Helping to avoid your blog getting hacked

Blogging is undoubtedly one of the most popular ways of expression on the Web. While some bloggers opt for a hosted account with major blogging platform developers, some others go with a self-hosted plan that offers extra flexibility, but at the same time, needs extra attention to avoid incidents.

Whatever type of blogging account you have, it pays to be vigilant in keeping it safe and free from hackers. Blog hacking may occur in various circumstances and some of them are even out of users’ control. For instance, servers can be targeted which can lead to successful exploitation of the hosting account. Some other attacks are the direct result of improper blog installations or of a vulnerable plugin.

In order to have the best chance of staying safe, here are our top tips to follow:

• Never use blog scripts coming from untrusted, unofficial download repositories. Most of all never use nulled scripts, as it’s not only illegal, but also risky for your blog and web server.
• Keep your FTP account clean: do not mix and match the account keeping your blog with other scripts you casually test online. A small vulnerability in a third-party script can get your blog into trouble. Always test other scripts on a locally installed webserver.
• Do not add unnecessary plugins or themes to your blog. Stick to what you really need and minimise the chance of having an exploitable plugin or theme. Also, ensure that any plugin you may want to upload comes from a trustworthy source; when in doubt, just ask the community.
• Security tools – antimalware, antispam, firewall, pop-up blocker etc. – are turned off or their settings have changed without your knowledge.
• Generate and store SQL backups regularly. Use a plugin to automate the job and have the backups delivered to you via e-mail or via a secondary FTP account. Using the same account for storing backups is usually a bad idea, as an attacker may tamper with them or even have them deleted after a successful hack.
• Use strong passwords for FTP accounts and administrative users. Do not disclose them to anyone in any circumstance. You might also install a complete antimalware solution to ensure that your system is Trojan-free. Some of the successful blog attacks were carried using legit usernames and passwords intercepted by keyloggers or cache-monitoring Trojans.
• Pay extra attention to the way you select your hosting provider. Paid hosting is usually much better than free offers, and, since you’re going to shed some money, ensure that you get automatic daily backups, access logging and a suitable web-server configuration for your blogging script of choice.