Archive for the Category »Security «

For some it’s a non-issue.

For those who spend most of their time in the blogosphere, on cell phones and social networking sites, it would be huge.

We’re discussing what happened in Egypt – how the internet was “killed”. How cell phone companies were ordered to shut down service. if they shut down the internet post

Within a very short period, many were silenced.

Temporarily.

Today’s Lesson

Egypt isn’t the only country which has tampered with internet usage. Other countries regularly ban sites from internet users, sometimes erase derogatory comments about “the powers that be” and even go as far as shutting down sites.

In most parts of the world we have freedom of speech, however, if an emergency were to arise, what happened in Egypt could happen anywhere.

I don’t know about you, but I rely on the internet for a lot.

I take it for granted that the internet will always be there.

For my blogs I use a plugin for automatic backups and the information is sent to my email address. Sometimes I save the file to my hard drive, sometimes I don’t.

I have my favorite blogs I visit. I don’t know the URL for each one, but my (online) RSS feed does.

I have other sites which help me in other aspects of my life. I rely on my (online) Bookmarks to record them.

I can recall a few email addresses, but isn’t that what an online email address book is for?

My social networking sites keep a list of my friends and followers so I feel no need to memorize their user names.

Some of my passwords are written down, but some are “remembered” (online) from previous visits.

When I think about it, if the internet was “killed”, I’d be scrambling.

I might even panic.

But, it’s my fault.

I’ve put too much trust into an inanimate object which could be taken away in the blink of an eye.

How about you?

Today’s Assignment

If someone pulled the “kill switch” on the internet, how would you react?

How much of your reference or backup material would be lost?

Or have you planned ahead?

Care to share?

signature for blog post

References used to prepare this post:

Before you spend your time reading this post, I will warn you, we’re discussing a topic many bloggers prefer not to think about. I’ll leave it up to you to decide if you want to read this post, or just move on.

You see, we’re talking about making our blogs, “our babies”, safe and secure.

Continue reading, or not….

*******


I can still remember when I crashed my blogs.

I stared at the error message on the screen and got sick to my stomach.

Being new to blogging, I didn’t know what to do so I kept refreshing the page thinking it would correct itself.

It didn’t.

In all honesty, I knew it was what I had done behind the scenes that created that error. I “thought” I knew what I was doing.

I didn’t.

Today’s Lesson

It’s one thing when we mess around behind the scenes and crash our blogs. We know who to blame. We know what we did. And we know we can either reverse what we did or call someone and have them fix it.

But, what happens if someone else does that to us?

What happens if someone hacks our blog?

That’s different as we don’t know what “they” did, nor do we necessarily know how to fix “it”.

Hackers will hack any ‘ole blog, because they can. No blog is exempt. Not mine, not yours, not anyone’s.

When his wife’s online jewelry site was hacked and her monthly sales dropped from $1000 to zero, John Hoff of WP Blog Host made it his mission to learn everything about hackers; how they think, how they hack and most importantly, how to secure a WordPress blog against them. With Lindsey”s site being her “baby”, and her online income helping to support their family, John vowed he would never let that happen again. Not to Lindsey. Not to him. Not to you.

John spent months studying everything he could find. As he learned, he documented his findings.

It is from the knowledge he gained and the lessons John learned, how the “WORDPRESS DEFENDER” ebook was born.

This 150 page guide is like no other. John includes hints, tips, tweaks and plugins we can use to secure out site, all written in an easy to understand language. To make things even easier, he includes 14 step-by-step bonus videos to keep those hackers at bay.

An example of the topics he covers include such things as

  1. How to easily back up all of your files
  2. WordPress upgrades and how to deal with them
  3. Picking, protecting and managing your passwords
  4. The truth about plugins
  5. The best form of FTP (File Transfer Protocol) to use
  6. Login lock downs and firewalls
  7. Writing and using a .htacess file
  8. How intruders find blogs to hack via search engines
  9. What a hack might look like
  10. Plus much more

Although this security guide and videos will set you back $39, it’s a small price to pay when we consider the alternative.

When I crashed my blogs, I lost a day getting my blog back online. When Lindsey’s blog was hacked, it took John, who knows what he’s doing, nearly a week (in his free time) just to figure out where the hack was located. From there, he recreated the site, but before it could be reactivated, he also needed to reload all of the products onto the newly rebuilt site. In the meantime, Lindsey’s page rank plummeted to zero, as did her sales.

Many of us bloggers prefer not to even think about our blog being hacked, let alone having to learn how to secure it. But as our blogs grow, and our traffic and page rank increases,  it becomes imperative we either learn to protect our investment, or hire someone to do it for us.

Like many of you, this is an area I also avoid, but with the “WORDPRESS DEFENDER” in my library, I know my blogs will soon be safe, secure and locked down.

For all the work John has done on the ebook and videos, I’ll be forever grateful.

Thank you, John.

Today’s Assignment

Have you ever crashed or had your blog hacked? If so, how did you get it back up and running?

If not, how do you think you would react?

If you’re not a WordPress blogger, how do you secure your blog?

And finally, how often are you backing up your database and/or files? (You are doing backups, right?)

Care to share?

signature for blog post.

As a final note. When John emailed this book and video series to me, I told him I’d take a look at it, but wouldn’t commit to an endorsement as I feel the best way to find what works for each of us is to be a smart, informed consumer. However, this book and video series far exceeded my expectations. In fact, when I opened it and started reading, I sent John an email which in part said,

HOLY CRAP! [excuse the language]

I was just reading/skimming your ebook. It’s phenomenal, and I haven’t even gotten to the videos.

All I can say is WOW! WOW! WOW!

P.S.S. Although the links to WordPress Defender are affiliate links, I would have no problem endorsing this book for free. For all you WordPress bloggers out there, why not buy the book, use some of the hints and tips to begin securing your blog, sign up to become an affiliate, and write a review on your site. With just a few sales, you will have earned the cost of the book back. How cool is that?

Did you hear on the news where government websites are getting hacked? It’s pretty scary, isn’t it?

But what about us bloggers? Are we in danger, too?

Some say “No. Who would want to mess with us?”

But the truth is, blogs get hacked on a regular basis.

Knowing this, I’ve asked John Hoff of WpBlogHost if he would share with us a few simple steps we can take to make our blogs a little more safe.

With this being such an important lesson, let’s not waste any more time.

Please take your seats as I turn the classroom over to John.

Welcome John.

The floor is yours.

photo of einstein for blog security post

Hello class, my name is John Hoff and I will be your substitute teacher today.

Mrs. Funster, I’ve heard about you and your bra flingin’ activities, so I’ll be watching you!

Today’s Lesson

Do you ever put something off which you know is important and you know you need to do but it goes on the back burner because you don’t know enough about it?

Perhaps you don’t think you have the time to figure it out?

Or maybe the subject simply isn’t “fun”, and who likes to do stuff that’s not “fun”?

But if you stop for a moment and think about how many long hours, days, months, and even years of blood, sweat, and tears you’ve put into making your blog what it is today, imagine the gut wrenching, blood pressure boil you’d get if one day a friend emailed you letting you know your site has downloaded an evil virus to their computer.

Geared up to see what’s going on, you fire up your computer’s Anti-Virus and firewall and nervously enter your site’s URL in the address bar and hit “enter”.

But wait. Your site isn’t there. It’s been replaced with a notice. A notice from Google telling those who come to your site that your site appears to be downloading viruses and as a result has been removed from Google’s index.

All of a sudden the world around you becomes silent and time comes to a screeching halt.

By the way, this situation really happened to a customer of mine. It was only after they were hacked that they realized the importance of protecting their blog from malicious jerks who could care less what you blog about or how badly this could hurt you.

Security Plugins For WordPress (it only takes 7 minutes)

There are lots of ways to secure your blog, some more complicated, some very easy. Most bloggers know how to upload and install plugins, so let’s look at 4 plugins that will cover both awareness and security.

1. Login Lockdown

The Login Lockdown plugin is simple to install and will protect your blog’s front door (the login page) from intruders trying to guess your password by running a brute force password discovery program.

2. WordPress Firewall

SEO Egghead released an excellent plugin called simply, WordPress Firewall Plugin. This is a powerful firewall plugin which guards your blog against such things as SQL Injection attacks. It will even email you when it detects a possible attack. Make sure to whitelist your computer’s IP address so the plugin doesn’t think you’re an intruder.

To discover your computer’s IP address, visit What Is My IP Address? And if you’re curious what kind of email the plugin will send you should it encounter a possible attack, click here to see a screen shot of several attacks it thwarted from some person in China trying to hack my blog.

3. Exploit Scanner

The WordPress Exploit Scanner by Donncha O Caoimh, you know, the guy who created the WP Super Cache plugin, will scan your files and database for possible insertions of malicious code. Part of the battle with securing your blog is also knowing when you’ve been hacked.

4. Bluetrait Event Viewer (BTEV)

Bluetrait Event Viewer (BTEV) is a plugin that monitors events that occur in your WordPress install so you can track such things as who’s logging in and out, what plugins have been deactivated/activated, what programs have been uploaded, etc. You can even lock down this plugin so people cannot deactivate it, even if they have access to your dashboard.

Today’s Assignment

Stop for a moment and think how important your blog’s security is to you. Is it worth 7 minutes of your time?

Do you think your site isn’t a target because you blog about things no one would really care about? Or do you think any and all blogs are targets?

If your blog’s security is important, what steps are you going to take today to ensure you’ve increased your protection?

Questions or concerns?

Please raise your hand and let’s talk about it.


john_hoff_avatar.jpegJohn Hoff heads up the blog services department and is the Blog Editor for WpBlogHost, a site which offers blog hosting, WordPress tutorials, and various blog related services (upgrades, security enhancements, etc.).

You can also find John on Twitter micro-blogging about topics you see in his avatar. When asked what he does for WpBlogHost, his response is typically “I stand behind our blog customers and make myself available for help when they need me.”


Related Posts with Thumbnails