Well, there’s a hook to this story, some time ago I touched on the subject of disaster recovery with an earlier post about saving your data when disaster strikes. In that post we explored the issue of software and hardware solutions. In my case I invested in an affordable network storage unit. It’s a proactive solution because all my data is regularly duplicated (automatically – I don’t have to do anything) to the network accessible storage unit. After reinstalling a robust operating system (this was my last remaining Windows based PC, now every PC is Linux – Including this one), all I had to do was copy the data back off the storage unit. It even had all my email, email settings, folders, calender, etc. (I was using Thunderbird as the email client as I found I could do much more with it than with other email clients – But that’s simply my opinion).

The point of my post? Don’t negate the probability of a disaster, prepare for it now, to avoid pain later. In my case I was fortunate in that I’m a heavy user of social media to support my business, that and the contributers for some of my other blogs was an issue that kept further stress at bay. Additionally, all blogs (your’s included) should also have an automated backup system. In the case of blogging, your (self hosted) wordpress based blog can make good use of  the WP-DBManager plugin. It (as described by the developer):

“…Manages your Wordpress database. Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up and optimizing of database…”

In my case, the automatic backup feature is in use, in fact all databases of all my blogs are regularly emailed to a central (external) email account. Therefore, if the server itself goes down and the backups (on another server) also happen to go down as well, the database backups are still available. An additional note is that the backup unit I installed for my PC’s will also access the Internet (automatically) and download backup copies of my web sites. (Not bad for a little box!)

Don’t get me wrong, being without my main computer for a few days (because the operating system and applications needed to be installed) was inconvenient, I felt secure and stress free as the valuable data of my business and client blogs and/or web sites was safeguarded.

Again, not to belabour the issue, but to those reading this post (and to clients reading this post), please do seriously consider obtaining an automated, network attached data storage unit. When disaster decides to pay you a visit, you’ll be glad to took the proactive approach!

Have you had a disaster? What were some of the issues you faced? What types of solutions have you used (or are considering). Comment below and share in the discussion.

In my opinion, one issue is to maintain your own server. Do not host your blog on a shared server hosting account. Shared hosting accounts mean just that – other people (whom you don’t know) also have accounts on the same server, it can increase the likelihood of an incident. To give you one simple example, I was using a shared server for a quick small web site development project about six years ago. The hosting company had some issues with the server and left it in an unprotected state (they were working on it at the time). I remember logging in (via FTP) that afternoon and had full access to the files of every single account! I terminated my service the same afternoon. Using a dedicated server (or at the very least a VPS server) avoids such issues as you are in control of your own server.

All too often it seems we are so involved in how to grow, promote, enhance, etc. our blogs, yet seldom do we give serious thought to safeguarding our valuable investment.

Having said this, the question remains, for most of us (who are not network administrators), what can we do to help avoid (being proactive is more effective than reactive) security related issues? The following six tips should help you. Some may require a little more knowledge, but they are pretty easy steps to take. So, without further ado, here are the helpful tips:

1) Make sure you ALWAYS have an off-site backup.

I use a plugin called WP-DBManager, which emails me a scheduled backup of my database and also store several versions on my server. I should note that these database backups in turn are backed up by the server based software. The critical point here is that you have a CURRENT copy of your database (and blog files) offline in YOUR possession. Never ever assume that the server software (backup) is working as expected.

2) Keep your blog software updated – Always.

Updates often include bug and security fixes that plug potential exploits. One good feature of Wordpress for example is that the administrative area will tell you when an update is available. It’s a simple matter to backup all your data and files, perform the update and continue blogging. If needed, you can find the update (upgrade) steps directly from Wordpress’ post “Upgrading Wordpress“.

3) Change your password – Do so often.

When you forget your Wordpress password (or have just installed Wordpress), it sends you a password. That password is short and fairly easy to crack – Change it to something more difficult. Also, there is a plugin you can use to help you lock out visitors who are trying to guess your password (to break into the administrative area), it’s called Login LockDown. Login LockDown will lock out the IP addresses of incorrect password submissions for whatever time period you choose.

4) Disable indexing of your files.

Search engines do not need to index all your Wordpress files. Use a robots.txt file to disable such indexing. SImply add the statement:

Disallow: /wp-*

to your robots.txt file. The above statement tells the search engines that any directory beginning with “wp-” should not be indexed.

5) Disable viewing of your folders.

Anyone attempting to access your system may be able to see your files (such as plugins). In your web browser, try to visit your wordpress plugins by going to:

http://www. Your-Domain-Name.com/wp-content/plugins

If you can see a list of files and/or directories, that’s not good. You can create an index page that redirects visitors trying to see those directories, back your blog. Here is the code I use:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="0;URL=http://bloggersavvy.com/" />
<title>Nothing Here</title>
</head>
<body>
</body>
</html>


Name the file “index.html” and place a copy of it (with the above code) in your plugins folder. Now if you try to view the contents of the plugin folder, you will be redirected to your blog’s home page. Note: Obviously, you will want to substitute the URL of my blog for your own. This tip is important because it prevents authorized visitors from inspecting your plugins and finding an exploit.

6) Deny access to your administrator login.

I use an .htaccess (among other things) to accomplish this. An .htaccess file allows me to customize how a folder is “treated”. In this case I want to deny access to all IP addresses except my own. If you find one day that you are locked out, simply edit the .htaccess file and re-upload it the the “wp-admin” folder of Wordpress.

Here is an example of the code I use:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from 206.138.140.97
</LIMIT>

Again, change the IP address to your own. Don’t know your IP address? I’ve included a handy tool below. It does not store any data, it just shows you your current IP address (which means everyone else will only see their own IP address below). You can use this post whenever you quickly want to see your current (new) IP address:

This is your connection:
(For the technically adept, these addresses are not logged by the script that displays the IP address above, it simply finds the variable “REMOTE_ADDR” and displays it to you).

While there are several more advanced things network administrators can do to help protect your blog, the above are six simple tips that you may implement as soon as possible. Have any input, ideas, questions? Feel free to include them in your comments below.