Security should be a top priority for you as a blogger.
A single hack can set a blog back months if not ruin it entirely.
These are the reasons you should keep security as a primary concern:
- Readers won’t trust a blog that is a known location where cyber criminals lurk.
- Readers rightfully demand that any information they give you is kept safe.
- If your blog is taken over by hackers, there is no guarantee you can get it back.
- Thousands of websites are hacked every day, many of them with stronger security than your own, due to human error and basic mistakes.
You might understand if a hacker gained access to your blog through a series of clever and intricate actions, but unfortunately, in most circumstances, a compromised website is the result of an easily avoidable mistake.
Here are seven of the most severe security errors bloggers need to stop making:
1. Neglecting to use a virtual private network
Bloggers often update their blogs while they are in cafes, travelling or otherwise using public networks. This is convenient and allows for fast response, but public networks are extremely risky to use from a security standpoint.
Cybercriminals often set up shop on a public network and use a “sniffer” program to intercept any data being sent over the network. This means, without protection, hackers can gain access to your passwords, usernames, personal information and reader information. None of this is acceptable, therefore you need to use protection whenever you use a public network.
The best protection is a Virtual Private Network (VPN), which connects your device to an offsite secure server using an encrypted connection. Using an offsite server to handle your requests means that no one will be able to track your online activity and that any hackers on public networks won’t be able to see a thing.
2. Using a vulnerable device to administrate your blog
It is important to remember the basics necessary to secure a device, such as the following:
- Use a strong password on any account or device you use. One account breach can easily lead to many others, including your blog. Your email is especially important.
- Any other verification measures should be to the highest standard you can provide. Make sure no one can guess your security questions, and try to personalize your other measures as much as possible.
- Any device used to administrate your blog should have a security suite or program installed. They should be updated as often as possible, and free programs are not recommended.
- Manual checks of all files should be done regularly, so that you can detect intrusion and gain a better knowledge of the files on your system.
3. Not using security plugins (or using the wrong ones)
You are likely already using plugins of some sort on your blog, but the plugins currently available to you are greatly varied and not all are to your benefit. Many could actually be malware or exploits waiting to happen, containing security holes built into the programming so hackers can get into your website.
On the other hand, there are plenty of good security plugins out there if you are careful about looking. They can often protect you from different types of attacks and solve security problems WordPress has ignored thus far.
I recommend every blogger utilize at least one of the following plugins:
- Wordfence is the most popular security plugin on WordPress, and with good reason. It has advanced scanning for your blog, malware protection, the ability to look for backdoor entry points and a lot of other smaller options that will shore up the defenses of your blog. Many would call this a must-have plugin, and it would be wrong to disagree. There is a premium option, but either version will do your blog good.
- WP Security Scan is one of the best and simplest tools available for free. It will scan your blog and let you know of any potential weak points. In most cases, it will then allow you to make easy changes to solve those particular problems. It is a great option for new users looking to learn more about security while protecting themselves.
- Sucuri WordPress Security’s main advantage is that it will log any and all activity on your blog. If there is an intrusion, you will know and be able to respond. It also has suggested actions that you can activate easily in case you are new to WordPress security. It is absolutely worth your consideration!
From the Wordfence Website.
4. Not updating plugins
Just because you downloaded a plugin doesn’t mean that you can ignore it from there on out. Plugins are no different from any other programs, and they require constant monitoring and updating in case any new exploits arise. Hackers will take advantage of anything that comes up and use it to take over your blog.
Any plugins that aren’t updated frequently are worth abandoning. Chances are you can find a suitable replacement that keeps the safety of your blog in mind. It is recommended that you do a check of any relevant plugins every couple of months. Just compare the version you are using with the current version.
5. Having “Admin” as a username
This one is short and simple. Many blog administrators still have “admin” as their username (the default). This makes the lives of cybercriminals so much easier, as they don’t have to guess your username. They’ll also assume you didn’t put much work into the security of your blog if you didn’t change your username, and thus they will think it is easy to attack.
Double check this right now, and make the change to something less common.
6. Neglecting to moderate your comments section
The community that forms around your blog is a greater indicator of security than you think. Not only will a well-moderated comments section improve retention rates among readers and give you ideas on how to improve your blog, it will let you know if there is a problem. Your readers might be the first people to notice an oncoming threat, and if you catch it in time, you can prepare.
You also need to be wary of attacks that come about via comments on your website. Cybercriminals can post links in comments that lead to problematic websites, malware, ransomware and other things your readers might blame you for if they are attacked. Delete them as soon as possible, and remember to check your comments every day or get notifications sent your way on the matter.
7. Not having a backup of your data
No matter what preparation you have, there is the inevitable fact that you are going to encounter problems when administering your blog. Whether these problems are based on malice or result from nature doesn’t matter. You need to have a plan of action should your blog go down, so you can get going again.
Every blogger should have a backup of their data. This will allow you to safely take your blog down if you detect problems or a breach and start again from a recent record. There are several ways you can store your data in a safe manner:
- You can use the cloud so that your blog will not be in danger of any damage to your computer systems or external storage devices. The problem with this option is that the cloud is notoriously unreliable when it comes to security. Your data is out of your hands, and you have to decide whether that is a good or bad thing.
- You can get a flash drive or external hard drive to store all of your blog’s information on. What exactly you will need depends on the size of your blog, but just make sure that it is a sturdy piece of equipment. Hackers won’t be able to get to it if it is locked away in a safe!
- If you are extra concerned about something happening to the data on your blog, you can get both solutions. You will still need to worry about the data security of the cloud, but you can nearly guarantee the safety of your blog’s information.
This little stick might be one of your best tools.
When it comes to protecting your website, time is of the essence. Cybercriminals aren’t going to wait, and many of the mistakes mentioned above can be rectified quickly. An investment of time and resources in blog security now will pay dividends in the long run.
What are you doing to protect your website? Are there any bad habits you think you can break yourself out of?
Let us know in the comments below and share with your fellow readers.
Guest Author: Cassie Phillips is an internet security enthusiast and blogger. She has learned a lot about blog security from running her own blog and enjoys sharing her knowledge with other bloggers so they don’t make the same mistakes.