WordPress Blog Security

It is a terrible feeling the day you realize that your WordPress blog security was compromised.  When you’ve been hacked, it is like getting punched in the stomach.  You’ve always heard how important it is to keep your site secure, but you never really paid attention.

passwords 480x287 Wordpress Blog Security

Photo Credit: Ron Bennetts

Boom, you just learned the hard way.

Whether you know it or not, your site is constantly under attack.  There are malicious crawlers, bots, and scripts trying to poke holes into your site.  It might be happening right this second, and you’d never even know it until it is too late.

Here’s some tips to keep your site secure.

Updates, updates, updates.

There’s a reason that you see that band across the top of your WordPress dashboard screaming at you to update.  Don’t ignore it!  Virtually all WordPress core updates come with some level of increased security.  The same goes for plugins.  When security flaws are discovered in WordPress, the community is very quick to resolve them and push a new release.

Change your password regularly.

Yes, I agree.  Updating your passwords is a massive pain.  Keeping track of them all is ridiculously hard.  Unfortunately, it just needs to be done.  However, you need to go deeper than just your WordPress dashboard password.  You should also change:

  • Email Password.  Remember, if I can get into your email, all I need to do is use the WordPress “Forgot my password” feature to get into your blog.
  • Hosting Account Password. Why hack into your WordPress account when I can just get right into your host?
  • Server Passwords.  If you are using your own servers and hosting provider, there’s passwords for your database and FTP that need to be updated.

Take this stuff seriously.  Just look how bad it ended up for LinkedIn.

Try using a password generator to help you make a more secure password.   [Read more...]

Know What You’re Doing When You Upgrade

If you knew how to install WordPress all on your own, you’re above average.  If you figured out how to upgrade to the latest version (up to 2.3.3 now), you’re probably better than most when it comes to your technical skills.

The long story short, most WordPress users don’t upgrade their installations once they are up and running.  Basically, they think that if everything is working ok, what’s the point?

Well, everything is working ok for now.

Eventually, your site can/will be hacked.  I can’t tell you how many new client’s I’ve “earned” because they needed someone to restore their messed up WordPress install that had been hacked.

Think about it, as soon as a vulnerability has been detected and WordPress releases a new version, the entire world is alerted to the security hole.  So how long do you think it will be before your blog is discovered with that big, gaping hole?

Well, one of the things you need to be aware when upgrading is the need to do a complete upgrade.  You really should re-upload all fresh files.

As ShoeMoney points out, not only is it a good idea to install fresh system files, but you should also change your system password.  You never know who might already have hacked your blog.  If they’ve got the password, it won’t matter how often you upgrade.