Securing Your Blog
Posted by Mitch Mitchell on Jan 26, 2011
All of us have heard these tales of someone finding out that their email or website or blog or whatever has been hacked into by some nefarious rogue (you know, sometimes my language is just so strange!), taken over, and that’s that. Sure, you can recover, but it can be a hassle and a mess.
This idea of security can be taken to extremes. Many folks I talk to seem to worry more about spam than they do about security. Y’all know how I am in making things easy for people to read what I have to say and comment without anything blocking your way, and I expect to continue doing that, even though by the time you read this I might have added the GASP Anti-Spambot plugin.
Anyway, security is a different thing. For the most part there are two things you can do for your WordPress blog to help protect yourself. One I wrote about just over a year ago and it had a lot of comments and reads, but I think I need to bring it back to the forefront again. I wrote about a WordPress plugin called Limit Login Attempts, which will automatically block anyone who tries to get into your account after so many attempts. You can change the settings any way you want to, but it’s a great deterrent towards those who might be trying to guess your password over and over.
This came to fruition last Monday when I received an email telling me that someone had been blocked from trying to get into my site. It had to be a bot, I expect. It tried 4 separate times, each 20 minutes apart, which is how I have my settings. After those times, it then blocks the IP address from trying to login for another 24 hours. It gave me the IP address and the name of the person or bot that tried to get in as well.
No, I didn’t follow it back to see what it came from. My thinking was that it could be a malware site as well; why take that chance? But it proved to me that it worked, and worked well. That was probably one of the smartest moves I’ve ever made.
The other way to protect yourself is to make sure you have a long or complicated password. User names are also recommended by some to be long and complicated, but my brain just can’t handle too many complications. And truthfully, you don’t even have to go for too complicated; long works just as well. Making one or two letters capitalized does wonder. Throwing a number somewhere in there works also. With a WordPress blog, it will tell you when you’re creating a password whether it’s strong or not as you go along. I’m betting some people ignore that, but it’s a smart thing to do.
That’s it from me for the day; protect yourselves y’all!