There are a lot of reasons I feel lucky I don't have a huge blog. I don't pay massive fees for my server and bandwidth (since my site is self-hosted).My email accounts stay manageable, it's easier to interact with my followers, and it hopefully means I don't receive as much flack and dislike online.
It also means that my site is less likely to get hacked by outsiders.
This doesn't mean it can't happen, but it means it's a bit less likely to happen than to a site like IFB.
My best pal recent shared with me some trials and tribulations for her own site: seeing spam pages come up in search results on her site in lieu of content. Accidentally crashing her site and losing all of the content when she deleted the files (and hint: your host may not always have a backup). An increase in hack attempts when she ran a shop through her site as well.
She shared those tips with me, and I wanted to share them to you. Because losing 6 years of posts? That SUCKS.
Basic Security for Your WordPress Blog:
Don't use the “Admin” username & password combination:
When you create a self-hosted WordPress site, it prompts you to create a username and password. Often, WordPress encourages you to use “Admin” as the username. Using Admin means everyone on a WordPress site has the same primary username, making it easier for hackers to figure out step #1 of hacking into your site — your account name. No one will see your account name but you, so make it as unique as you'd like.
If you've been using the Admin login for a while, that's okay– so was I! To make the change & get rid of that ADMIN username, I create a second user (let's call her OMGAshleyRules). I transferred the ownership of all posts from ADMIN to OMGAshleyRules. Admin no longer had written and posted any of the articles on my site; OMGAshleyRules had. At that point, logged in as user OMGAshleyRules and deleted the Admin user.
If you want more step by step instructions, this post has step by step instructions on how to delete the default WP admin username.
Don't use the default login URL.
Again, by default, WordPress makes the login page for every site website.com/wp-login.php. It's easy for hackers to type in the /wp-login.php (or /wp-admin) extension onto your website URL to get to the login page of your site. But you can actually make the login page have any URL you'd like! This is a harder for websites like IFB where we have thousands of user to login, but if it's just you? Make that login url /heytimetoblog.php or whatever your heart dreams of!
The easiest way to do this is to install a specialty plugin like HC Custom WP-Admin URL to help you change the login or you can use a security plugin like the one below. If you're really skilled with coding and feel comfortable altering your .htaccess files, you can follow these instructions on how to change the /wp-login.php page.
Install a security plugin.
This seems like a no brainer, but I've gone my entire 6+ years without one! My best friend recently recommended Better WP Security, which has great ratings. I appreciate that it's really clear about what you need to do to secure your site (see below for an example from my site) and focuses on various areas of weakness on your site — ones I didn't even know existed or were prone to hacking attacks!
This plugin identfies security breaches and color codes them based on the level of importance (see the color coded scale at the bottom). All red updates are security risks and should be updated immediately! Anything that is in yellow (I have 4 below) is partially secure, and you should take steps to secure them.
I could really write a whole post about how to use this plugin (even though I'm still learning), but know that this plugin identifies what may need to be fixed immediately, or what they recommend you fix– but that may have consequences related to your plugins or theme settings.
If you don't feel comfortable with coding, I like that Better WP Security can and will edit core files – like the .htaccess and wp-config.php files. It can even help fix your admin username and the /wp-login.php page for you!
Bonus Tip: please, please, back up your site regularly!
This is one of those “I didn't do it until I've either lost my site or have a friend who loses their site” moments. It wasn't until I saw several blogger friends crash their sites and lose their data, that I realized how important it is to back up your site. There are lots of options to help you do this – Better WP Security can help you do it, or you can use a plugin like WordPress Database Backup (this is what I use).
How often you back up will be based on your blogging habits – if you post 3 times a day, you may want to set up a daily back up. If you post irregularly, you may want to schedule an update once a week. No matter how you schedule it, in the event that a page gets hacked or you lose your site, those backups will be essential in rebuilding your site.
Now ‘fess up – have you actually taken precautions for protecting your site's security before reading this? Have you ever had your site hacked — and if so, do you have any extra tips and suggestions to help the rest of us?
[Image source: Shutterstock.com]