Today I’m learning a ton about blogging and food at TechMunch, a food blogging conference presented by BakeSpace, now in its fourth year in Austin. One of my favorite presentations of the day came from BlogTutor.com founder Andrew Wilder. I know Andrew from his inspiring October #Unprocessed Challenge, and he is also active with Food Bloggers Los Angeles. Today he took a break from blogging and real food activism to teach us a little more about keeping our blogs secure. Here are five quick tips that Wilder shared, which you can use today to keep hackers from breaching your blog. He generously shared the content from his complete presentation at www.blogtutor.com/techmunch.
1. Don’t rely on your hosting company to back-up your site.
“This is the #1 thing that most people aren’t doing properly when it comes to blog security,” said Wilder. Wilder explained that it is very easy to set up automatic back-ups for a WordPress blog by using plugins such as BackWPup or UpDraftPlus. Wilder recommends augmenting WordPress plugins with a third-party service like Codegaurd.com to keep your files safe in case of WordPress failure. “Be sure to set up these plugins to back-up to both your server AND to Dropbox, Amazon, or email,” Wilder said. “That way if one thing fails, you’ve got an extra copy.”
2. Back up both your files and your database.
“Be sure to back-up both your files and your database. If you only back up one of these things and something happens to your blog, you’ll only have half of what you need to rebuild,” Wilder said. Your files contain things like your photos, posts, and other content, while your database contains things like your blog theme and settings. Be sure that you are backing up both files and databases in the “settings panel” for your back-up plugin(s) and services. And don’t forget to do this frequently! Wilder recommends using automated daily or weekly back-ups so that you always have current files on record in case you need to rebuild your blog.
3. Use strong and unique passwords.
Avoid using a password with a dictionary word, like “ILOVEPUPPIES.” According to Wilder, hackers use scripts that can run through millions of words in a very short time. To make passwords stronger, string together a whole bunch of random words, and put punctuation, numbers, and special characters throughout the password– not just at the beginning and end. For example, “IL0VE!PuPP13S” would take a computer years to guess. Login Security Solution is an easy way for bloggers to beef up their password security, since it only allows strong passwords. Wilder also recommends Limit Login Attempts, a WordPress plugin which locks out spurious users by –you guessed it– limited incorrect login attempts.
4. Never, ever, ever send a password via email.
Instead, text the password or use Privnote.com to send the message. Although these extra steps seem cumbersome, “It’s worth the extra effort not to have your password in the email,” said Wilder. Because people tend to email passwords so frequently, email accounts are a frequent target by serious hackers. “Say a hacker gets into your email and finds another password there. They can log on to your other accounts and reset every single service where you have used that password. Your email inbox is the key to your entire digital life.”
5. Keep your WordPress secure.
If you are blogging on the WordPress platform, there are some super easy ways to protect yourself from common vulnerabilities. For example, keeping WordPress updated will protect you from the most serious security breaches. “Update, update, update,” Wilder said. Another easy way to avoid hackers is to remove the default “admin” user from your account, and by using a creative username for your own login that is separate from your blog URL or Twitter handle. Finally, Wilder suggests deactivating and deleting unused plug-ins. These can have their own security weaknesses, according to Wilder, so “Why risk it?” he asked.
“The reality is, your website is under attack right now,” Wilder said. “There are bots scanning your login pages, trying to guess your password.” According to Wilder, there are many reasons why hackers might want to break into your blog, and even small blogs are at risk. “One big reason is to inject bad code onto a website. A lot of times, they’ll put code on your blog that you can’t even see. What they’re trying to do is game the search engines.”
If all this is Greek to you, Andrew offers one-on-one help with blog security and other issues. He also offers monthly support through his service, Blog Tutor. Find out more about his services, and see all the info from his presentation on blog security at http://www.blogtutor.com/techmunch.