5 ways to protect your blog

Over the last day, I can count on both hands the number of photographers I have heard of sites being hacked.  The biggest fear is losing your site completely … and not being able to recover it, right? Because two of my recent clients can tell you, sometimes even your web host, cannot help you save your site.

So let’s figure out some ways to safeguard your site from an impending attack:

1. Update WordPress

I truthfully cannot tell you the number of clients I book where,  upon entering their site, I see they are running an older version of WordPress.  They push these updates for specific reasons, so please do not take it lightly and update your WordPress. While you may be scared to do it, click the update and JUST DO IT!  Well, first, follow step 2 and then do it.  You are given two options – to upgrade automatically or do it via WordPress download.  Choose to upgrade automatically and as long as your PHP is running the right version, it will do it automatically.  If you run into a problem where it fails to upgrade automatically, chances are it is due to the version of PHP you have chosen (or defaulted to).  It can be easily remedied via your Cpanel or shoot your web provider an email and they can do it for you.

2. Back up your database AND your site.

There are many ways you can do this – from downloading your mysql database to installing a plugin to make it easy.  I’m a fan of keeping it simple so install the plugin…. you can thank me later!  The easiest plugin I found (and the one Prophoto recommends too) is one called WordPress Database Backup (search for WP DB Backup).  First install it and then activate it.

 To configure it, you would visit: Tools → Backup.  For me, I initially downloaded my backup and had it sent to me via email.  I then scheduled it to be sent to me via email weekly.  It sends it to me as a .zip file with my database inside.  I keep it on file until the next week when it sends me my next one.  From there I delete last weeks + will save the newest one.

 

Within Prophoto, there is the option to save and download your actual template.  It will save the configuration of the whole template – from the backgrounds to the configuration of the menus.  To download the template, all you need to do is visit Prophoto 4 → Manage Designs or Appearance → P3 Designs.  From there, choose the option for the highlighted design of ‘EXPORT.’  Save the template to your computer for future use.  Make sure you do this each time you make any tweaks to your site and just overwrite the one you have saved.

3. Don’t use ‘admin.’

When given an option, I’ve named the ‘admin’ username another name  and never use publicly the ‘author’ function that lists the username to avoid this.   To switch it up so the username is not what is shown, visit Users -> All Users + hover over the name.  The ‘edit’ option will show up + from there, you enter in all the information within the profile they request.

First click save and then go back and change the ‘Display name publicly as’ option to something OTHER than your username.

4. Change your password often and use UNIQUE ones.

Check out the 25 most popular (and worst) passwords of 2011.  Is your password on the list?  Do you change your password frequently?  My bank and some credit cards make me change my password every so often.  So while your WordPress blog might not remind you, it might be a good idea to change it.  Don’t use your kids names, dogs names, spouse names etc.  They are just as popular as some curse words mind you.  There is a reason why some sites are now requiring 8 characters, a mix of lower and uppercase, and at least one number.   This is much harder to break than using your kids names.  Trust me.

5. Know your Plugins, update them and hide them.

Do you know where your plugins came from?  Do you trust the author?  Are there security issues that will make your site vulnerable?  Read the reviews and user comments.  Check how many downloads they have.  Make sure you get them from a RELIABLE author.  Update them frequently to ensure that you use the most up to date ones (See a pattern here? Update, update, update!  I feel like I’m repeating Marcia, Marcia, Marcia!!)

Limit the number you install.  Often, the more you install, the more problems you can have with your site.  I recently had someone contact me with the problem that their comment authors no longer had linked URLs.  Turned out a plugin that was supposed to help with SEO actually removed the links.  Go figure.

Can anyone view your plugins?  Visit your plugin folder (or try to).  If you can see the plugin directory, you are opening yourself up to problems.  To check it out, add this: wp-content/plugins/ to the end of your site URL.  So for my site, it would be: http://courtneykeim.com/wp-content/plugins/.  If you can see a list of your plugin folders, you are open to problems.  Add a blank index.html file to the folder so you ‘hide’ your list.

While this is not a comprehensive list, hopefully it can help some people out there keep their sites just a little bit safer.

About the Author:

Courtney captures her every day with a Canon 5d mark II and varying lenses in a classic yet modern style. Residing in Atlantic City with her surfer husband, princess-clad daughter, and firetruck chasing twin boys, Courtney is a “self-proclaimed science geek” spending her days as a Chemistry and Physics teacher and her off time as a photographer.

20 Comments

  1. erin cobb May 09 2012 at 7:41 am - Reply

    So awesome Courtney…thank you for the tips!

  2. Colie J May 09 2012 at 7:47 am - Reply

    thanks Courtney!

  3. celestejones May 09 2012 at 8:04 am - Reply

    thank you for this. i'm always to afraid to upgrade, b/c i don't know what i'm doing.

  4. Nadia May 09 2012 at 9:09 am - Reply

    Thanks for tips! I'm off to change my password.

  5. Laura May 09 2012 at 10:13 am - Reply

    Great info, thanks so much! One thing I wanted to add — there have been a bunch of studies recently suggesting that changing passwords frequently can actually cause more harm than good because people then tend to make simpler passwords or write them down/save them on their computers. Having one REALLY good password (letters, numbers, characters, no kid or pet names or birthdays, etc.) seems to be the best general strategy. Of course if you can make 10 different passwords for various things that are super strong and change them all every 6 weeks that's great… but if you only do one thing it should be to make one really tough-to-crack password that you can remember.

  6. Natalie @MamaTrack May 09 2012 at 10:18 am - Reply

    Awesome tips. Thanks for sharing!

  7. Cary May 09 2012 at 3:00 pm - Reply

    Thanks for thetips 🙂

  8. Courtney May 09 2012 at 3:21 pm - Reply

    Thank you!!! Bookmarking this to work on during naptime!!!

  9. Beira May 09 2012 at 5:14 pm - Reply

    Thank you for the awesome tips!

  10. Lisa (Tout Petit Pix May 10 2012 at 1:08 am - Reply

    Thanks for the reminder Courtney! This is so useful!

  11. jodi May 10 2012 at 3:37 am - Reply

    i definitely needed these tip! i am at such a loss when it comes to keeping this stuff current. thanks for the great article, courtney!

  12. Sue May 10 2012 at 6:04 am - Reply

    I hope you will offer your course soon. I could really benefit from it.

  13. Donna Davie May 11 2012 at 8:17 pm - Reply

    Thanks Courtney!

  14. Jill May 21 2012 at 5:54 am - Reply

    As a network security engineer, insecure passwords are my pet peeve 🙂 I have several passwords — one very strong with a number at the end. When I change that password, I merely increment the number on the end by one. That is the password I tend to use for banking and other things that need higher security. In addition, I have several other passwords that are based on licence plates I've had in the past since those are not based on any dictionary word and are fairly easy to remember. I will usually add punctuation to the beginning or end of that password, to make it a little stronger. My email password is not the same as ANY of my other accounts, just because password verification emails are sent there and I'd rather not give the keys to all my kingdom away 🙂

    Love the tips on securing your blog. I don't think people really think about the security of their website and what a compromise to that security could mean.

  15. Allison Jacobs Jul 18 2012 at 3:19 pm - Reply

    These are so helpful Courtney–thank you!

  16. Hester Abundis Oct 15 2012 at 11:51 pm - Reply

    This page definitely has all the info I needed concerning this subject and didn’t know who to ask.

  17. cheap hosting india Oct 23 2012 at 11:16 pm - Reply

    You’ve made some good points there. I checked on the internet to learn more about the issue and found most individuals will go along with your views on this web site.

  18. Tristan Mckernin Nov 29 2012 at 2:31 am - Reply

    The fox knows much, but more he that catcheth him. – Portuguese Proverb

  19. stock value Dec 09 2012 at 8:08 pm - Reply

    Very nice blog post. I definitely appreciate this website. Continue the good work!

  20. Click This Link Dec 19 2012 at 7:40 am - Reply

    This is the adequately written article and i also appreciate you took your efforts to provide the globe with such information and facts. I have additional your site to a favourites to ensure I could referr my individuals to it.

Leave A Comment

Follow this blog