Do you want to build a stronger brand? Have you been blogging for a while and are planning to monetize? Do you want more control over the design and functionality? It is time to move to a self-hosted blog. But that comes with its own challenges. Security ranking at the very top.
As you already may be aware, I am a design professional with 25+ years of experience working with brands to launch their products and services. Graphic and website design along with web management play a key role in it. Moreover, I have been working on WordPress since 2005. I know it at the back of my hand and consider myself quite an expert on it.
As I complete four years of Bohemian Bibliophile in April, by popular demand, I am launching a new section beyond books – Blogging 101. Where I will be sharing tips and best practices on the tech of blogging – design, WordPress, SEO, and some case studies as well.
Does blog/website tech confuse you? It may seem daunting and overwhelming. But trust me, it is not complicated. And it always helps to arm yourself with knowledge.
Securing a Self-hosted WordPress Blog
I begin the Blogging 101 series with one of the most important questions I am often asked. How do I keep my blog secure? Targeted at both novice and veteran bloggers, I share some best practices that I swear by. You don’t need to have programming knowledge. It does not include lines of code but goes a long way to keep your blog secure. If you have a self-hosted WordPress blog or planning to move to one, make sure you run the checklist to ensure there are no unwanted surprises.
Choose a Secure Hosting Provider
The first line of defense in keeping your website secure is to choose a secure hosting provider. NEVER skimp on this as it could make or break your blog.
Unlike dedicated servers, malware infection can arise from the servers too in shared hosts. Look for a hosting service with robust security measures (strong defenses against cyber attacks, restricted physical access to servers, 24/7 server monitoring, and regular malware scans), reliable uptime, regular backups, and above all, good customer service.
Install an SSL Certificate
Irrespective of whether you are selling products or services on your blog or not, HTTPS is imperative to encrypt the connection between the blog and your reader.
Most hosting providers include an SSL certificate in the hosting package. If not, it makes sense to purchase one. Not just for a secure website but SEO purposes too. HTTPS is a ranking signal for Google as it does not rank unsecured websites well. Some tools such as Tailwind do not activate additional features such as ingredient lists for Pinterest unless the blog is HTTPS secured.
TL;DR: Get that SSL certificate!
Use a Robust Security Plugin
A robust security plugin is essential for your self-hosted blog. It is designed to protect from malicious attacks, such as malware, ransomware, and other forms of cyber attack.
But all plugins are not created equal. You need a plugin that supports the latest security measures. Pick one that also includes malware scanning, two-factor authentication, IP address blocking, and limiting login attempts. Invest some time in research to pick the one that works best for you. Wordfence, iThemes Security, and Sucuri are some of the popular ones.
Enable Two-Factor Authentication
Blog, Instagram, YouTube, or even email. Two-factor authentication is given to keep your accounts secure. It adds an added layer of security. Even if your password is compromised, it makes it quite difficult for the hacker to access your account.
Most security plugins include two-factor authentication or 2FA as it is popularly called. Be sure you enable it when you go self-hosted to keep the hackers out.
Never use “admin” Username
One of the laziest oversight that is the number one reason for hacked blogs is the use of “admin” username. It is the default one set up when WordPress is installed along with ID 1. Needless to say, it is equally easy to break.
Never use the “admin” username. Instead, use a complicated, preferably mixed-case alphanumeric username. You can always update to a simpler and branded “display name” to show up as an author for your blog posts. The same applies to passwords. Do not ever use common passwords such as QWERTY or 12345, anywhere.
It is essential to use strong passwords for all accounts associated with your blog too – blog platform, hosting provider, and any administrative accounts. But it does not end there. Regularly update your passwords, and if possible, WordPress usernames as well.
Install Trusted Plugins Only
There are hundreds of plugins out there for every blogging task under the sun. As tempting as they might appear, if you can manage a task without automating it with a plugin, always opt for it. Too many plugins end up bloating the site and slow it down. Moreover, every plugin increases the security risk.
Always download WordPress plugins from the WordPress repository or trusted sources. WordPress weeds out insecure plugins and flags outdated ones in its repository. Other trusted sources include Envato Market (ThemeForest & CodeCanyon). Avoid picking free plugins outside the repository since they are often laced with malware.
Keep Software Up-to-date
No level of security can be effective if the blogging software is not up to date. Apart from feature updates, they often include security patches that protect from vulnerabilities and hacking attempts.
Assign a time slot or two a week to update your plugins. For WordPress updates, it is industry standard to wait at least a day to avoid surprises since the current plugins may not be compatible with the new update. But do not wait more than a day to update WordPress. Keep that backup handy too if the blog goes down.
Constantly Monitor for Downtime
Imagine your blog is down and you are completely oblivious to it. Although downtime is not completely unavoidable, it pays to constantly monitor your blog for downtime. More so if it is due to a website attack.
Most security plugins include downtime monitor. Jetpack too includes it (Yes, Jetpack can be installed on a self-hosted blog and you can enjoy the features). Alternatively, you can use websites such as Uptime Robot to scan your blog every five minutes free of cost.
Backup, Backup, Backup
Always back up your blog. Depending on how often you post, it can be weekly, fortnightly, or monthly. Even if your hosting provider offers a daily backup, you should have a copy of the backup offline. This ensures you can quickly restore your blog in case of an attack.
There are numerous plugins for end users that do not require tech know-how. Some popular ones that are easy to restore are Jetpack, UpdraftPlus, and Duplicator.
“Security is a process, not a product.” – Bruce Schneier.
Let’s get real. The risk of a security breach cannot be completely eliminated. But with the right tools and knowledge, you can ensure a secure future for your blog. If you are a novice blogger or a veteran, invest some time learning the tech of blogging. Follow the best practices listed above to take control of your digital assets. Don’t let the fear of potential threats stop you from monetizing your blog and curb your blogging ambitions.
Got any questions or have a tech/SEO issue that is your Achilles heel? Do leave a comment below. I will get to it as soon as I can.
This blog post is part of the blog challenge ‘Blogaberry Dazzle’ hosted by Cindy D’Silva and Noor Anand Chawla in collaboration with Bohemian Bibliophile.
March 31, 2023 @ 12:53 pm
Wow very important information. I should save this though I may keep asking you technical questions!
March 31, 2023 @ 1:51 pm
This is so informative post. I remember , recently my blog got hacked and i was terrified for the same. Then I contacted my hosting provider and they resolved the issue. So, what are the points you covered are very very useful.
April 2, 2023 @ 10:01 am
This post is like a gold mine for those who want start a self hosted wordpress blog. Useful information going to share it with someone who I know is looking to start 1.
March 31, 2023 @ 9:39 pm
Such a useful post, Ritu. As you can see, my blog needs self-hosting. Will contact you for help.
April 1, 2023 @ 10:37 am
These are great tips! I learned the value of two-way security when my Instagram account got hacked. I activated that on all my digital accounts then. And I need to get into the habit of backing up more often.
April 1, 2023 @ 7:22 pm
This article is very very helpful to me. You have explained the concepts so easily. Normally I get confused and sacred of words SSL and SEO and Plugin, but your explanation on how to use them for the safety of my blog adn your suggestions are very helpful. Thanks a lot!
April 1, 2023 @ 11:04 pm
Very very important topic. I AM bookmarking. Have lots of query Will Keep asking. It is really important to secure our blog. Thanks for information and helping hand.
April 2, 2023 @ 12:44 pm
Thank you for sharing these helpful tips for securing a self-hosted WordPress blog. As a blogger, I understand how crucial it is to keep our digital assets safe and secure. Your checklist is easy to follow, and I appreciate that it doesn’t require any coding skills. I will definitely be implementing these practices to ensure my blog stays protected. Thank you again for sharing your knowledge and expertise! Saving it.
April 2, 2023 @ 3:24 pm
I completely agree with the points you shared here in this post and I personally strictly follow after once my website got hacked. SSL certificate is something very very important which majority of the bloggers new comers and amateurs dont know. To few I also recommended but got some stupid reply like ” who is going the extra cost for having the SSL” …. I have no answers to such thought processes. But one thing I should accept is that what is important and what not for the health and security of the wordpress website /blog I learned from my techy hubby 🙂
April 2, 2023 @ 3:46 pm
Thank you for this series, Ritu. Although it all goes over my head. But once I am out of this depressive episode I will surely connect with you. I really need help. Tech talk is like taare zameen par for me. Hats off to you for successfully handling two blogs at a time.
April 2, 2023 @ 3:58 pm
I had too many questions and fears when I got a self-hosted website and have learned a lot on the way. Still learning. Will definitely ping you if I’m stuck with something. You’re an expert!
April 2, 2023 @ 3:59 pm
I wish I had read this a week ago! I just had to do the same and opted for Bluehost- they were really helpful with securing the site. I agree it’s so so essential to have a secure website and I am glad you are putting this info out there for other bloggers
April 2, 2023 @ 4:36 pm
I was just about thinking of shifting my domain n there comes your blog… m I lucky or what! Now I know whom to reach out to😊
Thank you for this treasure trove of info Ritu. It’s a little too technical for me right now but I m sure it is of great help once I switch to self hosting.
April 2, 2023 @ 4:40 pm
I am so happy you started this series. You have been planning to do this for a long time now. I understand a few things you have shared but I will leave the tech to you.
April 2, 2023 @ 5:36 pm
Bookmarked. This is extremely informative and I am looking forward to more in the Blogging series; just as I wait to read your book reviews and recommendations.
April 2, 2023 @ 6:02 pm
That seems to be a important read for self-hosted blogs. And security and having a check on downtime and backup are always a safe idea.
Vasumathi DS Ponday
April 2, 2023 @ 9:12 pm
Iam sure this blog will be useful to many Ritu. I myself have reached out to you for some insights in the past. Iam on WordPress only since 2020 and I have had some issues. By trial and error, I have managed to overcome some of them. There is loads to learn and explore.
April 2, 2023 @ 11:19 pm
This is really helpful. I started my blog on blogspot 10 yes back and then tried migrating to Wp after few years. However I found it to be complicated and then switched back to blogspot.
April 3, 2023 @ 6:47 am
Amazing tips for those who would want to indulge into the blogging world. While others may say that blogging is already dead, in reality, there’s still a lot more to share in blogs. Same as books, there would always be a reader for everything.
Noor Anand Chawla
April 29, 2023 @ 10:56 pm
Wow Ritu! I must admit, most of that went over my head, But I think I need to pay attention and secure my blog too.