Safeguard Against Spammers & Hackers Using WordPress
This morning I thought I’d do a quick article on Blog Security & how to safeguard your Wordpress blog against the ever present danger & annoyance of spammers & hackers.
Obviously this is mainly going to be applicable to those of you using Wordpress & have a self hosted blog, having said that, there will be some aspects of this post that will be applicable to all. Unfortunately it is impractical for me to try all the different blogging software available today, however the points raised about security are equally valid to all.
Overall Security
I cannot emphasize enough, the importance of good security, not just with your Blog, but your computer also. I mean what is the point in having a fortress around your blog, if you then accidentaly upload a virus infected file ! Therefore please do not rely on free software when it comes to protecting your computer system & blog, yes they will work most of the time, but it only has to fail once to wipe out your entire system. Hmmm point taken I hope..?
Now I don’t know what value you place on your Blog, or the many hours of work you have put in creating it, writing articles to fill it, resizing and uploading images etc..?, but I do know how much I value mine ! Therefore providing good quality anti-virus & anti-spyware is, for me anyway, a number one priority. It’s all well and good taking regular backups of your blog & database, but what happens when you get a virus or spyware infection on your computer & it ends up having to be formatted in order to get rid of the problem..? Believe me this does happen, I have worked with computers for over 24 years and have seen this happen over & over again.
Tips
1. Check out this website for Top 10 Anti-virus 2009
2. Check out this website for Top 10 Anti-Spyware 2009
3. Do not store your backed up blog & database on your computer. You can obtain a 4 gb pen/thumb drive very cheaply these days & this has more than enough storage space for your Blog & Database.
Akismet Anti Spam Plug In
Now you are all probably aware that Wordpress comes with the Akismet anti spam plugin already installed, but not activated ! In order to activate this plug in, you need to register (for free) with Wordpress.com in order to obtain an API key (an unlock code basically).
Click image to enlarge
You simply type in your API key, click update options & that is basically it! Akismet runs straight out of the box as it were, no fiddling around with dozens of obscure setting. My only criticism of this is that while it does catch the spam & prevent it being displayed on your blog, it does not stop spammers from returning & continually filling your spam folder with tons of crap !
WP-Ban Plug In
Click image to enlarge
But this my friends most certainly does hahaha. This little plug in is a peach really 
Just collect any IP address, host name or user agent, of any spammer that Akismet has already detected and just add it to WP-Ban & it’s bye bye spammer. Although looking at the Ban log there are some persistant little buggers out there, but thanks to this plug in they can knock the door as often as they like, but they aint getting in anymore!!!
Ban Stats
Click image to enlarge
Now just on the off chance that I added some innocent persons IP address to WP-Ban by mistake, I did put a nice polite message as seen below;
Click image to enlarge
This is one of the options built into the plug in, it serves two purposes really;
1. It gives an innocent person the chance to remedy the situation by contacting the webmaster (Me)
2. It also lets any spammer that trips the triggers that there is good security in place on this blog.
To date I have not recieved a single email requesting that the ban be lifted, therefore that kind of says it all eh…?
Dealing With Hackers
Now here is more of a danger than a nuisance, yet one very good method of barring the door to hackers is your .htaccess file. No not the one used for rewriting titles as permalinks;
Click image to enlarge
What I am talking about is a .htaccess file used for security, that restricts access to the the dashboard of your blog and will only allow access from certain IP addresses that you type into the file when creating it. You can even advertise your passwords to the world & without the request coming from the designated IP address, access will not be granted.
Click image to enlarge
Now I could ramble on for another 30 minutes on how you go about creating such a file, but I think it would be far easier if I just upload a file already created, but with the IP address missing.
Ok assuming you have downloaded the file, open it in notepad in order to edit the IP address, which at present is a string of xxx’s. Replace the x’s with your own IP address (please double check your IP address), save the file and then using your ftp software upload the file to /contents/admin/, that’s it job done. That little file will now prevent access even with your password, to anyone not from the IP address you have listed, oh and you can specify more than one IP address, but each should be placed on a new line. So say for example you spend sometime at a girlfriends place & wish to work on your blog, then simply add her IP address to the .htaccess file & your all sorted.
By following these simple steps above you will improve your blogs security & safeguard against the ever present threat from spammers & hackers. As a final little treat for you, there is a list below of around 40 IP Addresses of known spammers, which you may download and add the details to WP-Ban which will give you a nice head start on dealing with these morons !!!
Ok I hope you find this article helpful & if you have any questions or comments then please use the comment box below.
|
|
|
Online Global Threats
