• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Women's Legacy Project
  • Home
  • About
  • How To Curate
  • Our Collective Legacy
  • Writing Online Memoir
  • Blog
Women's Legacy Project > Blog > CREATE > Blogging & Writing > Vigilance Is Your Best Security Option When Using WordPress

Vigilance Is Your Best Security Option When Using WordPress

Written by: womenslegacy
Published: April 25, 2012 -- Last Modified: April 25, 2012
6 Comments

V is for Vigilant

vigilant |ˈvijələnt|
adjective
keeping careful watch for possible danger or difficulties

Yesterday I began talking about security through the routine installation of upgrades.  This is probably the biggest single thing you can do to secure your self-hosted WordPress site.  You need to be vigilant about upgrades to any software you use or have loaded on your computer, host, and mobile devices.
Upgrade WordPress to the current version. Why?  Because these new versions have bug fixes and close security gaps.  Most malware that can get onto or into your site comes through holes that bad guys have previously used.  Of course there is always the time period between when a problem is discovered and when it gets fixed, and maybe there is nothing you can do during that time period.  But after the fix is available you need to take advantage of it.  If you don’t, a bad guy will sniff out your vulnerability and exploit it.  You might as well be playing the poor damsel in distress and broadcasting, “Yoo hoo, hackers, come on over and f*** my site.”
When you log in to your WordPress dashboard, you should see a notification if there is a new version of WordPress available.  If there is a newer version than the one you are using, you need to do a site or blog backup and then install the newest version.  The current version as of this writing is 3.3.2 that was released on April 20th, 2012.  There is another planned update on May 9th, 2012.  How do I know this? Besides my brilliance and psi powers (Not!) there is a WordPress page that tells you all the release info in a nutshell:  http://codex.wordpress.org/WordPress_Versions
Do backup your site first though, before you upgrade.  If there is something incompatible on your site upgrades can “break.”  It does not happen often, but it can happen.  The most likely cause of an upgrade breaking something, according to what I’ve been told by trusted, informed guru-ish and nerdy sources is that incompatible plug-ins will not work and play nicely with the new code in the upgrade.
So how do you take care of that mess and prevent it from happening if at all possible.  Plug-ins have upgrades too.  Use only trusted, absolutely necessary to your purposes plug-ins.  Plug-ins add some sort of functionality to a program that you use.  In this case it is WordPress.  Before you install any plug-ins, do your homework.  You wouldn’t put just anyone’s doo-whichy into your doo-whatchy would you?  Well, don’t do it with your computers, laptops, notebooks, iPads and mobile devices either!  Geesh, it is just basic hygiene!
The best plug-ins don’t just do neato-keen things, they save you heartache from unwanted gifts that keep on giving, just like in the biological world.  Akismet is my favorite plug-in that protects me from spam.  It acts as a trap and catches comments that have some of the characteristics of spam.  Even if you have clicked the Settings – Discussion options to have visitors leave a name and email and have a previously approved comment before you automatically allow comments, which is one thing that regular visitors and comment givers really like, bad guys and gals who are trolling for click-throughs or access to lesser secured areas of your site, may seem like sincere comment leavers at first.  They are just waiting for you to let your guard down and then they will spam you with viagra ads or tempt you with wonderful sounding offers (often about security) but Akismet catches these and holds them for you to evaluate.  At first glance nothing seems unusual in this real example of a spam comment:

I really like what you’ve done with the thmeme but I was asking myself if you are the one that created it or you just bought it and customized it?

This was a gateway spam comment.  No links in it, but if I allowed this comment by the author there would have been another post that wasn’t captured through the discussion settings and then the spam would have hit.  So how did I know it wasn’t real?  Well for one thing saying nice things about your site is a standard way to try to gain trust through flattery.  But I have WordPress and Elegant Themes links at the bottom of my pages so anyone actually interested in my changes would have said something more  in depth.  That and I checked the email address of the poster and it ended in .ro.  Not that many people in Romania read my blog, and lots of attacks originate in the Eastern Bloc and former USSR states, so I will block those IP addresses that have sent spam.  Often the originating site of the spam is only up and live for a day or two.  That is how these hackers work.  Akismet gets most of these and every few days, ideally every day,  I check my Akismet spam folder and allow real posts from recognized readers through.  Better safe than sorry.
So yes you have to update your plug-ins too.  New versions of plug-ins most often fix holes just like with your platform. They are also noted on your WordPress dashboard.
This is such a huge and not fun to think about topic that I totally understand why lots of bloggers just don’t want to think about all the details involved in security.  But like anything else in life, just work it into your routine and eventually it becomes second nature.
That is probably enough to leave your head spinning, so I will end this post.  There are another few areas of basic site security that I want to make sure my readers know about, so there will be another installment in this “series” of posts.  I want to talk about theme updates, some other easy fixes that minimize your risks, and I want to share a bunch of web resources at which you might want to take a look.
 
 

Categories: Blogging & Writing, Information and TechTags: april a to z blog challenge, blog, comments, GBE2, nablopomo, routine, security, spam, trolls, updates, versions, website, wordpress

Support Independent Bookstores - Visit IndieBound.org
Previous Post: « Updates: Basics of How and Why to Do Blog Software Updates
Next Post: W is for WordPress (continued) Widgets and for Weekday Blogging in May »

Reader Interactions

Comments

  1. Kathy

    April 25, 2012 at 3:48 pm

    Interesting, I have a blogger website. I wonder if blogger has a similar feature for backing up.
    Kathy
    http://gigglingtruckerswife.blogspot.com

    Reply
    • Nancy

      April 25, 2012 at 6:59 pm

      I will talk about backup techniques on blogspot when I write tomorrow or the next day’s posts. And I will have them fit the a to z theme too, somehow! 🙂

      Reply
  2. Beverly Diehl

    April 25, 2012 at 9:00 pm

    Likewise, good tips even if my blog’s on a different platform. The one thing I do is always upgrade to the latest version of my Norton A-V and any other software.

    Reply
    • Nancy

      April 25, 2012 at 9:24 pm

      Updates really do give you the most security for very little effort. Glad you found it useful.

      Reply
  3. k~

    April 25, 2012 at 9:26 pm

    I have both… and am curious about some of the processes with WP. I am much more familiar with Blogger.
    Great info!

    Reply
    • Nancy

      April 25, 2012 at 9:41 pm

      Do let me know if you have specific questions. If I know anything about the topic I might be able to write up something… Or can point you to an info source.
      And just to let you know, I’ve tried to leave comments on your blogger blog, good ones by the way, and had some problems doing so especially when I am on my iPad.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CommentLuv badgeShow more posts

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Footer

Recent Posts

  • Ending, and Beginning
  • For Our Daughters
  • Stand and Write
  • Context and Little Things
  • A Month is Just a Month… as Time Goes By
  • Processing Two Very Different Deaths
  • A Dehydrated and Delusional Friend Found Wandering in 100° Heat
  • About Women’s Legacy & Hill Research
  • Privacy Policy and Terms of Use

Archives

Powered by
  • Email
  • Facebook
  • Instagram
  • LinkedIn
  • Pinterest
  • Twitter
View my Flipboard Magazine.

© 2023, Nancy Hill, Women's Legacy Project of Hill Research Services, LLC

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT