I had intended this “W” post to be about weekday blogging as a variant of the daily blogging challenges that are popular with the more vociferous of bloggers. I started a series of articles on WordPress security and easy fixes with updates to various parts of blogs that use this publishing platform that is overlapping with my intention to write about the frequency of posting I will be doing May. I will just, for now, say that I will not be doing NaBloPoMo on BlogHer in May. Writing every single day is not a problem for me, but writing a publishable blog post every single day of the month can be problematic. I do like the structure and camaraderie that group writing challenges provide to me. I will be writing about the quandary in which this places me within a couple of days….
…so now for WordPress Security, part tres..
The basic and relatively easy security fixes for WordPress blogs covered so far have been version updates to the WordPress itself. Plug-in updates have also been covered. Themes should also be updated as new releases are made. If the creator of the theme you are using does not release updates, you need to find a new theme provider.
Software evolves over time to include new features and fixes. Themes that were created using prior versions of HTML to that of HTML 5 for example have to have API or plug-ins to adapt websites to mobile devices while HTML 5 has divided object tags to define various specific type of media that may be included such as video. If these things are not done then the them that defines how your website elements appear and mesh will show up as garbled mumbo jumbo on phones and other portable devices. Themes also have to co-evolve with the new versions of WordPress. The WordPress dashboard should let you know when a new version of your theme is available.
As promised, I am including links to other sites on some other security topics. These cover some of the other easy fixes for common security mistakes made by lots of people and exploited by lots of bad guys.
Passwords
This Mashable article lists the most commonly used passwords from 2011 as determined by hacker compromised accounts. Don’t use any of these or anything like them. It also suggests methods you can use to create secure passwords. User names are a lot like passwords. Don’t use “admin.”
Site Scans
Sucuri provides a free scan of your sites to let you know if you have been infected by malware. It also has a good blog that talks about current threats to WordPress from malware. This blog also posted a video of a security webinar that occured yesterday and that lasts for about an hour and a half if you have the time and interest. It is informative if you are new to WordPress, and maybe if you aren’t. I learned a few new things when I watched it.
Widgets
Prepackaged widgets can contain code that links to malware. Use widgets with caution and read about what can happen with javascript links in widgets in a Sucuri post from last year.
There are a ton of other things you can do to secure your self-hosted site, but I am not a security expert, at least not when it comes to WordPress, but as I learn more I will share. I do use noscript for my Firefox browser and I recommend it for folks who are not put off by having a few steps extra when you want to load a flash or javascript bit of code when you are on a site you trust and automatically block it on other sites. It stops a lot of malware.
Other Platforms
I don’t know a tremendous amount about other platforms, but I can share why I decided to move my blog from Blogger at blogspot.com to a self-hosted WordPress blog. And I will do so in another post; I will link it back here when I write it. In the meanwhile, here is a link to a Google post on security on blogger blogs for those readers who asked about their blogs on this other platform.