How to Secure Your WordPress Blog

in Blogging

When you go through having your blog hacked, you learn a thing or two about how to protect it in the first place. While nothing is foolproof, there are several things you can do to protect your blog from hackers.

1. Choose your passwords wisely. Your WordPress admin password and your FTP password, the one you use to access your blog’s control panel, need to be good, solid passwords. Ideally, they should contain 12 characters and be a random mix of lower and uppercase letters, numbers and symbols. Definitely never use the same password for more than one account, and do not use your email password as your blog password.

2. Change your passwords regularly. Changing your passwords a few times each year is a good idea. Yes, it’s a pain, but it will help secure your blog.

3. Check for unauthorized users. On your blog’s settings, if you don’t need to ask readers to register, it’s best to make sure “anyone can register” is unchecked. If you do allow registration, make sure everyone except you has a “subscriber” role and never an admin role. Many hackers start by adding themselves as an admin on your blog.

4. Keep your WordPress version and all your plugins up to date. Most hackers enter through an old, vulnerable WordPress version.

5. Use only the plugins you truly need. Each plugin is a potential entry point for a hacker. Go over your plugins regularly and deactivate/delete the ones you don’t really need.

6. Install a security plugin. Install the Sucuri WordPress plugin. It will add an extra layer of security to your blog.

7. Back up regularly. Perform a backup of your blog, and schedule future regular backups. I use the Backup Buddy plugin. If you have a recent backup, even if your blog gets hacked and some content is lost, you can recreate it.

8. Sign up with a security service such as Sucuri and have your blog regularly monitored for malware. The annual subscription buys you monitoring, cleanup as needed, and peace of mind.

I realize that not everyone would be willing to pay for services such as blog monitoring and backup, but it all depends on how much your blog is important to you. If it’s just a hobby and you won’t mourn too much if it evaporates, fine. But if your blog is very important to you, whether it generates income or not, I believe it’s worth paying for top notch security and backup. And just to make things clear – I am not an affiliate of any of the services mentioned here, just a grateful customer.

Blog Hacked? Here’s What To Do

in Blogging

My blog was recently hacked. I’m actually surprised it didn’t happen sooner – I’ve been blogging for four years now, and unfortunately this is something that happens quite often. I learned about the problem when I tried to access my blog, and instead reached an alarming red screen where I was informed by Google that my blog is distributing malware and has been delisted from Google’s listings.

A near-heart-attack experience, for sure. But I survived, my blogs have survived, and here’s what to do if it happens to you:

1. Clean up your blog. Go to Sucuri.net and sigh up for the plan that fits your particular situation. For one affected site, you pay $90 per year. This includes the initial cleanup, and then constant monitoring, and future cleanups as needed. My experience with this company was very good – I have several websites so had to sigh up for the business account, and I’m glad I did because the malware was already starting to spread to another blog I own. They cleaned up everything within an hour.

2. Change FTP password. Once Sucuri notifies you that your site has been cleaned up, immediately change the password you use to access your site via the Control Panel or via FTP.

3. Change your WordPress password. Change your WordPress administrator password. The hackers probably have the old password.

4. Clean up users. Check to see if there are other admin users in addition to you. Do they need to have access? If not, remove them. If they do need access, change their passwords as well.

5. Update WordPress. Update your WordPress installation to the latest version. Sucuri told me that most hackers hack WordPress blogs with an old WordPress version, so it’s very important to keep your blog updated. Even if it’s already updated, Sucuri recommends to click on “Reinstall” and overwrite all core files with a clean version.

6. Upgrade your plugins. First, get rid of plugins you don’t really need. Next, upgrade all plugins to the latest version.

7. Install a security plugin. Install the Sucuri WordPress plugin. It will add an extra layer of security to your blog.

8. Back up! Perform a backup of your blog, and schedule future regular backups. I use the Backup Buddy plugin.

9. Clean up your computer. Your blog is now clean, but your computer might be infected, which could re-infect your blog. Run a virus scan on your personal desktop/laptop, to make sure everything is OK. Even if you own a Mac, admittedly less prone to viruses than a PC, it’s best to scan for viruses and malware.

10. Talk with Google. Go to Webmaster Tools. Click on the affected site, then on on “Diagnostics,” and then on “Malware.” Submit your site for review. Fill in the section for comments and let them know that your site was cleaned by Sucuri, and about all the other steps you have taken to make sure this does not happen again.

Next week: How to prevent your blog from being hacked in the first place.

Pinterest

I started paying attention to Pinterest (pinterest.com) when my healthy recipes blog started getting traffic – a lot of traffic – from the social bookmarking site. Pinterest, whose name combines “pin” and “interest,” allows users to share images of things they like and create digital scrapbooks. The “things” that people like and share vary, but [...]

Read the full article →

Social Media Promotions Can Backfire

I have a client that was really into running promotions. We offered coupons, did contests and giveaways, offered discounts, all in an effort to get more Facebook fans. We used the popular – and controversial – fan-gating method, to allow only fans access to our promotions, which encouraged people interested in the promotions to like [...]

Read the full article →

Be Careful What You Wish For

Everybody wants “viral” these days. “Can you create a social media campaign that would go viral?” is a question I get asked almost on a daily basis. We invest in our social media marketing campaigns, and we want them to work. The interesting part is, that you never know for sure what would go viral [...]

Read the full article →

Patience

It’s not easy to put so much work into a blog and various social media accounts, then wait patiently. But you have to. Even if you do everything right – optimize your blog for search engines, promote it via Facebook and Twitter and commenting on other blogs, even if the content you create is truly [...]

Read the full article →

New Facebook Pages Bring Some Interesting Changes – and Challenges

Facebook is rolling out a new design for Facebook Pages. It will become mandatory starting March 30, but they allow brands to start implementing it now. I have implemented the new interface on my own Facebook fan page and for a few of my clients. Aside from the changes in the page design, which make [...]

Read the full article →

Social Media for B2B Companies

Social media seems so natural now for B2C companies. If your target market is consumers, Facebook especially is an ideal platform to communicate with them, and build brand awareness and loyalty with frequent promotions. Contests, sweepstakes, special discounts for fans, coupons- consumers love those (who doesn’t like free gifts?) and social networking sites are the [...]

Read the full article →

When The Comments You Receive Are All Wrong

You start a discussion, maybe by posting a blog post or by saying something on Twitter. You have an agenda, of course – you want to convey a message, and you expect your readers/fans/followers to “get it.” But they don’t. As you read their comments, you realize that they have missed your point entirely, and [...]

Read the full article →

Five Tips for Efficient Social Media Marketing

Social media is fun – and this is good, but it is also bad. While I consider myself very lucky to be a social media consultant, doing something I love, I am also very aware of the fact that once I log onto a social networking site, I can get lost in there and stay [...]

Read the full article →

← Previous Entries