Make Money from Blogs » Free

Do a backup of your WordPress DB using a plugin

ashish — Sat, 05 Dec 2009 19:31:08 +0000

You spend a lot of time on your WordPress Blog, lavish care, love and affection and a good supply of tender articles, and through this hard work, you find that the number of readers of your blog is increasing. This only encourages you to ensure that you are spending the regular time required, as well as searching for more ways to ensure that your blog gets promoted even more. Have you ever spent the time to consider whether your blog contents are secure (not in terms of hack-proof, although you need to do that; this post is more in terms of having a good backup).
If you consider the normal user who has got WordPress installed on a shared server with a standard hosting service, their server hosts a large number of other users as well, and there is always the risk that a virus brings down the machine, or there is some physical malfunction, and then you stop to consider that all your data is gone. But what can you do ? You need to ensure that your wordpress table contents are available with you in the form of a regular backup; now you can do that through your hosting service, since they provide an option to do a backup when you want.
However, consider the use of this Plugin that gives you a variety of ways of getting the backup in your hands, including the convenience of getting it via email. The plugin is called “WordPress Database Backup” and is available at this location (link). Features:

Select how you’d like the backup to be delivered:
Save to server : this will create a file in /wp-content/backup-*/ for you to retreive later
Download to your computer : this will send the backup file to your browser to be downloaded
Email : this will email the backup file to the address you specify
Click “Backup!” and your database backup will be delivered to you.

WordPress security tips (part 9) – Plugins to secure your blog

ashish — Thu, 03 Dec 2009 14:22:53 +0000

In continuation of an earlier series of posts towards making your WordPress installation more secure, here are some more plugins and steps to increase the security of your WordPress installation. An important plugin that can help in ensuring that you are able to detect the security leaks in your WordPress installation is called “WordPress scanner”.

WordPress scanner (learn more at this link).
Running it is fairly simple, you have to move a plugin to your plugins directory and activate it. The plugin will add a link to your WordPress template. Once you are done, you need to disable the plugin (and be sure to do so). Once you have activated the plugin, you need to go to the wpscan page (link) and enter your blog details.

In addition to plugins, you need to evaluate the following.
- Check with your web hosts about whether directory browsing is allowed by default, if no index.html file is present. A lot of hosts have turned that off by default, but if it is on, then you should add an index.html file in your plugins directory; you don’t want people to know which plugins you are using
- Keep your WordPress installation updated, and one way to do the automatically is by using the “WordPress Automatic Upgrade plugin” (link) – Also, WordPress 2.7 onwards has an integrated update feature which you should use.
- Check for the security levels on your Forms / Comments input page. Use a more secure mailer for WordPress (Secure Form Mailer Plugin For WordPress)
- Don’t use plugins without reading a bit more about them. Plugins are made with the best of intentions, but it is quite possible that a plugin can lead to a security hole.

WordPress security tips (part 8) – Plugins to secure your blog

ashish — Sun, 29 Nov 2009 15:14:23 +0000

In continuance of an exploration of a series of articles that explore how to increase the security level of your WordPress blog, I will be presenting information on 2 more plugins in this post. These deal with increasing the security level of the Admin section of your blog (very important) through the use of SSL; this increases the security of the connection between your client and the Admin section of your blog by adding a higher level of encryption for the transmission of information (thus ensuring that it is more difficult to intercept this password).

Admin SSL:
This plugin enhances the security level of the admin and wordpress login pages. Read more at this link.

- Supports All SSL Setups (Private and Shared)
- Encrypts cookie contents
- Compatible with all versions of PHP 4 and 5
- Easy to install (1 file uploaded)

Force SSL Plugin:
This plugin ensures a much higher level of security for your entire blog, forcing your users to use SSL. However, you will need to get a certificate for your blog, and that can be somewhat expensive, from a 3rd party certificate provider. This method ensures that your interaction between the client and the server is free of interception.

WordPress security tips (part 7) – Plugins to secure your blog

ashish — Sun, 29 Nov 2009 14:30:38 +0000

In the search to find more ways to secure your WordPress blog, using Plugins to ensure that you can increase the security level of your blog should form an important part of your strategy. These plugins can help in working through various needs that you may have, whether it is for fixing some flaws you have, and or even when you provide premium content, and are looking for a way to ensure that only those users who are paying customers get a chance to view these entries.
For ensuring only premium customers can view content: “Authenticated WordPress Plugin”
Read more about this content at this location (link).

This WordPress plugin (tested on 1.5.x & 2.0) will make your blog accessible only to logged in users. A must-have for paid-content publishers and privacy concerned bloggers. This is a simple zero configuration plugin. It allows you to view any content, if and only if you are logged in. No configuration is required. Just activating the plugin is all you need to do and if you followed the installation steps above then you have already done that.

As part of a higher level of security, it is also important to know which of your files allow applications to write to them, even if it is only WordPress that can write to these files. For this purpose, you should know which of your files are writable, and which of your files are totally locked down. But how will you know this until you do a scan of your files. And for this purpose, you have a File Scanner called “WP Security Scan” (learn more)

Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security
-removes WP Generator META tag from core code

WordPress security tips (part 5) – Plugins to secure your blog

ashish — Thu, 26 Nov 2009 14:14:29 +0000

There is a huge amount of information available on the internet for helping to secure your WordPress blogs, including using plugins that have been shared by helpful people. What is required is for you to be vigilant, read up current WordPress security issues, and keep your blog updated to the latest WordPress version.

Limit Login Attempts Plugin:
Wordpress currently allows anybody to attempt trying to login multiple number of times, and this can be seen as a problem in terms of security. Major ecommerce, banking and other such sites have restrictions that accounts get locked if people try to use a wrong combination of account ID and password, and this is very useful since it prevents people from trying to do a brute force attack. However, with WordPress not having such a restriction, it becomes difficult to prevent this type of attack if somebody is trying to attack you. However, there is a Plugin that allows you to restrict the number of login attempts. This is the “Limit Login Attempts” plugin available at this location (link).

Features
- Limit the number of retry attempts when logging in (for each IP). Fully customizable
- (WordPress 2.7+) Limit the number of attempts to log in using auth cookies in same way
- Informs user about remaining retries or lockout time on login page
- Optional logging, optional email notification
- Handles server behind reverse proxy

Semisecure Login Reimagined Plugin:
This plugin needs JavaScript to work, and if JavaScript is enabled, it will encrypt the password from the client end before it is sent to the server, and is then decrypted at the server end. If no JavaScript, then the password is sent in clear text. Available on this site (link)

Is this really secure?
Short answer: No, but it’s better than nothing.
Without SSL, you’re going to be susceptible to replay attacks/session hijacking no matter what. What this means is that if someone is able to guess or learn the session ID of a logged-in user (which would be trivial to do in an unprotected wireless network), then essentially they could do anything to your WordPress site by masquerading as that user. The point of this is to prevent your password from being transmitted in the “clear.” If someone is in a position where they can learn your session ID, under normal circumstances, they’d also be able to learn your password. The proper use of this plugin removes that possibility.