Internet Attacks – Secure and Protect Your Blog Against Hackers

Wordpress Plugins to Secure Your Blog Against Internet Attacks

“It’s a jungle out there my son!” I am reminded about Dustin Hoffman’s line in “Hero” every single day! It is truly a jungle out there on the internet, with predators ready to launch deadly attacks on their preys. Who are the predators? Hackers, sitting in front of their laptops somewhere in China, Turkey or even Florida, engaging internet attacks and using tools built to break into websites and gain control over someone’s hard work. This leads to the more important question: who is the prey? The answer is chilling: YOU. Your WordPress blog is the probable victim, with all the content you worked so hard to create and promote.

As an  independent fashion blogger I have been blessed enough to work with a small but great social media marketing agency which helps me maintain Style Strand Fashion, my WordPress blog. This boutique agency provides me with daily reports about the traffic on my blog, where the traffic comes from, keywords people use to find my blog and many other useful insights. But what stood out from the crowd were the details about hackers and their efforts to break into my WordPress blog. I was astonished to find out that every single day at least four different hackers engage tools and strategies meant to break in and take control over my WordPress blog. Most of the hackers live and launch their internet attacks from countries well known for their lax legislation against these type of activities, like China or Turkey, but guess what? I found many hacking efforts coming from Florida! It’s usually not nice to point out fingers, but in this case I feel I have a duty on disclosing details that might help us, hard working, honest bloggers to learn more about the “bad guys” and secure our WordPress blogs.

Emanuela Neculai - No Trespassing - Website Security

Always concerned with my website security

There are two things you can do to protect your WordPress blog against internet attacks. Always make sure you have the latest WordPress platform and plugins, and install specialized tools built to protect your blog against internet attacks. Let me detail for you each of these two strategies and explain why you need to use them both at the same time, otherwise they won’t work well.

  1. If you work on a windows system or own an iPhone or iPad you are probably sick of the multitude of updates you have to run on these devices. Every time I have to run an update I have mixed feelings. On one hand I am happy I am improving my system, but on the other hand I cannot help but think of the issues that required an update and the fact that the one I am just installing will eventually need an update, too. That means we are never using a perfect software platform, plugin, or app. There is probably no such thing as a perfect software anyway. The only good thing of all this updating process is that with every update we end up with an improved application that works a little better and blocks more ways hackers can use to break in. So updating the plugins you have installed on your blog is an important step in keeping hackers away. It is not enough though, since there might still be coding issues that weakens them which hopefully will be addressed in a future update. So what can you do in the meantime? You can implement the second step I recommend in this article…
  2. Use specialized plugins, built specifically to protect your blog from internet attacks. I have personally done this and it worked very well so far. I know, this step presents a challenge: it is a little too technical. This is why it is always a good idea to rely on technical expertise from someone knowledgeable. You can’t be Jack of all trades so it’s always better to stick to what you’re good at: writing. Make sure you get on your team someone who knows computers and internet. It may be a friend or relative willing to help you out or it may be someone you pay. But these are money well spent. After all, how much sense does it make to invest a lot of time and hard work into building a great blog that you lose to a hacker in Turkey, or even worse, in Florida? Time is money so it makes perfect sense to invest a little more in protecting your valuable asset!

Here are the plugins I use on my blog. I want to share them with you so you end up at the end of this article with practical knowledge you can put to work right away. I always believed that we fellow bloggers have to stick together, help each other and build a better reputation for us. So here are the plugins I use:

  • Better WP Security – will hide the places your blog’s vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc. One of the features I love and proved extremely helpful against internet attacks was the fact that Better WP Security is able to rename the admin account. That means the classic login to your blog admin interface is no longer at the address hackers know, it is moved to a link only you know. You can choose whatever address you want, just make sure it is not too easy to be found and you remember it. This plugin is also able to detect most of the attacks and block them. If someone tries too many times (for example more than three times, you can set this number yourself) to log in unsuccessfully that person is blocked for a specific amount of time. So the hacker can go to sleep, his effort lead him to be banned from your website. Good riddance! Here is a snapshot of Better WP Security’s dashboard. The text in green shows the aspects related to security that have been successfully implemented. As you can see, this plug in is able to take care of a lot of things, thus strongly securing the blog:
Better WP Security Plugin Dashboard

Better WP Security Plugin Dashboard

  • Wordfence – includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. This is the only security plugin that can verify and repair the original code of your WordPress platform, theme and plugin files, even if you don’t have backups. This doesn’t mean you should forget about creating backups of your blog regularly. It just means that if you accidentally mess things up on your blog, or if a hacker managed somehow to break in, this plugin can save you a lot of headache by restoring the original files. Since many internet attacks come from people using networks of other organizations (college campuses, libraries, etc) one great feature of this plugin is that is able to identify the network and even notify the network administrator of that network about the attack. This should allow the admins to trace the hacking activity and even (hopefully) identify the person. This plugin can also show you live details of the traffic on your blog (yes, I know, Wow!) and let you know which geographic area internet attacks originated from. Here is a snapshot of Wordfence showing the live traffic generated by humans only (search engine traffic and other so called “bots” are filtered out):
Wordfence Plugin Livesite Snapshot

Wordfence Plugin Livesite Snapshot

    And here is a snapshot of Wordfence’s scanning process:
Wordfence Plugin Scanning Snapshot

Wordfence Plugin Scanning Snapshot

  • Bad Behavior – keeps your blog free of link spam. Often times blogs are flooded with spam comments that include links to bad content. Google will eventually index those comments and downgrade your website’s reputation. Bad Behavior plugin acts as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. It does a great job because it is able not only to detect bad comments by itself, but it also communicates over the internet with well-maintained lists of spammers thus being able to filter and protect your blog very effectively. Here is a snapshot of Bad Behavior blocking a spammer on my blog:
Bad Behavior Plugin Snapshot

Bad Behavior Plugin Snapshot

Most WordPress attacks are a result of plugin vulnerabilities, weak passwords, and obsolete software. Always update the tools you are using on your blog and ask for help from someone knowledgeable to help you install and tweak the security plugins I have shared with you on this blog post. You can learn more about WordPress on WordPress Codex, the online manual for WordPress and a living repository for WordPress information and documentation. Let’s join forces to protect our blogs from hackers and make their life miserable. Feel free to comment and share any other great security plugins you are using so we all benefit and secure our blogs against internet attacks.

Disclosure: this blog post has been written with (technical) help from my social media marketing agency.

About 

Emanuela Neculai is a fashionista with European background, currently living in Myrtle Beach, South Carolina, USA. As a teenager Emanuela has been influenced by the Eastern European culture and fashion trends. The European elegant style has left a strong mark on her taste and preferences. Follow Emanuela on Google+

    Find more about me on:
  • googleplus
  • facebook
  • pinterest
  • twitter
  • youtube

Trackbacks

  1. […] Emanuela shares her tips on how to keep your site safe from hackers over on her blog, Style Strand Fashion! […]

Leave a Reply