Make Money from Blogs » Security

Quick Security Checklist for Webmasters – from the Google Blog

ashish — Mon, 15 Feb 2010 16:54:25 +0000

For many people, getting content onto a web page is the most important part of developing traffic and ensuring that you increase the chances of earning revenue. However, consider that you need to ensure that your page remains on the internet, and does not get hacked, something that is happening with a higher frequency nowadays. But what can do you ? Well, you can find out more, learn about the steps you can take to increase the security level of your site, and you can read the information at this Google Help Page (link to article)

Check your server configuration.
Stay up-to-date with the latest software updates and patches.
Regularly keep an eye on your log files.
Check your site for common vulnerabilities.
Be wary of third-party content providers.
Try a Google site: search to see what’s indexed.
Use Google’s Webmaster Tools.
Use secure protocols.

Protecting your .htaccess file – a tutorial

ashish — Tue, 08 Dec 2009 18:35:53 +0000

For slightly more advanced users, securing your blog or web host is an important part of ensuring the security. However, people tend to quake when it comes to doing such operations, and there is a heightened sense of fear at making any changes that could end up corrupting your settings or otherwise tampering with the smooth operations of your server. And not everybody can afford to hire expensive consultants for helping in this regard. However, here is a tutorial that could help you understand more about what .htaccess does, and how do you tweak your settings (learn more). Some of the stuff you can learn in the article is:

This quick tutorial will provide you with an htaccess file that does the following:
1. Protects itself (security)
2. Turns the digital signature off (security)
3. Limits upload size (security)
4. Protects wp-config.php (security)
5. Gives access permission to all visitors with exceptions (security, usability)
6. Specifies custom error documents (usability)
7. Disables directory browsing (security)
8. Redirect old pages to new (optional)
9. Disables image hotlinking (bandwidth)
10. Enables PHP compression (bandwidth)
11. Sets the canonical or “standard” url for your site (seo, usability)

Once you get this done, you will have increased the security level of your site, as well as being able to handle visitors.

Learn more about hardening WordPress at Codex

ashish — Mon, 07 Dec 2009 19:14:50 +0000

As part of a security policy for your WordPress installation, you should learn about hardening of the installation. The Hardening WordPress page at the Codex (link) contains a lot of information about how to harden your installation, getting rid of security risks and making your blog more secure. The entire process is geared towards not only increasing the security of your WordPress, but also ensuring that you have a regular backup, as also to increase the number of security compartments in your installation such that even if you have a security breach, you are able to prevent the attacker from going through your entire installation.
The process starts with ensuring that the computer from which you operate your account remotely is secure, free from viruses and other security risks; that the host which runs your site can be trusted to deploy the latest patches and other such updates; using a more secure network connection to the admin section of your blog and being careful about where all you sit down to administer your network from; having a good and safe password; locking down your file permissions.
The page also explains about ensuring that your wp-admin folder is properly protected, including adding a second level of protection; it is also important to protect your wp-config file.

WordPress security tips (part 9) – Plugins to secure your blog

ashish — Thu, 03 Dec 2009 14:22:53 +0000

In continuation of an earlier series of posts towards making your WordPress installation more secure, here are some more plugins and steps to increase the security of your WordPress installation. An important plugin that can help in ensuring that you are able to detect the security leaks in your WordPress installation is called “WordPress scanner”.

WordPress scanner (learn more at this link).
Running it is fairly simple, you have to move a plugin to your plugins directory and activate it. The plugin will add a link to your WordPress template. Once you are done, you need to disable the plugin (and be sure to do so). Once you have activated the plugin, you need to go to the wpscan page (link) and enter your blog details.

In addition to plugins, you need to evaluate the following.
- Check with your web hosts about whether directory browsing is allowed by default, if no index.html file is present. A lot of hosts have turned that off by default, but if it is on, then you should add an index.html file in your plugins directory; you don’t want people to know which plugins you are using
- Keep your WordPress installation updated, and one way to do the automatically is by using the “WordPress Automatic Upgrade plugin” (link) – Also, WordPress 2.7 onwards has an integrated update feature which you should use.
- Check for the security levels on your Forms / Comments input page. Use a more secure mailer for WordPress (Secure Form Mailer Plugin For WordPress)
- Don’t use plugins without reading a bit more about them. Plugins are made with the best of intentions, but it is quite possible that a plugin can lead to a security hole.

WordPress security tips (part 8) – Plugins to secure your blog

ashish — Sun, 29 Nov 2009 15:14:23 +0000

In continuance of an exploration of a series of articles that explore how to increase the security level of your WordPress blog, I will be presenting information on 2 more plugins in this post. These deal with increasing the security level of the Admin section of your blog (very important) through the use of SSL; this increases the security of the connection between your client and the Admin section of your blog by adding a higher level of encryption for the transmission of information (thus ensuring that it is more difficult to intercept this password).

Admin SSL:
This plugin enhances the security level of the admin and wordpress login pages. Read more at this link.

- Supports All SSL Setups (Private and Shared)
- Encrypts cookie contents
- Compatible with all versions of PHP 4 and 5
- Easy to install (1 file uploaded)

Force SSL Plugin:
This plugin ensures a much higher level of security for your entire blog, forcing your users to use SSL. However, you will need to get a certificate for your blog, and that can be somewhat expensive, from a 3rd party certificate provider. This method ensures that your interaction between the client and the server is free of interception.