Bloggiesta buttonI worked through the list at the bottom of Kim’s post on Sophisticated Dorkiness about site security: PSA: The Story of My Hacked Blog.

 I backed up my blog on Thursday night before Bloggiesta. Which is a good habit, but it needs to happen more than twice a year. I do it in two ways.

First, my husband uses FileZilla to back up all the files on my website to a large hard drive on our workstation. That hard drive gets backed up onto an external drive automatically. We have a safe deposit box at the bank (a great cheap form of offsite storage) and we occasionally take the external hard drive over to the bank to swap it for the one that’s in the safe deposit box.

Second and even easier, I use the Export function in WordPress to export my posts and pages to my laptop. That only takes a minute.

So, that’s all good but needs to happen more often.

Today, I updated WordPress and the two plugins that had updates. One of the plugin updates did not go smoothly. This would be one of the reasons that I resist updating — I’d say roughly a third of the time, something goes wrong. But, given the security risks of not keeping things updated, that’s really no excuse. My mantra needs to be: “Update. Deal with the problems.” In this case, it wasn’t that difficult — I had to manually enter my UA for the Google Analytics plugin because the automatic method didn’t work.

Updating, like backing up, needs to happen more often, too.

We went on a password changing frenzy over the summer, before and after our international trip. Something about traveling awakens security issues — we’re also working on our estate plan and our lawyer says we aren’t the only ones to suddenly want our paperwork in order around the time of a big trip. We’re traveling enough now that I can milk that instinct — change passwords as part of my trip planning process.

Kim suggested running a web site scan for security that is available at Sucuri Security. I did that and it was clean. This made me happy for two reasons. One, yay my site is clean! And, two, as the scan was running, I was thinking that an unscrupulous company would report that my website wasn’t clean, just to get me to pay the 90 bucks a year to get them to clean it for me. Since they reported it was clean, I now believe that Sucuri has scruples and, if I do have a problem, or just want to quit worrying about having a problem, that’s a site I would trust.

cover of Head First WordPress by Jeff SiartoThis is turning into enough things that I made an Evernote note with a list of things to do every time there is an update available for WordPress or any of my plugins:

  • Have Rick back up my site with FileZilla
  • Use the Export function to back up my posts and pages onto my laptop
  •  Perform the updates
  •  Run the security scan at Sucuri: http://sucuri.net/

I skimmed the security section in my WordPress book, Head First WordPress by Jeff Siarto, and I’m happy with what I’ve done. There are a few more things that could be tackled, but I’ll stop here for now.

What do you do to keep your website secure? Is there something I missed that you would suggest?

Signature of Joy Weese Moll


Comments

Web Site Security — A Bloggiesta Chore — 5 Comments

  1. I paid extra for a back-up service when I switched to self-hosting WordPress today, because I know I don’t back up faithfully, and I would hate to lose even a single precious post or comment! I don’t know anything about site security, but that’s going to have to wait till the next Bloggiesta!

  2. Pingback: Bloggiesta Finish Line | Joy's Book Blog

  3. That’s exactly the reason I resisted backups. I never seem to set aside the time I’d need if something goes wrong, so I avoid doing it just in case. But clearly that’s a bad plan.

    I didn’t mention this in my PSA, but another reason I did go with Sucuri was because I felt like they were reputable with their testing service. When I plugged my URL into the site after I’d sort of fixed the hack, it came back clean (since I’d gotten at least part of it fixed). It didn’t come back with a problem until my site had clearly been compromised again. I’ve been really happy with their service, and think in the long run it will be well worth the investment.

Leave a Reply to Kim (Sophisticated Dorkiness) Cancel reply

Your email address will not be published. Required fields are marked *