You don’t need to live in a repressive dystopia or fear government surveillance to be concerned about sharing your information safely online. As public figures, bloggers have been victims of doxxing, stalking, hacking and other web-based nastiness just thanks to the natural “generosity” of the Internet at large. Being well-known in the modern age means you might catch the attention of malicious trouble-makers, and you need to be prepared for the worst.
To blog securely, you’ll need to implement many of the best security practices from around the web. We’ve scooped up and ranked the most important security tips below, which you should follow if you care about your online security.
1. Set a strong passwordIt shouldn’t be a surprise that the first step in blogging securely involves making sure your blog is secure. The best way to do this is to set a strong password for your administrator account. You should follow the general tips that are always given for passwords, like the following:
Use a password manager.
A password manager saves your passwords for all your websites across all your devices, automatically logging you in to web services with secure passwords that you never have to remember. There are several major password managers around, but the most popular are Dashlane, LastPass and 1Password. Dashlane’s free version is fully-featured, and it’s my password manager of choice. If you use a password manager, you never need to remember passwords again. That means you can use crazy-secure passwords that you’ll never have to recall, dramatically hardening your security profile across the web.
Do not repeat passwords across sites.
Many exploits are based on the fact that people use the same password on multiple websites. It starts when a site like Adobe.com gets hacked. Hackers plug those Adobe.com username and passwords combinations into other sites like Facebook and WordPress. Lo and behold, a fairly large percentage of them grant access. You don’t want to fall victim to this, so use a unique password. And note that “unique” doesn’t mean “add one number to the end of my normal password.” That kind of “security measure” is stupidly simple to counter. Remember that hackers are smart—maybe even smarter than you, clever clogs—and they’ve heard all the same password advice you have.
Use sufficiently complex passwords
Ideally, your password should be longer than eight characters and made of random upper- and lower-case letters, numbers and symbols. If you use a password manager, this is automatic. If you insist on avoiding a password manager for some reason, you can create memorable “pass phrases” instead of impossible-to-remember passwords. A pass phrase is a memorable combination of four random words that you can use to log in to websites. If you make a little story of visual for the pass phrase, it’s easy to remember. But thanks to its length, a pass phrase hard to crack.
2. Use two-step authenticationBrute-force password attacks are the most common type of password attack, and they’re steadily increasing. If two-step authentication is available for your blogging platform, turn it on immediately. It’s massively more secure than any single password, so it can save you from an attack easily. If you’re on a platform that doesn’t allow two-step authentication, consider switching to WordPress and using Single Sign On.
3. Connect with a VPNIf preserving your anonymity is a major concern, you should use a VPN to access your blog. A VPN, or virtual private network, hides the content of your Internet traffic by wrapping it in an encrypted “tunnel.” This tunnel starts at your Internet connection and ends at a VPN exit node, which can be located in any country on Earth. Since you traffic is encrypted while its in the tunnel, someone who wiretaps your house can’t read your traffic. And because your publicly-visible IP address is a VPN exit node shared by thousands of VPN users, it’s extremely challenging to trace your traffic back to your computer.
That doesn’t mean it’s impossible, however. Using techniques like browser fingerprinting and comparing VPN traffic to non-encrypted traffic, it is possible to deanonymize your VPN account and link web activity to your identity. These techniques require you to be under investigation already, but that’s cold comfort. Furthermore, if your VPN keeps logs of activity, they’ll like be compelled to turn it over to their home government if their country’s police requires a warrant. So while a VPN provides significant anonymity, it’s not a magic invisibility cloak.
4. Use security plugins
If you use WordPress, you can enhance your blog’s security using third-party plugins. Sucuri Security and Wordfence Security are both great choices. These add more options and switches you can configure to enhance the security of your blog by scanning for malware, limiting login IPs, blacklisting logins from certain countries and more. If you’ve already done the “common sense” security measures we’ve listed above, you should consider looking in to one of these extensions.
5. Harden your online life
One of the most successful hacking methods is kind of like island jumping. Hackers get their hands on a bunch of seemingly innocuous information and combine it together to pretend to be you. They gradually snowball the information they have until they can reset your passwords and take control of your life. We call this kind of technique social engineering, and it relies on exploiting human vulnerabilities to get access to information.
This means that if a hacker gets access to your EZ-Pass account, they just might be able to talk an Apple phone rep into resetting your password over iCloud. Then, they might have access to your email account. And once they have your email account, they have literally everything. So, to keep your blog safe, keep your entire online life secure. This means using strong passwords everywhere, keeping careful tabs on the private information you share, always obscuring your traffic with a VPN and more.
6. Keep your plugins updated
WordPress accounts are regularly hacked through outdated, insecure plugins. Plugin developers often release newer versions of their plugins that patch known security holes, but not every user updates to them. If you don’t have these updates, your open to attack from vulnerabilities that might be publicly understood and active in the wild. Therefore, it is absolutely crucial that you update your plugins as soon as updates are available in order to keep your blog secure. The same goes for Flash and Java updates, notoriously insecure browser technologies that issue regularly-ignored updates. Don’t wait!
7. Keep secure backups
This isn’t an especially security-centric tip, but its still crucial to observe. If the worst happens and your account is compromised, you need to have backups of all your content. There is no guarantee that even the most extreme security measures will keep out every hacker. The best defense is a backup of your database. Following the 3-2-1 rule: three copies of every file, on two different storage media, with one backup stored in an off-site location. Even though backing up is annoying, that doesn’t exempt you from the process; if you want a secure blog, backups are an essential safety net.