Posts Tagged ‘security’
How to protect your WordPress powered blog from hackers
Friday, July 22nd, 2011
Sun Tzu, the writer who wrote one of the most quoted books on war strategy (The Art of War) once said
“If ignorant both of your enemy and yourself, you are certain to be in peril”
And in peril you will be if you are running a Blog on wordpress (or any other CMS for that matter) and you’re ignorant of both the vulnerabilities of these CMS and your enemy (the hackers) who might exploit these vulnerabilities to create havoc on your Blog. The bad news is, for an average blogger, it is difficult, almost impossible to master the techniques used by these hackers, and devise a counter strategy. But that doesn’t mean you should do nothing and hope that you will be safe. Thinking that hackers tend to target the popular websites, and they won’t target your ordinary blog is flawed. There are many wannabe hackers who’d hack just about any website they can get their hands on, just for the sake of bragging. You can never eliminate the danger (i.e. hackers) but you can always try and secure your castle to keep the invaders at bay, as much as possible. Remember that hackers keep on devising new ways to hack, so you need to beware and stay a step ahead of at least the amateur ones. You wouldn’t want to start from scratch, reinstall and rewrite everything, post apologies and promises that the blog will be back to its normal self, which it never will be, and what not. You can minimize the chances of your blog getting hacked with a few simple procedures and protect your own information and more importantly that of your visitors or subscribers.
-
Keep your software updated.
If the hackers can get creative and discover new loopholes, you need to stay one step ahead by updating your WordPress version to take care of all the known threats. Even though the old version don’t stop working when the new ones are released, and the new versions don’t always have something new at the frontend, you need to update because there’s ought to be a reason for releasing the new version.
-
Plug-ins help:
Many plug-ins exist to assist you with the safety of your blog. Some monitor files, while others use private SSL, not to mention different plug-in to back up your blog (note that backup plug in won’t secure your blog but at least it will offer a restore-able backup in case of some hiccup.
-
Choose your themes carefully:
You can use third party free themes all you want but beware of the added risks, especially from amateur coders with impressive graphics but no attention to safety side. WordPress itself is somewhat secure, but you invite vulnerabilities with third party themes, plug-ins, and other installs.
-
Protect your admin territory:
Most owners on wordpress go by the default username i.e. “admin”, making it a little too easy for hackers to guess. It is advisable that you create a new account with all rights and delete the default one. In addition to that, make sure that the script you use is set on no write permission (unless absolutely necessary otherwise), enabling security against java script bugs and web injections.
-
Try to hide the fact that you are using WordPress:
Easier said than done, you can’t really conceal the fact, but still you can put the fact out of first sight. It’s not that wordpress works like an open invitation, but still amateur hacker might skip your website.
-
Be careful about the selection of plug-ins:
There are some Plug-ins that you can’t help but use, and not all plug-ins are risky, but once in a while there is a rogue plug-in that may contain malicious code or some vulnerability. Scan the plug-in you download for viruses, and use only trusted and popular plug-ins.
-
Read & Learn:
WordPress security and hacking is a hot topic, many experts often come up with different advice for the people who are not as tech savvy, hence more susceptible. You must keep an eye on all of this advice and tips to save yourself from the shock of your life (opening your website and watching some colorful text declaring that your website has been hacked).
Author’s Bio: Roberto is an Internet Marketer, semi-geek, and spends more time in the cyber world as compared to the real world. Currently, he’s working for wireless internet providers and www.internetproviders.org .
Kidblog.org: a free blogging platform for the elementary and middle school classroom
Wednesday, April 21st, 2010
Blogging is a means of self-expression that extends to nearly every social sphere — moms, entrepreneurs, soldiers, athletes – bloggers can be found in every walk of life, every niche, profession and people group. Everyone has something to learn or share in a blog community. It is that idea that makes blogging such an ideal method of learning for children.
Surely Matt Hardy, an elementary school teacher, had this in mind when he created Kidblog.org, a blogging platform exclusively for elementary and middle school students and teachers. The platform creates a safe and simple environment for students to publish posts and participate in discussions within a secure classroom blogging community.
Below Hardy answers some general questions about his free blogging platform, which has seen explosive growth in the past few months.
Wp-config.php security leak – hundreds of blogs hacked
Tuesday, April 13th, 2010
**Important update below
Dark Reading has reported that hundreds of WordPress blogs have been hacked over the past week do to improperly chmod-ed wp-config.php files. The vulnerabilities were a result of owner hosting provider negligence and not faulty WordPress software.
All of the blogs affected were hosted by Network Solutions. The attacker used a type of scanner that extracts information from wp-config.php that have read and write privileges open for group and public, according to Sucuri Security Labs which has been working with Network Solutions.
Matt Mullenweg announces VaultPress beta for WordPress
Friday, April 2nd, 2010
WordPress is already known for its reliable backup features. By default, every time a post is revised on a WordPress blog, the WordPress engine creates a backup just for that revision. Users can export a backup of all their posts and user settings into an XML file that can be easily imported through the admin control panel.
VaultPress by Automattic (WordPress’ parent company) promises something even more. The service, currently in beta stages, will automatically update WordPress blogs with vital security updates (as opposed to manual updates) and create restore points for all settings and customizations.
“The vision of VaultPress is to ensure that blogs and sites under its care are always completely secure, regardless of what happens,” Mullenweg wrote at the official VaultPress blog. “Today, this means every bit of content will be safe, from plugins and themes to the smallest comment or post revision, with WordPress-aware, real-time, multi-cloud backups. This is some of the most advanced technology I’ve seen interact with WordPress.”
Recent Posts
Recent Comments
Featured Posts
Popular Posts
- The Best Blogging Sites and Platforms | Top Blog Sites 63 comment(s) | 229590 view(s)
- Random Topic Generator | Blog Topic Generator 59 comment(s) | 91557 view(s)
- Choosing a name for your blog 4 comment(s) | 26651 view(s)
- The Custom Post Background WordPress Plugin 105 comment(s) | 18003 view(s)
- Why you should use images excessively on your blog 3 comment(s) | 8413 view(s)
- Wp-config.php security leak - hundreds of blogs hacked 9 comment(s) | 5878 view(s)
- What is Akismet? 4 comment(s) | 4843 view(s)
- How to host your own blog in 5 easy steps 6 comment(s) | 4795 view(s)
- Setting up an email subscription form with Google FeedBurner for your site or blog 19 comment(s) | 4113 view(s)
- Controversial Venezuelan President Hugo Chavez Takes to Twitter to Counter Critics 1 comment(s) | 4089 view(s)
