Blog security is something you probably wish you didn’t need to think about, but these days it is necessary because you may be vulnerable regardless of the size or activity level of your site.
For this Bloggiesta mini-challenge, develop a security plan for your blog and then share link to your post — or at least a few details — in the comments, if you like.
Because each blogging platform is different, your blog security plan will be unique. To get you started, however, let’s go over some basics.
1. Always install updates immediately
No matter what platform you use, always be sure to install any software updates immediately. Many times the updates are issued to fix security vulnerabilities.
2. http Versus https
You may have noticed that a lot of commercial websites and blogs have changed the beginning part of the URL to “https.” What does that mean and should you do the same?
Http stands for “hypertext transfer protocol” and it is how linked text/data is transferred around the Internet. Nowadays hackers can intercept that information as it is moving from place to place and use it for their own purposes. For example, they might intercept a password and use it to gain access to your blog. To prevent unintended access, the information is encrypted or converted into a code. When the transfers are encrypted, it is called “https” or “http secure.”
If your blog is on a hosting service like WordPress.com or Blogger, it may already have been upgraded to https without your knowledge. Check the URL of your blog in your browser. The symbol of the lock (green) also means it is secure.
If you have a blogspot domain and it isn’t https yet, https for blogspot domains explains how to make the upgrade.
For WordPress self-hosted blogs, how to make your site https or secure will be more complicated and will depend on your hosting server. Typically you will need to obtain a Secure Sockets Layer (SSL) certificate. Your host may let you use theirs or you may have to register you own with a service like Let’s Encrypt (or see this review of 5 services).
Whatever you do, always back up your blog prior to making these changes. After you make the conversion, all the URLs in your blog/website will change to https. Your browser will give you an error, however, when you load any internal http links that didn’t change automatically. All the internal links will have to be changed from http to https, including those for images.
To fix this problem, you need to do two things:
- Set up 301 Permanent Redirect for the page URLs.
- Search the entire website for http and change it to https (unless it is a link to an external site, which wouldn’t have changed).
For WordPress sites, you can use search and replace plugin to change it all at once. Examples of these type of plugins are Search & Replace and Better Search Replace.
Sound complicated and a lot of work? You may wonder if you really need to do it. That is a good question, but a tough one to answer. It is likely https will be required at some point in the future (Remember when Google required all blogs and websites to be mobile-friendly?) At this point you should at least read up on it and have a plan in place in case it becomes required.
Additional Blog Security Tips
- Back up your site regularly
- Use strong passwords, with mixes of uppercase and lowercase letters, numbers, and special characters
- Consider Two step authentication for WordPress.com blogs, if you have a mobile device
- Install security plugins — 10 Best WordPress Plugins 2018 at WP Blog
- Use the plugin to limit the number of failed login attempts a user can make
- Keep your personal computer secure by installing and using antivirus software
- Don’t login to your blog dashboard using public WiFi.
- Delete old plugins that you don’t use.
For WordPress Self-hosted Blogs:
One important security precaution is to not use “admin” as your login/username. If you have been using admin, WordPress makes changing usernames difficult, but not impossible.
This video shows how to do it:
See more at this related blog post from wpbeginner.
Hopefully that gives you some ideas for developing your security plan. Please leave a comment if you have any questions or have any additional suggestions.
Let’s all have a safe blogging experience!
Example of a Security Plan
- Back up blog on the 30th every month
- Change username from admin to something safer
- Install a security plugin and update the settings
- Delete old plugins that might be vulnerable
- Find out what I need to do to convert my blogs from http to https and develop a plan to implement it.