After working hard…really getting this blogging thing down pretty good, wouldn’t it be a shame for a hacker or malicious software to ruin it all?
There are no two ways about it. Blogging…REAL blogging, not hit and run hot niche exploiting…takes dedication and work. Assuming your blog is on a topic you are passionate about (the best case), you already have a good deal of knowledge to share with your visitors and can start writing Consistent Compelling (Quality) Content right off the bat. Even so, just writing posts…LOTS of posts…is time consuming.
When the topic is one you are greatly interested in, but only somewhat familiar with the details, the time required goes up by the amount of
research you must do in order to provide your readers with quality content, not just the Wikipedia version. Whoo-hoo! Blogging might cost just a little bit of money, but its a pretty good investment of your time.
You don’t want to lose all that effort, all that time, all that heart and soul, to a technical issue, especially an avoidable one. In this article I’ll give you 4 tips to secure your website and its content.
Two tips to secure your hosted WordPress site:
WordPress is an excellent CMS (Content Management System) and blogging platform. In my opinion (and yes, I AM biased) WordPress is THE premier blogging platform. With that said, there are two ways that a hacker can use to help access your site that are easily blocked.
Keep WordPress up to date.
WordPress is a constantly evolving platform that is updated periodically. As most of these upgrades involve plugging potential security holes, and for that reason it is important to keep your WordPress installation updated. *See note at bottom regarding updating
Not too long ago, you could look in the lower corner of the WordPress dashboard (or any of the WordPress backend pages) and see what version of WordPress you are running. It can be easy to lose track of what WordPress version your blog is running, and it’s being at the bottom of the page was a big help. Unfortunately, WordPress no longer puts the current version at the bottom of each backend page. As a matter of fact, word press no longer puts what version you are currently running anywhere that can be found outside of digging through code.
There is a way to see what version of WordPress.you are running, however.. Simply open a new tab in your browser, and type in http://yourdomain.com/readme.html . You will be taken to a page with the version number at the top underneath the word “WordPress”, like this:
Don’t give a hacker an easy gateway via your install.php file
Next, go to http://yoursite.com/wp-admin/install.php. If the page you then see says “Already Installed” it means your installer file still exists…a gateway for hackers. If you see the following, your install.php file is still available to a hacker:
Removing the file has an upside and a downside.
The upside is you close an exploitable gateway to your site. Very good.
The downside is you have also removed your ability to install anything, like plugins. Plugins would then have to be installed manually, which is no big deal…just download to your desktop, unpack the zip, and upload to your plugin folder via FTP, like FileZilla.
*While I advise keeping your WordPress version close to up to date, there is one caveat. WordPress is an open source platform, meaning there is no WordPress Corp with developers on salary. It is a loose consortium of developers worldwide. While there IS an organizational structure, there is not a QC department per se. Sometimes the updates are released a little…shall we say…before they are ready for prime time. For this reason I usually stay ONE update behind unless I have a specific reason to do otherwise.