This is a new weekly post where I’ll be sharing interesting posts that I’ve found throughout the week. Today, I’ll start with a brief recap on the recent attack on WordPress sites including a link to an article that I believe covers the situation thoroughly with some steps that you can take immediately. Whether you’re a newbie blogger or a seasoned veteran, you should either be able to either learn something new or share your experience and personal recommendations with the rest of us.
How to Protect Your WordPress Website from Security Attacks
Here’s just a quick recap of some of the very basic things that you should be doing to protect your WordPress blog/website. Hopefully, you’re already doing these things.
- Delete the default “admin” username. How? 1) Create a new user with administrator rights. 2) Logon as that user and delete admin. 3) When you’re prompted to transfer all of the posts created under the admin username, select your new account. 4) Backup your database.
- Create a secure password. It needs to be a minimum of 8 characters long, including characters and numbers, at least one capital letter and at least one special character. Possibly the best solution is to use a password service such as: LastPass or RoboForm.
- Limit the number of logon attempts per host in a specified time period. (If you’re not using a more robust security plugin, at the very least, install the Login Lockdown plugin. Yes, it’s an old plugin and it hasn’t been updated recently but it still performs well as is.)
- Set up file change detection to notify you if there are changes to your WP installation. (Plugins like Better WP Security enable you to do this and you can exclude notifications when directories like cache are modified.)
- There are several popular WordPress security plugins that you can install to protect your site. Three of the most popular are: Better WP Security, WordFence Security and BulletProof Security. (Feel free to share your favorite WordPress security plugin/program in the comment section.)
For a more in-depth article, I recommend reading Ongoing WordPress Security Attacks, The Details and Solutions.
How to Contact Some of the Major Social Network Sites
If you have had an issue trying to contact the support team for any of the major social networking sites like Twitter, Facebook and Google+, I’m sure you would have appreciated having access to this great article by Kristi Hines: How to Contact Facebook, LinkedIn, Twitter, and Other Social Networks. This is definitely a link that I’ve bookmarked.
How To Optimize and Promote your Blog Posts
Recently, I wrote a post titled Tips for Bloggers | Before You Press that Publish Button where I shared tips on some simple SEO (Search Engine Optimization) and how to optimize your images and graphics for the search engines. To expand on the information in my article, I recommend reading How I promote my new blog posts by Mike Alton where he shares the 21 steps that he takes after he posts an article to his blog.
I hope you find these resources helpful and I hope you like the idea of my writing this series of posts which I intend to schedule on Fridays. As always, please feel free to share your thoughts, ideas and recommendations below.
I did wonder what was happening when my inbox was full of attempted login alerts. Luckily I have a complicated username and password but when these attacks happen I change the password just to be sure.
Thanks Sherryl for sharing the article about contacting the social media networks.
Susan Oakes recently posted..Think Strategically To Enjoy Additional Sales
I’ve been getting a lot of notifications of attempted logons too. I’m glad that you enjoyed Kristi’s list. That was a find. It can be very difficult to find that info especially when you’re reacting to something that has just occurred.
One of the drawbacks to using WordPress is it attracts a lot of hackers because it’s so popular. Seems like there is always some kind of exploit or hack going around. They do serve as a reminder to keep your guard up and use additional security measures.
If we didn’t have to deal with spam and all these security issues we would probably get more things done. I know I would.
I have tried Better WP Security and WordFence. They are kind of a toss up for me. I looked into BulletProof a while back, but haven’t spent much time with it.
Ray recently posted..How Often Should You Post and What Length
Hi Ray,
I so hear you about getting more done if we didn’t have to deal with spam and security issues. I hate it when I have my entire day planned out and then hours later, I still haven’t crossed anything off my to-do list because I’ve been “putting out fires” all day. Such is the world of an IT (Information Technology) worker and unless we are outsourcing that part of our business, that’s a hat that we all have to wear.
Thanks for taking the time to join the conversation.
Sherryl Perry recently posted..Tracking Changes to Your Website Blog and Social Media Strategy
Really these attacks shakes the WordPress blogosphere! People started installing security plugins in order to save their blogs! And good post you came by for optimizing the posts 🙂
Dhaval recently posted..Super Effective Methods for Sweet Alexa Rank
Hi Dhaval,
People are starting to pay attention to all the buzz about the attacks. I still see bloggers blogging under the admin user and I know they’re simply unaware of the risks. Thanks for letting me know that you enjoyed Mike’s post. It’s always good to take a look at another blogger’s approach.
Sherryl Perry recently posted..How to Use Facebook Fan Gate to Get New Likes
Choose a different database prefix. The majority of attacks directed at WordPress are what are known as SQL injections. MySQL is regularly updated to close the security holes that allow SQL injections against it, but hosting companies rarely if ever keep their software up-to-date, opting for stability over security. That is my way)
Evan,
Changing the SQL database prefix is good protection. The WP Better Security plugin will do that for you. A word of caution though is that I ran into an issue when I did this on my site. I ended up with two sets of tables in my database and then had to manually delete the ones that started with “wp”. (WP Better Security did mention that it was safest to run that function on a new install rather than an existing site.)
Another good tip that I did not mention here is to install WP into a directory rather than the root. Again, that’s best done on new WP installs. As always, thanks for adding your insight. It’s great when my blog readers can learn even more in the comment section.
Agree with Leora that this kind of weekly posts is a good idea.
Learnt from you a long time ago to get rid of the admin username and that has most likely saved me from trouble:-)
Wordfence has been great too. Last week someone had modified some files on my blog, Wordfence alerted me and I deleted the changes. It’s a great plugin. Once, as you may remember something strange happened because of them but it was swiftly sorted out.
Keep on sharing”
Catarina Alexon recently posted..Inventories can be managed – people should be led
Thanks Catarina. If I’m smart, I’ll work on this post during the week as I find articles that really stand out. This idea came to me late Thursday night (partly because I hadn’t blogged this week) and I wrote this Friday. So, I posted it a little later in the day than I had hoped.
That’s pretty scary that someone modified your files. I hope you changed your password(s) for WP and cPanel. (I’m assuming your cPanel, FTP and SQL passwords are all the same.)
Great idea, Sherryl. I started doing a similar post about two months ago … it’s still in draft form. I wasn’t even planning as much explanation as you have in this post.
Glad you are educating us!
Leora Wenger recently posted..Guide for Restaurant Owners: Restaurant Website Essentials
I wasn’t planning on going into a lot of detail either Leora. It’s just that once I start writing, I don’t know when to stop. 🙂
Sherryl Perry recently posted..Friday Finds for Weekend Reading – Week 1
Promoting our blog posts is really crucial. Our success is also depends on how well we our posts are promoted. Especially if a post is a guest blog on another website.. Of course, we also want our readers to discover our recent guest post so promoting it within our network to drive more traffic to that post.
Sef Cruz recently posted..Essential Blogging Tips to Increase Your Page views
That’s a good point Sef. I’ve always asked anyone who has wanted to guest blog here if they’re willing to answer the comments that are left for them and if they are willing to promote their content too. So far, only a few bloggers have been slack in this area and they won’t be asked back. There are a couple of guest bloggers here who are still replying to comments on posts that they authored years ago. Now, that’s dedication! I believe they have their Google Author set up also and then they have their bio in the author box on my blog. It can be a win-win for both of us. Thanks for joining the conversation!
Sherryl Perry recently posted..Tracking Your Blog Post SEO Meta Tag Data
Hi Judy, Thanks so much for letting me know that you especially enjoyed the tips on protecting your site. I’ve been reading a lot about it. So, I served it up 2 ways – the bullet points and the link to a resource. I’ve mentioned many times about the admin user and yet I still see people who blog as admin. They really need to heed the warning and ditch that user name.
My site was pretty secure but in light of the attacks we beefed it up even more. We identified where there were failed attempt at intrusion and were able to lock it down even more.
That is great to know regarding how to contact SM Sites if there is a problem.
I do love your tips and suggestions and truly take them to heart. I believe, because of you and all that you share I’ve been able to grow. I’m still learning so keep it coming. 🙂
Hi Susan,
I think this news about the attacks has made everyone a little more diligent about checking to make sure their plugins and themes are up to date and that they have taken proper measures. Something that you don’t read about often is that having old plugins installed can put you at risk too – even if they’re deactivated. That’s still vulnerable software sitting there waiting to be exploited.
Thanks fo letting me know that you enjoy my tips and suggestions. I’m always finding new content to share. So, I think it makes sense to start a series like this that I’ll run on Fridays. Hopefully, next week, I’ll post it in the morning though. 🙂