1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Five Important ways to Improve the Security of Your WordPress Blog

Discussion in 'Content Management' started by Benson Terry, Sep 12, 2014.

0
  1. #1
    Security is one of those problems in the online world, that people don’t pay much attention to.

    I mean yes, it’s not everyday that someone breaks into your WordPress account, steals your data, deletes it and then disappears into thin air. But then again let’s face the facts – thousands of sites are being hacked right as you are reading this.

    But hacking isn’t the only thing you should protect your online presence from. Stealing is probably a far bigger problem, especially in the blogging world where uniqueness is everything.

    And even though Google and other search engines develop algorithms to tell where a piece of content originates from, it’s still not the best of feelings when you find your content copied on dozens of blogs.

    [alert type="alert-info" block="false" close="false"]So, namely in the hopes to help you stay a little safer and focus on what actually matters (producing content), I have compiled a list of five effective ways to help you steer away from trouble, both in terms of hacks and theft:[/alert]
    1. Add Links Against Copy/Paste

    You don’t need any sophisticated tools to steal content. It is all as simple as copying an article and pasting somewhere else. And you even don’t have to worry about the formatting – that’ll be copied as well.

    A bit too convenient for content thieves, don’t you think?

    TyntWell lately I began using a great service, called Tynt. Although Tynt won’t disable copying of your content, it’ll add an attribution link back to your blog whenever a piece of text from your blog gets copied.

    Read More TyntThe end result looks like this - Copied content + Read more at “URL of the article from which the text was stolen”

    You might say most thieves will simply delete that link, but chances are they won’t even notice it. I mean what most do is they simply copy, paste and publish.

    Once you install Tynt, you will also get stats on how much copy commands have occurred for your site and which are your most copied posts. You can also track how much links you’ve generated with the read more links.

    2. Setup Your Google Authorship

    Google AuthorshipWhen there is duplicate content, in order to decide which one should get a lower ranking, in most cases search engines check to see which of the identical articles was published earlier.

    That however isn’t always enough, especially if someone with a blog with higher Page Rank happens to steal from you. In that case the stolen post might still end up getting more link juice.

    That is where Google’s authorship comes into play. If you have your authorship confirmed, you are far less likely to have your content ranking lower than the same stolen and published on another blog.

    So how do you set up your authorship?

    You need a Google+ Account
    In the profile settings, you find “Contributor to”
    You add a link to your blog there
    Install SEO WordPress by Yoast
    Go to Users –> Your Profile
    Scroll down to contact info
    Add your Google+ profile URL

    3. Make Sure to Disable Hotlinking

    Chances are when someone copies an article of yours, the images in that article will also be copied. Once the thief publishes the post, the URLs of the images will point to your server. This will result in additional load for your hosting and hence lower performance for your blog.

    The above practise of copying images directly is what you call hotlinking.

    And it doesn’t have to be someone stealing your content. People who don’t care about copyright might simply copy an image from your blog and use it for their own work.

    So, how do you avoid those headaches?

    The answer is CloudFlare.

    CloudFlare is a content delivery network. It improves loading times by caching your content, collecting information about the visitor’s location and sending the cached data from a local server.

    Disable HotlinkingThe above alone plus the fact that the service is free (although they are additional premium features) , makes it an absolute must for every blogger…

    In our case however, we are interested in the “Hotlink protection” checkbox that you can find in your CloudFlare profile. Turning it on is all you need to resolve the hotlinking issue.

    You basically click on “Security Settings”, scroll down to “Hotlink protection” and click on the off button.
    4. Upload Trusted Plugins Only

    A hacker can easily gain access to your blog via a plugin you install. By installing a plugin, you basically grant it access to core files of your WordPress installation. That is why you should be careful when uploading plugins to your blog.

    Here are the four considerations you need to make before installing any WordPress plugin:

    WordPress Plugins DirectoryIs it featured in WordPress.org plugins directory – if you can’t find the plugin here, it’s either premium one or it isn’t legitimate. Whenever there’s an option to download from there, don’t hesitate!
    Plugins RatingsWhat are the ratings – Pay attention to the star rating that the plugin has received and also the distribution of the votes. If the one-star ratings outweigh the five-star ones, there might be a security problem.
    Number of DownloadsNumber of downloads – It’s best to look for a more popular plugin. A bad plugin simply can’t generate thousands of downloads, because it would be removed by the moderators of the plugins directory.
    Look for ReviewsThird-party reviews – As I mentioned premium plugins won’t be featured in this directory, so you have no way of telling if they are legitimate. When considering one such, make sure to look for reviews of people who have actually tried it. You can also go to CodeCanyon – a great directory for premium plugins and a good way to tell if a plugin is legitimate.

    5. Use Those Two Security Plugins

    Aside from the advice I shared in the above paragraphs, there are also two WordPress plugins that I’d like to introduce you to. They have one thing in common – both are designed to keep hackers away!

    Admin Username ChangerAdmin username changer – Chances are you are stuck with the default username “admin”. And since fresh WordPress installations create an account namely with this username, that’ll be the first one hackers will use. Problem is usernames are normally unchangeable. That’s where “Admin username changer” comes into play. All it does is it adds a new tab in your dashboard, from which you can change your username to whatever you’d like.

    Limit Login AttemptsLimit Login Attempts – Another plugin, intended to keep threats away from your WordPress login page. That one allows you to limit the number of times a user (based on a cookie or IP) can unsuccessfully log-in to your blog. You can also set up notifications when that happens and monitor the IP addresses.
    Final Words

    Those are the steps I follow to protect my WordPress blog from unsolicited access and to reduce the damage from content thieves as much as possible (unfortunately there’s no sure-fire way to avoid your content being stolen).

    Now I’d like to hear your comments guys! What are your ways to secure your WordPress-powered blog? Do you use any security plugins? What else can you add to the list? Please take a minute to share your two cents!
     
    Benson Terry, Sep 12, 2014 IP