 |
| Image by jasoneppink |
Question: Is your blog’s security a top priority for you?
I bet the majority of you will say, “Yes John, it is.” However, I bet 90% of you have taken very little steps to actually secure your blog against intruders.
About 8 years ago I hurt my back (relation to blog security coming up quick) to the point where I have a bulging disk. I went to a chiropractor and he asked me, “How concerned are you of this problem?” I told him I was pretty concerned and wanted it fixed, but since the pain wasn’t unbearable it wasn’t top on my priority list.
He brought me into a room and showed me how over time an injury which starts out with only ‘some pain’ can easily turn into a huge problem for me down the road. He showed how without treatment my problem could get worse up to a point where I might have troubles doing simple things, like walking. If that were to happen, I bet my future self would say, “Why didn’t I listen to that chiropractor?”
He then asked me again, “How concerned are you of this problem?” My answered changed.
Now let me ask you again, how concerned are you for your blog’s security?
Do you think it’s possible one day that your future self might say, “If I only took steps to protect my blog earlier none of this would have happened.”
Realize too, you might not even know your site has been cracked until some time down the road. Sometimes a hacker’s only interest is to create backlinks to their websites (to help their Google PageRank) while other times it might be to simply steal your bandwidth.
See this article as an example. Also, Nik Cubrilovic over at TechCrunch mentions this in his article, WordPress Security Issues Lead To Mass Hacking. Is Your Blog Next?
It is unknown just how many WordPress blogs are infected (I have seen instances of double infection, where a previously hacked host had been hacked again), but as an indicator, across the ten or more WordPress blogs that TechCrunch and I have access to, we can see over 100 requests daily for these various security holes.
So how do you secure your WordPress blog?
There are many ways to harden your WordPress installation and I’ll talk about more of them down the road, so be sure to subscribe to our feed if you’re interested (link opens in a new window so you won’t lose your place).
Here are two quick and easy ways help guard your blog against attacks using SQL Injection.
1. Install a WordPress Firewall Plugin
There are a few really good firewall plugins out there for WordPress, but here’s one that’s easy to use. If you’re unfamiliar with what a firewall is, look up to the picture at the top of this article. Imagine the girl is your blog and the guy is an intruder. The firewall is the shield protecting you from his attack.
SEO Egghead offers the WordPress Firewall Plugin.
Simply install this plugin and then configure it to whitelist your IP address (so you yourself don’t trigger a block and alert). To do that, once the plugin is activated look over to your Settings area on the left sidebar of your WordPress Dashboard and click Firewall.
From there you can enter in your email address to send possible intrusion alerts to and also whitelist your IP address. To find out what your IP address is, you can head over to WhatIsMyIPAddress.com.
2. Upgrade Your WordPress Installation
This is the easiest thing you can do to help guard against SQL Injection and other blog security vulnerabilities. If you clicked over to read the article mentioned above, the author shows how he was using a recent, but not current, version of WordPress and his blog was still cracked.
Luckily, simply upgrading his WordPress installation fixed his problem.
If you don’t know how to upgrade your WordPress installation, we have a video tutorial on how to do it.
Finally, I’d like to note that WP Blog Host provides various blog services. If you’d like us to upgrade your blog and/or provide these and many more security upgrades to your blog, let us know. For a one time fee of $65 we can harden your WordPress install, help fortify your blog against SQL Injection, database cracking, and brute force attacks. Just send us a note in the comment section below or on our Questions page.
So, let me ask you. How concerned are you about your blog’s security?
Related posts:
- WordPress Defender: 30 Ways to Secure Your Blog from Attack Anyone Can Do
- 2 Killer WordPress Security Plugins You Probably Don’t Know About
- Hammering Down 2 More Ways To Speed Up Your WordPress Blog
- Allowing Readers To Subscribe To Your WordPress Post Without Commenting
- WordPress Security: The First Thing You Should Understand
March 26th, 2009 at 6:27 am
Hi John – I have injured my back and this post has scared me enough to go see the doctor.
You also have me worried about security. I checked some of my blog users that you mentioned. And I hadn’t added any of them, so I don’t know if they were spammers or what. Anyway, I’ve deleted them all.
Since you took over my hosting, I barely get any spam. There used to be loads in Askimet but now most of it just doesn’t seem to get through. Thank you.
March 28th, 2009 at 2:29 pm
Hello!
Very Interesting post! Thank you for such interesting resource!
PS: Sorry for my bad english, I’v just started to learn this language
See you!
Your, Raiul Baztepo
March 28th, 2009 at 10:28 pm
Cath
I’m glad you’re headed to see a doctor about it. Trust me, I know that when it comes to our back, we need to take care of it. Is that Silva Life System helping with pain management. It seems very intriguing.
Glad to hear you deleted the extra users on your blog. A lot of hackers simply want into our blogs just to create backlinks but have no intention of breaking anything. Tsk Tsk!
RaiuBaztepo
hmmm … you’re welcome.
June 17th, 2009 at 6:55 am
Just installed the plugin, no errors so far… Do you have any config recommendations for the plugin, or is the default fine?
Jim Gaudet´s last blog ..New Google Webmaster Tools | What’s Up?
June 17th, 2009 at 1:49 pm
Just make sure to go over to the plugin’s settings area and put in your computer’s IP address. Otherwise you might not be able to edit your blog.
If one day you find you are unable to edit anything on your blog, check if your IP address has changed, if so, update that in your settings.
Also, for additional security, you might want to check out this article.
June 17th, 2009 at 2:14 pm
Thanks, I was wondering about that G4. It’s a big file and I didn’t have the time the read through it. Where would I put my redirects and the wordpress code in that file?
Jim Gaudet´s last blog ..New Google Webmaster Tools | What’s Up?
June 17th, 2009 at 2:15 pm
Sorry, I think I really need to read the whole page. You don’t have to answer, I need to stop being lazy
Jim Gaudet´s last blog ..New Google Webmaster Tools | What’s Up?
June 17th, 2009 at 7:15 pm
LOL Jim. You know what, it’s all good. I’m not one of those bloggers who encourage people to read my blog and if you have a question go do research first, understand it, and then ask your question.
Brian Clark from Copyblogger kind of made me feel that way one day when he wrote a post basically on that topic. It outlined how too many people were asking stupid questions (in his opinion) in his comment section and I guess his frustration with them.
I come from a training background (I was a banquet trainer and a kindergarten teaching assistant at points in my life) so the teaching aspect is instilled in me.
All you need to do is copy and paste all that code into your root .htaccess file. You can paste it at the top or bottom. I’d say put it at the bottom just so anything else you have in your .htaccess file is easy to get to at the top. Either way, it doesn’t really matter.
Of course then check your site. Make sure everything is working ok. One person recently noted on that article that one of the lines of code affects WP 2.8, but that’s not confirmed. A lot of people are having issues with 2.8, but that’s related to their themes and plugins not being compatible.
June 17th, 2009 at 9:09 pm
That’s cool. I am the same way. I have a handful of people that just always ask me questions, just because it is fast and easy.
Thanks for the info and the heads up. I am using WP 2.8, but my own theme and some custom plugins. I will let you know how it goes..
Jim Gaudet´s last blog ..New Google Webmaster Tools | What’s Up?
November 5th, 2009 at 10:42 am
Hi John
I came across the “SEO Egghead WordPress Firewall Plugin” via another article and then found this post.
Any chance of a post on setting up the options for the plugin?
And please don’t say….”The options are pretty self explanatory” because they are to you, but not to the technically challenged such as me.
I’d make a small donation for a post on setting it up… anybody else willing to chip in?
Keith Davis´s last blog ..easy peasy!
November 5th, 2009 at 9:07 pm
Hi Keith. No problem. In fact, maybe I’ll do a video on it. Give me until Sunday or Monday, though – I’m so busy this week I don’t even have time to work on a blog article.
Thanks and I’ll get that post out in a few days.
November 6th, 2009 at 10:32 am
Short reply… brilliant!
Keith Davis´s last blog ..easy peasy!
November 21st, 2009 at 11:25 am
Hi Keith, sorry for the delay in getting that video made, but here it is:
SEO Egghead WordPress Firewall Plugin Video Overview
November 21st, 2009 at 12:07 pm
Hi John
Just watched it.
Great job, many thanks.
Keith Davis´s last blog ..easy peasy!
February 17th, 2010 at 2:19 pm
Hi John
I installed the “SEO Egghead WordPress Firewall Plugin” some time ago and just had an alert from the plugin. Alert reads…
WordPress Firewall has detected and blocked a potential attack!
It goes on to give IP etc.
Do you have to do anything when you get an alert or just be thankful that the potential attack has been blocked?
Keith Davis´s last blog ..Practice, practice, practice…
February 17th, 2010 at 2:27 pm
Make sure it is not your IP and something you did.
Can you email me what exactly it says or send me a screen shot? I can tell you if it was a legit attempt or not.
If it is, maybe ban their IP address from your site for awhile. Here’s my YouTube video on how to do that: Ban IP (it’s an older video).
John Hoff´s last blog ..The Super Beginners for Dummies Tutorial on RSS Feeds
February 17th, 2010 at 2:43 pm
Thanks John, I’ll do that.
Perhaps I’ll take you up on your “WordPress Security Upgrade” got to be worth it for all the time we put into our blogs.
Keith Davis´s last blog ..Practice, practice, practice…