Blog security is often overlooked by many bloggers, but is a very important precaution to take. There are many things you can and need to do to protect your blog, and Melvin will go over a handful of some important security tips.
One thing that almost all bloggers are not paying attention to when starting their own blogs is its security. Most would just go with setting one up, then brainstorming ideas on each blog posts, thinking of a good design and so on. Blog security is something that is oftentimes overlooked.
A lot of bloggers run their blog through WordPress and that’s why most hackers and geeks are also busy finding flaws in it. Today I am going to make a short list of ways to make your WordPress blog more secure. Read on:
- Get a Strong Password – Believe me or not, 70% of people don’t get this done (including me). There are tons of password-breaking scripts that can easily break you’re pass if it’s not that strong and easy to guess. Getting a strong password doesn’t just protect your blog, it gets the job done 50%! You might want to check out an older article here, on how to make a really strong password.
- Protect your Wordpress Directories – I recently made an article on my blog on how anyone can sneak into your wordpress folders without you knowing it. Surprisingly a lot of bloggers don’t seem to mind it. You can easily protect your folders by including the line
Options - Indexesin your .htaccess file - Keep your database user name and password secure – You can do so by adding
<FilesMatch ^wp-config.php$>deny from all</FilesMatch>into your .htaccess file. What it does is simply protect your account in case of a server error. - Update your plugins! – A lot of people are too lazy upgrading their own plugins. Remember, plugins are updated mostly for security purposes and if you have yours not updated, then expect it to cause security problems to your blog.
- Backup your Database – Making regular database backups for a blog is a must. For me I do it everyday and it’s really helpful just in case everything goes wrong. WP-database plugin is one tool I would really recommend.
- Protecting the WP-Admin Folder – Having everything listed above is not enough. Protecting your admin folder should also be a big concern as well. Most hackers use brute force attack to guess the correct login details for the blog. You can prevent it by installing a plugin called “Ask Apache Password Protect“. The plugin just simply adds a 2nd layer of protection by requiring a username and password to access any in the admin folder. It uses an advanced technique of encrypting your password in .htpasswd file and rewrite the .htaccess without messing it up. The tool is a must-have for everyone.
- Wordpress Should be Up-to Date – Having your wordpress version up-to date is a no brainer. Like updating plugins, updating wordpress itself is crucial because it eliminates security flaws from the previous versions. Wordpress Automatic Update plugin probably will get the job done right for you.
Having a blog with nice content, lovely design and active community is great. Securing a blog is another story though. So make sure everything is secure with your blog so don’t need to worry about getting it hacked. Remember a blog cannot be profitable if it has a lot of security flaws.
Photo by Rafael López Diez
{ 25 comments… read them below or add one }
Oh thanks for this post! This is really going to help me a lot since I know nothing about blog securities.. =p
Teeth Care’s last blog post..How Oral Irrigator Helps To Keep You Mouth Clean
Wow! I didn’t realize there was so much I could do do protect my blog. Thank you very much! I will check those plugins out today.
Gordie Rogers’s last blog post..Bootstrapping Vs. Outsourcing Vs. Partnering. Part 1: Bootstrapping
Yeah, it’s pretty amazing how people figure out ways to hack into a site. Lucky for us, the guys at WordPress aren’t idiots!
Those are great pointers, but you may have missed the most important aspect of blog (or any website) security…the web host. Many a times, your blog can be accessed unauthorized just because your host cared less to implement server hardening securities. You can do all those above, but if someone can access your master host settings, any precautions are not enough.
Forsaken – Domain Marvelous’s last blog post..How to Overcome the Nightmare of Godaddy Domain Registration Process
Very good point, a lot of people will usually just blame their weak password or something as a cause of getting cracked when the real culprit is the host. Not something that many people would even think about.
Great post Melvin. But I wonder what’s the use of backing up your blog every day..
Harish | Blogging Kid’s last blog post..What Did I Learn From My Blogging Experience?
I don’t know either, LOLz.. But you see theres an option in the backup plugin wherein every backup would be sent straight to the email, now since most email handlers are unlimited in space i won’t mind getting spammed w/backups. the other thing is that as much as possible you would like to load the LATEST backup in case your blog gets down..
Melvin’s last blog post..Monetizing ‘Make Money Online’ Blogs
Understood Thanks Melvin
It’s better to be safe than sorry, right?
You don’t really need to backup your site everyday. However, it is a good measure to keep a fresh copy of your site with you, you know, in case something goes horribly wrong. I’ve been there, so I know what I’m talking about! Keep a fresh backup with you always!
Héctor | SEO and Blogging’s last blog post..What Does It Takes To Be A Good Blogger?
exactly… its bad to have an outdated copy w/c loads the first post in your blog..
Melvin’s last blog post..How ‘Not’ to Have a Successful a Guest Post
Wow … I knew there were areas that needed tightening with Worpress, but I had no idea there were as many.
The plugins you mention are a great time saver as well. Often times I’m spending so much time trying to locate the right plugin for the right job.
Your post will certainly save me a lot of time.
Thanks … Scott – @ScottProk
Scott Prock’s last blog post..@kbairdmurray Sparks Conversation With Simple Question
Thanks for stopping by Scott. Yeah, I don’t know how people come up with these vulnerabilities.
My paranoia had me getting dialy backups until I got sick of all he unnecessary emails..now I’m oce per week.
I’m also guilty of upgrading versions only when i feel it is absolutely necessary – I went from 2.3.3 to 2.6.5. lol
The reason for this is, most new versions are so damn buggy, they provide more problems then hacks.
Dennis Edell’s last blog post..100 Strategies Book Review FollowUp – I Name Names!
I backup this blog every day. I’ve spent way too much time on this blog to have it ruined, and if taking the time to click one button and get one email every day means that I can easily restore if anything happens – then I’m going to do it.
I realized that too Dennis, it’s smarter to wait for the bug fix release than to just go in and get the totally new version. I didn’t do that with WordPress 2.7, but I am going to for sure with the upcoming 2.8 (which is in Beta 1).
Very informative post and I don’t realize that it’s a need to secure my blog before. Now, I changed my mind and will take safety precaution ways as mentioned above. Thanks again.
hey guys glad you find this post informative and helpful…
Melvin’s last blog post..Monetizing ‘Make Money Online’ Blogs
One thing which I really like about your blog is selection of photos. Your photos will be able to tell everything what you want to tell.
Certainly another on target posts and informative and useful. Lets give Hi5.
Thanks! We try to pick some really cool, and even metaphorical photos to add onto each of our posts. We put a lot of effort into our posts (at least I do).
*Hi5*
Great post guys. I’m not all that familiar with WordPress….I need to get into it!
Zulu Internet Marketing’s last blog post..Not quite real-time search…
Wordpress is really easy to get into, you will get the hang of it in no time for sure.
I like to think my blog is secure but there is only one way to find out I guess.
I am prepared for any security breach though. I back up my database & theme daily.
Dean Saliba’s last blog post..Follow Me On Twitter
Thanks for your nice and wonderful tips, I defiantly follow your instructions and advice on my personal blog.
Great post Melvin. Too many bloggers overlook security. Thanks for the information.
I will make sure to check out your blog.
Jake| Web Journey’s last blog post..Why I Choose My Domain
on my list of things to do:
*change password more frequently and don’t use ones that can be figured out easily
*protect my wordpress directories.
You are so right, I overlooked my site’s security. But now i’m a little paranoid so i’ll make sure its all safe!