The number of my I.M. coworkers and new online acquaintances who are ‘getting into blogging’ is growing. Of course not! Regardless of your blogging platform, blogs are simple to create and employ and may be an excellent promotional tool.
Despite their low barrier to entry and potential for boosting productivity, I’ve observed that many blog owners routinely disregard the safety of their sites.
To clarify, I’m referring to WordPress-based blogs in particular. I’ve used Blogger blogs before and am aware of the platform’s popularity, but its limitations turned me off (though I realize that much has changed at Blogger since I last used it).
WordPress is a popular target for cybercriminals and other bad actors because it is an open-source blogging program, meaning anyone can download and use it. While the WordPress crew works tirelessly to improve the script for our use, our blogs will remain stagnant unless we take the initiative to improve them ourselves.
The security of your blog may not be at the forefront of your mind as you fret over the aesthetics of your site, the content of your next article, the number of people who will read it, whether they will subscribe to your RSS feed, etc.
I may encounter more issues with WordPress blog security in the hosting industry than the average person. Did you know that the most common reason for server compromise is users who install open-source programs like WordPress but fail to update them to the most recent versions and security patches?
Hackers can easily hunt for a way in through an old script, get into your blog, access your email accounts, and start sending Viagra and cure for baldness spam emails ‘from you’ and generally get up to all sorts of horrible things.
I’ve lost count of the frantic emails I’ve fielded from blog owners who logged in one day to find a skull and crossbones logo proclaiming that Hound Dog Horris, the Hardcore Hacker, had hacked their site. Great!
To that end, I’ve compiled several measures you may take to safeguard your WordPress blog.
Stay Current
The first and most obvious step toward a solution is upgrading your WordPress blog to the latest version.
When a new version of WordPress is published, most blogs will display a notification in the Dashboard with a link to the download page. You should regularly check WordPress’s site for updates if yours doesn’t. You can also sign up to receive updates by email.
WordPress provides instructions if you’re uncomfortable installing updates via FTP or initially set up your blog with Fantastico in your cPanel and aren’t sure how to install the updates.
Plugins
It is recommended that the active plugins list be concealed. Some plugins may contain known vulnerabilities or defects that can be leveraged to compromise your website.
Now is the time to check your blog… yourdomain.com/wp-content/plugins
You can expect to see a list of all the blog plugins you’ve ever used, along with their installation dates.
Make an index.html file and place it in the wp-admin/plugins folder to conceal your plugins. You can leave this index file blank or get clever and use it to promote something.
Hound Dog Hacker also looks at the version of WordPress you’re running as another indicator of whether or not your blog is hackable.
If you’ve put off upgrading, you might as well use a megaphone to broadcast that you’re ready to be hacked.
How so? So, fire up a new tab in your browser and head over to your weblog. Then, pick View Source, View Page Source, or a similar option by right-clicking your blog’s URL.
If you look at the code, you’ll find something like this approximately ten to twelve lines down.
Today, when I write this article, version 2.6.3 is the most recent, and yours should, too, be on the day you verify your code. However, it’s possible that you haven’t updated to the most recent version, in which case an older one will be displayed. What bad behavior! What a way to invite all the sharks in the area for a nice dinner — dunk your cut finger in water where there are sharks. A little bit of hyperbole, but you get the idea.
Why broadcast that you’ve been too busy to upgrade your blog to the current version or that doing so keeps being pushed to the bottom of your to-do list?
I’ve been protecting my site using a plugin by David Kierznowski that hides the version of WordPress I’m using. Take a look at the source code by right-clicking on your blog.
The plugin requires only a single.php file to be uploaded to your site’s plugins folder and activated using the dashboard’s plugins screen.
Prevent Entry
Hound Dog Hacker’s favorite area to snoop on your site is the wp-admin folder containing your blog’s private information. So, to protect this folder, consider this simple hint…
Launch your computer’s notepad or Wordpad and paste in the following code.
The AuthUserFile is /dev/null.
Authorization Group File: /.suppress>
The AuthName for “Access Control”
AuthType Necessary
prohibit, permit
refute all claims
Permit TYPE to Enter PLEASE ENTER YOUR IP ADDRESS HERE
Your IP address can be found at whatismyipaddress.com if you are unsure.
Then, rename the text file. Access and transfer it to your WordPress installation’s administrative directory.
Those without a static IP address may find this method inconvenient; however, those with an ISP that offers a range can add it.
I’m afraid I have to admit that my IP address changes frequently, but in the past six months or so, I’ve only had to add extra IP addresses twice to gain access.
When I tried to visit the login page for my blog from my laptop, I was met with an error message. Then I realized that my. htaccess file was blocking my IP address. Now, whenever an IP address changes, I have to edit the. htaccess file on my computer and re-upload it. So, your record may potentially look like this.
The AuthUserFile is /dev/null.
Authorization Group File: /.suppress>
The AuthName for “Access Control”
AuthType Necessary
prohibit, permit
refute all claims
Permit TYPE to Enter PLEASE ENTER YOUR IP ADDRESS HERE
Permit TYPE to Enter PLEASE ENTER YOUR IP ADDRESS HERE
Permit TYPE to Enter PLEASE ENTER YOUR IP ADDRESS HERE
I’m crossing my fingers that this has given you some food for thought or at least motivated you to examine the safety of your blog.
Paula Brett is an avid blogger and an expert internet marketer. Most of her clients are first-timers in the field of Internet marketing. You can get the plugin mentioned in the preceding article and others by visiting her blog.
Read also: How to Find a Good SEO Company
