Why You Should Worry About Your Blog Getting Hacked

It’s old news now but, last year, The Guardian, Netflix, CNN, and Reddit were taken offline in the largest Distributed Denial of Service (DDoS) attack in history, a simple but effective bit of cybercrime that overloads a service with data until it collapses. With hacking now an almost mundane occurrence, there’s an obvious question to ask – how does this affect me?

As a blogger, it’s easy to think that your website will slip under the radar of cybercriminals but, as DDoS tools can be loaned on black marketplaces (the above attack was done by an amateur and cost $7,500), the barriers for entry are falling – and it shows; ZDNet notes that 124,000 DDoS attacks occurred every week in 2016.

Cross-site Scripting

Granted, we only ever hear about cybercrime in the context of massive businesses but that’s because a DDoS attack on a small business or blog doesn’t make for interesting news, something which creates a false sense of security for both bloggers and small businesses alike.

Consider the following – if your blog makes any money or data loss would cause significant problems for your site, you need to protect it from DDoS attacks as well as concerns like SQL Injections and cross-site scripting (or “XSS”). The latter trick can install code on your blog that infects visitors’ computers, a good example of which is currently troubling Steam.

Unlike “hacktivists” (Anonymous, etc.), armchair criminals don’t always need a compelling reason to take sites offline; after all, the attack on The Guardian and Netflix was simply collateral damage from one person’s grudge against the PlayStation Network. So, with all the above in mind, here are just a few, quick security tips for savvy WordPress bloggers:

1. Find a Security Conscious Host

Your blog is much more vulnerable to attack if other websites on your host’s server are infected or hacked. Consequently, a secure host is your primary consideration when setting up a new domain. Look for hosts that have things like server-level firewalls, disk-write protection (to stop the embedding of malicious code), plugin screening, and a back-up policy. Dedicated, human, tech support is also a must.

2. Create a Disaster Recovery Plan

Disaster recovery is rapidly becoming an essential part of any business, sometimes constituting up to a quarter of IT budgets, according to Incapsula. A disaster recovery plan does exactly what the term suggests in ensuring that businesses prepare for every eventuality while taking steps to avoid negative scenarios. For instance, it may be pertinent for a company to outline a course of action in the event that a service provider loses connectivity or a computer room becomes unavailable.

3. Invest in Cloud Security

“Invest” is possibly the wrong word to use here as online security is an increasingly affordable option for website owners. Taking the form of web application firewalls (WAFs), cloud security acts as a “barrier” between an online service and malicious traffic, meaning that it can provide effective protection against DDoS attacks and SQL Injections. For websites handling transactions, WAFs can also assist with PCI DSS compliance.

4. Create a Backup

Backing up content, images, custom XML and CSS, as well as plugins is a great way to minimize downtime in the event of an attack. However, it can be a chore, especially if a website is more than a few months old. WordPress does give its users the option to download their blog wholesale (My Site > Settings > Export) but there are a number of third-party plugins that can expedite the process or create a backup in a preferred format.

Finally, reinforcing a blog against advanced threats is pointless if a website will yield to simple attacks like password-cracking software. It might sound counter-intuitive but the best passwords are the ones the user struggles to remember. Don’t underestimate the value of 2-factor authentication too, something WordPress has been offering for a number of years now.

 

How To Transfer A WordPress Site To A New Host Securely & Without Downtime

 

Source: http://www.bloggingpro.com/archives/2017/02/14/worry-blog-getting-hacked/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s