by Nick Dalton
Online forums have been swamped with stories of blogs being broken into and then blocked by Google for spreading badware. You should always adhere to these WordPress security tips to avoid your blog being hacked and having to face that kind of situation.
Update to the latest secure version
Every piece of software has its own problems and weaknesses. Be diligent about
always updating to the most recent "known secure" version. In this instance, you
will want version 2.3.3 of WordPress.
Since WordPress gives plugins and themes full access to your blog, you also need
to keep your plugins up-to-date. With the latest 2.3 series of WordPress you are
notified in the admin screen when the plugins that you have installed are
released in new versions.
Any plugins that are not being used, should be removed or disabled
If you're like most bloggers, you've installed and tried out several different
themes on your blog. And you very likely have several plugins installed that you
don't use.
Every single piece of unwanted software may provide a new vulnerability. Since
no one is using them, why waste the energy to take these packages to the latest
version? Get rid of the software, eliminate all associated files and be done
with the trouble.
The final step is among the most significant. Eliminate unnecessary
installations. Remember that everything you've installed lands in standard
locations. A hacker can simply search your site, and take advantage of known
holes. It is irrelevant that you are not using the package.
Only download and install trusted code
Just like you shouldn't click on email attachments coming from people you don't
trust, you shouldn't install software on your blog from untrusted sources. Only
download code from the authors' web site.
Most WordPress themes and plugins have been made an open source, which has made
it possible for people to change the code just to be spiteful and insert badware
for unknowing internet users to download.
Don't be the guinea pig for the latest plugins. Take a cautious approach and
wait until you see a plugin being used by many other trusted bloggers.
Avoid any JavaScript includes
A lot of web analytics services and advertising networks have a requirement that
you add JavaScript to your blog, which frequently comes in the form of a
JavaScript include. This gives the JavaScript authors an almost wholesale
permission to change your web page. Essentially, you must trust your Web site's
security to the third-party service.
With regard to Google AdSense, Google Analytics, or other respected advertising
networks and web analytics services, you shouldn't be concerned. However, if a
relatively new firm asks to put JavaScript on your web site, you should quickly
run the other way.
Ad networks also pose another problem if you don't have control over who is
allowed to advertise on your network. Google applies the guilt by association
principle: If you are advertising for a site that has badware on it, your site
may be blacklisted too.
The Digital Security Report
is a step by step guide to protecting your digital products. For this, and more
articles about
WordPress security and
Internet business and blogging in general go to Nick Dalton's blog at
TipsTricksToolsTechniques.com. Contact the Author
Nick Dalton
More Details about
wordpress here.
