In the previous part we had a look at How to brand your blog. Brands are memorable and relatable hence branding your blog ensures that you can make it into something big, that people not only like reading and sharing but take pride in being a part of.
Today we will be looking at how to secure your blog. Most bloggers are very lax about securing their blog. This stems from lack of knowledge about blog security and lack of understanding of the repercussion of a compromised blog security.
When you log into your blog one day and discover all data gone, or some malware inserted into it, or God forbid you are unable to log into your blog because it has been hijacked, that's when you might wake up to blog security.
DO NOT WAIT FOR A SECURITY BREACH TO HAPPEN TO YOUR BLOG
Act now!
What you will Learn:
- 8 Action you need to take right now to Secure your blog
- 3 Ways in which You creating Security risk for your blog
- 3 Plugins to help with your blog Security
- 3 Tools to Monitor your site regularly
- Backing-up Your blog
- 3 Back-up Options for your blog
- What exactly to Back-up
- Conclusion
Here we go!
Step 11: Securing Your Blog
Blogs are highly prone to being attacked, hacked and spammed. Even the best bloggers have had to face blog security issues. Since WordPress is the most popular blogging platform, usually it faces most number of threats as well. More and more viruses, malicious scripts etc are designed everyday to specifically attack WordPress blogs.
Even other blogging platforms are prone to attack by sneaky individuals looking to hijack your efforts. This makes Blog security a important issue. If so far your blog has not faced any security threats, awesome. This is a good time to ensure that your blog is doubly secure from all potential threats. For those of you who have faced blog security issues, do not hesitate to invest in security provisions.
A money making blog if hacked, or spammed can immediately tank out of Google ranking, losing all your traffic and income source. It can be a massive setback for those of us who look up to blogging as their main income stream.
8 Action you need to take right now to Secure your blog:
- Password:
- Keep your Passwords complicated. Like really complicated, with all the weird characters and stuff. (Make sure you can remember it though 🙂 Simple and clean passwords are easiest way for unscrupulous elements to make into your blog
- Change your password frequently. Imagine your blog to be your bank account. How frequently do you change its password? How complicated is your banking password? and how safe do you keep that password. Give same amount of importance to your blog password too.
- Keep it Private:
- Do Not Login to your blog from public PC, & open wireless networks. You never know who might glean your login information.
- Plugins:
- Before installing any plugin read thoroughly its permission and security requirement. When installing 3rd party plugins look out for trusted providers.
- Update all your plugins regularly. Non-updated plugins crate security risk by leaving an opening for attackers.
- Administration:
- Once your blog is up and running create a new login account and delete the original “admin” account. This will protect your blog from the threats that have developed to target the regular “admin” account.
- Apart from the regular “admin” account, the regular admin login page is another security threat. Most blogger continue to use the regular http://yourblogname.com/wp-login.php page. This page is easy for hackers to target via bots, since it is known to them. hence always change your login page URL ASAP. For doing this you can use a nifty plugin ‘Custom Login URL’ for doing this. You can also achieve this by editing your WordPress CSS, however that's best left alone unless you know your coding well enough.
- Ideally you should be the only one accessing the admin area of your blog. However in case you have group of writers collaborating, or you provide posting access to guest poster, make sure you provide limited access only. And once the task is completed disable the accounts.
- IP:
- If you do not change your ip frequently, consider blacklisting all ip except those that you use. This will secure your website strongly against any login attempt by anybody else. For this:
- Go to the wp-admin folder of your WordPress installation and opening the .htaccess file.
- Add this code anywhere in the file and make sure to add your IP numbers in place of “YOUR IP NUMBER”. You can find your Ip Number by simply typing in Google “find my ip”
- If you do not change your ip frequently, consider blacklisting all ip except those that you use. This will secure your website strongly against any login attempt by anybody else. For this:
order deny,allow
deny from all
# whitelist home IP address
allow from YOURIPNUMBER
# whitelist work IP address
allow from YOURIPNUMBER
[/sourcecode]This will allow login attempts from your whitelisted IP only.
6. WordPress Version:
- Hackers have it easy when your WordPress version is openly displayed for them to know and track vulnerabilities. By default WordPress is set to display which version your blog is running on. To make it difficult for the hackers you should remove the default display from your blog. To remove it,
just login as admin and go to Appearance > Editor > Functions.php
add this line of code at the end before the closing ?> tag-
remove_action(‘wp_head', ‘wp_generator');
7. Pings:
- Do not allow Pings. Since by default Ping is enabled on every wordpress site, you need to manually go to the “Settings” section and disable link notification from other blogs. Pings while help make your blog look popular then also open your blog to be used in DDOS attacks. Since blog popularity can be achieved in other ways too, I prefer to disable pings, so as to secure my blog better.
8. Keep it Clean:
- Delete unused plugin, themes, apps everything. Do not keep unused stuff on your blog, this provides unnecessary invitation to hackers, who might explore the vulnerability in these unused tools. Very frequently unused tools become obsolete or might require manual updation which you might overlook. This creates even more greater security risk. Hence clean up the junk promptly.
3 Ways in which You creating Security risk for your blog:
Are you guilty of opening your own blog upto security threats. Yes you might be! While I'm sure it’s completely unintentional but it still might be happening. To improve your blog’s security you can make sure that you pay attention when undertaking any of the undermentioned 3 tasks. This will ensure that you do not unknowingly compromise your blog security.
- Quoting Text – Whenever copying text for quoting in your post/article, make sure you check the HTML. You might pick up some viruses or malicious scripts unintentionally.
- Images – When adding image to your blog, make sure they come from trusted sources. Always check HTML of images from external sources. Work with images from trusted sources only.
- Ads – Your source of revenue can also be your source of misery sometimes. Advertisements are particularly prone to attacks. Make sure you work with trusted ad providers only.
3 Plugins to help with your blog Security:
- WordFence – Most popular, since its Free and acts as a multipurpose security plugin. Scans file system for vulnerabilities, reduces amount of request to database and much more. You can even setup a dedicated free Gmail account and get the plugin to email the backups to you! Gmail is great for storing your site backups!
- CloudFlare – They provide limited free service. You can upgrade for more features, however the free package is good enough for most blogs. Since this works on DNS level it is a excellent security system. Not only does it provide protection against DDoS attack but also improves page load time and website performance. Paid version comes with inbuilt Firewall protection.
- FireWall – OSE Firewall This will act as extra layer of security, protecting your website from any attacks via SQL/Java injection. These are one of the sneakiest form of attacks on your blog, and can cause tremendous damage is you are suing your blog for making money.
3 Tools to Monitor your site regularly:
- Sucuri – Great free tool to scan your website for any malware and security issues. It checks your website for Malware, Injected Spam, Defacements, we well as website blacklisting and firewall protection. Use it on regular basis to scan your site and monitor its health
- Pingdom – Is a great monitoring tool. You can use it for monitoring any changes as and when they happen in your website. They also offer free mobile app which will help you monitor your sites on the go. Since they offer paid plans only, I recommend it for bigger bloggers who might have more than 1 site to manage and monitor. For such bloggers, Pingdom is perfect match.
- Change Detection – This one is for smaller bloggers. For those of you who are starting out with blogging, this is a good tool. It is not as expansive as Pingdom, it only monitor's page for text change. You can set alerts on this tool for your blog pages, and stay informed if any changes are made to it.
BACK-UP Your Blog
This is not a direct part of securing your blog, but it is the fail safe mechanism of blog protection. In the event of your blog security being compromised inspite of all your security measures, your blog back-up will help you tide over the bad times.
Apart from security, many times plugin installation or theme changes might render some portion of your blog inaccessible or make some parts disappear. For all such eventualities blog back-ups are a boon.
Your 3 Back-up Options:
- Auto – Backup: Many hosting companies provides Auto-Backup of your entire blog, content and directories all inclusive, check if your host offers this service.
- Backup via Plugin: Install a plugin for conducting regular auto-backup of your blog. Such plugins will automatically backup your blog on schedule, send you an email informing of the backup and also allow you to choose which data to backup and where. This will save you lot of hassle and allow you to focus on maintaining your blog. I work with BackWPup. This is a free plugin, provided by WordPress itself so its safe too. You can read more about blog back-up plugins in my 30+essential blog plugins post
- Manual backup: This is always an option, although this will require you to create a schedule and ensure that you strictly adhere to it.
What to Back-Up?
You blog is broadly divided into two different components with each storing different set of information. For a complete blog backup you need to backup both these components.
This way you will be able to restore your entire blog exactly as it is anywhere anytime by just a click of button.
- Database: where all your page, post, setting, comments etc are stored.
- Files: where your media, attachment, themes and plugins are stored.
Most new bloggers due to lack of knowledge back-up only the database. Database consists of the critical data hence its back-up is essential, however in case of any eventuality when you need to use the back-up you will not be able to reinstall your old blog setup exactly as it was without the help of files. Hence always ensure that you are backing-up both the components on regular basis.
Conclusion:
This brings us to the end of this step. Securing your blog is very important step and you should implement this as soon as your blog is up and ready for use. In the next post we will be looking at one of the most exciting part of this series, blog monetization options. Until next week make sure your blog is in ship shape and ready to earn you some money. See you next week. Happy Blogging 🙂
Also Read How to Protect your WordPress Blog with All in One WP Security Plugin?