Inkygirl is BACK…and some security tips for other bloggers
As some of you may already know, some of my sites were hacked on the weekend. If you notice some missing images and features from this site, that’s why — I still haven’t finished the finetuning after major damage control had been done.
Many thanks to those who e-mailed, tweeted and sent me Facebook messages about the problem, and to Cid of Cidwrites.com and others for their advice. Biggest thanks to my technonerdboy hubby, Jeff Ridpath, who spent pretty much the whole weekend helping me get things back to normal.
For anyone else out there who uses WordPress as their blogging platform, be aware that what happened to me could very easily happen to you. You might think you don’t have to worry because you just have a small site or figure that you don’t have any valuable info on your site anyway but trust me…it’s worth taking a few precautions to avoid going through the hassle of having to scrub your site clean and have to reinstall everything.
And if you get flagged by Google as a malware site, then you have the added embarrassment of the warning that comes up whenever someone tries to access your site. Even after you scrub your site, then you have to fill out an application to get Google to review your site.
Here are some things I learned from the experience that you may find useful:
– Make sure your passwords are strong. Read Protect Your Blog With A Solid Password. Don’t use any words that can be found in the dictionary. Other BAD passwords: names spelled backwards, phone numbers, birthdays, qwerty, asdf, yourname1, default, letmein, password1, your car license, middle names. Don’t use the same password for multiple sites.
– Keep your versions of WordPress updated. As Alex King says, “Upgrade immediately. Always. No exceptions.”
– Keep your versions of plugins updated. Remove any plugins you aren’t using. Some older versions of plugins have security holes that hackers can use.
– Don’t use the default admin account (called “admin”) that comes with every WordPress installation. Create another admin account with a different name and then delete the “admin” account.
– Take regular backups of your file directories as well as your database. One security tips post I found recommended WordPress Database Backup.
– Be wary of letting an application have write access to your files.Keep your file permissions as restrictive as possible.
– Limit your use of plugins. I try to do this anyway, because I was finding that having too many plugins really slowed down page loading on my site.
– Turn off any features you don’t use.
And yes, I’m on the lookout for another blogging platform. If anyone has any suggestions, feel free to post below!
Anyway, here are some useful resources I found while researching WordPress and security issues:
Top 5 WordPress Security Tips You Most Likely Don’t Follow
WordPress Security Tips and Hacks
20+ Powerful Security Plugins and Some Tips & Tricks
WordPress Security, Upgrades and Backups
WordPress Security Issues Lead To Mass Hacking. Is Your Blog Next?
How To Diagnose and Remove the WordPress Pharma Hack
Protect your Admin folder in WordPress by limiting access in .htaccess
Any other tips or suggestions? Feel free to share them below.