Protecting your blog(s) from hackers…

Posted: February 27, 2011 in All Categories, Software, Web Hosting, Web Services
Tags: ,

Everyone blogs these days and some are yet to give it a shot, so you have finally thought of setting up your blog or you already have a blog and the number of visitors are catching up too. But sadly and seriously these days, there are huge rush of people who hack into blogs either for fun or to malign work of others. So I have found some simple tips to keep hackers away from yours. Let’s see what are those:

null

Upgrade your Blog software

Most bloggers use platform like blogger, WordPress, typepad, Weebly, etc,, Perhaps you have wondered why blogs releases a new version of their software every few weeks. Thousands of people go over the Wordpres code every day in an effort to improve it. A lot of the time, they are trying to plug up security vulnerabilities which hackers have figured out how to exploit. By upgrading regularly, you can be sure that you have all the latest security fixes.

Update plugins

Many times, hackers will figure out how to gain access to your blog through a vulnerability in one of your plugins. The creators of these plugins often release updates that are more secure, which is something you should take advantage of by updating them regularly.

Most Importantly Hide plugins

If the hackers don’t know which plugins you have, then they won’t know where to begin trying to hack your site. The way they find out which plugins you have is by looking in your /wpcontent/plugins directory. If you create a blank document, save it as index.html, and upload it to this directory, you can prevent anyone from accessing this information. Alternatively you can block the standard file list from showing with .htaccess.

Get rid of Admin Login name & Use strong password

Do you still use “admin” as your username to log into your account? If so, you are making things much easier for hackers. If they know the username of your administer’s account, then hackers already have half of the information they need to break into your account. If your password is something like “wood floor”, then it can be extremely easy for hackers to guess. They can often simply use a program which guesses your password based on dictionary entries. Create a lengthy password made up of upper and lower case letters, numbers and characters in no particular order and avoiding dictionary words.

Login securely

One way that hackers will steal your password is by intercepting it through the network while it is on its way to most blogs. You can solve this problem by installing the Chap Secure Login plugin. This plugin will automatically encrypt your password when you login, so the hackers will only be able to see your username.

Remove your version information

Often, hackers will attack your site based on the version of the blog you are running. If they don’t know which version you are running, they won’t know how to attack your site. Install WP Security Scan to remove the identifying code from the header and feeds.

Prevent brute force attacks

One of the simplest ways for hackers to break into your account is to try different passwords over and over until they find one that works. The easiest way to prevent this is to use the Login LockDown plugin. If someone fails to guess the correct password three times within a 5 minute period, this plugin will prevent them from even trying again for the next hour.

Third Party Code

Adding site counters, templates, and other third-party code to your blog can be a great way to add some flare to your content, but can also leave your blog vulnerable to malicious activity if you aren’t familiar with its source. So take a moment to review the code and look for anything that seems out of place. For example, if you are adding a weather gadget to your blog and notice in the code that there are links pointing to unrelated sites, take that as a red flag and keep searching for another weather gadget. There is no reason that a weather gadget should include a snippets like ~ a href=”http://completelyfreemoneysamples.com”>Make Money Online!/a~

Before saving new template code, always preview first. Malicious template designers may sometimes include pop-ups or other unexpected ads in the template code, which will usually be revealed with a quick preview.

Look first to ‘trusted’ code repositories for a new template or widget. There are probably thousands of places across the web where you can find widget and template code, but it may be helpful to first check out some of the more widely known and trusted sources.

Protect against comment spam

Spam can be a danger to your blog and its visitors. Comment spam can insert unwanted content onto your website. One way of protecting against spam is using plugins that track comments and trackbacks, running them through tests to check on whether they are spam and then refusing or approving based on the test results. Though its worth noting that this is not completely full proof and depending on the size of your blog you may even want to personally moderate commenting, or maybe even limit commenting to specific posts.

Anti-spam Plugins and additional resources on how to protect from comment spam:
Akismet
Spam Karma 2
Codex on Combating Comment Spam (http://codex.wordpress.org/Combating_Comment_Spam)

Secure your WordPress Admin directory

This is mainly for WordPress Bloggers since it’s more the choice of pro bloggers and for its rich theme. This is one of the most useful tips where you have to whitelist all IP adresses that can access your /wp-admin/ directory. This method will only allow the access of wp-admin from your chosen IP addresses like your home computer, office computer, laptop etc. It is easy to do through .htaccesswhich you can place at /wp-admin/.htaccess. Here is the code you need.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from 64.xxx.199.99
# whitelist work IP address
allow from 64.xxx.199.210
allow from 199.xxx.136.200
# IP while in Bangalore; delete when back
allow from 128.xxx.2.27

Change IP addresses with the ones that you want to allow. If you are staying in a hotel for a few days, add their IP address in the file for that period and take that off when you leave that place. A very good security measure to keep your blog safe.

Finally, have a backup plan

You have to have a complete backup (database + files/plugins/themes) in case of uncertainty. It is always a good idea to keep your blog’s backup on more than one places (like computer hard disk, USB drive, CD etc) and take regular backups. This has worked like a charm to me many times bringing back many of my other blogs up in matter of seconds if something went wrong.. The following plugins can help automate the database backup process in wordpress, visit their websites for more information:
wp-db-backup (http://www.ilfilosofo.com/blog/wp-db-backup)
wp-dbmanager (http://www.lesterchan.net/wordpress/readme/wp-dbmanager.html)

Visit the the WordPress codex for further details on backing up your website.

As usual if you think i missed any leave a comment so other stay informed of it.. C U next week, till then take care..

Advertisements
Comments
  1. […] READ MORE February 27, 2011   //   blog tutorial   //   No Comments   //   Tags: code-every, correct, easiest-way, even-trying, minute-period, someone-fails, three-times, will-prevent […]

  2. World Spinner says:

    Protecting your blog(s) from hackers… « Ravi Kanth L – Tech Blogger…

    Here at World Spinner we are debating the same thing……

  3. Protecting Your Blog S From Hackers…

    […]Users in China are reporting that aces to LinkedIn has ben blocked throughout the country. By al indications, it[…]…

  4. katie says:

    yeah nice

  5. Reibiquisioms says:

    Great Info…

  6. vj says:

    I had my website hacked once, hate them..

  7. evan says:

    Agree..

  8. quintal says:

    hackers are bunch of losers, there need to be stricter laws for them…

  9. wintern says:

    I hate hackers..

  10. it_med says:

    Why do they do this, bunch of idiots they are for sure..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s