Yes, I am a blogger, have been for a long time and won’t stop a long time ahead. Anybody who pretty much does anything online tend to have a blog; no matter how small. If so, you know what it feels thinking you may wake up one morning to kiss all the hardwork you put in building your blog goodbye.
I was worried last year when a lot of wordpress blogs were hacked due to the Timthumb code (whatever security hole that represents) and other security flaws relating to password protection, theme, etc. Even big companies like DropBox admitted being hacked with passwords that hackers picked or coined outside the site.
As a result, I mapped out a concise protective action steps that helped my blogs survive 2012. And today, as we are all enthusiastic on how much we want to achieve this year, I feel I should perhaps share with you some of the tips that did keep my wordpress blog safe and what I am doing again this year to ensure I don’t lose my sweat to some hacker halfway across the globe.
Start using strong passwords
Most of us manage a good number of blogs and are engaged with several things on the World Wide Web. And we know what admin responsibilities come with such. And in such a scenario, we often take the easy route; using one password and username for all our accounts. This is doing it wrong. Simply thinking that you won’t be hacked isn’t enough to keep you safe. It is safer to have at least one password for an account which must be at least eight characters, comprising of numbers, letters and symbols. If you are worried, create a spreadsheet for them and you will have a place to fetch them when needed.
Keep Up With Updates
There is simply no excuse not to follow up with wordpress updates. The latest versions of wordpress tend to come with more functionality and added security measures adapted to help keep your blog safer. You can get all these features by updating to the newest version.
Think of it this way, when a new wordpress version is released, hackers go to work; trying to detect security holes. And then, just when they are about to succeed, wordpress rolls out a better and more improved version that sends them back to a heavier and more tasking learning curve. Hence to this end, you simply need to be running on the newest version to at least keep away from hack attempts due to common security holes.
Monitor Malware
Have you ever gotten the “unsafe” message when trying to access a website you may have been using before? I got such messages on people’s sites but was never startled as I was when it greeted me on a client’s blog that I personally maintain. The answer was simple, it was infected, and within the next few days we lost a heavy traffic because nobody would love browsing an infected site.
It is therefore pertinent that you find a means to monitor and consistently scan your WordPress blog for malware infections. If you are not tech-inclined, needless to say you shouldn’t just choose a tool that will show you the problem you are having but one that will lead you on how to solve and put an end to it.
Install and Use WordPress Security Plugins
There are certain plugins that will help make your blog safer by implementing certain security measures. Here are those I would suggest:
- WP Security Scan – this plugin will help scan your wordpress installation to identify weaknesses that may give hackers a head start and suggest the necessary actions needed to fix this to make your site less vulnerable. For instance, if your blog is throwing out words on the location of important files and folders like the phpinfo.php, the i.php files or .sql database back files, this plugin will help you to identify and fix this before it escalates.
Similarly, the Wordpress Exploit Scanner plugin will scan and alert you of problem areas in your site; giving you first hand information on what security holes may be up for exploit.
- Wordpress File Monitor – this plugin will keep watch over all your wordpress files and alert you of any changes to them. This is not such a big protection though because the deed would have been done before you get the alert. But for those minor file changes and those that may not pose such a big harm, file monitor is good and will help you know when to step up your security measures.
- Login Lockdown Plugin – in order to give hackers a difficult time trying to access your blog from the login interface, you can use the login lockdown plugin to limit the login attempts. This plugin also has the ability to hide those error messages following invalid login attempts so the hacker stays blinded until he’s timed out.
Over to you now…
…have you taken any security measures this year to help protect your blog? Is any of what you did contained in the list above? If not, please share with us so we can all have a hack-free year.
Image Credit: adopus
7 comments