Web Site Security — A Bloggiesta Chore
I worked through the list at the bottom of Kim’s post on Sophisticated Dorkiness about site security: PSA: The Story of My Hacked Blog.
I backed up my blog on Thursday night before Bloggiesta. Which is a good habit, but it needs to happen more than twice a year. I do it in two ways.
First, my husband uses FileZilla to back up all the files on my website to a large hard drive on our workstation. That hard drive gets backed up onto an external drive automatically. We have a safe deposit box at the bank (a great cheap form of offsite storage) and we occasionally take the external hard drive over to the bank to swap it for the one that’s in the safe deposit box.
Second and even easier, I use the Export function in WordPress to export my posts and pages to my laptop. That only takes a minute.
So, that’s all good but needs to happen more often.
Today, I updated WordPress and the two plugins that had updates. One of the plugin updates did not go smoothly. This would be one of the reasons that I resist updating — I’d say roughly a third of the time, something goes wrong. But, given the security risks of not keeping things updated, that’s really no excuse. My mantra needs to be: “Update. Deal with the problems.” In this case, it wasn’t that difficult — I had to manually enter my UA for the Google Analytics plugin because the automatic method didn’t work.
Updating, like backing up, needs to happen more often, too.
We went on a password changing frenzy over the summer, before and after our international trip. Something about traveling awakens security issues — we’re also working on our estate plan and our lawyer says we aren’t the only ones to suddenly want our paperwork in order around the time of a big trip. We’re traveling enough now that I can milk that instinct — change passwords as part of my trip planning process.
Kim suggested running a web site scan for security that is available at Sucuri Security. I did that and it was clean. This made me happy for two reasons. One, yay my site is clean! And, two, as the scan was running, I was thinking that an unscrupulous company would report that my website wasn’t clean, just to get me to pay the 90 bucks a year to get them to clean it for me. Since they reported it was clean, I now believe that Sucuri has scruples and, if I do have a problem, or just want to quit worrying about having a problem, that’s a site I would trust.
This is turning into enough things that I made an Evernote note with a list of things to do every time there is an update available for WordPress or any of my plugins:
- Have Rick back up my site with FileZilla
- Use the Export function to back up my posts and pages onto my laptop
- Perform the updates
- Run the security scan at Sucuri: http://sucuri.net/
I skimmed the security section in my WordPress book, Head First WordPress by Jeff Siarto, and I’m happy with what I’ve done. There are a few more things that could be tackled, but I’ll stop here for now.
What do you do to keep your website secure? Is there something I missed that you would suggest?
