Guest Post – Our host is Stephan Jukic, Stephan lists how to to keep your blog safe from hackers.See How To Become a guest author on Spice Up Your Blog.
Running a blog is often a work of love that takes a lot of work and creates something of enormous personal or even business value. This applies especially if you’re blog is old and loaded with thousands of posts that garner you thousands of visitors. Losing all this to hackers and intrusion programs over the course of a single day would be a serious disaster.
While no site or blog can be made completely and totally hack proof, you can limit the possibility for total damage by following the following crucial steps, and making sure that you do one other vital thing: Back up, back up and back up again! Do it regularly, never forget to do it.
1. Badly Chosen Webhost
Not all webhosts are created equal when it comes to site or blog security -some give you access to many more security features than others. Thus, when you’re picking out where to settle your blog’s databases, go for a well known host with a solid reputation for technical support, security features and regular updates.
As a minimum, your hosting provider should regularly be updating their server’s LAMP applications (Linux, Apache, MySQL and PHP) along with any additional third party software that they give you access to for your blog. Also, the host you pick should offer SSL (secure socket layer), SSH (secure shell), secure FTP options, DOS( denial of service) protection and anti-intrusion software protection.
2. Infrequently Updated CMS and Addons
Your CMS, or content management system, is the platform on which your blog is built. You might have designed your own blog from scratch, but most likely you’re running it from a CMS platform like WordPress, Joomla, Drupal or TypePad. Whichever of these you use, you should be keeping them regularly updated to their latest versions. The same goes for all your third party blog addons such as Flash, Adobe Acrobat, Java and any CMS plugins you’ve got installed. Finally, the update rule also applies to any blog themes you’re using; always maintain their latest versions.
Though this may seem like a pain in the ass at times, it’s a very necessary step for proper security, since all those new versions of everything are actually being designed with security bug fixing in mind, in addition to adding new functionality and aesthetic features.
Installing new versions of all of these features should be as easy as doing a few clicks inside your hosting cpanel or within your CMS dashboard, and it is important, since an estimated 45% of all site and blog breaches come through improperly updated software addons.
3. Downloading Plugins and Themes from Untrusted Sources
For many CMS platforms, especially WordPress, there are thousands of available site appearance themes and plugins available for download all over the internet. What these do is make your site appearance change according to your needs or give it additional user/admin features that the basic templates and CMS download don’t have.
The problem with them can emerge when you start downloading either from sources that aren’t trusted and reliable. For both themes and plugins, you should be getting your downloads either right from the CMS website itself (ie: www.WordPress.org) or from major distributers, such as ThemeForest.com, that everyone knows and regularly uses.
Old themes from a site that doesn’t get updated or themes built by people who haven’t been vetted by review can either be insecure or conceal deliberately injected malicious code.
4. Failing to Use Strong Access Passwords
Hosting a blog means using a lot of different password protected access points: for MySQL databases, your hosting cpanel CMS dashboard, FTP accounts etc. All of these passwords should be distinct from each other and hard to guess. Don’t rely on simple, easy to remember passwords and don’t ever use any generic passwords provided to you by the systems that run them as defaults. This is a bad idea and will eventually lead to some sort of leak down the line.
You should also make sure that you don’t go sharing your passwords around to easily with others, and change them all after any time you do share access for development and blog maintenance purposes.
5. Failing to Write Good Clean Code
If you’re doing some of your own coding, you need to make sure that its clean, neat and tightly written; the sloppier the code, the more holes for hack access. This applies especially to things such as website forms, dynamic pages and coding around added videos and other third party applications.
To avoid dirty code, run everything you write through the W3C validator at: http://jigsaw.w3.org/css-validator/. And for all third party CMS/Plugin addons you’ll be installing to your blog servers, review them with the code and blog forums on the internet to see if they’ve been vetted as secure. A great place to find information like this is at the forums on www.Stackoverflow.com
Bonus: Some Great Security Plugins
Since you’re going to be installing CMS plugins anyhow, here are some great security oriented ones to include with your blog:
-Stealth Login : http://wordpress.org/extend/plugins/stealth-login-page/
-User Locker available here: http://wordpress.org/extend/plugins/user-locker/
– Limit Login Attempts http://wordpress.org/extend/plugins/limit-login-attempts/
-Login Encryp: http://wordpress.org/extend/plugins/login-encryption/
Check these out and look for others; they’re a helpful security bonus.