There has been a lot of discussion on website protection on CRG Soft lately. In case you missed it, go ahead and check out my post on DDoS attacks – How Safe Is Your Website From DDoS Attack?.
Today, we will be digging into the subject even further and sharing how you can protect your blog from those malicious intruders.
Sometimes it can feel like we have a love-hate relationship with our blogs. Despite this, they really are something awesome on which we can stake our claim. It’s our proud patch of online real estate that we invest so much of ourselves into them.
And let’s face it… when our blogs pay off in a big way, the feeling is unbelievably rewarding!
But then there are those snakes in the grass, that no-good hacker type, who breaks in, trashes the place and leaves our blogs in shambles. Why do they do it? It’s often hard to know their true intent, but they just do.
So, now we have a choice before us. Do we just sit and wait for the inevitable?
I’m here to let you know that you don’t have to. You can beat them before the game is afoot. Here are 5 tips on how it’s done:
#1: Make Your Passwords a Pain to Hack
Passwords are there for a reason. This is probably the biggest no-brainer from this entire list. Yet it is easily one the most effective. Your passwords are the first line of defense. Be sure to make your passwords hack-proof. Essentially, you want the bad guys to become annoyed, discouraged and eventually give up.
You can do this by following these rules:
– Change your passwords regularly and at random times
– Never use the same password over multiple accounts
– Never use details about your life, such as your date of birth, address, etc.
– Keep your passwords to yourself – and if you can’t, then keep track of the people who know them
#2: Keep Your Security Measures Updated (And Trust the Experts)
While no system is truly “unhackable,” throwing enough roadblocks in a hacker’s way will make your blog just too difficult to attack. You want them to blow obscene amounts of time. Make their investment far more costly than any potential reward of success.
That’s why I trust the good folks, who do this for a living. Their nine-to-five is spent outsmarting the blasted cyber predators among us. IT security companies actively monitor the methods that hackers are using, and respond to the escalation by patching, fixing and tweaking their own capabilities. This is why I always keep my software current and especially download security updates whenever they become available.
#3: Watch Your Plugins, Widgets, Gadgets, Skins
WPMatter.com has a very interesting piece on blogger security. Providing sobering statistics about where hackers are exploiting security holes:
– 40% of attacks come through the webhosting service
– 8% are password related
– About 3 out of 10 come from skins, themes, etc.
– Roughly a quarter of all attacks come from plugins (2016 statistics)
What does this teach us? My observation is that you can decrease your chances of being successfully hacked by more than 50% if you simply keep a watchful eye on what plugins, widgets, gadgets, skins and themes you use.
It is true that it’s easy for almost anyone to “seem legit” online. It’s most important to trust your gut. Using established companies with good reputations is a little way to avoid such a big problem. In addition, be sure to run a virus scan on every single addition to your blog.
#4: Separate Your Weakest Links With Different User Login Info
When you want to stop someone from opening a door, you hide the key. When you want to make a building extremely secure, you have multiple doors – all with different locking mechanisms.
The same goes for your blog. For instance, you’ll have an opportunity to select 3 “doors” and change their locking mechanisms on these user accounts:
– Hosting account
– Control panel
– WordPress installation
Also, be sure to setup your security measures in such a way that enable notifications on account activity. That way, when a shady character opens one door you can immediately go right in and change the locks on the other two doors.
#5: Give Yourself a Backdoor (With a Different Lock and Key)
To outsmart a hacker, it’s best to think like them…
Their best method is to let themselves in and then immediately lock you out. This can be absolutely horrifying, because you’ve effectively lost control of your property to an entity with nefarious motives.
But let’s say you already prepared before the attack, by creating other entrances that the intruder never knew about. All you need to do is come around the back, unlock your secret door and charge up through the basement with a can of pepper spray and an attitude.
In the blog universe, this is basically what you’re doing by having additional admin accounts (the existence of which, you just so happened to keep a secret). In the spirit of following tips #1 and #4, be sure to vary the login info.
When predators realize you’ve already locked them out by slipping in through one of your own secret entrance, it will be just too bad you never got to see the shocked, frustrated looks on their faces.