Do you want to build a stronger brand? Have you been blogging for a while and are planning to monetize? Do you want more control over the design and functionality? It is time to move to a self-hosted blog. But that comes with its own challenges. Security ranking at the very top.
As you already may be aware, I am a design professional with 25+ years of experience working with brands to launch their products and services. Graphic and website design along with web management play a key role in it. Moreover, I have been working on WordPress since 2005. I know it at the back of my hand and consider myself quite an expert on it.
As I complete four years of Bohemian Bibliophile in April, by popular demand, I am launching a new section beyond books – Blogging 101. Where I will be sharing tips and best practices on the tech of blogging – design, WordPress, SEO, and some case studies as well.
Does blog/website tech confuse you? It may seem daunting and overwhelming. But trust me, it is not complicated. And it always helps to arm yourself with knowledge.
Securing a Self-hosted WordPress Blog
I begin the Blogging 101 series with one of the most important questions I am often asked. How do I keep my blog secure? Targeted at both novice and veteran bloggers, I share some best practices that I swear by. You don’t need to have programming knowledge. It does not include lines of code but goes a long way to keep your blog secure. If you have a self-hosted WordPress blog or planning to move to one, make sure you run the checklist to ensure there are no unwanted surprises.
Choose a Secure Hosting Provider
The first line of defense in keeping your website secure is to choose a secure hosting provider. NEVER skimp on this as it could make or break your blog.
Unlike dedicated servers, malware infection can arise from the servers too in shared hosts. Look for a hosting service with robust security measures (strong defenses against cyber attacks, restricted physical access to servers, 24/7 server monitoring, and regular malware scans), reliable uptime, regular backups, and above all, good customer service.
Install an SSL Certificate
Irrespective of whether you are selling products or services on your blog or not, HTTPS is imperative to encrypt the connection between the blog and your reader.
Most hosting providers include an SSL certificate in the hosting package. If not, it makes sense to purchase one. Not just for a secure website but SEO purposes too. HTTPS is a ranking signal for Google as it does not rank unsecured websites well. Some tools such as Tailwind do not activate additional features such as ingredient lists for Pinterest unless the blog is HTTPS secured.
TL;DR: Get that SSL certificate!
Use a Robust Security Plugin
A robust security plugin is essential for your self-hosted blog. It is designed to protect from malicious attacks, such as malware, ransomware, and other forms of cyber attack.
But all plugins are not created equal. You need a plugin that supports the latest security measures. Pick one that also includes malware scanning, two-factor authentication, IP address blocking, and limiting login attempts. Invest some time in research to pick the one that works best for you. Wordfence, iThemes Security, and Sucuri are some of the popular ones.
Enable Two-Factor Authentication
Blog, Instagram, YouTube, or even email. Two-factor authentication is given to keep your accounts secure. It adds an added layer of security. Even if your password is compromised, it makes it quite difficult for the hacker to access your account.
Most security plugins include two-factor authentication or 2FA as it is popularly called. Be sure you enable it when you go self-hosted to keep the hackers out.
Never use “admin” Username
One of the laziest oversight that is the number one reason for hacked blogs is the use of “admin” username. It is the default one set up when WordPress is installed along with ID 1. Needless to say, it is equally easy to break.
Never use the “admin” username. Instead, use a complicated, preferably mixed-case alphanumeric username. You can always update to a simpler and branded “display name” to show up as an author for your blog posts. The same applies to passwords. Do not ever use common passwords such as QWERTY or 12345, anywhere.
It is essential to use strong passwords for all accounts associated with your blog too – blog platform, hosting provider, and any administrative accounts. But it does not end there. Regularly update your passwords, and if possible, WordPress usernames as well.
Install Trusted Plugins Only
There are hundreds of plugins out there for every blogging task under the sun. As tempting as they might appear, if you can manage a task without automating it with a plugin, always opt for it. Too many plugins end up bloating the site and slow it down. Moreover, every plugin increases the security risk.
Always download WordPress plugins from the WordPress repository or trusted sources. WordPress weeds out insecure plugins and flags outdated ones in its repository. Other trusted sources include Envato Market (ThemeForest & CodeCanyon). Avoid picking free plugins outside the repository since they are often laced with malware.
Keep Software Up-to-date
No level of security can be effective if the blogging software is not up to date. Apart from feature updates, they often include security patches that protect from vulnerabilities and hacking attempts.
Assign a time slot or two a week to update your plugins. For WordPress updates, it is industry standard to wait at least a day to avoid surprises since the current plugins may not be compatible with the new update. But do not wait more than a day to update WordPress. Keep that backup handy too if the blog goes down.
Constantly Monitor for Downtime
Imagine your blog is down and you are completely oblivious to it. Although downtime is not completely unavoidable, it pays to constantly monitor your blog for downtime. More so if it is due to a website attack.
Most security plugins include downtime monitor. Jetpack too includes it (Yes, Jetpack can be installed on a self-hosted blog and you can enjoy the features). Alternatively, you can use websites such as Uptime Robot to scan your blog every five minutes free of cost.
Backup, Backup, Backup
Always back up your blog. Depending on how often you post, it can be weekly, fortnightly, or monthly. Even if your hosting provider offers a daily backup, you should have a copy of the backup offline. This ensures you can quickly restore your blog in case of an attack.
“Security is a process, not a product.” – Bruce Schneier.
Let’s get real. The risk of a security breach cannot be completely eliminated. But with the right tools and knowledge, you can ensure a secure future for your blog. If you are a novice blogger or a veteran, invest some time learning the tech of blogging. Follow the best practices listed above to take control of your digital assets. Don’t let the fear of potential threats stop you from monetizing your blog and curb your blogging ambitions.
Got any questions or have a tech/SEO issue that is your Achilles heel? Do leave a comment below. I will get to it as soon as I can.