Is Your WordPress Blog Safe? Here Is How To Bullet Proof It
Yes, this post is about how to protect your blog from hackers and other evil out there.
It might sound technical and a boring read but, I promise to give you a light read and real advice that you, the non-programmer individual, can actually follow and implement.
Why did I choose this topic you ask, if I think it’s tedious… well, I had SocialMouthy hacked a while back and more recently had a couple of friends go through similar experiences. It’s no fun. In my case, my site went completely blank, the database was disconnected and a few other nasty things that made it very hard to fix.
The funny thing is that it wasn’t even my fault, it was that famous Network Solutions hack attack a few months ago. Even tough NetSol got the site back up fairly quickly, the site kept crashing. The worst part was not fixing the issues, they finally did, the worst part was that my site was labeled as vulnerable. The site was now considered target of more attacks and it could cause harm to others as well.
When this happens they put a warning on the site, when somebody follows a link to your site or actually type the URL, they first get a nice and very discrete (I’m being sarcastic by the way… just in case) red screen to advice your visitor they’re entering hell.
I know what you’re thinking, nothing like a full-screen red warning with a button that reads “Get me out of here!” to welcome your visitors and start building some trust in your market. Removing this page took about a week by the way. Good times.
But there are things you can do to avoid having your blog hacked, abducted by aliens or just in case of any other issues. To your surprise, these things are doable by anybody that is familiar with how WordPress and plugins work on the surface. Don’t think I’m about to drop a ton of technical jargon here. Let’s go through this list of things you can do to protect your blog:
A no brainer, right? Well, I’ve seen passwords out there my 8 year-old could crack in a few minutes. I’m talking really strong, even if it’s something you will not be able to remember for a while.
Change your password to something that looks like this: Hy%&?83aNP$#g(
Best way to be safe is by preventing. If something happens to your blog and you don’t have any backups, that could pretty much be the end of it and you’ll end up relying on your hosting service, which is most likely not to be running any backups for you. I had a client that was *lucky* enough to have the hosting company recover his for a fee of $120. I don’t wanna say the name of the company but it starts with a “G” and ends with a “Y”.
First thing you need to know is that there are 2 different types of files you need to back up when we’re talking about WordPress:
- Blog Files: These are the files that contain all the WordPress code, plugins, themes, etc.
- Database: Is all your content, in other words, posts and pages are stored in a database every time you publish something
Both important as you can see and both very different, in terms of backing them up I mean. Let’s look at how we can conduct easy backups for both types of files:
Doing a backup for your blog files is like moving documents from one directory to another.
There is only one tool you need to do this manually, an FTP Client. I use Transmit from Panic which is about $35 but there are plenty of free ones out there for both Mac and PC. If you have a blog, you should have a FTP Client in place in order to connect to your server.
Then it’s just a matter of grabbing the files you need and copy them into your hard drive, external drive or even better, send a copy to the cloud. One little trick I like to do to store these files outside my computer is to save a copy on a Dropbox account and as you can see in the following image, I grab the files from my server right into the Dropbox folder on my computer. Now I can access those files from my laptop, my desktop, my iPhone or online.
This obviously can be done with any other web service that allows you to store files like Google Docs, which I also use.
If you want to “burn a DVD” you can do that too, just don’t tell anybody… save the embarrassment.
One of the things you need to consider is how much these files change to determine how often you should back them up. Maybe once a week or once a month. Now you’ll see why backing up your database more often will be smart.
Monitoring Your Files
Since you are not backing up these files on a daily basis, it could be a good idea to at least have an eye open in case anything weird happens. Have you seen how banks sometimes give you alerts for any unusual behavior in your account? or directly freeze your account until you call in? That’s what the plugin WordPress File Monitor does.
This plugin performs scheduled scans of all your blog files to see if it detects any changes, if it does it alerts you via email. It’s also very easy to configure.
You can also run a manual scan at any time.
Now the database is more critical for a couple of reasons:
- You probably don’t know anything about how to manage or troubleshoot a mySQL database… don’t worry, me neither. And hope I never will.
- The content of your blog is most likely to change more frequently than theme files, right? Unless you post new content every 3 months…
Automatic Backups with Plugins
Fortunately in this case you can easily set up a system that runs these backups on a regular basis without you having to do anything. There are a few WordPress Plugins that can perform a remote backup of your entire database.
The one I’ve been using for a while is called Remote Database Backup, it’s very easy to configure and it gives you very few options to worry about. You can manually run a backup at any moment and drop it in your hard drive or you can schedule hourly, daily or weekly backups to be delivered via email as you can see in the following image.
Set it up and forget about it! Even better, if you have an additional email account to manage your subscriptions and other services, have your backups go to that address, you don’t need to be looking at this stuff every day.
Automatic Backups to Dropbox
Shiny! This is a fairly new plugin that you can also install via your WordPress admin panel and will run scheduled backups. The difference here is that this puppy sends your backups directly to your Dropbox account. This is my recomendation because you not only can forget about it but your data is now on the cloud in a private account.
In this case you have to connect WordPress with your Dropbox account as part of the configuration, which is only 2 clicks (not that I always count clicks… sometimes I don’t).
Step 1: Install the Plugin WordPress Backup to Dropbox and activate
Step 2: Click “Authorize” to be redirected to your Dropbox account
Step 3: Allow. That’s it
After that is a matter of configuring the location and the frequency to store your backups.
It’s a walk in the park.
But there is one more thing…
Now, if you’re thinking that this doesn’t look like a free service, you are absolutely right. The Basic service starts at $15/month per site while other more robust packages can go all the way to $350/month on large scale installations.
Do you need something like this? It really depends, I always say that just because the Internet is full of free shit it doesn’t mean is the right solution. We entrepreneurs sometimes make the mistake to go with free stuff because of our “guerilla spirit” but, what if I told you that you need to invest $40/month to protect your online business that generates a good chunk of your income? or what if your blog is the hottest piece of marketing your business owns out there?
VaultPress might just be something to consider. Nothing to do here, get it and sleep like a baby every night.
So the point for this post was to provide you with some solutions at different levels, something in plain English that you can do yourself to protect your site. Don’t think it’s not gonna happen to you because your blog is not super popular, it happened to SocialMouths and it happened to a few people I know with smaller sites.
WordPress is the biggest self-publishing platform in the planet. It is also open source software. This is why it’s also very popular with hackers.
Get your protection in place.