If you search my blog, I have written enough topics about security wishing that it will help normal (non-geeky) people be more aware of simple exploits on their browsers and WordPress blogs. Hopefully it leads them to heed my advise and be more careful online.
I think I am paranoid enough that I worry how other people access the files that I share with them and I also mind where my files are going. In times when cloud is becoming the new norm in hosting files, trust has become a sensitive topic to me when choosing providers.
Everyone gets hacked one way or another
Unless you don\’t have any digital footprint or you live inside a cave, you probably have been hacked in one way or another.
Even the biggest social network companies get hacked. LinkedIn had several million user passwords leaked. Many famous Twitter accounts get hacked everyday. Even Facebook gets hacked and they don\’t even know what hit them. So what keeps hackers from hacking your website or blog?
After installing all the recommended WordPress security plugins, how sure are you that you\’ll be safe from exploits or zero-day attacks?
You can never be 100% sure. Even if your host has the most advanced firewall it could still be vulnerable. That\’s the thing about security. No matter how hard you try in securing something, there will always be someone trying to break inside.
Don\’t overlook security warnings and updates
If you know that there are security holes on your software, don\’t wait too long. Act immediately and patch things up.
The beauty with open source software like WordPress is that you get to receive upgrades almost immediately after a security report had been reported, or at least in a regular interval. Of course, it is equally ugly too because anyone who has knowledge about the problematic code can exploit the reported issue quickly too. It doesn\’t make closed software safer because there will be a limited number of developers working on a patch unlike open source — there are potentially hundreds or even thousands of contributors willing to fix the security hole immediately. But here is a catch — as an end-user, you have an obligation to update your own installation.
If you are lazy to update or you don\’t have the courage to mess around with codes or manually patch files, forget open-source and get a hosted service instead or hire a pro or someone who understands it more than you do. (Hire me?)
Commonly ignored part
The weakest link in security hardening is often the user. If you don\’t change your thinking about your blog security, you\’ll end up regretting it.
Do not forget to back-up. I repeat: DO NOT forget to back-up!
WordPress security tools are there to remind you that you cannot bullet-proof security. Even the WordPress plugin \”Bulletproof security\” is not so bullet-proof. It gets update from time to time because it has security flaws too. You always have to check the security status regularly and act quickly to prevent disaster from happening.
Remember: Security is not set-it-and-forget-it.
Server and Network-Level Security
This is not commonly discussed in WordPress blog security but as you add more layer of security, there is a bigger chance that you\’ll survive or prevent an attack.
Take CloudFlare as example. It is a free service that could remedy several security problems with websites and blogs on a network level; however, it is not a one-fits all solution.
You still have to update your operating system! Yes, many people have switched to the cloud but even if you are hosted in the cloud there are still components that needs to be updated because you cannot run a website without an operating system such as Linux and Windows.
WordPress has a long list of FAQ when your WordPress blog get compromised. It is not only applicable for WordPress blogs only. Most of the tips there are also good for other online software that was hacked.
You have to stay calm to be able to deal with this situation. The first step before you respond to any security incident is to calm yourself down to make sure you do not commit any mistakes. We are serious about it.
For me, the most important tip listed in the list is to keep your calm. Panicking usually results to more disastrous result. If you back-up regularly and you keep your back-up files safe you can recover almost instantly. Hopefully you learn a lesson or two from the bad experience and do not repeat the same mistake again.
Photo credit to ndanger