7 Tips for Protecting and Securing Your WordPress Blog
When you started food blogging, you probably just wanted a fun way to express your creativity online. Who knew that as a blog owner, we have to be in charge of so many things other than content? Probably the most important thing is making sure our sites remain intact. Here are some steps you can take tp safeguard against hackers.
Tip #1 Update to the Latest Version of WordPress
Did you know that Al Gore's blog has been hacked, CNN blogs have been hacked, and these all happened because they used older versions of WordPress. But as soon as these high profile blogs were hacked, the creators of WordPress released a newer version that prevented these kinds of attacks.That's why it's a very good idea just to keep your WordPress version up to date.
Usually when they fix a problem, it's a very-very small and obscure bug and you can upgrade the latest version in just one click. In your WordPress dashboard, go to the updates area and they will tell you either that WordPress is up to date, or that it needs an upgrade. Click that button and you are good to go.
Tip #2 Keep Login Information Complex
Hackers can gain access to your WordPress by simply guessing. By default, when you set up WordPress it uses it with the username Admin, which means that when you login you type in the username Admin and some password. But this is giving the hackers half of the information they already need. If they already know that you are using this Admin, all they have left to guess is the password. But if your username is something like your first name or your first name and your last name, now they don't know where to start. Now they are guessing about two different factors. Create a new user account and name it your first and last name, save it and then delete that original Admin account, which will cut down on a lot of automated attempts.
Tip #3 Have Multiple Passwords
Finally, set different passwords other than your email address or your FTP account. The problem with setting the same password for different accounts is if someone gets access to your WordPress site, now they have access to your website, your other WordPress sites, your email, your FTP, and so on. But if you use different passwords, your other accounts will remain safe.
Tip #4 Run Regular Security Scans
Next, most web hosts in the cPanel area allow you to run a security scan and see if anyone has injected any bad code that may be used to grant an authorized access, send emails, or something like that. Just run that web host security scan and see what comes up, and if anything comes up that looks out of the ordinary or you are not sure of, contact your web host and see what they think.
Tip #5 Install Security Plugins
Install these three simple plugins to WordPress to minimize the risk of hacking and intrusion.
Login Lockdown simply blocks access to your blog if someone enters the wrong password too many times. A very common technique for hackers to get entry to WordPress blog is simply try many passwords over and over and over and over until something works. So login lockdown will block access to someone after a certain number of failed passwords. It's a very simple plugin and it's worth it to install this to make sure that any intruder is now locked out.
Another plugin to install is called HTTPS for WordPress. It encrypts everything that gets sent to and from your WordPress site, including the username and password you use to login. Normally your username and password is broadcasted out in the open. That means if you use any kind of public WiFi anyone else on that WiFi can install a simple plugin and capture every password you type into WordPress. You can either not use unsecured WiFi or you can use this HTTPS plugin which will force you to use HTTPS when logging into your WordPress dashboard, therefore protecting your password from prying eyes.
And finally, the WP-Security plugin scans all your folders for many security vulnerabilities. It checks it for any weak points, any holes, out of date plugins and gives you a very easy to follow list of things that you must do in order to keep WordPress secure.
Tip #6 Install Plugins that are Trustworthy
Anyone can create and upload plugins and advertise them for download. Unsuspecting folks don't know they can be installing malware onto their blog. They can contain viruses that do more damage than just hack your site, but can gain access to sensitive data on your computer. Only install plugins from trusted sources. If you are new to WordPress, stick to plugins you find on WordPress.org. Also, don't install a plugin that came out just yesterday. Install a plugin or a theme that has real reviews.
If you really want to install a plugin not found directory via WordPress, then do a few Google searches and see if anyone has reported security holes or flaws with the plugin. Some plugins are simply no longer updated, but if they aren't a Google search will tell you this, and in that case it's a good idea to stop using it and find an alternative.
Tip #7 Use a Secure WiFi Connection
Make sure to only connect to WordPress on a secure WiFi connection. Sure, it's tempting to hang out at Starbucks, sipping on your $5 latte while you bang out your next blog post. But did you know that when you connect to a website using unsecure WiFi, which means airport WiFi, Starbuck's WiFi, public WiFi, that that network exposes your security. This leaves your site vulnerable to anyone who wants to access it.