Blog Security: 6 Tips on How to Keep Your Blog Safe and Secure
Blog Security: 6 Tips on How to Keep Your Blog Safe and Secure
Would you build a house without any locks on the doors? Probably not. I imagine you’d want a house that was safe from outside threats. The same thing can be said about starting a WordPress blog. When building any type of online platform, it’s important that you take the necessary steps to ensure that your data is safe.
Cyber attacks on large corporations have been dominating the news lately, but unfortunately small businesses and digital entrepreneurs are still at risk. That’s why, as a blogger with a digital platform, it’s imperative to take the right precautions and protect your online property from malicious cyber-criminals.
This post is going to take a closer look at how you can keep your WordPress blog safe, and explore some of the things you can do to protect your blog and its visitors.
1. Install a Security Plugin
One of the many benefits to using the WordPress.org blogging platform is that it gives you the ability to beef up your blog’s security with the help of plugins.
There's a wide range of security plugins available, but the WordFence security plugin is one of the highest rated by consumers.
This is a premium plugin, so there's a cost associated with it ($39 per year for one blog). However, you can easily justify the cost if you think about what it would cost you if hackers stole you or your visitor’s personal information.
The WordFence security plugin can provide added layers of protection, and peace of mind, whenever it comes to your blog’s overall security.
2. Certify With an SSL Certificate
Another security best practice is to have an SSL Certificate for your blog. If you’re new to the concept, an SSL basically creates a secure path for information and data to be passed back and forth online.
Here’s how it works. Whenever a visitor enters your SSL-protected blog, your SSL Certificate creates an encrypted connection to the visitor’s browser. This means that any information (passwords, usernames, credit card info, etc.) passing between your blog and their browser will be scrambled and virtually impossible for hackers to access.
Additionally, when your blog is protected with an SSL Certificate, a padlock icon and the https:// prefix will display on your visitor’s browser bar. This not only notifies them that your blog is safe and secure, but it also assures your readers that you take their security seriously.
As with anything worth having, an SSL Certificate will cost some money (roughly $30 – $50 per year). But again, think of this as an investment in your blog’s future. One quick tip, if you use my affiliate link, Bluehost will give you a free SSL Certificate and domain name when you sign up for their WordPress hosting plan.
Plus, starting in 2017, Google Chrome is requiring that all websites have an SSL Certificate. If your blog doesn’t have one, then visitors will be notified that their connection is not private and that attackers might be trying to steal their information. Not cool! I’m pretty sure that will hurt your web traffic.
3. Implement Password Protection
The good news is that the backend of your WordPress blog is already password protected. As you probably found out whenever you first setup your blog. The bad news is that hackers have ways of running applications, commonly known as brute force attacks, that continuously try different combinations of your password until they guess your credentials and gain access to your site.
One way to combat this threat is to implement additional password protection with the two-step authentication process. Many companies, including Apple, use the two-step authentication process within their platforms, and your blog should be no different.
When you have the two-step authentication process in place, just using your password once isn’t enough. You’ll need to supply additional information before you can access your blog. Here’s how it works. Once you login to your WordPress dashboard with the correct username and password, you’ll be prompted to enter in an additional passcode before going any further.
The passcode is different every single time, typically sent via text or email to the user’s personal account, and it’s sent as you’re attempting to log into your blog. So, even if a hacker tries to access your site, there is no way for them to receive the additional passcode.
The WordFence security plugin comes with the two-step authentication process, but there are other WordPress plugins out there that can help you implement this added layer of password protection. Elegant Themes has a great blog post on all of the two-step authentication plugins available.
4. Backup Your Blog
Having a backup of your site is a blogger’s contingency plan for when things go wrong. If you’re blogging and not backing up your content, you’re playing with fire my friend. It’s better to be safe than sorry, and backing up your blog’s data is one way to make sure that your blog is protected from possible disasters.
There are many factors that could cause your blog to crash. Now, it's not my intention to intimidate or frighten you, but websites can go down. It’s just a fact of life for a blogger. So, that’s why it’s super important that you always have a backup of the most recent version of your blog.
I personally use BackupBuddy for all of my WordPress backups. This is a premium WordPress plugin by iThemes, but I can assure you that it’s worth the price tag. While other WordPress backup plugins only backup the WordPress database, BackupBuddy backsup your entire WordPress installation.
Plus, once you backup your blog, your files are stored as downloadable zip files in BackupBuddy Stash, their secure, off-site storage destination designed to store WordPress backups. This plugin helps me sleep at night. No joke.
5. Post a Privacy Policy
Innovation has given websites the ability to do some scary stuff with your personal information once you visit their site. That’s why, now more than ever, Internet users are concerned about their personal info being passed around online.
One way to overcome this objection, and ease the minds of your visitors, is to post a privacy policy on your blog. Doing so allows you to be transparent with your blog’s audience and it shows them exactly what you do with their personal info.
It’s always a good idea to include a privacy policy in the footer of your site. Additionally, it should clearly outline how you use people’s personal information once they visit your blog. If you need help drafting a privacy policy, you can do a quick google search for free privacy policy examples or you can reach out to a lawyer and have them write one for you.
6. Be Vigilant
Finally, just keep an eye out and regularly monitor your blog. By using security plugins, Goglee Search Console, and Google Analytics, you can stay vigilant and oversee the security of your blog. If you catch a possible threat early, chances are you’ll have a much better opportunity to save face.
As you begin to build your blog, be sure to be mindful of how you're going to protect your blog and its visitors. Your blog’s security should be at the top of your to-do list and at the end of the day, it’s just better to be safe than sorry.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
In full disclosure, there are affiliate links in this blog post. If you click on the link and decide to make a purchase, I'll earn a small comission. But, by doing so, you're helping me keep this blog up and running.
Written by Ben Cummings
Founder of blogwithben.com
Ben is a Digital Marketing and CMS Specialist for Bridgepoint Education who holds an MBA with a specialization in Entrepreneurship. He enjoys teaching, blogging, startups, a hoppy IPA, and college basketball. Whenever he's not blogging, you can find him cruising around sunny San Diego with his amazing family.
Thanks for your post. For newbies, do you encourage Duplicator? I have installed the plugin but don't know how to use it
Really insightful post. You have covered almost all steps to secure your WordPress site. I think if you take care of all these points and take necessary steps then it would be impossible to hack your website. However, I would like to know if there is any free plugin like wordfence to secure our website.