Blogging: how to ensure your site security

Marusya V, blogging, Sydney fashion blogger, fashion blog Sydney, crashingred, Australia

As some of you might noticed, last Friday / Saturday my site was down. Someone broke into admin area of my site and stole the data. I was devastated… Well, we all are learning from mistakes and it’s definitely better to learn from someone else’s. So, my lovely readers, if you have your own site or blog have a good read of this post and share it with others in order to avoid unnecessary stress.

Below are few things I learnt over night about blog security which you should know too.

There are 3 ways of breaking into your site:

Via admin area of your ISP (web host). There can be holes in your web hosting protection system which hackers can use to get into your site back end. Also there is special software a culprit can use to break your password. Another way to attack your back end sql and xss injections (not sure what are they but sounds scary and can happen to anyone! If you want to know more just Google it)

Via Worpress  / Joomla admin area. Existing holes in your code may allow hackers to get directly into your site without breaking the password or otherwise a software can be used to break the password to get in.

Via link in-built in your site template. When getting a template for your site, choose carefully. Check forums, references re: template developer and performance of the template itself. Some of the templates can have bugs or in-built links allowing the template developer to get into your site without you even noticing that, they can create additional users, alter / steal your data, send spam on your behalf, etc.

How to prevent unauthorised entries to your site:

1)      Generate complex 3 level passwords i.e. combination of letters, numbers and signs.

2)      Do not store any of your passwords online.

3)      Change your passwords every 3 months

4)      Before getting someone involved with your site, i.e. web developer, etc – check their references and work done for others. You want to have your site built by someone you trust entirely. Why? Because if a web developer dishonest or has sinister intentions (i.e. use your site for spamming) they may leave holes in your site’s code or add special code allowing them to enter your site without your permission.

5)      Update your anti-spam software regularly. Hackers can inject potentially harmful code into your site via comments!

6)      Hire someone to PEN test the site to identify any potentially harmful in-built code.

7)      If you have suspicions that someone trying to get into your site via web host admin area. Alert your web host and get them to configure modsecurity for you. It will weed out sql and xss injection attacks.

8)      To keep your WordPress site safe the following security plugins can be recommended: Secure WordPress,  WP Security Scan, AskApache Password protect, TAC (Theme Authencity Checker), CloudFlare. NO need to go plugin crazy and install all of them at once, but it definitely worth to add a couple of those as extra layers of protection.

So dear readers and fellow bloggers, considering what is at risk and how easy it is to take precautions, the measures outlined above on preventing unauthorised entries to your site are well worth a look. Have a read and decide which is the most suitable for you. I’m sure you want your site to be yours and yours only. So take a few easy steps to avoid the risk of losing even the tiniest bit of your priceless work.

P.S. If you guys are still curious about my recent sad experience, here is the story. Some guy from Gold Coast was recommended to us as a web developer. We employed him to sort out a few minor tasks on our sites. It quickly became apparent that he was seriously lacking professionalism and his engagement was brought to an end. 3 months later, out of blue, an email was received stating that the invoice for $80 was overdue. Coincidently, that was at the time when I was moving houses and the RAFW was on. I replied that will look at his invoice shortly. Nonetheless, 2 days after I received that weird email, the culprit broke into my site’s admin area (as all passwords were changed when his engagement was finalised) then he changed my passwords and stole all of CrashingRed’s data. Finally, I figured out who was responsible for that, immediately reported this matter to police and also got my friend, a litigation lawyer, to give the sinister ‘web developer’ a call. The site was up and running within an hour. However, I will never recover damages from the stress I experienced over the night my site disappeared. Not to mention the time lost investigating and taking action to get the culprit to restore the site. My site is now protected from every side and I recommend you guys do the same for yours :)

Related Posts Plugin for WordPress, Blogger...

 

Comments 20

 

Thank you for taking time to leave a comment! However, the comments section has been playing up recently. It's only working if you leave your name & email. Thanks for understanding, Maria xx

  1. Angela May 10, 2011

    What a pig! So glad you got everything back. :)

  2. DanniiBeauty May 10, 2011

    OMG! How horrible – you poor thing that is so sad that people would go to these measures. So glad you got it sorted. It is such a scary world, unbelievable what people will do.
    Thanks so much for a excellent post!

  3. El May 10, 2011

    Wow, so sorry to hear about this experience you had to go through. Thank you for sharing!

  4. cclarebear May 10, 2011

    Ohhhh hun that’s terrible!!! Thanks for the tips – I’m off to install a security plugin now. Glad it’s all sorted.

  5. Me my best and I May 11, 2011

    So sorry to hear- what a creep. Glad to hear its all back to normal again and you are now sfae & protected. Am cryptifing my passwords now……Thanks for sharing :)

  6. meghan @ out of order May 11, 2011

    sorry such a nightmare happened to you!
    thanks for the tips <3

  7. Natsumi May 11, 2011

    That is awful! I’m so glad you managed to rescue CR and save yourself from having to restart and further devastation. Nowadays the internet is beyond crazy, I mean a hacker would hack a talking dog’s YT channel “just to prove it can be done”. Wait, let me rephrase, more like people are too bored with their lives these days.

    Big hugs, hope you keep strong and nothing happens again!
    xoxxx

  8. Claudia Chavez May 11, 2011
  9. Claudia Chavez May 11, 2011

    thanks for sharing! good tips :)

    http://www.mywildmess.com/

  10. Alicia Mi Mundo May 11, 2011

    Omg, thanks for sharing!!

  11. Christine May 12, 2011

    That’s so incredible that there are people doing those things. Thank you so much for sharing! Keep strong!

    Christine
    http://district5-fashion.blogspot.com/

  12. Harija May 12, 2011

    Sorry about your experience and d thank you so much for sharing – it helps other blogger to be careful!

    You have a great blog and I wondering if you want to follow each other

    My Lyfe ; My Story

  13. PHWDGoddess May 13, 2011

    So sorry that happened to you. Thanks for sharing your experience and for a very informative post.

  14. Jen May 14, 2011

    Ahh what a loser! I’ve been looking into some form of protection as well so i’m gonna take your advice and look at those recommendations!
    I’m glad to hear its all been sorted but experiences like that, although can be helpfully in finding issues that need fixing, always suck.
    Jen
    http://www.jenearacosplay.com

  15. Marina H May 15, 2011

    Hi Doll,
    Amazing information and oh so helpful for us bloggers. Thanks for such helpful info. (scary)

    ps. I been thinking about twitter since you recommended to me but still unsure will let you know for sure if I do.. :)

    XoXo
    http://fashionmakeuplifestyle.blogspot.com/

  16. Jen W May 16, 2011

    Crap, that sounds horrible! I’m glad you were able to sort it out in the end but I can imagine how traumatising it would have been.

    I’m a little worried now as I’m getting someone who I don’t know personally to help me migrate my Intense Debate comments.

  17. Megan May 16, 2011

    Oh my god that would have to be my worst nightmare! Thank you for raising awareness, so many bloggers probably don’t think about this kind of thing but it would be so devastating to have something you have worked so hard on disappear like that.

  18. Isabel Spectre May 18, 2011

    Oh my gosh! this sounds awful. Thanks for the tips! I will definitely be using them.. It is so awful when things like this happen, and so frustrating.. WHY do people do that with their time?? I am sorry that it happened to you, but glad it is over with and you are more prepared now. I am doing a giveaway on my blog if you want to enter :)

    http://iflyastarship.blogspot.com/

  19. caramellitsa May 20, 2011

    thank you so much for sharing!!
    love
    caramellitsa

  20. Marusya V June 1, 2011

    Thank you all for support! Glad you found these tips on how to ensure your site security useful.