Make your blog 100% Secure

Security of a blog is the major component of blog management. By securing your blog, you mean that your blog is safe from intrusion by hackers and other badmen who want to intrude into your blog and put some malicious content on your Blog.

Security should be the major cause of concern for the blog owners who run a blog that recieves a good traffic and is popular, because such sites have more chances to be targeted.

Here are some basic things to be done to protect your WP powered blog:

  • Check if your WP is of the latest released version. Always upgrade to the latest version available, as the new releases are more secure and bug-fixed.
  • Choose a secure password, using atleast one special character and/or numbers.
  • Assign only the required File Permission for any file, not more than the required FP. More details on FPs can be found here.
  • And lastly, implement some Security Plugins on your Blog.

Security Plugins help you to secure your blog. I’ll be introducing you to some of the most useful and affective plugins:

WordPress Firewall

It acts like a Firewall for your blog. It blocks the most obvious attacks. WP Firewall can block directory traversals, SQL queries, WordPress specific terms, field truncation attacks, leading in application parameters. It can also block the uploads of executable files such as .exe, .php, etc.

Login Lockdown

It records the IP Address and Timestap of the failed login attempts. If more than 3 failed login attempts are done within 5 minutes from the same IP,  then the login function is disabled for all requests from that IP Address. This helps to overcome Bruteforce attacks.

WPIDS (WordPress Intruder Detection System)

It is the WP version of the PHPIDS. It blocks all the malicious code that is used to attack your blog like SQL Injection/XSS/CSRF, etc…

WP Security Scan

It scans your WP for vulnerabilities and gives suggestions to correct the vulnerabilities. It also offers to change the table prefix (wp_) easily to some other prefix.

AskApache Password Protect

This plugin protects your whole wp-admin with a password. This helps to prevent unskilled, newbie hackers from attacking your blog with some special vulnerabilities.

Immediate things to be done after installing wordpress

This post is written targeting the budding bloggers participants,  all the points except 1,3 are applicable to any general blog.

  1. Save your ftp login details carefully.
  2. Backup the wp-config file in the blog directory.
  3. Create a administrator account for your self from the temporary administrator account we provide, and delete the temporary administrator account.
  4. Update the title and tag line of your blog, to update goto settings->general
  5. WordPress is installed in the directory /blog to keep your root directory clean. So your blog will be having url of this form by default http://buddingbloggers.com/blog/?p=11 . This makes your url unnecessarily lengthy,also this is not a good SEO practice. To give your blog url of the form http://buddingbloggers.com/?p=11
    1. Go to the settings -> General panel.
    2. In the box for WordPress address (URL): change the address to the new location of your main WordPress core files. Example: http://buddingbloggers.com/blog
    3. In the box for Blog address (URL): change the address to the root directory’s URL. Example: http://buddingbloggers.com
    4. Giving wordpress its own install directory
      Giving wordpress its own install directory

    5. Click Update Options. (Do not worry about the error message and do not try to see your blog at this point! You will probably get a message about file not found.)
    6. Copy the index.php and .htaccess files from the blog directory into the root directory of your site (Blog address).  If .htaccess file is not already present, create one yourself and upload it. Change its permissions to “666”
    7. Open your root directory’s index.php file in a text editor
    8. Change the following and save the file. Change the line that says:
      require('./wp-blog-header.php');
      to the following, using your directory name for the WordPress core files:
      require('./blog/wp-blog-header.php');
    9. Your wordpress administration url will be http://buddingbloggers.com/blog/wp-admin/ and your blog url will be http://buddingbloggers.com
  6. Change the Permalink
    The default looks like

    http://buddingbloggers.com/?p=N

    This is called ugly link structure and not good a good SEO practice. To give your blog a URL structure that pleases search engines
    In the Settings ? Permalinks panel, you can choose one of the “common” structures or enter your own in the “Custom structure” field using the structure tags.This is the one I commonly use on all my blogs /%year%/%monthnum%/%category%/%postname%/ you can also try

    • /%year%/%monthnum%/%postname%/ (Third one in wordpress admin panel )
      Using date in the url makes it easy for your readers to find out how old the post is
    • /%postname%/ (Only post name)

    wordpress-permalinks

    Structure tags

    %year%

    The year of the post, four digits, for example 2004
    %monthnum%
    Month of the year, for example 05
    %day%
    Day of the month, for example 28
    %hour%
    Hour of the day, for example 15
    %minute%
    Minute of the hour, for example 43
    %second%
    Second of the minute, for example 33
    %postname%
    A sanitized version of the title of the post (post slug field on Edit Post/Page panel). So “This Is A Great Post!” becomesthis-is-a-great-post in the URI (see Using only %postname%)
    %post_id%
    The unique ID # of the post, for example 423
    %category%
    A sanitized version of the category name (category slug field on New/Edit Category panel). Nested sub-categories appear as nested directories in the URI.
    %tag%
    A sanitized version of the tag name (tag slug field on New/Edit Tag panel).
    %author%
    A sanitized version of the author name.
  7. Delete the hello world post or update it with your blog intro.
  8. The most addictive thing for bloggers are stats, the daily raise in your stats gives you the motivation to deliver your best. The best stats plugin available for wordpres is WordPress.Com stats http://wordpress.org/extend/plugins/stats/ .
  9. Install the akisment spam plugin, both akisment and wordpress.com stats plugin require the api key, I will explain how to get a api key in mynext post.
  10. Browse the wordpress themes directory and select a theme that matches your needs and site content. http://wordpress.org/extend/themes/

Using Fireftp and filezilla to upload files onto your webserver

FTP clients are softwares used for managing files on the server, using FTP (File Transfer Protocol). This is the most common method to uplaod files on to your webserver.
In this article, you’ll be learning to install, configure and use two of the pouplar FTP Clients

  • FireFTP
  • FileZilla

Lets start out with FireFTP…
FireFTP is the best free, secure and cross-platform integration for Firefox. It offers the best that a FTP Client can offer. ( Click here to see its features)
Installation

  1. Go Here and click “Download FireFTP”.
  2. A banner would appear on top asking to install it. Click “Allow”.
    Step1: Downloading fireftp
    Step1: Downloading fireftp

    Downloading and installing fireftp
    Downloading and installing fireftp
  3. After the installation, restart Firefox and check in the “Tools” in the menubar. There will be a new icon “FireFTP”. Click it and a new tab would open.
  4. In the “Account Manager”, fill up all the settings.    

    Step3: Configuring fireftp
    Step3: Configuring fireftp
  5. In my case, the Account name is “HackersLane.com“; Host is 66.185.20.4; Login is hackerslane@buddingbloggers.com & password is ************![:)]
  6. Your FireFTP is ready to use now.

How to Transfer Files/Folders:
The left-column shows your PC and the right-column shows your Domain. Your blog would be installed in the “/blog/” directory by default.
To upload files:

  1. Right-click on the file to be uploaded and click “Upload” or else you can “Drag & Drop” the fileto be uploaded to the destination loacation.
  2. Make sure you are uploading things in correct directory. For example, the theme should go to Root:/blog/wp-content/themes/ and for plugins it should go to Root:/blog/wp-content/plugins/.
  3. The transfer status would appear in the bottom-column.

And for FileZilla…

FileZilla is one of the most popular FTP Clients. It is easy to use and very reliable.
Installation

  1. Download FileZilla (Click Here & choose your OS)
  2. Run the Setup file.  Agree the license agreement.    

    Installing filezilla ftp client
    Installing filezilla ftp client
  3. Select your settings & select the installation folder.

    FileZilla installation
    FileZilla installation
  4. After the Setup is finished, Run FileZilla.
  5. On the Menubar, go to File\Site Manager.    

    Using FileZilla ftp client
    Using FileZilla ftp client
  6. Click on “New site” option on the left.
  7. Fill up the settings; the Host, port, User, Password,etc.    

    Configuring FileZilla to work with your ftp account
    Configuring FileZilla to work with your ftp account
  8. Your FileZilla is ready to use…

How to Transfer Files/Folders:
The left-column shows your PC and the right-column shows your Domain. Your blog would be installed in the “/blog/” directory by default.
To upload files:

  1. Right-click on the file to be uploaded and click “Upload” or else you can “Drag & Drop” the fileto be uploaded to the destination loacation.
  2. Make sure you are uploading things in correct directory. For example, the theme should go to Root:/blog/wp-content/themes/ and for plugins it should go to Root:/blog/wp-content/plugins/.
  3. The transfer status would appear in the bottom-column, along with the Successful, Failed Transfers List…

Maximize your chances of getting selected.

We really felt the need for this post after getting some crappy applications. There were 20+ applications the first day and none were selected. They are the kind of people who would stretch their hand at everything that is called free, without even bothering to know what it is. So if you are one of them please do us a favour by not applying.

We get lot of applications every day. We don’t have the enough man power to reply to crappy applications.I have given my staff strict instructions to not to forward me the applications that are incomplete and inaccurate. Incomplete applications will never reach my desk and never be reviewed.

Two main factors that we take into consideration while selecting you for this sponsorship program are

  1. Your writing skills and your knowledge in your field.
  2. Your writing skills and your knowledge in your field.

Your selection will be based on the content in your current blog or the blog posts you write. These two fields help us know your writing skills. If you don’t give us a url to your blog or submit your posts, we cannot know your writing skills and we are left with no choice but to send your application to trash.
Can I submit a url to my blog and the posts??
Yes, you can submit your blog url and blog posts to maximize your chances of getting selected.
Minimum and maximum length of sample posts??
There is no maximum and minimum length for the posts, two decent 300 word articles should get you selected.

Another major factor that influences your selection is this question.
Tell us about your experience in the topic you choose to blog about, and tell us why we should select you??
Your answer to this question tells us how motivated you are about blogging. If you don’t know why we should select you then don’t bother to apply.
Why do we ask Age,Gender, Address, Education??
We ask these questions to know more about our participants and for administrative purposes. Your answers to these questions have no weight in the selection procedure.
FYI: There are no age restrictions for this program.
How to select the domain name??
.Com domains are always the best domains, try to pick a .com domain name. please check if the domain you asked for is available before applying for it.

Please note that domains like satish.com, satishtalks.com, techsatish.com will not be selected. Don’t associate your name with the domain.
You can check the domain availability here
http://godaddy.com

These resources should help you in choosing your domain name.

Good Luck

Satish Gandham