Category: Top » Internet » Blogging »


Author: IMGuides | Total views: 243 Comments: 1
Word Count: 1190 Date: Wed, 11 Mar 2009 7:56 AM

Hot Tips to Keep Your Blog Safe and Secure

More and more of my I.M. colleagues and indeed new people that I meet on line are `getting into blogging'.

And why not? Blogs are relatively easy to produce and use, no matter which platform you choose, and they can be a brilliant tool for internet marketers.

However, no matter how easy they are to install and use, and no matter how helpful they can be to your business, the one thing that I've noticed more frequently is that many people are neglecting the security of their blogs.

Now I'm actually talking in particular about Wordpress blogs here. Yes, I have used Blogger blogs in the past, and I know that many people swear by them, but I found Blogger a bit too restricitive for my liking (though I understand that things have changed a lot at Blogger since I first used them).

Because Wordpress is an open source blogging tool, meaning that it's free and available to everyone, it's a prime target for hackers and ne'er-do-wells.

Of course, the Wordpress development team are tireless in constantly working on the script for our benefit, but none of this is any use if we don't actually get up off our backsides and do a bit of work on our blogs behind the scenes.

It's par for the course to worry about your blog theme, your next blog post, your readership, attracting subscribers to your RSS feed etc. etc., but do you actually think very much about your blog's security?

I suppose that I might perhaps see more Wordpress blog security problems than most, being in the hosting business.

Did you know that probably the biggest cause of server compromisation is actually people who install Wordpress blogs and other open source scripts and don't keep them up-to-date with the latest versions and patches?

Hackers find it easy to search around, find a way in through an old script, hack your blog, access your email accounts, start sending viagra and cure for baldness spam emails `from you' and generally get up to all kinds of nasty things.

I can't tell you how many panicky emails I've had to answer from people who've logged into their blog one day and have been smacked in the face by a skull and cross bones proudly proclaiming that their carefully crafted, lovingly nurtured blog has been hacked by Hound Dog Horris the Hardcore Hacker!! Great!

So I've put together a few suggestions that you might like to implement to help keep your Wordpress blog `safe'.

Keep Up-to-Date

First of all, the most obvious fix is to ensure that you keep your blog up-to-date with the latest version released by Wordpress.

Most Wordpress blogs display a little warning in the Dashboard that tells you when a new version is released and a link for you to click to download it. If yours doesn't, then it's worth checking the Wordpress website fairly regularly for updates. They also invite you to sign up for email notification of updates.

If you feel a bit daunted installing updates via FTP, or you installed your blog initially using Fantastico in your cPanel, so are not sure how to install the updates, Wordpress offer quite a good set of instructions for this.

Plugins

It's a good idea to hide the list of plugins you are using. Any known vulnerabilities and bugs that may occur in some plugins can be used as tools to harm your website.

Check out your blog, now... yourdomain.com/wp-content/plugins

The chances are, you will see the full directory of all of your blog plugins, and in some cases, the date they were installed.

To hide your plugins, simply create an index.html file and upload it to the wp-admin/plugins folder. This index file can be blank or you can be really creative and add some promotions to it.

Another way that Hound Dog Hacker uses to determine whether your blog is furtile ground for hacking is to check which Wordpress version you're using.

So, if you're one of those that has put upgrading on the back burner, then you could be announcing that you're ripe for a hack harvest with a huge magaphone!

How so? Well, go to your blog... go on, open a new tab in your browser and type in your blog's url. Then right click on your blog with your mouse and select View Source, View Page Source, or similar, from the drop down menu.

Check out the coding... about 10-12 lines down, you will see something like this

The plugin is merely one small .php file that you upload to your plugins folder, and then activate it in the usual way in the plugins section of your Dashboard.

Block Access

A folder that Hound Dog Hacker likes to have a good old nosey around on your blog is your wp-admin folder - this is the storage place for all your blog's most sensitive data. So here's a quick tip to secure this directory...

Open notepad or wordpad on your computer, and add the following code:-

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
allow from TYPE YOUR IP ADDRESS HERE

If you don't know your IP address, you can find it here whatismyipaddress.com

Next, save your txt file as .htaccess and then upload it to your wp-admin folder.

NOTE: This method might be a pain in the neck for you if you don't have a static IP address, however, if you are with an internet service provider that has a range, you can add the range.

I have to say that my IP address isn't static BUT, I've only had to add extra IP addresses twice in the past 6 months or so, to allow me to login.

I did wonder why, when I went to my blog login page whilst on my laptop that I was denied access... doh, then I realised that my .htaccess file was denying me access from this computer.

I now keep the .htaccess file on my desk top and just add an IP address, if and when it changes, to the file and upload it in seconds. So your file might look something like this

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
allow from TYPE YOUR IP ADDRESS HERE
allow from TYPE YOUR IP ADDRESS HERE
allow from TYPE YOUR IP ADDRESS HERE

I hope this has helped give you some ideas, or at least galvanized you into taking a closer look at your blog security.

About the Author

Paula Brett is a writer and internet marketer in several niches. She works mainly with newcomers to internet marketing. You can check out the plugin mentioned in this article and other free downloads her blog




Related to: , , ,

Rate, comment or bookmark this article

Seed Newsvine

Rating: Not yet rated

Bookmark this article in your preferred program
AddThis Social Bookmark Button

Comments RSS

Wed, 11 Mar 2009 at 12:56 PM, by Alanna
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

Alanna

http://www.craigslistsimplified.info

Add Comment

Your Name:


Your Email:


Comment

Enter the code shown

Visual CAPTCHA


HTML code

Popular Articles in this cathegory

1: Key Elements to a Successful Blog
Everyone who starts blogging would like to become successful. Success can be achieved and interpreted in different ways. Most bloggers are inclined to measure success by the number of traffic or visits generated by their blogs while some bloggers claim themselves successful when they effectively monetize their blogs. However you define and measure success in Blogging, Blogging Mix will be a useful concept for bloggers who aspire to become successful.

2: How To Write And Tag A WordPress Blog Post
Writing a Wordpress blog post is pretty straight forward. Tagging a WordPress blog post is the extra step to get more traffic, higher search engine listings and page rank.To get started click Write on..

3: Micro SD enable your Nintendo DS... Now with an R4 or R4i adapter!
WOW!
Micro SD enable your Nintendo DS, DS Lite and now DSi... with an R4 or R4i adapter!

For all the latest in Nintendo R4 card information logon now @ http://www.r4card.com.au/r4-r4i/

Get Gaming rangers!

4: Google Blogger Addons To Take Your Blog From Fit To Fab
This is a list of dozens of fun and useful addons for Google Blogger blogs

5: Product Review: DIY Thesis Theme For WordPress From Chris Pearson
The search for a WordPress template can drive you mad. Finding a professional, customizable, supported and properly coded and tested theme is hard to find. DIY Themes introduction of Thesis Theme by Chris Pearson, of Cutline fame, solves these issues and many more. Read a product review.


Creative Commons License
This article is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
Spanish taslation
Main menu
Welcome Guest
Bookmark this page
AddThis Social Bookmark Button
Subscribe to this Feed
AddThis Feed Button
Resources

SEO Stats powered by MyPagerank.Net
Categories


Pay Per Click Ads by Pay Per Click Advertising by Kontera