Before you spend your time reading this post, I will warn you, we’re discussing a topic many bloggers prefer not to think about. I’ll leave it up to you to decide if you want to read this post, or just move on.

You see, we’re talking about making our blogs, “our babies”, safe and secure.

Continue reading, or not….

*******

I can still remember when I crashed my blogs.

I stared at the error message on the screen and got sick to my stomach.

Being new to blogging, I didn’t know what to do so I kept refreshing the page thinking it would correct itself.

It didn’t.

In all honesty, I knew it was what I had done behind the scenes that created that error. I “thought” I knew what I was doing.

I didn’t.

Today’s Lesson

It’s one thing when we mess around behind the scenes and crash our blogs. We know who to blame. We know what we did. And we know we can either reverse what we did or call someone and have them fix it.

But, what happens if someone else does that to us?

What happens if someone hacks our blog?

That’s different as we don’t know what “they” did, nor do we necessarily know how to fix “it”.

Hackers will hack any ‘ole blog, because they can. No blog is exempt. Not mine, not yours, not anyone’s.

When his wife’s online jewelry site was hacked and her monthly sales dropped from $1000 to zero, John Hoff of WP Blog Host made it his mission to learn everything about hackers; how they think, how they hack and most importantly, how to secure a WordPress blog against them. With Lindsey”s site being her “baby”, and her online income helping to support their family, John vowed he would never let that happen again. Not to Lindsey. Not to him. Not to you.

John spent months studying everything he could find. As he learned, he documented his findings.

It is from the knowledge he gained and the lessons John learned, how the “WORDPRESS DEFENDER” ebook was born.

This 150 page guide is like no other. John includes hints, tips, tweaks and plugins we can use to secure out site, all written in an easy to understand language. To make things even easier, he includes 14 step-by-step bonus videos to keep those hackers at bay.

An example of the topics he covers include such things as

1. How to easily back up all of your files
2. WordPress upgrades and how to deal with them
3. Picking, protecting and managing your passwords
4. The truth about plugins
5. The best form of FTP (File Transfer Protocol) to use
6. Login lock downs and firewalls
7. Writing and using a .htacess file
8. How intruders find blogs to hack via search engines
9. What a hack might look like
10. Plus much more

Although this security guide and videos will set you back $39, it’s a small price to pay when we consider the alternative.

When I crashed my blogs, I lost a day getting my blog back online. When Lindsey’s blog was hacked, it took John, who knows what he’s doing, nearly a week (in his free time) just to figure out where the hack was located. From there, he recreated the site, but before it could be reactivated, he also needed to reload all of the products onto the newly rebuilt site. In the meantime, Lindsey’s page rank plummeted to zero, as did her sales.

Many of us bloggers prefer not to even think about our blog being hacked, let alone having to learn how to secure it. But as our blogs grow, and our traffic and page rank increases,  it becomes imperative we either learn to protect our investment, or hire someone to do it for us.

Like many of you, this is an area I also avoid, but with the “WORDPRESS DEFENDER” in my library, I know my blogs will soon be safe, secure and locked down.

For all the work John has done on the ebook and videos, I’ll be forever grateful.

Thank you, John.

Today’s Assignment

Have you ever crashed or had your blog hacked? If so, how did you get it back up and running?

If not, how do you think you would react?

If you’re not a WordPress blogger, how do you secure your blog?

And finally, how often are you backing up your database and/or files? (You are doing backups, right?)

Care to share?

.

As a final note. When John emailed this book and video series to me, I told him I’d take a look at it, but wouldn’t commit to an endorsement as I feel the best way to find what works for each of us is to be a smart, informed consumer. However, this book and video series far exceeded my expectations. In fact, when I opened it and started reading, I sent John an email which in part said,

HOLY CRAP! [excuse the language]

I was just reading/skimming your ebook. It’s phenomenal, and I haven’t even gotten to the videos.

All I can say is WOW! WOW! WOW!

P.S.S. Although the links to WordPress Defender are affiliate links, I would have no problem endorsing this book for free. For all you WordPress bloggers out there, why not buy the book, use some of the hints and tips to begin securing your blog, sign up to become an affiliate, and write a review on your site. With just a few sales, you will have earned the cost of the book back. How cool is that?

Did you hear on the news where government websites are getting hacked? It’s pretty scary, isn’t it?

But what about us bloggers? Are we in danger, too?

Some say “No. Who would want to mess with us?”

But the truth is, blogs get hacked on a regular basis.

Knowing this, I’ve asked John Hoff of WpBlogHost if he would share with us a few simple steps we can take to make our blogs a little more safe.

With this being such an important lesson, let’s not waste any more time.

Please take your seats as I turn the classroom over to John.

Welcome John.

The floor is yours.

Hello class, my name is John Hoff and I will be your substitute teacher today.

Mrs. Funster, I’ve heard about you and your bra flingin’ activities, so I’ll be watching you!

Today’s Lesson

Do you ever put something off which you know is important and you know you need to do but it goes on the back burner because you don’t know enough about it?

Perhaps you don’t think you have the time to figure it out?

Or maybe the subject simply isn’t “fun”, and who likes to do stuff that’s not “fun”?

But if you stop for a moment and think about how many long hours, days, months, and even years of blood, sweat, and tears you’ve put into making your blog what it is today, imagine the gut wrenching, blood pressure boil you’d get if one day a friend emailed you letting you know your site has downloaded an evil virus to their computer.

Geared up to see what’s going on, you fire up your computer’s Anti-Virus and firewall and nervously enter your site’s URL in the address bar and hit “enter”.

But wait. Your site isn’t there. It’s been replaced with a notice. A notice from Google telling those who come to your site that your site appears to be downloading viruses and as a result has been removed from Google’s index.

All of a sudden the world around you becomes silent and time comes to a screeching halt.

By the way, this situation really happened to a customer of mine. It was only after they were hacked that they realized the importance of protecting their blog from malicious jerks who could care less what you blog about or how badly this could hurt you.

Security Plugins For WordPress (it only takes 7 minutes)

There are lots of ways to secure your blog, some more complicated, some very easy. Most bloggers know how to upload and install plugins, so let’s look at 4 plugins that will cover both awareness and security.

1. Login Lockdown

The Login Lockdown plugin is simple to install and will protect your blog’s front door (the login page) from intruders trying to guess your password by running a brute force password discovery program.

2. WordPress Firewall

SEO Egghead released an excellent plugin called simply, WordPress Firewall Plugin. This is a powerful firewall plugin which guards your blog against such things as SQL Injection attacks. It will even email you when it detects a possible attack. Make sure to whitelist your computer’s IP address so the plugin doesn’t think you’re an intruder.

To discover your computer’s IP address, visit What Is My IP Address? And if you’re curious what kind of email the plugin will send you should it encounter a possible attack, click here to see a screen shot of several attacks it thwarted from some person in China trying to hack my blog.

3. Exploit Scanner

The WordPress Exploit Scanner by Donncha O Caoimh, you know, the guy who created the WP Super Cache plugin, will scan your files and database for possible insertions of malicious code. Part of the battle with securing your blog is also knowing when you’ve been hacked.

4. Bluetrait Event Viewer (BTEV)

Bluetrait Event Viewer (BTEV) is a plugin that monitors events that occur in your WordPress install so you can track such things as who’s logging in and out, what plugins have been deactivated/activated, what programs have been uploaded, etc. You can even lock down this plugin so people cannot deactivate it, even if they have access to your dashboard.

Today’s Assignment

Stop for a moment and think how important your blog’s security is to you. Is it worth 7 minutes of your time?

Do you think your site isn’t a target because you blog about things no one would really care about? Or do you think any and all blogs are targets?

If your blog’s security is important, what steps are you going to take today to ensure you’ve increased your protection?

Questions or concerns?

Please raise your hand and let’s talk about it.

You can also find John on Twitter micro-blogging about topics you see in his avatar. When asked what he does for WpBlogHost, his response is typically “I stand behind our blog customers and make myself available for help when they need me.”

In the past I’ve opened my blog to blogging questions and have had great success with it.

Today, I’m doing the same, but this time I have two other bloggers joining me to help get your questions answered.

We have Tracy of I Hate My Message Board blog and guru/hostess from the newly opened “The TnT Bloggers Lounge” (forum) to answer any questions you may have regarding forums, how they work, how to join, the advantages of participating, etc.

Also joining us is John Hoff of WP Blog Host. He’s our resident guru on blog security, tutorials, web hosting, domain names, SEO (search engine optimization) and much more.

With this being open mic, there’s no need to stay on topic. Just jump in, ask a question, reply to another blogger’s comment or question, share your thoughts on blogging and/or any difficulties you may face or just leave a comment to say, “Hello”.

Keep in mind, Tracy, John and I all have responsibilities outside of our blogs, so if your question(s) doesn’t get answered right away, please be patient.

All comments and/or questions will be addressed.

Have Fun!

Keep it Clean!

And don’t forget to check the “subscribe to comments on this post” box so you can follow along.

.

P.S. I just installed a threaded comment plugin. I’m hoping this will make replying directly to others easier. Under each comment you’ll see “reply”. If you want to reply to just that comment, just click on “reply”. If you want to add a new question or comment, just scroll to the bottom of the page and leave a comment like you normally would. If this plugin creates problems, let me know.

If you blog, and have a donate button or a “tip jar”, chances are you are using PayPal as the “collection service”.

Today’s Lesson

I have been receiving emails from what looks to be PayPal.

Some say I need to update my account. Others say, if I don’t “take action”, my account will be terminated.

A link if provided to what looks like could be PayPal.

Because I am aware of phishing, I avoid clicking on the link, and logged into my PayPal account. My account was intact and no update or action was needed on my part.

I delete the emails.

Today, I received a similar email. I again believed to be a phishing email.

I logged into my PayPal account and found an area on PayPal’s site, where a person can “report” possible phishing emails.

It’s really quite easy. All you do is forward the email to: spoof@paypal.com and PayPal will check into it. They advise you to then delete the email.

Shortly thereafter, spoof@paypa.ciom, sent me a response, via email, stating that it was, in fact, a phishing email and their security team is working to disable it.

Phishing emails are an attempt of others who are trying to steal your identity. These “people” hope you will give them personal data, passwords, or other information that could help them to not only steal your identity, but to gain access to your financial records.

Ian, a cyberspace friend, and owner of Multi Solutions, Ltd, , wrote a great post on phishing, titled: Small Business IT Threats – Phishing Fraud Investigated and how one of his colleagues “took the bait”. It’s a great read with an interesting twist, at the end.

Today’s Assignment

Do you ever get emails from PayPal or Amazon, that you think may be legitimate, but aren’t sure?

What do you do?

Click on the link provided?