Use strong passwords
One of the first things taught is to ensure all passwords cannot be simply guessed. Despite this fact, far too often administrators will fail to check all accounts. If an account can write to the system it must have a strong password.
There are numerous articles online about selecting good passwords so I won't repeat that information here. Just make sure that you follow the advice in these articles and don't copy the actual passwords they list.
Use SCP instead of FTP
Do you use FTP when you transfer files to and from the server that hosts your blog? This is convenient mostly because there are so many good FTP programs available that make as easy to transfer files to a server as moving and copying them locally.
Instead of FTP, which can make your server log-in information easily visible, I suggest you use Cyberduck for OS X and WinSCP for Windows so that the same information is more secure while being sent to your server.
SCP implements file transfers connecting to the host using SSH therefore SSH login should be enabled on the server. Replaced FTP can be disabled at this point.
Your theme should be write-protected
It looks as if there is an exploit circulating that alters existing WordPress themes and adds links to spam or even pernicious iframes. There is a way around this: just change any permission files on your WordPress themes folder to 755 and all files within that folder to 644. The only downside is the fact that whenever you want to make any theme changes, you'll have to send any such file to your web server via file transfer protocol.
Unfortunately you cannot apply the same write protection to the plugins directory since many plugins write data to the directory where it's installed.
View the HTML source of your site often
View the HTML source of your website often. If you find chunks of JavaScript embedded in IFRAMES or hidden links to websites you are not familiar with, your blog may have been compromised without your knowledge. Viewing the HTML source of your website often; removing chunks of JavaScript; and removing hidden websites allows you to prevent issues before Google does and blacklists you. This also prevents you or any of your readers from getting infected by malicious software.
11/2/09
Subscribe to:
Post Comments (Atom)
Thanks for provide this pc securitytips which is essential to protect your blog from threats as well as viruses.
ReplyDelete