This is a guest contribution from Cassie Phillips.
Problogger is where I learned a lot of my own blogging skills, and I cannot compliment Darren enough for creating a space for bloggers that focuses on real improvement and in-depth conversation. Posts on the website such as this one on improving SEO efforts demonstrate the quality we all hope to achieve.
Many bloggers go into blogging thinking that nothing could happen to their blog and that anything on the internet is, to an extent, removable. They believe that they don’t have to worry too much about security on their blog because no one would ever bother to attack their modest blog. These bloggers are, unfortunately, wrong. Thousands of websites and blogs are attacked every single day, and there is no reason why your blog shouldn’t be a target.
Cybercriminals and hackers want to attack blogs for different reasons, and often the size of your blog doesn’t matter. Depending on what you put on your blog, a skilled hacker can even turn it against you.
These factors necessitate a need for increased cybersecurity across the board, but you as a blogger can acquire every tool and habit needed to protect yourself. Each blog is different, but some strategies are universal and will prove necessary in the years to come.
Here are some of the best ways to make your blog safe from online threats:
Make Good Plugin Decisions
There is a strong likelihood that you use plugins or scripts on your blog to make it more appealing to readers. You might even already use a security plugin such as WP Security Scan or WordFence to protect your blog. It might not be enough, and you should take note of the following so you can use these tools to the best of your ability in the future:
- Make sure to update your plugins (along with your computer) as often as possible. Cybercriminals will often take advantage of exploits to find a backdoor into your blog. Don’t let hackers take advantage of the window between developer patch and download.
- Get rid of the plugins that are no longer updating themselves. Chances are you can find a safer alternative that reacts to exploits and new threats.
- You might need more than one security script or plugin. Check to see what vulnerabilities or other threats your tool fends off. Then, check to see if there are any gaps that can be filled by another tool. Just make sure that any tools you use are compatible with each other.
Use a Virtual Private Network
Public networks are some of the most dangerous places online. There is rarely anything stopping a hacker from sitting down and using a “sniffer” program to monitor all data being sent and received on the network. Anything you work with, even your blog’s login information, will come up on the hacker’s screen with little difficulty. This can easily lead to account and identity theft.
On a similar note, whenever you travel you might not know who could be watching you. You might find yourself on the wrong end of government censorship or surveillance. This can put your blog at risk or disadvantage.
The best way to handle both of these problems is to use a Virtual Private Network (VPN). A VPN is a service that connects your devices to an offsite secure server using an encrypted connection. The encryption will protect your blog’s information on any network allowing you to work as you need to. The fact that you are using a different server means that your IP address will be masked and you will be much more difficult to track. As long as you get a VPN that provides you with many options, you will be able to work safely from anywhere.
Use HTTPS
One of the costlier, yet eventually necessary steps you can take to protect your blog and your readership is to look into HTTPS protection. Depending on your host, you might have it already. You can check by simply navigating to your website and looking for something that looks like a padlock in your address bar. The protocol will add an extra layer of protection to communications involving your website, making it that much harder for hackers to take a peek at what’s going on.
The more active involvement and information you work with on your blog, the more you need this. If you think it is worth the investment (it eventually always is), look into buying and installing an SSL certificate on your blog.
Prepare a Secure Copy of Your Content
No matter what you do, something is going to happen that affects your blog in a negative manner and potentially delete some posts or data. While you should make every effort to prevent this from happening, an effective cybersecurity plan takes into consideration the need for contingency plans. You might need to wipe everything and restore your blog from scratch. If you don’t have your files anywhere but your computer or blog itself, you could find yourself in a nightmare scenario.
This is why you need to make sure everything you do is on a backup. Depending on how much and the type of content you produce, you will want to decide between external storage and using a cloud storage service.
A cloud solution is great if you need to collaborate a lot with other people and want to access files easily from multiple devices, but there are sometimes privacy and security issues that can rear their ugly head. A physical storage solution is perfect if you blog mostly from home and alone. Whatever you pick, make sure that it’s a quality product and remember to use it regularly. A copy is useless unless you update it.
Create Clear Lines of Organization and Separation
When you are managing your blog and protecting it, you need to know where everything is and organize your resources in such a manner that it would be easy to notice should anything go missing or change. Not only is this a great way to passively stay on the lookout for hackers, but it allows you to save time in general in the laitance of your blog. Experiment to find the system that works best for you and your blog, so long as you can keep track of everything.
Another measure you will want to take if you take your blog seriously is to separate your blog from your personal devices and accounts as much as possible. You don’t want to have to deal with multiple crisis at once if your email account gets compromised. If malware infects your personal computer, you don’t want the damage spilling over onto your blogging efforts. Do what you can to separate your blog form the rest of your online life, even if it seems inconvenient at first.
Protect Yourself from Malware
Whether it is directly trying to embed itself into your blog or trying to infect your device to steal data down the line, you need to protect yourself from malware. Here are some tips to help work against this nasty problem and protect your blog in the process:
- Get a security suite for any device you use. There are no exceptions to this rule, and remember that you generally get what you pay for when it comes to security products.
- Remember that malware can now infect smartphones and even Apple products as of late. Take the same security precautions on your mobile devices as you do on your computers.
- Make sure that no commenters on your blog are trying to launch an XSS attack on your blog or linking directly to webpages that spread malware. You need to take care of your readers as best as you can in addition to your own blog.
- Try to avoid questionable websites or links as best you can. There is rarely a good reason to visit the underbelly of the internet, and most of the main websites online are absolutely safe to use.
Takeaways
That is a lot to remember when you are trying to keep your pride and joy safe from the cybercriminal hordes right on the other side of the screen, so try to remember these key points and take action as soon as you possibly can:
- Take a look at what plugins and scripts you’re using. Update the outdated ones and make sure you pick tools that are the best you can find.
- Use a VPN whenever you are working on your blog outside the home or office.
- See if your website has HTTPS protection. If it doesn’t, look into getting it.
- Create a secure backup of your website and content. Keep it safe.
- In all aspects of managing your blog have a clear plan of organization. Try to separate the more professional aspects of your technological life (including your blog) from the personal ones.
- Make sure neither your blog nor your computer is infested with malware. Find tools to aid you with this.
There are other ways that you can specifically help your particular blog, and you should make every effort to seek them out. Every blog is different; therefore, you will have different security priorities than the blog next door. Remember that the internet is a dynamic platform and that today’s security measures won’t be enough to protect you from the threats of tomorrow. Stay vigilant so you can spend more time on making your blog rise to new heights.
Do you have any additional thoughts on the subject? Are you worried about the security of your blog and that what you are doing now isn’t enough? Do you feel as though there are other things that bloggers can do to protect themselves? If so, please leave a comment below to continue this important conversation that affects every single blogger.
Cassie Phillips is a blogger and cybersecurity writer who has been dedicated to helping fellow bloggers improve their cybersecurity for years.
Great points on blog security; it’s certainly an issue we find most bloggers overlook. I’d add two-factor authentication as an additional best-practice when accessing public networks. At Uncoded, we typically recommend this feature to our clients.
The Mobile devices issue you mentioned is becoming increasingly important. Interestingly most security packages don’t seem to go beyond backup and lost phone location for iOS.
It’s a sad thing to know cyber criminals are happy off of the strength of hacking other people’s sites for whatever reason. Maybe some of the cyberhackers are allegedly unemployed or not happy with their position of employment which leads to him to run cyber scams like that. Perhaps if they were honest people and would rethink their position in life in terms of living honestly they would give up their wicked ways and turn their lives around to being an honest and hard-working person. Agree?
Darren,
Thank you for the pointers. I’m still recovering from a couple hacks. After the first hack, I copied all my data into a new theme and recreated a lot of content. Turns out my Shared Web Host was hacked – at a level I could not access. I ended up having a coder move my site to a new, dedicated server with a different company.
I posted a story recommending my coder (I’ve known him for years) and wish I had enough income to have him on my site every week! Maybe the plugins will do in place of having a weekly coder to monitor my site.
There is something to be said for getting what you pay for. Watch out for those 1 cent a day ads, the security and customer services is sacraficed.
I’ve applied the plugins you recommended. (laughing) One of the plugins already discovered a few broken links. Those links are left over from moving my own website into the new theme. (sigh)
Grateful for your knowledge share.
– Shauna
PS You will notice I do not use my public, business email in my comments. I’ve been very happy with Other Inbox in my private email account to help me “sort the wheat from the chaff” There is a lot of email chaff out there, too.
Thanks for the article Darren,
i already have https for my blog and i learned this lesson when someone from nigeria hacked my business website and installed some of their spam content related to the nigeria news, it was very difficult to get rid of those pages and after that there were lot of not found pages in the webmaster tool.