As a blogger, security is a big deal. Hopefully, you’ve purchased hosting through a reputable provider that keeps their servers safe and their data centers physically secure. If you aren’t sure, it’s not too late to research the features offered by hosting providers and move to a new host if needed.
If you’re like most bloggers, regardless of your content, you’re using a popular CMS for your blog like WordPress, Joomla, or Drupal. These CMS installations require attention to detail where security is concerned. WordPress security is more vulnerable in the cPanel environment where 1-click installations are created, but there are ways to lock it down.
For instance, it’s easy enough to generate new salts and keys for your wp-config.php file periodically (and it’s wise to do so). You can also change the default ‘admin’ username directly in the database to something more complex if your automatic installer creates the username for you. There are similar ways to secure other CMS installations.
All of these security measures are standard procedure for any blog, regardless of what it’s used for. However, when your blog is used to interact with your visitors and an exchange of information occurs, security needs to be bumped up several notches.
If your blog is interactive, and you’ve got visitors sending you personal information through web forms, emails, downloads, or purchases, here are 4 security measures you need to keep data safe:
1. Block unauthorized access to main directories
If you’ve got downloads on your website, some people will snoop around inside the directories displayed in their download URL. Ideally, you should be using software to create temporary download links that automatically expire. If you’re just storing downloads in directories, you’re asking to be taken advantage of.
Every directory should have, at a minimum, an index.html file in place so that the contents of that directory can’t be browsed.
2. Email encryption for customer communications
When your customers email you for support questions, it’s important to encrypt your communications – for their sake as well as your own.
Customers transmit all kinds of personal data over email, and you never know when they’ll send their credit card details along with a refund request. Encryption protects your customers from their own mistakes, and it protects you when you need to send them sensitive information meant for their eyes only.
Emails aren’t inherently encrypted; you need to use third-party encryption software. If you’re already using the encryption plugins that come with services like Microsoft 365, you’re halfway there. While Microsoft’s tools will encrypt your messages, those messages are sent unencrypted to their servers first. This means Microsoft (and hackers) can access your sensitive data.
To prevent Microsoft and hackers from accessing your unencrypted data, an email encryption service like Virtru for Microsoft will add that extra layer of protection. Virtru explains, “Vitru’s Microsoft email encryption protects messages with client-side, AES-256 bit encryption from the moment the sender hits ‘send.’ The data remains encrypted from start to finish; the only people who can access your data are you and the recipient.”
3. SSL and TLS
The Secure Sockets Layer (SSL) protocol has a reputation for being the secure way to encrypt payment information when a customer is making a purchase. However, SSL isn’t just for purchases. SSL comes into play as a security measure when any exchange of information is taking place. This includes web forms that gather email addresses, names, and other personal data.
Tech Target explains that although SSL has been around since the 1990s, it’s full of numerous flaws and vulnerabilities. SSL has been “deprecated for use on the internet by the Internet Engineering Task Force (IETF) in 2015 and has been replaced by the Transport Layer Security (TLS) protocol. While TLS and SSL are not interoperable, TLS is backwards-compatible with SSL 3.0.”
TLS isn’t entirely secure, either, and that’s why following the final tip below is important.
4. Don’t store your login information online anywhere
As a society, we’ve become dependent on digital technology to transmit and store data we wouldn’t normally share. Credit card numbers, secret codes, addresses, passwords, and even bank account numbers are sent electronically with little to no thought.
You might be tempted to store your blog’s login credentials somewhere online like in your email account or an online password manager. This is a bad idea. Email servers get hacked all the time, and big brands like Google are no exception.
In 2011, Google’s Gmail servers were hacked, compromising 20 million accounts. The hackers stole login information and used Google’s IP tracking and cookies to compile a list of users’ whereabouts.
Gmail isn’t the only email provider to experience a data breach; it happens more often than you think.