Ads 468x60px

“Top 10 WordPress Security Myths” plus 1 more

“Top 10 WordPress Security Myths” plus 1 more

Link to @ProBlogger

Top 10 WordPress Security Myths

Posted: 28 Aug 2012 01:07 PM PDT

This guest post is by Anders Vinther of The WordPress Security Checklist.

WordPress Security is about as sexy as cleaning your house. And as a serious blogger, you already know that securing your site properly is not a trivial task.

That makes it a fantastic topic for myth fabrication.

In this post, I’ve compiled the top ten WordPress security myths for your easy consumption, followed by a light sprinkle of facts to debunk the myths.

Here are the myths:

  1. WordPress is not secure.
  2. Nobody wants to hack my blog.
  3. My WordPress site is 100% secure.
  4. I only use themes and plugins from wordpress.org so they are secure.
  5. Updating WordPress whenever I log in is cool.
  6. Once my WordPress site is setup my job is finished.
  7. I’ll just install xyz plugin and that’ll take care of security for me.
  8. If I disable a plugin or theme, there is no risk.
  9. If my site is compromised I will quickly find out.
  10. My password is good enough.

Myth 1. WordPress is not secure

When people experience security problems with their WordPress sites, they tend to blame WordPress. However, the WordPress core is very secure. And when a security hole is found, the development team is very quick to respond.

The most frequent causes for compromised WordPress sites are in fact:

  • outdated software
  • insecure themes and plugins
  • bad passwords
  • stolen FTP credentials
  • hosting problems.

For more on this topic, see WordPress Security Vulnerabilities.

Myth 2. Nobody wants to hack my blog

Most hacking attempts are automated. There are rarely personal or political motives behind WordPress hacking—more often the motives involve financial gain.

Maybe you’re thinking, "But I don’t have anything for sale on my site. I don’t have credit card information or any other sensitive information. What could they possibly steal from my site?"

What you do have is resources.

Possible ways to exploit your site are:

  • the insertion of spam links in your content to boost SEO for other sites
  • through malware infections of your visitors computers, e.g. to steal their financial information
  • redirecting your traffic to other sites.

For more details, see Are Small Sites Targeted For Hacking?

Myth 3. My WordPress site is 100% secure

No site that’s accessible on the internet will ever be 100% secure. Security vulnerabilities will always exist.

That is why you need a backup and recovery plan. If disaster strikes, you need to have a good backup available, and a plan for how to restore your site.

For more, see:

Myth 4. I only use themes and plugins from wordpress.org so they are secure

The WordPress Team reviews themes and plugins before they are included in the wordpress.org repository. However they do not have the resources to review updates.

Themes and plugins are developed by programmers from all over the world. Their experience and programming skills vary greatly, and so does the quality of their work. Even the best programmers make mistakes and all software contains bugs. Just pick a random plugin, look at the change log and you will see that bugs are routinely discovered and fixed. Even the best plugins developed by the most renowned people could contain undiscovered security risks.

Is it safer to get your themes and plugins from wordpress.org? Absolutely.

Is it guaranteed that there are no security problems with themes and plugins from wordpress.org? Absolutely not.

For more information, see:

Myth 5. Updating WordPress whenever I log in is cool

You need to keep WordPress core, plugins, and themes updated at all times. Whenever a security update is released the whole world can see what the problem was. This obviously exposes any site that has not been updated. You’ll need to log in to your WordPress admin dashboard every day to see notifications when updates are available.

More information can be found in the article, Update Notifications.

Myth 6. Once my WordPress site is set up, my job is finished

Having a WordPress site is an ongoing commitment—it’s like having a dog. As a bare minimum your WordPress blog needs to be maintained when new updates come out. This is crucial even if you do not write new posts or otherwise update the content.

If you simply leave your WordPress site behind like an abandoned holiday pet, chances are that you will be helping the bad guys carry out their malicious schemes to control the world. So if you will not or cannot keep your WordPress site updated, it’s better if you take it down!

Myth 7. I’ll just install xyz plugin and that’ll take care of security for me

You do need security plugins. And you need the right mix of security plugins. However, keeping your WordPress site secure goes well beyond what you install on your site.

Other factors you need to consider include:

  • securing the computer you use to connect to your hosting account (anti-virus, malware and firewalls)
  • creating and managing strong passwords
  • using Secure FTP to access your hosting account
  • protecting sensitive WordPress files from access from the internet
  • off-site WordPress monitoring.

Myth 8. If I disable a plugin or theme, there is no risk

All files that exist in your WordPress folder are accessible from the internet unless you specifically protect them. This means even disabled themes and plugins can be exploited if they are vulnerable.

The best practice is to remove anything you do not use. Or, at a minimum, make sure you keep de-activated themes and plugins updated.

Myth 9. If my site is compromised I will quickly find out

Professional hackers are not interested in you finding out that your site has been compromised. Therefore you might not find out what has happened until quite some time after a hack has occurred—if you find out at all.

Some types of hacks that are difficult to spot include:

  • redirection of all traffic coming from a search engine (so if you enter the URL in your browser or use a bookmark, everything will look normal)
  • the inclusion of hidden text in your posts and pages.

You need some kind of off-site monitoring of your WordPress site. For more details, see:

Myth 10. My password is good enough

Unless your WordPress admin password looks something like LR!!g&6uTFL%MD8cyo, you need to change your password management strategy. And make sure you do not reuse passwords on multiple websites.

Amazingly password and 123456 are still the two most used passwords! To find out more about this issue—and how to solve it—see:

Don’t get caught out!

Getting WordPress security right is not trivial. That’s probably the reason why too many bloggers stick their heads in the sand when it comes to protecting their valuable assets.

While you do need to be pro-active and take action WordPress Security is by no means an impossible task. The same way you would add an alarm to your car and get a guard dog for your house you need to secure your website. Don’t get caught with sand in your ears, nose, and mouth when the hackers come knocking on your door. Act now!

Anders Vinther started as entrepreneur in 2008 and has since created a number of websites like the Easy-Email site with books about email synchronization. Latest website is The WordPress Security Checklist which helps bloggers secure their WordPress sites properly.

Originally at: Blog Tips at ProBlogger
DMS_468x60_LS_banner4.gif

Top 10 WordPress Security Myths

The Secret to Crazy-Happy Blogging

Posted: 28 Aug 2012 07:04 AM PDT

This guest post is by Lisa Cash Hanson of Mompreneuer Mogul.

“Try to discover
The road to success
And you’ll seek but never find,
But blaze your own path
And the road to success
Will trail right behind.”
—Robert Brault

I’ve spent much of my life mastering the art of impersonations—basically copying a singer’s style and recreating that on stage.  It’s what I did for a living before I became an entrepreneur and a new mother to my baby girl Matilda. I would study movements, accents, costumes and then replicate, much the same as an actor would when studying for a film role. I was a Las Vegas Impersonator.

I suppose, due to the fact that I spent so many years portraying other people, I now have a deep desire to never copy anything by anyone ever again. It is from that perspective that I share this blog post with you regarding your true writing voice.

No one’s as good at being you as you!

The Internet is filled with so many amazing writers and information. However if we copy those writers we will always be a poor copy instead of a promising original. The most valuable tip I have learned in all my years of impersonating is that no one is as good at being you as you are. So why should we copy any other blogger or their style?

I want to share some quick tips that I believe will challenge you to discover your true voice and at the same time help you to stand apart from the blogging crowd. If you apply these tips I know that you will tap into something really powerful. When you write from a place that’s real, then the traffic and offers will come. Then you will discover a creative flow that you probably never knew existed.

In order to be original you have to release all fear and anxiety and dare to try something new. Here are some things that may help you on  your journey to becoming unique.

The They-may-not-like-me Syndrome

This is where the fear rises up that if we try something unusual and different a reader might not like us. Perhaps they will even stop following our blog.

Let me help relieve that fear for you. That will probably happen.

“Lisa, that is not inspiring,” you’re thinking. “I thought you were helping us?” I am. Listen. I was featured on the home page of Yahoo! not too long ago, and my blog blew up. Super-cool. Until I read all the comments. Super not cool.  It was so bad that I wrote the post, ” The Best And Worst Day Of My Blogging Life” and I have to admit I whined a little. Basically I received a lot of backlash and it wasn’t all that great.

However a lot of great things came from that experience. I discovered the value of moving past negativity and pressing through. I no longer think “What if they don’t like me?” I understand that I can’t please everyone.

Decide on purpose to move past any negativity then launch out, be brave, and try something new and daring. You may find that more new people flock to your blog then those who leave. And in the words of a very wise man Dr. Seuss, "Be who you are and say what you feel, because those who mind don’t matter, and those who matter don’t mind."

Be brave enough to be first

Your blog is your space. Just because you may not see an idea on someone else’s blog, that doesn’t mean it’s not a valid and amazing idea.

When I wrote Darren to do this guest post I really wanted to add a vlog. It’s part of my personality and my blogging platform. I could have talked myself out of it, saying, “I never see any other guest bloggers doing a vlog. Darren must not like video.”

But no. Instead, I simply suggested it and asked if it was possible along with my post idea. And the result? Obviously I did a guest vlog on ProBlogger, and I’m super thankful. The point is I was not afraid to ask. So be brave enough to be first. Ask and you may be shocked by what comes your way.

Forget perfectionism

Many times we allow our fear of not being perfect to stop us from creating something beautiful. But we have to be gracious enough with ourselves to allow space to make a mistake and not hinder the creative process. “Have no fear of perfection—you’ll never reach it.” So said Salvador Dali.

Confessions

You may think a confession has no place on a blog filled with tips about blogging. But I will tell you it does. I have no doubt the words I speak over my own life daily are what has opened many doors for my business and my blog.

Confess things like, “I am uniquely made.” “I am filled with creative and unique ideas.” “I am daring.” “I am bold.” “I think of posts that are completely original and help tons of people.”

By the way, yes I did say to Darren as I looked at his profile, “I will guest blog for you.” See how that works? It did take a few attempts, in case you were wondering. (A side note: a non-answer may just mean “not right now,” so make sure to try again.)

Laugh at yourself

I have a weekly vlog, and every Wednesday I share tips and questions from my readers. It’s far from perfect. One time my husband was watching my video before it went live and said, “Babe, you’re weird.” He said that because I made a mistake and then just laughed at myself and kept going, almost talking to myself on camera—but out loud.

I told him, “What they see is what they get. I’m real.” And guess what? I get weekly comments about how genuine I am and that it makes my audience laugh. That is much better than having a perfect, stiff video. So always remember to laugh—even if it means you may be laughing at yourself.

Look outside blogging platforms for original ideas

I’ve shared before that it is amazing to follow blogs like Problogger, CopyBlogger, Firpole Marketing and others. But if all you do is read those blogs one after another, how can you ever truly expect to get new motivation?

Sometimes you need to stop looking at blogs for your inspiration—even if it’s just for one night. In Las Vegas we have some really killer shows. My favorites are the Cirque De Soleil shows. One night of watching them, or a great concert, or a night of playing games with friends, could fill your head with some awesome new ideas for blogging. So try to get outside of the virtual world and into the “other” world to draw on some inspiration.

Care about design

I know that you are probably shouting “Content is king! Who cares about design?” True, content is the most important aspect of your blog, however if you change something in your design, you could be surprised how that will serve you. Maybe you could start a new trend. You’ll never know unless you try.

Who are you?

Do you really know who you are? Or are you a rehashed version of someone else on the planet who’s work you’ve read over and over?

Spend some time alone with yourself. Think about what makes you laugh, what makes you cry, what makes you mad, what makes you passionate—and include all of those things on your blog. Then your voice will shine through.

Remember, Celine Dion is a powerful singer but it would be super-boring if every singer sounded like her, no matter how beautiful her voice. Be yourself. Share a great gift with the world-yourself.

When it comes to matters of money

I know there are many tips on how to make money and how much to charge, but guess what? It’s your blog, and your business, and you have the ability to run it your way.

I have created unique ad campaigns and charged for guest posts differently than most. And people pay. I’ve received more money on some projects merely because I asked for it—and then I created such a unique experience for that person that they couldn’t go anywhere else.

Let your creativity flow, and you may find new ways of making money on your blog. If you are a food blogger you could do a PDF of a recipe and invite readers to download it for 99 cents. Or if you are a photographer and you have many pictures, you could create a private membership site where people come to use your awesome photos for their blog. The possibilities are endless.

The results of being your true you

Crazy happiness

Honestly you may feel a little crazy due to your new state of happiness. It feels good to be different.

Media attention

You will soon learn that you get much more attention via social and traditional media by being unique. There will be a new spark that comes out of you, and that spark is contagious. People are drawn to others that are filled with life. It’s often referred to as charisma. So get that pumping and see what happens for you.

Increased income

Many of us love to blog but we also love when some cash comes along with our blog. Who doesn’t like to make a little extra income? You will find that the more original you are, the more financial opportunities will come your way.

When I launched my blog it didn’t look like anyone else’s. Immediately I was getting offers for paid posts, and ads. Why? Probably because it looked so unique that it attracted business’s attention. When you are your true self, money will follow. And it’s a sweet feeling to be yourself and get paid to do it at the same time.

Crazy-happy blogging

I hope that these tips give you a small glimpse into the world of originality. As I said in my video, there’s no one else on earth like you. Dare to be different you’ll see you will reap rich dividends.

Now don’t forget to test this out and share in the comments below what you’ve done to stand apart from the pack. I’m excited to see what you do.

Lisa Cash Hanson is the author of the “Get Famous The Most Amazing Mom Bloggers Resource On The Planet” and creator of the Blogs To Riches Club. Lisa was recently featured on Yahoo!, named Circle of Mom’s Top 25 Mom Tech Blog & Blogtrepreneur’s Top 40 Mompreneurs to follow on Twitter. She is the founder of Mompreneur Mogul an award winning blog where business and inspiration meet. Her weekly Newsletter is packed with tips for those who want to make money blogging and get media attention for their blogs.

Originally at: Blog Tips at ProBlogger
DMS_468x60_LS_banner4.gif

The Secret to Crazy-Happy Blogging

Shoemoney - Skills To Pay The Bills

Shoemoney - Skills To Pay The Bills

Link to ShoeMoney Internet Marketing Blog

The SEO Community is not a Vacuum

Posted: 28 Aug 2012 06:10 AM PDT

2012 is supposed to be all about the open web and sharing all those happy-go-lucky feelings with others. Whether tweeting, pinning or sharing, the last thing you can afford to do is stifle the spirit of sharing and the conversation.  And why?  Because if you don’t, someone will be right there to take your place.

Older timers will remember that WebmasterWorld existed in a vacuum.  Linking out was very rarely permitted, and only to very large news sites (think Washington Post) and where Brett Tabke even branded Matt Cutts blog – and even the official Google blog – as too spammy and self-promoting to link to (yes, he really did).  The result? Many high profile administrators and moderators – and Google Guy himself, which was really WebmasterWorld’s claim to fame at the time – left or began posting very sporadically.   The forums have never really recovered from that heyday when WebmasterWorld was THE place to be, but it does make you wonder how much more successful the WebmasterWorld forums would have been if it had been an early adopter of the open and sharing web, where people could link to SERoundtable or MattCutts.com without fear of the <snip>, rather than the closed off insulated space it stayed – and still is for the most part.  If it was pagerank, WebmasterWorld was definitely hoarding it for all it is worth.   But Brett’s approach is why Threadwatch was able to storm in and take over that part of the niche Brett lacked.

Another perfect example is the whole Jenn Matthews trademark discussion.  It started as a long comment stream on Facebook, which was then later removed/hidden.  Then came her blog post, but with the comments turned off so no one could leave any comments about it.  So what were people to do?  When I wrote my blog post When Will So-Called Experts Stop Trademarking Search Industry Terms  people came out in droves to leave comments there instead.  So instead of Jenn Matthews being in control of the comments with the ability to respond to each and every one, she was left with trying to respond to it all on someone else’s blog instead.  Which was pretty significant, since Rob Garner disputed some of what Jenn and written in her blog post, and resulted in her editing her original blog post (she made no reference that a section was significantly changed, if you are reading it now).

An example of someone doing it right?  When Bruce Clay got mired in the whole local paid inclusion scandal, he came out with a public blog post  about the issue and allowed comments, which was pretty smart since he could bring the discussion to him and his team.  If you ever have anything that has a negative spin on it that you need to get out there, transparency is key, and Bruce nailed it.   Some of the comments weren’t pretty, but you know what, he bounced back.  He is, after all, Bruce Clay :)   But I am sure they waffled over the comments off or on aspect of it for sometime before clicking that publish button.

I do find it ironic that this industry seems to have more than its fair share of sites adopting the vacuum approach to their online business.  After all, you’d think we’d be so far ahead of the game it isn’t funny.  What do you think of the search community and this whole vacuum effect?

Looking for an SEO service that won’t get you banned?