Search this Site:

Don’t Wait Until it’s Too Late – Protect Your Online Assets

July 6th, 2010 by Debra

Welcome to Masterful Marketing. This blog is for small business owners looking for marketing help and ideas. If you're new here, you may want to subscribe to my RSS feed. You can also subscribe via email by filling in the form to your left. Thanks for visiting!

Protect your brand and blogFor many of us in service based businesses, our knowledge is our main asset. When we write about what we know, in our blog, in an ebook or out on the social web, we share that asset with many people to help them out and to attract them to our businesses. In addition, many of us have spent a lot of time and money on our Web or blog design, creating a brand identity that projects how we want people to perceive us and our businesses. So when I read about how someone’s blog or website was hacked and they lost their content, their brand and are trying to recover these assets, it’s time for a reminder post on WordPress security to protect your online assets. It’s something we all can do ourselves. We just need to remember!

Tips for protecting your WordPress Website or Blog

First, keep a backup. Yes, there are plugins to back up the database, but for us less than technical folks, doing the following items can be a lifesaver and have you back online in a few hours. Create a folder called Website backup. In it keep a copy of:

  • Your most recent theme, uploads and plugins folders. You can manually transfer them to your local computer, but the WordPress Backup plugin does a really nice job of creating zip files that you can then transfer to your local desktop (there’s an email option but the files can get rather big). I’ve set it to create a backup weekly but if you are doing regular changes, you can set it to daily.
  • An export of all your content to a local file. WordPress provides an export feature under tools that enables you to export all content, including the SEO information from the All-in-One SEO or FV All-in-One SEO plugin, to an XML file that can be uploaded into a recreated blog.
  • Any folders you have for images, documents or media that is outside of the /wp-content/uploads/ area.
  • All modifications you made to the plugin css files (just in case you need to install a plugin from scratch although the backup plugin should have all the necessary files).

In the event of a major issue, you have everything in one place to rebuild the site quickly:

  • Re-install WordPress
  • Upload your theme
  • Upload your images, documents and other media
  • Upload the uploads directory
  • Upload your plugins
  • Import your content

Activate your theme and plugins, update the setup options (permalinks, search engines,  and test. Having all of this information saved locally is a quick insurance policy against something catastrophic happening to your site and its valuable content.

More WordPress Security Tips

  • Update your WordPress version in a timely manner. As long as you don’t touch the WordPress files (edit only theme files), upgrades are simple. Depending on your host, “one click upgrades” take seconds and work extremely well. You can also upgrade your WordPress version manually through the dashboard. I will do a manual upgrade on a test machine and wait until my hosting provider has the latest version available.
  • Add the following to your .htaccess file:

# Prevent directory listing

IndexIgnore *

# Protect .htaccess files

<Files .htaccess>
order allow,deny
deny from all
</Files>

# Protect wp-config.php

<FilesMatch ^wp-config.php$>
deny from all
</FilesMatch>

  • Reset all theme and plugin files back to read and execute only (755 for the property attributes) before you go live.
  • Research plugins and themes before you download and use them. Hackers will put out free themes and plugins that contain malicious code.
  • Remove the WordPress version from your theme. I know it says keep it for stats, but I’d rather not open any doors to hackers. Look for “<meta name=”generator” content=”WordPress <?php bloginfo(‘version’); ?>” />” and remove that line completely.
  • Create administrator accounts other than “admin” and choose strong passwords. Letting someone into your WordPress dashboard as an administrator can wreak havoc. I normally install WordPress with different administrator account names.

There is definitely a lot more you can do with plugins and more advanced security techniques and would love to hear from you. For other platforms, if someone is an expert in Blogger, Typepad or Expression Engine and has a security post, feel free to put a link to it in the comments section.

Don’t think it won’t happen to you because you’re new, have a small subscriber list or any other excuse. Remember, hackers will hack your site because they can.

Posted in Internet marketing | Permalink | 1 Comment »
Tags: , ,

Comments

Comment from Martina Jones
Time: August 24, 2010, 8:32 pm

Awesome and great tips for improving skills of WordPress Security…
Online Marketing
Martina Jones´s last blog ..Automotive Advertising Agencies Leverage Viral Marketing Through Social Media andMy ComLuv Profile

Share Your Opinions

CommentLuv Enabled





Marketing Plan Template

Get your free small business marketing plan template to help you develop that winning marketing plan. All fields are required.

Email

First Name

Last Name


About Debra

Debra Murphy - Marketing Coach and Trusted Marketing Advisor
View Debra Murphy's profile on LinkedIn Follow Debra on Twitter View Debra Murphy's profile on Facebook Review Debra Murphy's presentations on Slideshare Subscribe to Debra Murphy's Friendfeed

Debra is a small business marketing coach and trusted marketing advisor that specializes in online and social media marketing strategies. My passion for helping small business owners succeed is what drives me. I enjoy sharing knowledge, inspiring success and motivating business owners both individually and by speaking at events. Read more »

Client Testimonials

I referred a client of mine to Debra and the work that they did together was amazing. In a few short weeks she was able to help this client get clarity around his marketing needs and goals, implement new ideas and bring in new clients. I was confident in Debra's ability to handle this client professionally while still holding him accountable to do his side of the work. Through her skillful leadership, my expectations have been met, and the client is thrilled. I continue to refer Debra and her Masterful Marketing program with confidence on a regular basis.

Kate Hyland-Mercer
President
Business Concepts

Read More »

Categories

Clients

Lijit Search