Don’t kid with your blog’s security
You don’t want to give any of them the smallest chink to penetrate. Your blog security should probably be the numero uno concern for you. Content creation and promotion is a vital part of blogging, but it is all meaningless if your blog is susceptible to compromise by every hacking Jack that pops up. A serious hacker attack can destroy everything you have created.
Here’s a small list of some absolutely essential security steps that you should take up.
Backup for your Life!
Computer hackers and security systems are like cops and robbers. The bad guys are always working to keep a step ahead of the good guys and the good guys are always working to catch up. It is an accepted fact that if a hacker is targeting a certain computer, he is going to succeed if he is determined enough. Translation: there is no fail safe website security system. You just try and sort out all of your website security issues and hope for the best.
You prepare for the worst: you set up your systems. Your site should have a data backup system, and you should be backing up your site frequently – preferably daily.
With backups, you can get back online with all of your contents even if your site has been totalled by some invader. It may take you some hours or even a couple of days, but you can pretty much restore your site to what it was before it got ravaged.
And when you do backup, maintain your backup files in at least two locations. The two locations should be independent of each other. One way you can achieve this is to set up your data backup system so that you get your backed up files sent to your email address. This is a great option, because your email is not stored on your computers. The other back up site would be your computer. You can also save your backup files to both your desk top and your laptop computers. You can use a CD or a pen drive (USB flash drive) for your spare backup files.
Customize Your User Identify
Most computer hackers use the brute force method to try and penetrate your website security. They try to guess your user name (admin name) and then use scripts that are programmed to try out thousands, maybe tens of thousands, of combinations to crack your WordPress password.
WordPress gives you the default user name “Admin”. Obviously, if you stick to this user name, you are just making it easier for some would-be hacker. The second thing you do after installing WordPress is to change the user name from “Admin” to something else of your choice. The first thing while installing WordPress, of course, is to use the WordPress password reset function to set up a password that is a tough nut to crack.
Changing your user name is child’s play. Create a new user with “Administrator” privileges for your WordPress account. Log in as this user, and delete the original “Admin” user.
Never give your user name and your WordPress password to anyone—anyone at all. If something like this happens by mistake, lose no time in setting it right: get your WordPress password reset.
Cloak Your WordPress Version
Geeks are fond of repeating “security through obscurity” like some kind of a magic mantra. The reasoning behind this mantra is obvious: the less a person of ill intentions knows about your server or the programs you use, the harder it will be for him to do you harm.
Make a note of this: WordPress lets everyone know—that means the bad guys, too—what version your blog is using by default. The bad guys are aware of the security gaps in each WordPress version, and thus, knowing the version your blog is using is one security point breached for them.
You can overrule the WordPress default and hide your blog’s version easily enough. You must disable the “Generator” meta tag. You do this by adding some code to the functions.php file of your theme. You access the functions.php file of your theme by logging into your WordPress account and clicking on “Editor” under “Appearances” in the left hand column. The functions.php file will be on the right hand column of the page you are led to.
Here is the code you add to your functions.php file:
Computer hackers can access your WordPress version elsewhere, too. That is the readme file that all WordPress installs include. Delete this file at your server using your FRP program.
Disallow Folder Browsing
The contents of your folders are other weak points. Your folders can provide potential hackers with a lot of information they can use (misuse?), like details on your plugins and your themes.
If you are using Linux-based web hosting, it is easy to disallow folder browsing with a .htaccess file in the root of your server. You can create a new file, or you can add the following to your existing file:
If you are not using Linux-based hosting, uploading a blank index.html page to each folder will protect the contents of your folders.
Keep WordPress Updated
At all times, make sure you are using the latest version of WordPress. As open source software, WordPress source codes are public, with access available to one and all. Source codes are one place that hackers look in for security gaps.
Whenever security gaps are found in the WordPress source codes, WordPress usually loses no time in coming up with counters to the threats by releasing updated versions with the gaps sealed.
Thus, it is logical that if you always keep your WordPress updated, you are reducing the possibility of some hacker breaching your website security.
The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had. – Eric Schmidt
Filed under: An Introduction to Blogging
Like this post? Subscribe to my RSS feed and get loads more!