1. Control access to your blog
Generic admin accounts on WordPress are targeted all the time by cybercriminal tactics, which is why you shouldn’t use it.
Create a new administrator account instead and delete the old one, so you can fend off those type of attacks.
Additionally, careful who you give access to in your administrator panel and set clear limitations for other users than yourself. If a user becomes irrelevant on your blog, delete the account and make sure you provide all those who have access to your blog with strong passwords.
2. Set strong passwords
Your web hosting control panel, administrator account and any other apps that are connected to your blog and online services should be protected with strong passwords.
If you’re using the same passwords for multiple accounts, you’re really asking for trouble. So please, pretty please don’t do that (or stop doing it).
When possible, use 2-factor authentication and update your passwords regularly.
Since password security is an important subject, I’d recommend you take a few minutes to go through this Password Security Guide I created. It can do wonders to keep your data safe!
3. Check the hosting provider’s security
If you have a self-hosted blog, don’t just go for the cheapest hosting option. This service is essential to keep your blog running well and to keep your data safe. The hosting provider can also provide technical support in case of a cyber attack or at least give you indications of where you can get help.
So before moving your blog’s database to a certain provider, make sure you research their security measures a bit and see if they’re adequate.
4. Keep your blogging platform updated to the latest version
When a new WordPress version is out – update immediately! The same goes for any other blogging platform.
New releases aren’t just meant to provide increased usability – their purpose is also to close security holes and patch vulnerabilities. So updates are essential, even if they might mess up a plugin or two. That can be fixed, but a cyber attack is definitely more difficult to mitigate.
You can get news about WordPress security updates and vulnerabilities from their blog or from the WP Secure website.
5. Install dedicated security software on your blog
Your computer is not the only one that needs protection! Your blog should have its own security software installed, that is specifically designed to fend off cyber attacks directed at it.
You can use multiple tools to prevent malware infections and provide cleanup if an infection does occur, to block malicious login attempts, to scan your content for bad URLs, to provide a firewall, block brute-force attacks and many more.
6. Keep a regular back-up schedule
You’ll want to create and maintain a regular back-up schedule for your blog’s database. You can either do it on your own or you can get a web hosting package that includes automatic back-ups, which I strongly recommend.
Additionally, you can use dedicated plugins to store a copy of your data in your Dropbox, Google Drive or OneDrive account.
It’s essential to keep at least 2 copies or your blog’s database, because malware infections can happen even via backups.
If you know you can restore your data anytime, you’ll feel much more at ease.
7. Check and update your plugins
Plugins make WordPress so much better! The equivalent of “there’s an app for that” in the blogging world is “there’s a plugin for that” – whatever you might need, it can be done.
Most plugins are free, but that degree of convenience also brings responsibilities.
Some rules to follow when using plugins:
- Never install shady plugins from untrusted sources
- Always check plugins on WordPress.org to see what rating they have, the comments they received and when the last update was made
- Keep plugins updated at all times! Never ignore an update prompt, as vulnerabilities in plugins are seldom used as attack vectors by cybercriminals
- Keep an eye on updates for plugins and replace those who don’t update as soon as a new WordPress/blogging platform version is released (or soon after it)
- Delete old plugins that you don’t use anymore – they clutter your code and can become a gateway for malware infections.
Also, a good tip is to live by “less is more”. Use only the plugins you absolutely need and get rid of the other stuff.
8. Application security
Be mindful of which applications you link to your blog. Always review what type of access these applications request and unlink them when you stop using them.
Also, be careful about embeds, images and other media you use in your posts. Use only legitimate, trusted and verified sources to prevent publishing infected content.
Here’s an example of a captcha service that distributed malware via WordPress and other platforms. That’s definitely something you want to avoid!
9. Beware of malvertising
Malvertising has seen an abrupt increase in the past years, with cybercriminals infiltrating ad delivery networks to spread malware and infections of all types.
According to OTA (Online Trust Alliance) research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. The threats are significant, warns the Seattle-based non-profit—with the majority of malicious ads infecting users’ computers via “drive by downloads,” which occur when a user innocently visits a web site, with no interaction or clicking required.
If you publish banners ad or other types of advertisements on your blog, you should be very aware of this cyber threat. A good idea is to verify ad networks before engaging in a deal with them, to see if they take the necessary security measures to protect themselves.
Also, never forget about old banners that you posted yourself. Take them down once the campaign is over to ensure that they don’t become a target for cyber attacks.
10. Don’t forget about the themes
It’s best to only use themes from trusted sources to prevent any malicious code to be installed on the website.
Also, delete any themes that you don’t use because cybercriminals can also use them to infiltrate your blog and inject malware in your code.
11. Build secure code if you create your own website
If you decide to build your own theme or plugins, or to customize your code in various ways, always respect industry standards when it comes to cybersecurity.
Building a secure code will keep troubles away and ensure you have a productive blogging schedule.
12. Keep your computer safe from malware
Now that you’ve ensured your blog’s security, don’t forget about your computer.
Keeping things clean and safe is essential to ensure your data’s security. So always use a good antivirus solution and at least one tool that can protect you against advanced malware threats that AV can’t block.
Needless to say that your software should always be up to date as well, to prevent exploits!
And if you’re looking for a more detailed guide to securing your WordPress blog, this article is a great resource!