The Internet has brought so many opportunities. It has removed borders and changed our lives forever. But it has also brought insecurity we need to deal with: After all a big part of our life is online now and random strangers can hack into it one day.
Bloggers get the most of it because they are more public, so they become an easy target of hackers. And it’s even scarier for them because their income depends on their online presence. We’ve all heard the stories, most of us have even experienced that awful situation ourselves. My blogs are being hacked on a yearly basis.
Protecting your blog from being hacked is one of the most essential steps to blog success.
There are definitely some steps you can take to make your blog as secure as possible and reduce your risk of being hacked to practically zero, while making sure that even if you are, you’ve protected yourself.
Backup! Backup! Backup!
This deserves to be written about a hundred more times, possibly in all caps, just to make sure that it sticks in your mind. The number one best thing you can do for your blog is to back it up frequently.
I back up my sites and blogs every week. It is a lot easier to remember when it’s part of a routine that you just do automatically. This way, at most, all I’m ever at risk of losing is a week’s worth of content. Of course, that’s not exactly ideal either, but it sure beats the possibility of losing years worth of my hard work.
Featured tool: Full WordPress Site Backups with blogVault
Use a Unique Password
One of the major mistakes people make these days is that they underestimate the need for a secure, unique password for their blog. This should not be the same one you use everywhere else and definitely should not be something related to personal duties (neither should any of your other passwords).
You can use your own system to store your passwords but it’s also advisable to keep your most important ones in head.
One of the most secure ways to come up with a password is to pick three short completely random words. For example ‘blue’, ‘cow’, and ‘door’. Depending on the security of the site you may need to add a number or two to this also. That’s okay, lets say you pick 28. Now tell yourself a story – how about a blue cow that goes crashing through a door with the number 28 on it?
Imagine it, form a funny little picture in your mind. You already remember the password we just made up and there is no way a hacker is going to figure it out, no matter how long they spend on your Facebook page. (Note, don’t use bluecowdoor28! Make up your own.)
Featured tool: Use LastPass for password management and peace of mind
Use different passwords within your blog
It gets to be a pain to remember all of your passwords, so most people use just one for everything on their blogs, but that makes it all too easy for a hacker to jump in and gain complete control of your blog in seconds.
Try setting up 2 or 3 different admin accounts with entirely different names and passwords. Use different passwords for different areas of the site as well. This way, even if a hacker gets through on one of them, they have limited access and you still have the ability to log into another account and get rid of them. There are WordPress plugins that can help you manage users more efficiently.
Change the default admin account name
A lot of blogs, like WordPress, start you out with a default admin account that is simply called ‘admin’. This cuts a hacker’s job in half because they already know your username.
Go into your account, set up a new one and give it all admin privileges. Then delete the ‘admin’ account. Now hackers have to figure out both your account name and your password if they want to get into your blog.
Stick to a secure trusted hosting
Your hosting provider won’t admit this but most of hacks come from the insecure hosting environment. Carefully read the hosting reviews to see if you notice an unfortunate trend, i.e. many users reporting being hacked. It’s definitely a red flag.
Tip: Use emotion search on Twitter to see how many unhappy customers your future hosting provider has:
Featured tool: Sitegeek is a great hosting review aggregation platform which will give you lots of insight into any service you are considering.
Use secure email and messaging solutions
A common rule of thumb is to never email or message your passwords to anyone. Even if you fully trust a person you are emailing your passwords, there’s always a chance that your email will be hacked and the hackers will find the information.
But your email address can be used to access your secure accounts via password recovery process, so your online security is very tightly connected to your email account security and hence it still needs to be protected.
I have found Gmail very much protected. They are very good at stopping weird-looking login attempts and have multi-level security process including text confirmation and more.
As for secure instant messaging, here’s a good list of those you can use pretty safely.
Use a solid monitoring system
I am busy, so there’s always a chance I can overlook the hack attempt or never notice it for days after it happens. Therefore monitoring my website security is essential. It may be important for you too.
I use two great tools that make sure I am notified of any weird behavior the moment it happens:
- Google Search Console (formerly Google Webmaster Tools) sends me an instant email as soon as they suspect my site is in danger
- Pingdom monitors my site uptime and performance. It can also be easily integrated into my website management dashboard at Cyfe which also includes many other monitoring tools including Google Analytics and Search Console:
What are you doing to enhance your blog security? Let’s discuss!
Featured image source