How did you spend your Saturday night? Watching Movies? Drinking? Chillin’ with friends?
Shakin’ Your Grove thing till the sun came up?
Yah… me either…I spent mine dealing with Hackers who were trying to break into one of our blogs. : /
Ahh.. the Glamorous life of a Blog Owner.
So here’s the sitch… Hackers don’t care about your feelings.
They don’t care about how long you’ve worked on your latest post.
They don’t care about how many hours you’ve put into your marketing and social media.
And they certainly don’t care that you think of your blog as a very personal extension of you.
Unfortunately, there are a variety of reasons why someone might want to hack into your blog, some involve money, some may be your rivals, some are even just because they can, but one truth holds firm, regardless of the hackers motivation, if they succeed, you will be left with a huge pile of un-fixable pieces or a hefty ransom to pay. : /
While we don’t pretend to have all the answers on preventing hacking on your blog, (Not even close!) we do, however, have a few things you should ABSOLUTELY be doing to make your blog a little safer and more secure.
7 Easy Steps to Make Your Blog a Little More Secure
The Name of the Game- Change Your Username from Admin to Something Specific (MegaAdminBossLady anyone?) Most sites are going to come with the default username of admin or administrator, and hackers are all in their jolly’s about the fact that the majority of bloggers and site owners won’t change this for simplicity’s sake. This means that if a hacker takes a fancy to your site they are already halfway to opening things up if you leave the default user name. Try to change it to something that is specific and not related to the site title, your name, or your email address.
Little Tip: Hackers will read your blog to find things you talk about often. Don’t make a relatives name, pet’s name, or favorite food or place your username.
Strong and Long – Not only is a tough to guess username important, but a tough password is just as important. Don’t use passwords like “password” (but what about “Passwords?”) or your email or username as these are likely to be the first few guesses that a hacker would make. In the case of WordPress the most common type of attack is going to be a brute force dictionary attack where a computer guesses at the password repeatedly using different word and letter combinations, possibly ones that are related to you or your site. Additionally, if you need to store your password, write it down and keep it in your desk. Never store your password on your computer, and definitely don’t store it anywhere online or on your phone.
Little Tip: For a little password humor with your lesson check out this fun comic from one of our favorite sites, XKCD.
Wordfence – Wordfence is a great tool that allows you to detect malicious software that could be installed on your site by a hacker who is looking to gain additional access to the more highly secure areas of your blog. It can be setup to run scheduled scans of your site and theme to ensure that they are functioning as expected and haven’t been altered by someone without your knowledge. It also rocks at other security measures, like blacklisting known problematic IP addresses, and limiting access to the admin section of your blog (which is super handy when trying to stop Brute Force attacks which have to access your admin panel over and over again.)
Little Tip: There is an amazing lite version of this incredible plugin available for free if you are a small blogger or organization. Just search “Wordfence” in the WordPress plugin directory for more details. ♥
WordPress Security Scan – This free utility is an excellent way to assess the security of your blog if you are running WordPress. This handy little site will scan your blog, detect your theme as well as any plugins that you have on the site (including non-active plugins), and can point out security concerns in both (as well as general security concerns with your site.)
Little Tip: While it’s probably easier to “just skip this step” for now, much like those darn yearly physicals we keep having to take, this is a great way to detect problems before they become a disaster.
WordPress Firewall 2 – This plugin protects against attacks using a simple system to look at inbound requests to your site and determine the validity of the request. It creates a smart whitelist and blacklist based on the IP’s making requests and stops simple query based attacks that could otherwise leave your site vulnerable.
Little Tip: Many of the attacks that can be carried out against your blog are so simple to preform that many people won’t think to defend against them. Taking a few minutes to Download and set up easy plugins like this now, can save you so much time and heartache later.
Back that Thang Up: Backing up your site is essential to your success. BACK UP YOUR SITE. BACK IT UP. BACK, BACK IT UP. I can’t express this enough. I can’t even begin to count the amount of man hours our team has lost due to someone making a seemingly innocent mistake and taking out an entire website in one foul, idiotic swoop. Don’t be the site owner, biting your nails as you walk around the block to cool off. I’ve been there. It’s terrible. Just back up your site every night before you go to bed and you can easily restore your work the next day if something tragic happens to your beloved blog.
Little Tip: Don’t set up your back up through a WordPress Plugin. Back it up through your host WITH THE DATABASE INCLUDED so that if your site is disabled you can still access your restore data. (If you’re not a techie, just talk to you’re hosting provider and they will walk you through it. ♥)
Gotta Keep ’em Updated: So here’s the thing, as a blog owner, The Kardashians aren’t the only thing you should be keeping up with, you gotta keep up with those WordPress updates too hunny. Always Update Your WordPress to the Newest Version (Plugins too!) to Prevent Security Breaches, and fix the latest bugs and software flaws that WordPress has discovered.
Little Tip: I like to Upgrade my at night after pulling down a copy of all of the sites, that way, if something goes wrong, I can fix it before a ton of my users see just how lame I really am. ♥
Do you have any great Plugins to Protect against Hackers? Share the Scoop. ♥