Tuesday, July 15, 2014

Techie Tuesdays: Site Security



Today, I'm writing about something quite unpleasant, kind of scary, and rarely discussed at blogging meetups or conferences - site security. Your site has a lot of personal information associated with it - birthdate, email, and credit card. All it takes is a first name, last name, and one more piece of information for an experienced hacker to be quite successful. According to Forbes, on average, 30,000 new websites are hacked a day. Your site can be hacked, and you don't even know it. Have no worries, there's plenty you can do to prevent it! 

General
  • Get a secure password. I'm not talking about a combination of your childhood nickname with some random numbers, or the first letter is capitalized. If I can pronounce your password, it's not secure. A good password should be a random assortment of numbers and letters. Write it down (not on your computer, but on a piece of paper), so you won't forget it.
  • Last Pass. Last Pass will change your life. After reading this post, you will be able to sleep with ease at night knowing everything you have is secure. You create a Last Pass account, with one password that you have to remember (write it down). You can then install Last Pass on your browser and mobile devices, and you can add your login info of various sites. The best feature is that Last Pass will generate random, secure passwords for you and keep track of them. 
  • Don't share your password. Create users. Often when I'm working with new clients, they will be say, "I can just share my password with you," and in most cases,  I always respond, "Just make me a user." It might take me showing them how to do that, but the benefits are huge. 


Blogger:
  • Google is pretty much amazing, but if you aren't using two-way verification you should definitely set it up. Anytime you sign on to your Google Account on a new computer, Google will text you a code that you have to enter to login. So, if someone tries to sign on to your account from an unauthorized computer, you would immediately receive a text message (they wouldn't), and they won't be able to sign on.


WordPress:
WordPress is a tricky beast because it is a free Content Management System (CMS). WordPress sites are often the most hacked sites due to security issues.
  • Change your username and display name. If it shows up on your posts, "This post was written by Admin" you are a delicious target. "Admin is the most common username. When installing WordPress, your username should be something random (numbers and letters). You can change your visible name to be your own name, but your username for your site should be private. 
  • Hosting. Lately, I've read a lot of different developer bloggers discuss how they adding clauses in their contract not to work with sites that host on Go Daddy. Go Daddy is notoriously awful amongst people in the web community, but for most people, Go Daddy is the most familiar (great advertising campaign). Most hosting contracts allow you to transfer whenever, and I would recommend Bluehost. Not only is their customer service excellent, they have additional free and paid features that help you improve your site security. If purchasing hosting, most bloggers only need the basic, shared hosting version ($3.95-$4.95/a month).
  • Updates: You should always make sure that you have the most up-to-date version of WordPress, your theme, and plugins. More often than not, when any of these elements release an update, it is a security update (hackers are always improving, sites need to improve). Just make sure that before you update, you backup your site. 
  • Plugins: Plugins are less regulated than themes. If your site has a bug, it's usually a plugin. When I build sites, I always try to build them with the functionality in the theme and rely on few third-party plugins as possible, but there are a few plugins that I recommend:
    • Akismet is a comment spam prevention plugin for your blog. It identifies and blocks comment and trackback spam. If this isn't monitored, your site is more likely to get hacked. 
    • Jetpack is a plugin-package from WordPress.com. For most bloggers, they can get all the additional functionality they need from this plugin. Essentially, you can get up to 30 plugins with one. Because WordPress.com functions on the contribution of developers, you know that their are always people working to develop and improve it. Some of my favorite features of Jetpack include tiled galleries, the contact form, and Facebook & Twitter widgets.
    • Disqus: Most everyone knows what Disqus is, a comment management plugin. You can install it for WordPress or Blogger, and I think it is quite easy to install. Not only does it manage spam comment, it makes it easier for your readers to leave comments via social media or mobile devices. 



Do you have tech or design questions you would like answered? "Techie Tuesdays" is a weekly series written by Lindsay Humes of White Oak Creative and The Garden Apt. In order to make this series as beneficial to Midwest Bloggers, you can email your specific questions to Lindsay at lindsay@wocreative.com and she will answer them in her weekly series.

No comments:

Post a Comment