10 Ways To Improve Blog Security (so that you don’t get hacked)
Every day, experienced hackers and nasty plagiarists flood the internet to look for security loopholes on websites. If they find your blog vulnerable, they may do anything from installing malware to redirecting your traffic to their own sites.
In spite of the thousands of hacking incidences that take place online each day, few people seem concerned about blog security. Do not think that your blog is immune to such attacks.
Well, hacking is not the only practice you should be worried about while working online. Content theft is possibly a huge problem, particularly in the world of blogging where uniqueness is the hallmark of quality.
While Google and the other search engines create algorithms to identify the origin of certain content, it is still not fun when you discover that people copied your content and pasted it on dozens of other blogs out there.
Since WordPress is a popular tool for setting up blogs, it can easily draw the attention of hackers. You can find the latest threats right here and you will understand what I mean.
Fortunately, you can take a number of measures to nip such security threats in the bud. This post will highlight 10 effective ways you should use now to make your blog more secure.
1. Secure the login
You may have noticed that admin is the default username on your WordPress blog. All hackers know it as well. So, change this one as soon as yesterday. Besides, use Captcha for the user login as a means of protection from the brute fore attack.
To implement Captcha, you can use the BWS Plugins. You will find the Captcha plugin useful in controlling against spam as well.
2. Do not advertise the version of your WordPress blog to the world
Typically, WordPress sites normally publish a version number, which makes it easier for visitors to know whether you are operating on an obsolete, non-patched edition of WordPress.
Exposing the version number of your WordPress site will make it vulnerable to security threats and attacks. While you can take off the WordPress version from your web page, you need to make an additional change: go to your WordPress installation directory and delete that readme.html file from the directory since it also advertises the version of your WordPress site to the world.
A number of WordPress themes contain login links to give you easy access to a login page. You do not need to reveal your login page in a manner that will invite everyone including hackers, to access it.
Therefore, if you have a theme with a login link, you should remove it. If you cannot remove it, consider changing the theme.
3. Automatically back up your blog
With regular backups, you can easily recover from even the deadliest hacks. In fact, at a click, you can restore the entire site.
Besides, before you make any significant changes to your site like upgrading the WordPress version or installing a new plugin, ensure you make a back up. The Better WP Security plugin, you can schedule back functions and enhance security for your blog.
4. Add the password authentication to your WP-admin folder
If you want to keep hackers away from your blog, make it hard for them to break in through your login page. To achieve this, add the password protection to your “WP-admin” folder. This will ensure that anyone accessing this folder will need to type in the correct password and username (aside from the user login).
The simplest way to add the password authentication is through the CPanel. Simply log in to your CPanel and then select this option – ‘Password Protect directories.’
5. Add links to guard against copy/paste
You do not require any complex tools to steal web content. It is as easy as copying the article and pasting it in another place. Besides, you don’t even need to bother about the formatting because that will be copied too!
Way too convenient for the content thieves, right?
Well, recently I started using a great service, known as Tynt. While Tynt won’t disable the copying of your content, it adds an attribution URL to your blog anytime someone copies content from your blog.
The result will look like this – copied content+ read more at www.example.com.
Well, you might say that most content thieves will just delete that link though chances are most of them won’t even realize it! I mean, most of them simply copy, paste and then publish.
After installing Tynt, you’ll receive stats on the number of copy commands that occurred on your site in addition to the most copied posts. Moreover, this tool will help you know how many links you have generated from the read more links.
6. Setup Your Own Google Authorship
Whenever there is duplicate content, search engines may decide which content deserves a lower ranking by finding out the one that was published earlier.
However, that isn’t always sufficient, especially if a person whose blog has a higher ranking steals your content. In such a scenario, the stolen content might continue to receive more link juice.
It is here that Google authorship comes in handy. If your authorship is confirmed, there’s less likelihood for your content to rank lower than similar content stolen and posted on another site.
To setup your Google authorship, you should follow the following steps:
- Sign up for a Google+ account.
- In your profile settings, you will find “Contributor to”
- You should add the link to your own blog there
- Install the WordPress SEO plugin by Yoast
- Now go to users then to your profile
- Move down to the contact info
- Add the profile link of your Google+ account
For more detailed instructions on setting up Google authorship in WordPress, go here.
7. Disable hotlinking
When someone copies your article, chances are he will also copy images within the article. After the thief publishes your post on his or her blog, the image URLs will actually point to your server.
Consequently, your hosting will receive additional load thus lowering your blog’s performance. The direct copying of images from someone’s blog is called hotlinking.
The good news is there is a way to help you avoid all these headaches and the solution is CloudFlare.
Well, CloudFlare is simply a great content delivery network. This tool improves the loading times and to achieve this, it caches the content, collects information about the location of the visitors and then sends the cached data right from the local server.
The above functionality and the fact that it’s free (though you may find more premium features), makes CloudFlare a must have for any serious blogger.
However, in our case, we need the “hotlink protection” checkbox, which you can get from your profile at CloudFlare. You simply need to turn it on in order to stop the hotlinking issue.
You simply need to click on the “Security Settings” and then scroll down to the “Hotlink protection” and just click on the “ON” button.
8. Install trusted plugins only
Hackers can easily access your blog through the plugins you install. When you install a plugin, you make it possible for one to access core files found in your WordPress installation. This is why you need to be cautious when installing any plugin to your blog.
Below are four major considerations you should do before you install any plugin
i. Ensure it features in the plugins directory on WordPress.org
If you cannot find the plugin in this directory, chances are it is either not legitimate or it is premium. Do not hesitate once there’s a download option for it in this directory.
ii. Check the rating
Look at the star rating that users have given to the plugin as well as the distribution of votes. If the plugin has more one-star ratings than it has five-star ratings, chances are there could be a security concern.
iii. The number of downloads
Try to look for a popular plugin. You can tell this from the number of downloads under each plugin. Bad plugins hardly generate thousands of downloads because moderators would remove them in no time.
iv. Check out the third-party reviews
As aforementioned, premium plugins do not feature in the directory, making it hard for you to establish their legitimacy. So, when considering such plugins, find out more from the reviews of those who’ve used it.
You can also visit the CodeCanyon directory, which features premium plugins and you can find out whether the plugin is legit and safe to use.
9. Install the two security plugins
You can install two powerful security plugins that will keep hackers running from your blog. These are:
This security plugin has awesome features: it limits the login attempts, scans the themes and plugins against your WordPress repository versions for changes; scans the comments for phishing URL’s and malware, and checks out for any outdated plugins. Wordfence is a great plugin that you can get free.
b. Limit Login Attempts
With this plugin, you can keep threats off of your WordPress login page. It enables you to restrict the number of times that users (based on the IP address or cookie) can unsuccessfully try to log in into your own blog.
10. Install a Firewall
Finally, to protect your blog against hacking and other security attempts, you should install OSE Firewall, the creation of Open Source Excellence.
This firewall has a built-in scanner that will scan your blog for any malicious codes. Besides, it has a new anti-spam feature that will keep your blog spam free.
You can follow the above steps to protect your WordPress-powered blog against unsolicited access and also to keep content thieves at bay (although I am yet to find a sure-fire tool that can stop content theft from my blog).
Now, I’m curious to know the ways you guys use to secure your blogs. Do you use other security plugins or other methods not on this list? Kindly take a minute and share something in the comments!