How to secure your WordPress Blog – The Importance of Blog Security

It really doesn’t matter, whether your blog is new or old, for you important or not, you have to face the fact that it can be attacked at any time!

Why do you have to be prepared to this event, and how to secure your WordPress blog?

How WordPress Sites Are Hacked - BlogDefender WordPress Security - How To Secure Your WordPress BlogTo be honest, we don’t know the exact background and the reason why other people, who seem to be quite normal at the first sight, begin to attack different sites, want to crack your password, destruct your existing work, steal your data. Perhaps the money, or some kind of passion may motivate them. From the hackers’ point of view, every site is definitely a potential cash-point or a useful resource e.g. for building a base as a start-point of another attacks.
Back to the security. As the wise says: there are two groups of people in the world of Internet: the first, whose site has already been attacked, and the other one, whose site will be affected in the future. The reality is the sad fact, that it is true. So, we all have to be prepared! It doesn’t mean, that you should buy different heavy guns to protect yourself, but you have to be aware of the fact of the possibly hacking attempt, and have to be familiar with the ways of prevention.
Prevention is more cost-effective, than building a new structure again and again. Not to mention the loss of your respect, time and money in most cases.

Can be a blog vulnerable at all?

Yes, it can, and it is definitely might be considered to vulnerable if we do not take special precautions to prevent a supposed attack. We could think, that only the static sites can be witnesses of a this theoretical attack. It is not true! Nowadays, blogging is definitely a kind of social activity. It means, that you can more frequently find chat rooms, membership sites, even complete marketplaces build on blogging foot-stones. Nowadays, the hackers – who are looking for the easiest way like the thieves – use bots to recon the vulnerable WordPress Blogs on the Internet. If  this particular bot recognizes an easy accessible WP Blog, it may begin to exploit it immediately (depends on the intention of the attacker).

Where are the vulnerability points of a WordPress blog?

You can find several points of vulnerability. First of all, the updates. More exactly, the missing updates. Some other data, such as the not regularly changed passwords, usage of some default parameters – e.g. “admin” for username -,  outdated plugins, not secured MySQL database, broadcasted WP version number and many others.

The developers of a blog software are wanting to do their best, so they are continuously trying to discover new tools and ways to be more perfect in general and in defensive techniques, too. The coexistent “dark side”, the group of malicious people are doing the same, but they want to use it for their dishonest and harmful purposes. They want to break the passwords in order to gain full access to the Admin Dashboard of your blog and begin the stream of endless outgoing spamming messages, steal your data, or simply spamming your blog with numerous incoming posts.

Why is this outgoing spamming activity can be considered as dangerous as e.g. data loss?

If someone – let’s call him Intruder – can override your control over your blog, the intruder may send spamming messages all around the world, disguising himself as if he were you. These messages can be filled with various content, or point to restricted areas. Sending these kind of posts – even if NOT YOU were the author basically, but the messages came out as if you were behind them – can be very dangerous, because you can lose your full respect in the eye of the search engines, or even the whole community. Even if not YOU were the spammer, your site emitted the spamming content (such as letters, links, malware). Once again, You may lose your full respect, your invested assets, your clients and even your hosting account may be suspended.

How can we prevent ourselves from incoming spamming?

Either you run a self-hosted blog, or use any Blog Site Provider’s blog, you may choose among several SPAM Control Services. I’d like to list some of them:
www.Akismet.com
www.Intensedebate.com
www.Disqus.com
Before choosing one – or more – from them, I highly suggest visiting their sites and getting familiar with their Terms of Service, prices, offered opportunities.

How can you recognize that you were attacked?Easy WP Security WITHOUT Compromise - BlogDefender WordPress Security - How To Secure Your WordPress Blogg

First of all, you have to visit your blog(s) on a regular basis, and examine whether you recognize suspicious activity or not. This kind of activity can be the one, if someone tries to find out your password using special algorithm. In this case, you will find dozens of HTTP 404 errors, more, than usually. This error happens, if you type in a wrong address – containing your domain name -, or tries to log-in on your site. This sign can be observed the better on self-hosted WordPress blogs, using for instance SEO Ultimate plugin.

What are the tools that we could use against them?

The easiest – and cheapest – method is, if you take care of the “condition” of your blog, applying my suggestions:

1. Never forget about the regular updates. Never postpone this easy process saying “the next time I’ll do it”, because this next time will come too late…

2. You should change your password on regular basis, at least in every 3 months. However, it depends on your traffic, the number of your users, and the importance of your blog. Aviod using simple passwords such as your, or your family members’ birthday-date, or evident numbers as 1,2,3,4,5,6, letters as a,b,c,d,e, simple combination of rows and columns on your mobile phone as 1-7-9-3, and so on.
Try to use never-used letter-number-sign combinations. How to remember it? It can be difficult: you should find something reminder, but avoid writing it down on a paper or entering it into your phones memory (although, if your phone – or the memory – is assword protected, you can do it).

Just a little reminder: as I have mentioned above, even a for you seems-to-be-unimportant, simple blog also can be the target of a supposed attack, accordingly the hacker may hurt you if you leave your blog unattended.

3. Pay attention to the “behavior” of your blog: if you discover unconventional activity, than examine it as soon as possible. Don’t go along the weird events. This suspicious sign can be the proof of an attack. If you are not good enough in this kind of recon mission, ask your tech-savvy friend for a little help.

4. Apply some kind of protecting, preventing, and detecting software on your WordPress blog.
For a WordPress blog, there has been developed e.g. WordFense. Its basic version is free, and can be downloaded form WordPress.org. BlogDefender can also be an excellent and cost-effective way to solve the how to secure your blog question.
Please check the market to gain the best Protecting software before making any decision.

Conclusion:

Be careful, and never neglect even the little signs of a supposed attack. If you are attacked, try to find the best solution for cleaning – or even deleting, but it can be a bit cruel, last solution – your site as soon as possible.

I hope, you won’t meet this situation. But the real fact is, that it is only the question of time.

Gyula Oláh - Avatar
Gyula Olah
electrical engineer
author, site owner

P.S.: You could ask me, whether I have already had hacker attacks, or observed spamming efforts against my sites. Yes, I’ve had, and I’ve recognized them on time – fortunately. Unknown, bitchy people – or bots – are continuously bombing my sites. blogs, Guestbooks.

How to survive this situation? Eternal vigilance, using the appropriate software and taking care day-by-day is the only key.

Pages