hackers. There are many reasons why a nefarious actor
may wish to attack a WordPress site, but if you are under attack take some
comfort in knowing that it is almost certainly nothing personal against you.
What Does a WordPress Attack Look Like?
An attack on WordPress can take on many forms, but these are
typical symptoms to look at:
Lots of spam comments, or email notifications
asking you to moderate comments
New content appearing on your site (in the form
of blog posts or pages)
Files being uploaded to other areas of your site
without you knowing
Google or another browser or search engine
flagging your site as dangerous or malicious
Your website loading a lot slower than usual
with no other obvious reason
Your web hosting being suspended or terminated
Your website showing an error like 503 server
error
These may not always be because of an attack and there are
also other symptoms, but if these things happen it should be one of the things
you look for.
Let’s look at how to block the most common types of attack.
How to Stop Spam Comments on WordPress
Spam is one of the most common attacks to a WordPress site.
Typically, spam comments are left by people hoping that they will be able to
get a link back to their own website. While there may not be anything wrong
with this in principle, the problem is that these links are typically to low
quality, illegal, or dangerous websites.
Require Moderation of Comments in WordPress
There are some really simple ways to stop this type of attack. Firstly, requiring moderation of comments before they are approved can help to stop spam. However, this doesn’t always seem to dissuade the spammers, who are typically using software to automate their spamming. If you haven’t already enabled this, you may want to try it first. But you’ll likely need to try another step.
Use Akismet to Stop Spam Comments on Your WordPress Site
Akismet is an incredibly powerful WordPress plugin that has
one purpose, the block spam comments from your website. It is now 15 years old
and claims to block 7.5 million pieces of spam every hour! It has a free
version for people who are not using their website for commercial purposes, and
then a paid version that is £4 per website, per month.
It works by combining intelligence from all of the websites
that use the plugin. This has helped to create a huge database of spam
comments, allowing the plugin to silently delete the rubbish from your
WordPress site before you even see it.
Fortunately, Akismet comes preinstalled with WordPress, you
just need to activate it and then setup a subscription.
Turn Off Comments in WordPress
If all else has failed, you can just turn off comments altogether. This will work great for anyone who is not running a blog that wants or needs engagement, so business websites that are using their blog to showcase their products and no much else.
How to Stop Unauthorised Access to Your WordPress Site
WordPress has some really handy features for integrating
into other software and for letting you manage your site from your phone.
However, if you’re not planning to use these features, or are struggling with
attacks, then here is a way to stop one of the most targeted parts of
WordPress.
What is xmlrpc.php in WordPress?
This system is called XML – RPC (XML Remote Procedure Call),
and WordPress handles it through a file called xmlrpc.php. XML-RPC allows two
applications to talk to each other, and in WordPress it allows you to control
it from other apps. This tool is so powerful it can also be used for attacking
your WordPress site.
What does an XML-RPC Attack Look Like in WordPress?
An XML-RPC attack can be used to brute force the
administrator user accounts. The protocol can be used to send thousands of
attacks in a very short period of time. This is much more efficient for them
than trying to login using the normal WordPress login page (wp-login.php), as
they are able to try hundreds of different passwords with just a handful of
HTTP requests.
This will not show up as much in your connection logs but
will put a lot of strain on your database and cause it to intermittently show
error messages. As well as your site running slowly, you may see these errors
as a result of an XML-RPC attack.
“Error establishing database connection” when trying to access the site (permanent or intermittent).
“Out of memory” appearing in the web console.
“Cannot open the file no such file/directory” appearing in the web server’s error log.
“POST /xmlrpc.php HTTP/1.0” appearing in the web server’s error log.
During the peak of an attack that targeted one of my sites, XML-RPC attacks were hitting more than 5,000 attempts in a single day. 24 hours after implementing some of the security measures listed below, this was the number of attacks the software had blocked.
What Are the Other Risks of XML-RPC Attacks?
Obviously, your site going offline is going to cause you a
lot of headaches and perhaps some lost revenue. However, if you’re using a
service like Amazon Web Services to host your site, you will also be paying for
resources that you really don’t want. Therefore, it’s important to get an
XML-RPC attack stopped as quickly as possible.
How to Disable xmlrpc.php in WordPress
The XML-RPC feature can be disabled directly in WordPress. However, you may wish to go one step further though, and completely block access to the xmlrpc.php file. This will be most effective if you don’t use any software that makes use of the protocol, but you may even decide that disabling it in the short term may help to make the attack go away quicker.
You can disable access to xmlrpc.php on your own server by
using the .htaccess file. Simply paste in the following:
# Block access to the xmlrpc.php file in WordPress
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
# END xmlrpc.php blocking
You can go one step further though. By using Cloudflare, you can completely stop these requests from hitting your server, protecting you from the load on the server. To do this, you first need a Cloudflare account. If you don’t have one, this guide will explain more.
Once you’re up and running with Cloudflare, you can block
access to anyone trying to use the xmlrpc.php file by clicking:
Firewall > Firewall Rules > Create a Firewall rule
When you’re here, type in a “Rule name”, then select “URI Full” in “Field”, “equals” and type this into “Value”:
This blocks the HTTP and HTTPS versions of the request. Be
careful to make sure that you use (or don’t use) www. In your domain name,
depending on whether or not your WordPress site uses it.
Then click “Deploy”.
Verify this has worked by trying to visit the page yourself.
If it gives you a message saying: “Error 1020 – Access Denied”, then you know
it has worked.
Form the Firewall Rules page you can then see how many
attacks your rule has blocked in the last 24 hours. As you can see below, the
xmlrpc.php file can be a very popular way of attacking a WordPress
installation.
How to Block Attempts to Hack Your WordPress Site Through WP-Login.php
The other way to log in to a WordPress site is through the
normal login page that you would use. Because WordPress is such a popular CMS,
it is easy for hackers to find the login page. One of the easiest tricks to
stop this is to move the login page to somewhere else, meaning anyone trying to
access wp-login.php will be shown a 404 error.
You can do this manually, but its cleaner and easier to do
it with a plugin. One of the best and highest rated plugins to use is called
WPS Hide Login. Once installed and activated, you can change the login URL
quickly from the XXXX page.
Just remember to save the new URL. If you don’t you will
find it very difficult to log in again.
How to Block Access to WP-Login.php for WordPress
One you have changed the URL to log in, you can use the same
approach in Cloudflare to block access to the old wp-login.php. Once you’ve
applied the test, be sure to test that it’s working by trying to visit https://YOURDOMAIN.com/wp-login.php
and http://YOURDOMAIN.com/wp-login.php.
If you get the 1020 Access Denied error, then you’re all set.
Why You Should Never Have “admin” as Your Username
From monitoring the attacks on a WordPress site I manage, I noticed that there seemed to be a list of favourite generic accounts that hackers were trying to exploit. None of these accounts existed on this website, so they were not able to get in. However, if you have any of these usernames, you should consider created a new account and removing the old one.
Make Sure You Have a Strong Password
You will get told all the time that you must have a secure
password that cannot be easily guessed. Most websites now require your password
to be at least 8 characters long and contain numbers, uppercase letters,
lowercase letters, and symbols. You should definitely make sure this is also
the case for WordPress.
Also remember never to re-use your passwords elsewhere. If
you struggle to remember lots of passwords, consider using a password manager
like LastPass. This is a service that I have been using for well over 5 years,
and I don’t know what I would do without it.
Also register yourself on HaveIBeenPwned.com. This will tell
you if any of your usernames, email address, or passwords have ever been (or
are in the future) compromised in a data leak.
How to Use Two-Factor Security on WordPress
Another great way of protecting your WordPress user accounts
from being hacked is to use two-factor authentication (2FCA). You will find
two-factor security on many services now, including sites like Facebook,
Twitter, Google, and Amazon.
There are many plugins you can use to protect your WordPress
website with two-factor authentication, however one of the best options is to
install WordFence.
WordFence all-round security plugin for WordPress, featuring a firewall, login protection, and more. Once you install and activate it WordFence, you can turn on two-factor authentication in just a few easy steps.
Advanced users can also use WordFence to block login
attempts from people who guess incorrect usernames or fail to reset the
password of too many accounts.
How to Close Security Loopholes in WordPress
Software can always end up with bugs and weak points that
can be exploited by hackers. That is why your computer will regularly ask you
to run updates. WordPress is no different.
So, to keep your WordPress website protected from hackers
you should always run the updates when it recommends it. These updates will
provide security patches that will close known loopholes, as well as provide
performance improvements and new features. You should do this for WordPress
itself, as well as themes and plugins.
Other Tips for Securing Your WordPress Site
There are always more things you can do to keep yourself
protected. Once you reach a certain level you will likely need to hire someone
to take care of things for you, particularly things at a server level outside
of WordPress.
This is what I have done, although I can make changes
directly to the server, I would rather pay for someone who is an expert to do
it. The risk can be too high if I make a mistake.
However, there are also some more tweaks you can make to
WordPress to increase security, these include:
Remove any plugins that you don’t use
Install JetPack – this is slightly controversial
as it can be a bit bloaty, however it does include some useful security
features
Don’t use pirated (nulled) themes or plugins
Block access to wp-config.php using the same
method listed above
Disable file editing of files by adding define(‘DISALLOW_FILE_EDIT’, true); to
your wp-config.php file
Use encryption by installing an SSL certificate
Change the database prefix (WordPress calls
everything wp_ by default) – it’s easier to do this when you first set up
WordPress, but it can be done afterwards with plugins like WP-DBManager
Regularly backup your site so you can revert
back in the event of an attack
Remove your WordPress version number either
through code, or with a plugin
Success in Blocking WordPress Attacks
After implementing these steps, I managed to reduce the amount of attempts at attacking the site down to just a few dozen each day. This happened very quickly too, as the nefarious people quickly moved on to someone else.
48 hours out, attacks via XML-RPC or wp-login have gone from more than 5,000 to just over 3,000.
72 hours out, attacks are less than 2,000. As you can see, I have refined the rules slightly based on logs in Cloudflare.
A few days later and most attempts have stopped, people have decided not to waste their time.
