Blogging: how to ensure your site security
As some of you might noticed, last Friday / Saturday my site was down. Someone broke into admin area of my site and stole the data. I was devastated… Well, we all are learning from mistakes and it’s definitely better to learn from someone else’s. So, my lovely readers, if you have your own site or blog have a good read of this post and share it with others in order to avoid unnecessary stress.
Below are few things I learnt over night about blog security which you should know too.
There are 3 ways of breaking into your site:
Via admin area of your ISP (web host). There can be holes in your web hosting protection system which hackers can use to get into your site back end. Also there is special software a culprit can use to break your password. Another way to attack your back end sql and xss injections (not sure what are they but sounds scary and can happen to anyone! If you want to know more just Google it)
Via Worpress / Joomla admin area. Existing holes in your code may allow hackers to get directly into your site without breaking the password or otherwise a software can be used to break the password to get in.
Via link in-built in your site template. When getting a template for your site, choose carefully. Check forums, references re: template developer and performance of the template itself. Some of the templates can have bugs or in-built links allowing the template developer to get into your site without you even noticing that, they can create additional users, alter / steal your data, send spam on your behalf, etc.
How to prevent unauthorised entries to your site:
1) Generate complex 3 level passwords i.e. combination of letters, numbers and signs.
2) Do not store any of your passwords online.
3) Change your passwords every 3 months
4) Before getting someone involved with your site, i.e. web developer, etc – check their references and work done for others. You want to have your site built by someone you trust entirely. Why? Because if a web developer dishonest or has sinister intentions (i.e. use your site for spamming) they may leave holes in your site’s code or add special code allowing them to enter your site without your permission.
5) Update your anti-spam software regularly. Hackers can inject potentially harmful code into your site via comments!
6) Hire someone to PEN test the site to identify any potentially harmful in-built code.
7) If you have suspicions that someone trying to get into your site via web host admin area. Alert your web host and get them to configure modsecurity for you. It will weed out sql and xss injection attacks.
8) To keep your WordPress site safe the following security plugins can be recommended: Secure WordPress, WP Security Scan, AskApache Password protect, TAC (Theme Authencity Checker), CloudFlare. NO need to go plugin crazy and install all of them at once, but it definitely worth to add a couple of those as extra layers of protection.
So dear readers and fellow bloggers, considering what is at risk and how easy it is to take precautions, the measures outlined above on preventing unauthorised entries to your site are well worth a look. Have a read and decide which is the most suitable for you. I’m sure you want your site to be yours and yours only. So take a few easy steps to avoid the risk of losing even the tiniest bit of your priceless work.
P.S. If you guys are still curious about my recent sad experience, here is the story. Some guy from Gold Coast was recommended to us as a web developer. We employed him to sort out a few minor tasks on our sites. It quickly became apparent that he was seriously lacking professionalism and his engagement was brought to an end. 3 months later, out of blue, an email was received stating that the invoice for $80 was overdue. Coincidently, that was at the time when I was moving houses and the RAFW was on. I replied that will look at his invoice shortly. Nonetheless, 2 days after I received that weird email, the culprit broke into my site’s admin area (as all passwords were changed when his engagement was finalised) then he changed my passwords and stole all of CrashingRed’s data. Finally, I figured out who was responsible for that, immediately reported this matter to police and also got my friend, a litigation lawyer, to give the sinister ‘web developer’ a call. The site was up and running within an hour. However, I will never recover damages from the stress I experienced over the night my site disappeared. Not to mention the time lost investigating and taking action to get the culprit to restore the site. My site is now protected from every side and I recommend you guys do the same for yours :)
Follow
Comments 20
Thank you for taking time to leave a comment! However, the comments section has been playing up recently. It's only working if you leave your name & email. Thanks for understanding, Maria xx
What a pig! So glad you got everything back. :)
OMG! How horrible – you poor thing that is so sad that people would go to these measures. So glad you got it sorted. It is such a scary world, unbelievable what people will do.
Thanks so much for a excellent post!
Wow, so sorry to hear about this experience you had to go through. Thank you for sharing!
Ohhhh hun that’s terrible!!! Thanks for the tips – I’m off to install a security plugin now. Glad it’s all sorted.
So sorry to hear- what a creep. Glad to hear its all back to normal again and you are now sfae & protected. Am cryptifing my passwords now……Thanks for sharing :)
sorry such a nightmare happened to you!
thanks for the tips <3
That is awful! I’m so glad you managed to rescue CR and save yourself from having to restart and further devastation. Nowadays the internet is beyond crazy, I mean a hacker would hack a talking dog’s YT channel “just to prove it can be done”. Wait, let me rephrase, more like people are too bored with their lives these days.
Big hugs, hope you keep strong and nothing happens again!
xoxxx
good tips :)
http://www.mywildmess.com/
thanks for sharing! good tips :)
http://www.mywildmess.com/
Omg, thanks for sharing!!
That’s so incredible that there are people doing those things. Thank you so much for sharing! Keep strong!
Christine
http://district5-fashion.blogspot.com/
Sorry about your experience and d thank you so much for sharing – it helps other blogger to be careful!
You have a great blog and I wondering if you want to follow each other
My Lyfe ; My Story
So sorry that happened to you. Thanks for sharing your experience and for a very informative post.
Ahh what a loser! I’ve been looking into some form of protection as well so i’m gonna take your advice and look at those recommendations!
I’m glad to hear its all been sorted but experiences like that, although can be helpfully in finding issues that need fixing, always suck.
Jen
http://www.jenearacosplay.com
Hi Doll,
Amazing information and oh so helpful for us bloggers. Thanks for such helpful info. (scary)
ps. I been thinking about twitter since you recommended to me but still unsure will let you know for sure if I do.. :)
XoXo
http://fashionmakeuplifestyle.blogspot.com/
Crap, that sounds horrible! I’m glad you were able to sort it out in the end but I can imagine how traumatising it would have been.
I’m a little worried now as I’m getting someone who I don’t know personally to help me migrate my Intense Debate comments.
Oh my god that would have to be my worst nightmare! Thank you for raising awareness, so many bloggers probably don’t think about this kind of thing but it would be so devastating to have something you have worked so hard on disappear like that.
Oh my gosh! this sounds awful. Thanks for the tips! I will definitely be using them.. It is so awful when things like this happen, and so frustrating.. WHY do people do that with their time?? I am sorry that it happened to you, but glad it is over with and you are more prepared now. I am doing a giveaway on my blog if you want to enter :)
http://iflyastarship.blogspot.com/
thank you so much for sharing!!
love
caramellitsa
Thank you all for support! Glad you found these tips on how to ensure your site security useful.