Easy Website Security Checklist For Webmasters and Bloggers

What is a webmaster’s nightmare? You worked hard on your site or blog days after days and finally your site becomes popular. Google introduces a lot of vistors to your site, people leave many valuable comments on your site; and you earn a lot of money from your site. All of a sudden, your site is down and all data was lost; Google lables your site as ‘harmful site’. You then realized the webmaster’s nightmare comes true: Your site has been hacked or infected. You have to take the consequences: time loss, customers loss and money loss.

As your site becomes more and more popular, it attracts not only visitors but also hackers and mean competitors. How can you prevent hacking, web malware and logon information theft? Here are some things you better do:

1. Use Administrator account only if it is positively necessary. The less you use admin account, the less possible your admin logon information is thieved. If your site is a blog site, create an author account for yourself and use this account to post or edit articles.

2. Prefer key-based authentication over password authentication. Password authentication is more easily cracked than cryptographic key-based authentication.

3. Use a unique password for your site. Moreover, the password has to contain no less than 8 letters.

4. When copying contents on webpages always copy only plain texts if you don’t know HTML (If you do, always check the source code. Remove IFrame, Script, A and any other non-formatting tags). For wordpress users, there is an option ‘Paste as Plain Text’. For others, you can paste the texts into Windows Notepad or Editplus or any other plain text editor, then copy and paste to your site’s editor.

5. Double-double check before you join in a non-top online affiliate program. Most affiliate programs asks you to add some javascript code into your pages. If you are unfortunate to join an mean program you introduced wolf in your room.

6. Particularly, never join in a traffic-exchange program. By now traffic-exchange IS malware. Do you want Uncle G to give your site a waning label?

7. Use encrypted connections. Use SSL, SSH and HTTPS, rather than FTP, Telnet and HTTP.

8. Choose a reputed web hosting provider.

9. Do some research in the security features of your web application system. For example, if you use Wordpress you can put ‘Wordpress security’ into Google’s searchbox. Read articles about recent versions and you will surely find a lot of information about Wordpress’ security features, update history and reivews per its security. Hopefully you will also learn something about how to enchance your site’s security and how to avoid stupid blunders.

10. Backup your data on a regular bases. In case your site is hacked or infected you can minimize your loss by restoring your backup data.

11. Be cautious with third party plug-ins.
* Don’t install it until you are strongly sure you need it.
* Choose the most downloaded and reviewed.
* Deactive/uninstall it as soon as you don’t need it any more.

12. Be cautious with third party themes/templates. Read comments before download; check through the code if possible.

13. Scan (audit) your site after installation and major update. There are many free site scan tools available such as Acunetix Web Vulnerability Scanner.