|Image by jasoneppink|
Question: Is your blog’s security a top priority for you?
I bet the majority of you will say, “Yes John, it is.” However, I bet 90% of you have taken very little steps to actually secure your blog against intruders.
About 8 years ago I hurt my back (relation to blog security coming up quick) to the point where I have a bulging disk. I went to a chiropractor and he asked me, “How concerned are you of this problem?” I told him I was pretty concerned and wanted it fixed, but since the pain wasn’t unbearable it wasn’t top on my priority list.
He brought me into a room and showed me how over time an injury which starts out with only ‘some pain’ can easily turn into a huge problem for me down the road. He showed how without treatment my problem could get worse up to a point where I might have troubles doing simple things, like walking. If that were to happen, I bet my future self would say, “Why didn’t I listen to that chiropractor?”
He then asked me again, “How concerned are you of this problem?” My answered changed.
Now let me ask you again, how concerned are you for your blog’s security?
Do you think it’s possible one day that your future self might say, “If I only took steps to protect my blog earlier none of this would have happened.”
Realize too, you might not even know your site has been cracked until some time down the road. Sometimes a hacker’s only interest is to create backlinks to their websites (to help their Google PageRank) while other times it might be to simply steal your bandwidth.
See this article as an example. Also, Nik Cubrilovic over at TechCrunch mentions this in his article, WordPress Security Issues Lead To Mass Hacking. Is Your Blog Next?
It is unknown just how many WordPress blogs are infected (I have seen instances of double infection, where a previously hacked host had been hacked again), but as an indicator, across the ten or more WordPress blogs that TechCrunch and I have access to, we can see over 100 requests daily for these various security holes.
So how do you secure your WordPress blog?
There are many ways to harden your WordPress installation and I’ll talk about more of them down the road, so be sure to subscribe to my feed if you’re interested (link opens in a new window so you won’t lose your place).
Here are two quick and easy ways help guard your blog against attacks using SQL Injection.
1. Install a WordPress Firewall Plugin
There are a few really good firewall plugins out there for WordPress, but here’s one that’s easy to use. If you’re unfamiliar with what a firewall is, look up to the picture at the top of this article. Imagine the girl is your blog and the guy is an intruder. The firewall is the shield protecting you from his attack.
SEO Egghead offers the WordPress Firewall Plugin.
Simply install this plugin and then configure it to whitelist your IP address (so you yourself don’t trigger a block and alert). To do that, once the plugin is activated look over to your Settings area on the left sidebar of your WordPress Dashboard and click Firewall.
From there you can enter in your email address to send possible intrusion alerts to and also whitelist your IP address. To find out what your IP address is, you can head over to WhatIsMyIPAddress.com.
2. Upgrade Your WordPress Installation
This is the easiest thing you can do to help guard against SQL Injection and other blog security vulnerabilities. If you clicked over to read the article mentioned above, the author shows how he was using a recent, but not current, version of WordPress and his blog was still cracked.
Luckily, simply upgrading his WordPress installation fixed his problem.
If you don’t know how to upgrade your WordPress installation, we have a video tutorial on how to do it.
Finally, I’d like to note that BTC Hosting provides various blog services. If you’d like us to upgrade your blog and/or provide these and many more security upgrades to your blog, let us know. For a one time fee of $65 we can harden your WordPress install, help fortify your blog against SQL Injection, database cracking, and brute force attacks. Just send us a note in the comment section below or on our Questions page.
So, let me ask you. How concerned are you about your blog’s security?