How To Secure Your Blog

Nothing is more frustrating than waking up one day and realizing that your blog has been successfully defaced. That’s if you get lucky. In most cases, hackers go after blogs and add malicious code to them that is hard to find and get rid of. Sometimes, they may even lock you out of your own blog. Make no mistake about it. There is no hack-proof blog out there. Some security holes we all know about. Some nobody knows about until they are exploited. Your goal as a blogger should be to make the process as hard as possible for hackers. Having your data backed-up can give you the cover you need just in case someone gets through your blog’s security defenses. But it is not the only thing you need to do to secure your blog.

As a blogger, your focus should be on creating the best content possible for your readers. But there are a lot of us that get too attached to our work and forget about other issues that we need to take care of to keep our blogs going. Blog security should be at the top of every blogger’s agenda. Your blog’s admin pages are like a closed gate of a tower. If someone finds a crack in there somewhere, you are in deep trouble. Of course, if you let someone kick at your door long enough, the door might open (brute force attack). If you happen to run your blog on WordPress, there are plenty of plugins you can download to strengthen your blog’s security. Even if you are using other platforms, there are still simple steps you can take to protect your blog:

• Hide sensitive information: hiding the information that hackers can use to get through your defenses easier is smart. You should take time to hide plugin information as well as anything else that you do not need to show to the world (but can be a security threat). Encrypting your database information is a must too (use a public/private key if you must).
• Use secure passwords: it’s so tempting to use the same password you use for everything to manage your blog. That’s a huge security risk. If your password is cracked, you are in deep trouble. It’s even worse if you have used the same password on multiple blogs. I personally write my passwords on a piece of paper and also store them on an offline hard-drive. That’s actually not smart if you don’t encrypt your passwords, which is what I do with mine (both the paper and digital versions). So even if someone finds my pocket-book, they are not going to be able to find my password that easily.
• Limit login attempts: brute force attacks are not the best way to crack a blog, but it does not matter if they produce results for hackers. You should make sure people can not play with your admin pages by keep trying all kinds of passwords to get through. Just ban those people who don’t seem to get it right after the first few tries.
• Look out for mySQL injections: these can be nasty if you fall victim to them. Make sure you look out for those nasty parameters and use third-party scripts to catch them.
• Lock your admin files (IP): tie your mission critical files to your own IP. It can be easily done by modifying your .htaccess file (Matt Cutts has some good tips on it).
• Keep an eye out on your comments: hackers may use your comments to hurt your blog. So do not approve every little comment that you see on your blog. It’s just not smart.
• Monitor your members: the best way to bring down a castle is by having someone inside (behind the walls). That fact still has not changed. If you allow people to sign up for accounts on your blog, you need to keep an eye on them. I personally do not allow registrations on my blog,  just to be on the safe side.

How do you keep your blog secure?