You are in constant danger. Maybe you do not realise. Maybe you are very naive and you think you are not going to get attacked, because you have nothing important to be attacked.
You're wrong. You are in danger and if you do not react in time, sooner or later it will be too late.
Like viruses that surround us every day (like in the office or on the street), viruses on the Internet are always hanging around.
Therefore, it is important that you have a security strategy for your blog to combat these viruses.
But before talking about strategies, let's start with the basics yet essential steps to prevent these attacks.
1. Improve Your Password Strength
I cannot believe that there are still so many people with such a silly password as "asd123" or, even worse, "1234".
Gentlemen, hackers are a little smarter than that. Anyone could decipher (if that is what you can call deciphering) that type of password.
It is necessary mandatory that you take very seriously and believe this one a little more complicated password. If possible, one that is so complicated that you just understand it.
For example, mix the number of your house (or the house where you grew up) with the name of your pet, best friend, father or favourite soccer team, plus an extra symbol, such as a question mark or one of exclamation. In my case it would be 1475gymnastics!! (Yes, I'm a fan of Gymnastics and Fencing La Plata, what will I do?).
It does not matter that it's too long. 123456789 is long and easy to decipher. A shorter one, like gymnastics!, Is more complicated and, therefore, more effective.
As long as you remember, anything goes.
2. Install Security Plugins
I always say that the best platform to have a blog is WordPress . I will not explain why you have to choose it over other platforms. It is simply the most simple and effective.
In this case, to improve the security of your blog, WordPress comes as a glove. Why? Because with just installing some security plugins, they do everything (or almost everything) for you.
Among the plugins that I recommend we have:
- WP-DB-Backup: Makes a backup of the database of your blog.
- Login Ninja: Do everything a bit, from banning IPs that attack your blog, to put Captchas to the registration page of the administrator.
- Security Ninja: A very, very complete plugin that does security audits, looks for gaps and vulnerabilities of your site, among a lot of other things.
- AdminSSL: As the name says, this plugin assures you the registration page (or login), the administration area, the posts and the pages using a private or shared SSL protocol. (Unfortunately, this plugin has not been updated more than two years ago, so maybe I do not know if it's the best option today).
- Akismet: Who does not know Akismet? All those who have their blog on WordPress.org should know it. This useful plugin simplifies the life of all bloggers, since it takes away the burden of removing spam comments one by one. With just activate your account (which can be free or paid) you are already saved from spam.
- Theme Authenticity Checker (TAC): Scans all the files in your theme to find potentially dangerous codes.
- Antivirus: Same as above, nothing else that is another variant.
- WordPress File Monitor: Monitor all the files in your WordPress account, looking for unexpected changes. When you find one, it alerts you immediately. (Like AdminSSL, this plugin has not been updated in a long time).
- Better WP Security: A complete plugin that, among many things, changes the URLs of your registration page, removes registration error messages, inserts an SSL protocol to some of the administration pages, improves server security, among other things plus.
- BulletProof Security: Another very complete plugin similar to the previous one, but with some small differences.
- Wordfence Security: Create a Firewall for your account, scan viruses, verify and repair the files in your database, among other things.
3. Search for Malware
If you are not aware of your security, and if you did not install any of these plugins mentioned above, it is important that at least take some precautionary measures. Among them, it is searching for malware.
But first, what is malware?
Malware , according to the wise words of Wikipedia, is a type of software that aims to infiltrate or damage a computer or information system without the consent of its owner.
A typical case of malwares is when you download PC files, such as installers or programs. If you have a good antivirus on your computer, it is likely to detect them automatically. However, not everyone is aware of it. That is the reason for the great proliferation of some of the viruses, many of which could have been avoided with a simple antivirus.
So, what to do to search and find the malware?
First, have a hosting that does it for you. Many hosting companies provide security services, although I doubt that any of those are as good as they claim to be.
If that still does not reach you, it is important that you hire extra services such as StopTheHacker or Sucuri , which do a scan of your server to find the malware, among other things.
Related to the previous point, if you use WordPress.org, you have the chance to use some extra plugins that also look for malware. One that I did not mention in the previous list, is Sucuri , of the homonymous company, which is free. This, like Anti Malware plugin, are two services that scan your server in search of malware.
Finally, we have the option of hiring an expert in computer security. Anyway, I'm not sure if that is really necessary for your case, since computer security experts are useful for pages with thousands or millions of pages, large amount of data, among other things. Also, hiring an expert of this type is very expensive.
4. Choose the Correct Hosting
As I said in the previous point, there are some hosting that provide security services. Some are better than others.
What is key is that, at least, they provide malware detection services , daily, weekly or monthly backup, and firewall. If it is necessary to pay more, than if it is. In the long run, you will be saving a lot of money and stress.
5. Prepare for the Worst
I always say the same thing when it comes to safety: get ready for the worst. You never know when you can hack your page, and in the event that happens, you must be prepared.
If you are hesitating between doing something that can improve the security of your page and doing something else (such as improving web design), opt for security. It never hurts to protect yourself from attacks by hackers and viruses.
In turn, it would be good to have a plan B.
Think about it like this: What would happen if they attacked you? Always have a plan to know what to do in the event that something strange happens to your page. Maybe it's something small that makes you suspicious, but it's important that you move fast.
Scan your page, look at your plugins, ask in a forum and see what they say. The important thing is not to let yourself be, because it may be too late once it happens.
Sum up
It is important to emphasise that not having a security strategy is exposing oneself unnecessarily. I do not want you to want to play with something as trivial as the security of one of your most important assets, such as your website.
Nor is it my intention that you get neurotic. Not at all. I just want you to become aware of the real dangers that exist today.
As I said at the beginning, it does not matter if you think you're not going to be hacked for whatever reason you can think of (most of the time it's " hack me, if you do not have anything to steal! "), It's important that you So much of reality.
What have you done until today to protect your website? What will you do from now on? Tell me your next steps in the comments below.
