Let’s Talk About Your Blog Security

by Desmond Menz posted in Website and Blog Essentials

After 19 years as a Windows PC owner, I decided at the end of 2009 to get a Mac, a refurbished MacBook Pro. My interest in Macs had been gradually increasing for several years prior to that time, but I always hesitated because of the big transition that I would have to make. As it turns out, this concern was unfounded.

A year later I bought an iMac, and today that's my workhorse. No regrets either ... and I use both the MBPro and iMac for all my work. And from time to time I still start up the old PC, but I keep it offline. 

However, as I have a number of Windows applications, I run Windows on both my Macs and use VMWare to run the virtual machines.

Learning About Site Security

In starting out in my new online business ventures several years ago I also established a couple of Wordpress sites to come to grips with understanding how to build simple websites and blogs. 

It was all very interesting stuff ... until I started to learn about a BIG issue that confronts all Wordpress sites. Hacking! I'll come back to that a little later.

Several years ago I was looking for a nice easy-to-use Mac application to build websites (rather than iWeb, which is now extinct), and after much searching I chose Sandvox, the platform on which New Times Home Biz has been built. 

There's a learning curve with any app, but I figured most things out by myself, and I have to say I'm pretty happy with Sandvox despite a few limitations (that's a topic for another time).

How secure is your site?

Now to the SECURITY issue. Recently I asked the question in the Sandvox (Karelia software) forum about security of Sandvox sites from hacking, and particularly in comparison with a Wordpress site. 

Here's the response from one of the administrators of the forum.

A standard WordPress site is basically a PHP program tied to a (usually MySQL) database. Hackers have multiple points of entry, either hacking the database or hacking the code, substituting their own content or code if they can. There are lots of exploits. To be fair, the WordPress people do try to issue security updates regularly, but this means that you have to be constantly on guard and keep everything up to date.

A standard Sandvox site basically takes the opposite approach and does not have live code and a live database running on the server. Sandvox generates a static site when you press Publish. But the files on the server are just that. So the only security issue you have, generally, is keeping your upload password secure (complex and hard to guess, not a word in the dictionary, etc.) So, in general, out of the box, there should not be a security concern with Sandvox the way there is with WordPress. There should also not be a server performance tuning issue out of the box with Sandvox the way there is with WordPress and its various SuperCache/TotalCache plugins.

This reply has allayed my concerns ... somewhat. 

But, I still wanted to find out more about the hacking issue with Wordpress sites. I'm not out to denigrate WP as I think it's a great platform and has served the needs of millions of people really well. 

Wordpress security

Users should understand the vulnerabilities of it, as they should for any other system. I certainly try to be vigilant, and indeed, I run full Internet security on both Windows AND Mac sides of my computers. 

Hacking is a different issue from the malicious targeting of websites with viruses, spam, and other rotten software.

So, what about Wordpress as a site building platform? A huge number of people use it just for blogging. A quick online search reveals that there are nearly 60 million Wordpress sites (1 in 6 websites on the Internet) attracting 330 million visitors every month. Tens of thousands of new WP sites are created every day.

When there is such massive inertia, there will surely be security issues. And there has been, and still is.

To counter the hacking problem, and to service extensions of the Wordpress environment, there is an "industry" that creates plugins for Wordpress sites. I say "industry" because there are more than 21,000 Wordpress plugins on the market as of writing. 

It wouldn't stretch the imagination to say that poor coding would be a big problem with a number of them.

However, how many Wordpress users actually know about which plugins that they actually need and which security plugins they should have? How many install them? How many maintain them and keep their plugins and sites upgraded? 

Do a quick search online and you'll discover that there are a heap of sites that get hacked. Here's one good reference.

It's a significant problem, and it looks like it's here to stay.

What should you do about securing your Wordpress site?

The Wordpress people do their best to stay on top of the hacking issue, and here's a handy article that every WP user should read and implement.

If you absolutely, positively, need Wordpress then you'll need to get informed ... and TAKE ACTION!

   Avoid the 7 vulnerable weak points in your
                          Wordpress Blog

Discover how to install WP the right way, get the truth about WP plugins, learn about a free tool to scan your blog for security risks, find out what an HTACCESS file is, how to limit login attempts, and all the best practices to maintain tight security on your Wordpress blog.

Get this brilliant video training ... plus 3 great bonuses!


  Avoid the bandaid job ....       

                                .... and do it right the first time!

What are the alternatives to Wordpress?

If you run a blog with the Mac app Sandvox, you're safe ... well, as safe as you can be. Contrary to what some statements are about Macs NOT being secure, have a look at Apple's Product Security page

There are no guarantees of course, but I know which way I'd rather go. Although there are millions of Mac users, there are far more PC's in use than there are Macs. But the gap is closing.

Sandvox is a little different to other platforms, but the big advantage is that you can do all your work offline in a wysiwyg environment. That's what I like about it.  

If you don't want or need the headaches or hassles of setting up a Wordpress site, then why not try Blogger, or Tumblr, or Typepad, or Squarespace. The last three I haven't tried, but from what I've read they are all pretty good platforms. And they've all been around for some years. 

All you need for security is to use a really strong password, and of course, you should never share it. That's all there is to it.

If you need more convincing, check out this post. It's about "Why you don't need to move to Wordpress". It's a refreshing tale, and you'll find out what some people are doing with Blogger; they are really pushing the boundaries of Blogger design. 

I think I know what my next blog site will be. It will be a Blogger site, and then my project after that will be a Sandvox site with just the blog module. Yes, I know, there will be a lot of people who will not agree with me, but you really need to ask yourself which platform will do all that you need. And sometimes, it may just be a case of keeping it all simple. 

As I've already said, I'm not against Wordpress, but I think there are some terrific alternatives that can be used that won't require your constant vigilance and upgrading of plugins.

What do you think? What are your own experiences, good and not-so-good? 

© Copyright 2011-2016   All Rights Reserved      Des Menz          Site map      About      Contact       
Privacy Policy    Terms of Service & Conditions of Use    Anti-Spam Policy    Disclaimer    DMCA Compliance    FTC Compliance    Social Media Disclosure