WordPress has become the software of choice for the vast majority of self hosted blogs. The reason is simple. It is free and has a huge community that supports it with a large variety of themes and plugins.
It is easy to set up as most hosts have a one click Fantastico install (although I prefer to do it manually but that is a topic for another day) so people can get up and running with very little technical knowledge. You can do it quickly.
All of that being said there are a number of cretins out there that just love to exploit things because they can. Taking a few minutes to protect your blog can save you grief and at the worst allow you to recover if one of those cretins decides to visit.
Here are 5 ways to get started protecting your blog.
- Change admin user
- Use good passwords
- Backup data base
- Use a scanning plugin
- Keep your blog up to date
The default user is admin when you install a blog direct. This will be changing in version 3.0 where you will be able to use your own user name and password as you currently use in Fantastico. Create another user with administrator privileges and delete the default admin user.
The second step is to use a solid password. When you install a blog direct WordPress creates a solid password using a variety of letters, numbers and symbols. If you use Fantastico you create your own word and may not use one that is secure.
When WordPress creates the solid password they then give you a prompt inside to change it. Only change it to something equally secure. I know it is a pain in the you know what to use a password like Wc7BS7f9 but it will make it hard for someone to guess it.
It is easy to automate backing up your data base. Use the WP Data Base Backup plugin and create a special Gmail account and have the backup emailed to you each day. I keep 30 days of backups so that if a cretin does get me I can get back to a copy of my blog from before the attack. You do need to regularly check the email account to be sure you are receiving the email. I check mine every Monday.
This along with a copy of the files I have edited downloaded to my computer will allow me to replace the blog easily. This is good even if it is a server problem that causes your blog to disappear or be compromised.
The fourth way to protect your blog is to use a scanning plugin. I use two different ones. The Anti Virus plugin and the WP Exploit Scanner. The anti virus plugin can be configured to send you an email when it finds a potential problem. The anti virus plugin checks your files on the server.
You will get some false positives but it does allow you to find out quickly if your blog has a problem. Each day it scans your blog and emails you if there are problems. It is most likely to happen when you change or upgrade your theme.
The final way to protect your blog is to keep your version of WordPress upgraded. I know that sometimes it seems that there is a new version every other week. It can be a royal pain to do (although the new versions automate a lot of it).
The same applies to your plugins. One of the good things about WordPress is that when they find an exploit they close it quickly. So despite the pain in seeing the frequent updates they are necessary.
All of the plugins mentioned here can be found through the automated install in WordPress.
Take these steps and your chances of being compromised are lessened and you will have what you need if it does happen.