It doesn’t matter if you write about Teletubbies, or are even relatively unknown. Hackers will go after anyone, often injecting malware or adding links to suspicious websites. This can put a sour taste in reader’s mouths, making them wary of visiting your blog again. While WordPress has gotten better over the years, and blog security has improved, there are still multiple factors that make your site an easy target, mistakes that can easily be avoided…
Not Updating WordPress Regularly
WordPress receives fairly consistent updates, and most updates contain important security improvements. Sometimes it’ll be just a simple fix while other times it’ll be a patch for a major security flaw. One reason blog owners don’t update right away is because they’re afraid the update will go haywire, having a conflict with a plugin or two. This is a valid concern, but not a good excuse.
Search around to see what other users are reporting with the latest version. Chances are, updating will go smoothly. Plus, given the fact you can increase your blog security with just a couple clicks, makes the process that much easier.
Letting Your Plugins Fall Behind
Plugins enhance the functionality of our blogs, but they can also enhance the likelihood of a hacker getting access to your site. Check your plugins page regularly for updates, and try to refrain from using plugins that haven’t been updated in a while.
Using A Sketchy Theme
There are thousands of themes to choose from, and unfortunately some are coded horribly or, even worse, contain malicious code. Always make sure your theme is from a trusted source, and if it receives consistent updates, even better. WPMU does a great job revealing the dark side of free themes from various sites.
As the saying goes, you get what you pay for. It’s best to stay away from free themes altogether, and services like Elegant Themes or WooThemes offer a high quality selection at one low price.
Having A Weak Password
You know what the most used password is? “password”. What about the second most popular? “123456”. The very first thing that hackers do to get past your blog security is go straight to the login page. Often times, if there is a weak password, brute forcing will usually get them in.
There’s absolutely no reason to use a poor password. Personally, I use LastPass to manage all my passwords. You never have to worry about remembering a password again, it automatically fills in your login details, and everything is encrypted. As an added measure, using GRC’s High Security Password Generator ensures guessing your password is next to impossible.
Your Username Is “Admin”
When you create a WordPress blog, your username is “Admin”. While this is okay, it makes a hackers job easier. You see, they already know your username which is one half of the battle. With how WordPress is setup, you can’t change a username once it’s created.
However, you can create a new account under a different username, and then delete the “Admin” account. Just make sure that when you go to delete, you choose to reassign all posts to the new username you’ve created. If you’re uncertain how to go about this, Kim Castleberry has a great walkthrough.
Here at Blog Herald, we use a service called Cloudflare. It’s an alternative DNS that not only helps improve the speed of your website, but will also amp up your blog security. There is a free or paid version, and both will protect your blog from DDoS attacks, bots, email harvesters, and more.
Although changing your username and using a strong password is sufficient, it’s best to take things one step further. A plugin called Limited Login Attempts will block someone after so many failed login attempts, making a brute force attack very unlikely.
Photo credit: Brian Klug