Tech Stuff: WordPress Security

If you have a blog, what, if anything, do you do to ensure it doesn’t get hijacked by nefarious web characters? Well, mostly I’ve trusted WordPress to publish solid software and used a strong password.

Then earlier this month, I was wandering around on the FTP site of my site and noticed some files that looked suspicious on several of my blogs.  I grew concerned. One one of my private blogs, I installed a WordPress security plug in called WordFence. It only found a generic problem — one file differed from the original WordPress installation file, but it had been modified by my hosting service. Each of the sites that had the strange files were sites I’d used the lazy way to install (and have sort of regretted ever since), meaning I let the hosting providers script service install the sites. There’s nothing wrong with this, but every once in a while, I have to log in to the service from my cPanel and tell it which version I’ve already updated the site to from my end.

Even though my installs were mostly clean, I like the idea of WordFence keeping an eye on things. In fact, the day after I installed it on my primary site, I looked at the login attempt statistics and saw that someone in Italy had been repeatedly trying to login to my site using the Admin username.

Now, you’ve probably heard the advice to never use Administrator or Admin as your administrator username.  Um. Yeah.  I have too, and until I saw those hits, I’d not done anything about it. When I saw that, I made the change right away. And I am using the WordFence plug in to block anyone who tries to login that way in the future.

What does WordFence do? The free version does quite a lot. It will scan your site and compare the WordPress and theme files against known good ones in the WordFence repository for signs of tampering. If WordFence detects differences, it will let you know.  You can compare the original reference file with the version on your site and tell it to ignore or make it match.  If you have the paid version, you can schedule these scans. In the free version, you must run the scan manually (click a button to start the scan).

You can look at live traffic on your site. You can block IPs. You can activate a caching option to speed up your site. Premium members can activate two-factor authentication via their cell phones.

Generally speaking, so the individual or very small business owner using WordPress, the free version of WordFence should be fine, but the premium features may be worthwhile to you, depending upon your traffic or level of comfort with risk.

You may or may not decide you need additional security help for your site, but, please, if you’re using Admin or Administrator for the username on your admin account, fix that but quick.

Wednesday Wanderings

I’m pulling some writing-related things together for the end of the year.  My writing plate is overflowing now.  This is largely a good thing — several projects are gaining momentum.

I just finished the revision of Polar Bear on the Loose. It’s out with beta readers now. While I would dearly love to say Inuit (pronounced Eye-Knew-It, by the way) could be on your e-readers very soon, the truth is the word I’m hearing back from my wonderful, adventurous beta readers is she’s not ready for prime time yet. I have one and a half to hear from, and those are going to be even more helpful replies than the two and a half I’ve heard from already.  Once I hear back from the last one, I’ll evaluate their recommendations and come up with a plan.  I used Holly Lisle’s “How to Revise Your Novel” for this first round of revisions. I plan to use Holly Lisle’s “7 Day Crash Revision” course for this next iteration. It will take me more than 7 days, because I’m just that slow, but it better not take another six years!

Twilight, which will have to be renamed, is up next on the revision block. I’m preparing to work through “How to Revise Your Novel” again with this.  The process worked for me. I plan to finish in 22 months in this iteration. I may have to adjust for reality, but that’s my goal.

I’m also working on compiling some blog posts into a couple of ebooks.  Some for gifts to subscribers and one for sale.

That’s what’s on my mind on this Christmas Eve 2014.