Blogging security tips

I get every now and then comments on the WordPress like this: “I’m getting fed up of WordPress because I’ve had problems with hackers and I’m looking at options for another platform.”

My comments to those is normally that I use WordPress platform. WordPress is a good platform when you configure it correctly, remember backup and remember to keep it up to date. Those same points apply to other major blogging platforms as well… You can get hacked with any major platform if you setup it incorrectly and forget to update it when needed (especially of some security issue comes up in the news).

One reason for the bad reputation of WordPress is that there are very many WordPress sites that are not properly kept up to date and are easy to hack. There has been cases where cyber criminals have planted a large number of WordPress sites malicious code (those easy to hack into WordPress sites). WordPress pages are popular with many cyber-criminals, since updating of the site is often neglected.

Be prepared to have knowledge and time to keep your blogging system up-to-date, it is better for you and your users. If you think you don’t want to bother doing that, then it is better searching how to outsource that work or use some hosted blogging system (where someone else takes care of keeping platform up-to-date).

Another comment: “I just wanted to ask if you ever have anyissues with hackers? My last blog (wordpress) was hacked and I ended up losing several weeks of hard work due to no back up.”

Here is the question reveals the the reason for the loosing data: lack of proper backups. Backing up is one of the most important things to do when running a website and this is not related to WordPress websites only. There are so many things that can go wrong.

First thing is to take care of the backups. Be prepared that you can get hacked or there can be technical problems that cause lost data. You need to have hackups and you need to know how to repair site from backups.

Another question: “Do you have any methods to stop hackers?”

You can get hacked with any major platform if you setup it incorrectly and forget to update it when needed (especially of some security issue comes up in the news). The methods to stop hackers is to keep the platform up-to-date and all the security related settings correctly (means password set correctly, only secure services running etc..).

Make sure you have regular back-up procedure (taking backups and knowing how to restore from them and make sure those steps work) so that you can do often enough that you don’t loose too muck and can recover easily if hackers hit your blog.

Besides configuration of the WordPress itself and the server enviroment in general, there are also some extra tools that might be worth to check out. There are WordPress extensions that claim to provide added security. Check also possibility to use application level firewall technology like ModSecurity between your WordPress blog and big bad public Internet.

The proper way to running a web site or blog is to make reasonable efforts so that the site is not easy to hack into, and have a plan how to easily recover when some day some hacker hits your system (make a plan so that recovering from it it is not a disaster, just some reasonable amount extra work for you or some admin you pay for the maintenance).

2 Comments

  1. Tomi Engdahl says:

    Bitcoin Sites, WordPress and Security.
    https://bitcomsec.true.io/bitcomsec/bitcoin-sites-wordpress-and-security_48ab/

    I’ve come to realize that many Bitcoin merchants, exchanges and projects all tend to follow a criteria – 1) boostrap 2) cloudflare 3) wordpress (for blog). Don’t get me wrong, this setup works but what does not work are default installations with no security hardening.Many of these setups are done automatically through control panels, and use installation scripts made to automate the entire process. What happens next is a slew of bugs will come to haunt you as your site grows and gets broader attention.

    Your first step to hardening WordPress is to make sure your setup is completely updated. This goes for themes, and plugins as well. Since the team over at WordPress have invested a lot of time into securing their base project they’ve been plagued indirectly through theme and plugin vulnerabilities.

    Only install themes and plugins you will actually use. Remove those that you will not use. Even disabled extensions remain in their respective directories and can still remain an attack vector to your operation.

    Hardening your Web Server (Apache)
    It is important to note that hardening your web server entails a few small changes and despite the inconvenience of having to modify configuration files, the end goal is legit – securing your infrastructure.

    Hardening PHP
    Although PHP is a very useful and powerful language it is not without faults – especially by default. Hardening its configuration requires locating your php.ini file

    Reply
  2. here says:

    I love some of the quotes in the Journal article from these young Americans.

    You might even tell your local media contacts the way
    the national breaking news impacts the city locally..

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*