- Image by stebulus via Flickr
We all know they are out there, lurking in the dark corners of the Internet, waiting to pounce. Yes, I’m talking about hackers. They can wreak havoc on your blog, even causing total destruction in some cases.
There are ways to protect your blog from potential hackers. These ways aren’t 100% hacker-proof, but they will go a long way in deterring someone. Most of these methods are geared toward those of you on self-hosted WordPress blogs. Self-hosted blogs can be more vulnerable than third party hosted services (i.e. Blogger). So taking steps to secure your site is definitely important.
Backup Regularly
Why this is important: It prevents you from losing all your content in the event of being hacked or some other problem. If you do lose all your content you can simply restore your most recent backup and all your posts and comments will be there. You will only lose the new content you’ve created since your last backup.
How to do it: The easiest way to backup your blog on a regular basis is to use the WordPress Database Backup plugin. This plugin allows you to choose the frequency of your backup. Since I post multiple times a day, the daily backup is the best option for me. Then chose your format:
- Save to server: this will create a file in /wp-content/backup-*/ for you to retrieve later
- Download to your computer: this will send the backup file to your browser to be downloaded
- Email: this will email the backup file to the address you specify
There are pros and cons to each of these methods. If you trust your host and don’t have server problems, then the server option is great. I personally have them emailed to me. I set up a filter in Gmail and they go straight to my Backup folder.
Have Strong Passwords
Why this is important: Hackers use password guessing tools to help them crack your code. If your password is “password” or “123456” or your dog’s name, your blog is not secure. I like to think easy passwords are similar to leaving your front door key under the doormat. Sure, to the unsuspecting person your house is secure but to a seasoned thief, it’s the first place they look.
How to do it: The key to having a strong password is length and diversity. Because of the way encryption works, passwords should be 7 or 14 characters long. Really strong passwords should ideally be 14 characters. They should include letters, numbers, symbols, and be mixed case (upper and lower). If you cannot think of a very secure password on your own, try using Strong Password Generator. Also, don’t use the same password for everything. Things that need to be really secure should have their own unique code.
Update, Update, Update
Why this is important: WordPress users rely on quite a bit of information generated from others. This is WordPress itself, your blog theme as well as all your plugins. The developers of these products often put out updates that fix glitches in their system. When you update, you have the safest, most reliable version of the product. If you’re running an old version, it has known errors in it. Think of those errors as an unlocked window. They might be tiny and it might be really difficult, but with enough persistence a hacker can expose that hole and get in.
How to do it: WordPress is great about notifying you when their platform or many of your plugins have updates. Be sure to update as soon as you are notified. However, not all plugins give you notification. I check mine every few months. If a plugin hasn’t had an update in a while, I check the website to make sure I haven’t missed something. Same goes with your blog theme, especially if you have a very developed one like Thesis. Check their website and be sure you are running the most recent version. Finally, you’ll also want to login to the control panel for your web host periodically and check for updates there.
Taking these steps is a great start to securing your site but I’ll be back with a few more advanced techniques that will help you feel even safer.
Shellie Deringer shares her favorite frugal living tips as well as deals and bargains at Saving with Shellie. A spender at heart, she shows others that saving doesn’t have to mean sacrifice.
{ 7 comments… read them below or add one }
Great post! It’s also a good idea to back up your site files via FTP regularly, as that contains your images, WordPress core files, etc.
Having a regularly scheduled back up is a HUGE relief to a blogger – if something happens, it’s still no fun, but you can breathe a whole lot easier if you know you have a very recent backup.
I recently changed all the usernames on my blogs to something other than “admin”. I think this is almost as important as choosing a strong password, as if your username is the default, that’s one less thing a hacker has to figure out. If you’re username is “admin”, you’ve already given a hacker half of your login!
[Reply]
Debb Reply:
May 23rd, 2010 at 10:44 am
never store your backups online via ftp, recently a hacker not only destroyed my blog but also my backups online so I couldnt restore my blog. download backups locally!
[Reply]
Thank you! I’ve been backing up the hard way. Had no idea there was a plug-in!
[Reply]
Perfect timing on this post! A really popular blog that I read, hosted by a really popular host, was just hacked and crashed. It looks like whole chunks of it might be lost. This was at the top of my “to-do” list!
What do you recommend for pictures? Or, what files should you back up via FTP (like Carrie mentioned).
[Reply]
This is exactly why I love coming here. I feel like this is my one stop shop for Blogging for Dummies. Thanks for always giving great advice! I’ll be passing this along!
[Reply]
My site was hacked last August while I was on vacation. I learned A LOT from that experience, but personally I would STRONGLY recommend you have your back-ups emailed to you at an email address outside your domain. The control panel for my webhost was compromised through spyware on a computer I used so they trashed all the files I had stored out there, including a back-up file. Learn from my mistake and have them emailed to you.
[Reply]
Duh … I’ve been using the WP plugin for wordpress but having it email to my ISP email address. This means it gets included in the backups I run for my computer so I think there’s a lot of duplication there. Think I’ll change the email address to my gmail account, as you suggest. Thanks.
[Reply]
What if you have a blogger account and not wordpress?
[Reply]
The Happy Housewife Reply:
May 11th, 2010 at 3:06 pm
Great question Brooke! I thought you were able to create pages in Blogger now… but maybe I am incorrect. I’ll ask around.
Toni
[Reply]
Mommy Snacks Reply:
May 12th, 2010 at 3:08 pm
You can create static pages on Blogger, you always have been able to. But, now you can create pages with no sidebars too. Here is a tutorial to help.
http://www.bloggersentral.com/2010/02/apply-different-layoutstyling-to-static.html
[Reply]