2017/08/28

[Self-Hosting Basics] Simple Steps to Secure Your Blog from Hackers


Once you've created your blog and you've started publishing regular blog posts, there is nothing more terrifying than seeing your work wiped out by a heinous hacker.

In this blog post you'll discover why it's so important to spend some time to protect it with these basic hacking protections.

If you're not already doing so, backing up your files should be a regular part of your life as the owner of a blog or website.  The steps below will show you how to keep your blog safe:



✦Make Sure that Your Directory and File Permissions are Properly Locked Down

I've started with one of the most technical parts - but stay with me, this will get easier...

Each website contains files and folder that are stored on your web hosting account.  The also contain the scripts and data to make your website work, all of which contain scripts and data that is needed to make your blog work.  Each of these files and folders is appointed a set of permissions that controls who reads, writes and executes all files or folders, which are all relative to the user or group to which they belong.

With the Linux operating system, all permissions are viewable in the form of a three-digit code, each digit being an integer between 0-7.  First digit represents permissions for the owner of the file; Second digit serves as permissions for anyone assigned to the group that owns the file; Third digit represents permissions for everyone else.  See assignations below:

  • 0 equals no permissions for that user
  • 1 equals Execute
  • 2 equals Write
  • 4 equals Read

The file that authorises a permission code that gives anyone permission on the internet the power to write and execute is less secure than one which is already locked down.

It's best to set your permissions as follows:

  • Individual files = 644
  • Folders and directories = 755

Double-Check Your Passwords are Secure

Simple enough, but extremely important.

Don't go with an easy password, some ridiculous like 123456.  A very commonly used password, you need to do a lot better than that.

Think of something that's really unique and not personal to you (or use Hostgator's password generator).  Use a mix of special characters, letters and numbers, and make it really long!  Like I said before don't use information like your pets name, your kid's name, or anything that can be easily found from social media accounts by a hacker.

This is the same rule for anyone in your business or close to you that has access to your website.  A weak password in your team can open your blog up to attack, that's why it's important to hold yourself and everyone else in your organisation to the same high standard.

Apply CSP

Cross-site scripting (XSS) is a common enemy to all bloggers and website owners alike.  Hackers will discover a weakness and a way to slip malicious JavaScript onto your pages, which then go onto infect all the pages your visitor's go to on your website that are exposed to the particular code.

You need to make sure that any code you use on your website for all functions and fields are as clear cut as possible in what is allowed, so that you're not make yourself wide open for anything to conveniently slip in.

CSP is another handy tool to have to protect your content.  The browser will know not to pay any attention to any malicious script the could infect your visitor's PC.

By simply adding the correct HTTP header to your webpage, this provides a multitude of directives that tells the browser which domains are good.  You can craft your own CSP headers for your blog here through Mozilla.

Use Prepared Statements (Parameterized Queries)

A common blog hack many website owners have sadly fallen victim to.

Other users can use URL parameters that are too open, open enough to hack into your database.  If you're the owner of an online store information such as credit card numbers and contact information can be easily accessed.  This is obviously in your hand's to protect as a business owner.

But don't worry there are numerous things you can do to protect your blog from SQL injection hacks.  An easy way to do this is to implement the use of parameterized queries.  By using parameterized queries you can be assured that specific parameters have been met, so no hacker will mess with them.

Secure Your Site with HTTPS

Most consumers know that the green https in your browser keeps all sensitive information safe on a website.  These short letters are shorthand for safety and security on all blogs and websites, they show it's safe to give out particular sensitive information such as, financial or contact information on a particular webpage.

If you don't already have one for your blog or website you can invest in an SSL certificate here.  Cost is usually small, but the extra level of encryption it offers to your readers and customers is priceless and will go a long way to making your website more secure and trustworthy.

Setup security plugins

If you're using WordPress, free plugins such as iThemes Security and Bulletproof Security will respond to weaknesses within your chosen platform.

If you're running HTML pages or CMS-managed site check-out SiteLock.  Sitelock provides you with daily monitoring for all your hacker worries.  Providing malware detection to vulnerability identification and active virus scanning.

With a Managed WordPress hosting plan SiteLock is already built-in along with much more to keep your website safe.

Make sure all platforms and scripts are current

Keeping all of your platforms and scripts up-to-date is vital, many of the tools created are open-source software programs, which are easily available to website owners with good intentions and virulent hackers.  Security loopholes can be taken advantage of by hackers who will have no problem exploiting a platform or script for weaknesses.

Having the newest version of your platform and scripts installed will reduce of any future attacks you may encounter, and will take very little time to implement.

Hostgator has created a modern set of security rules to assist in the protection of your website.  Sign up here if you're looking for a new hosting provider and a great deal.

Read more about Blogging: How to Effectively Monetize Your Blog[Blogging for Beginners] To Host or Not to Self Host?How to Start a Blogger Blog and Make Money

This post contains affiliate links.  This means if you purchase through these links you are supporting 1976write and we thank you for that.  


Comment