THE DEFENSIVE STANCE

There are disadvantages and advantages of using a free wordpress account (wordpress.com). One Advantage is that you don’t have to pay anything from server to domain name. Another is you don’t need to maintain anything or even worry about anything except your password since it is a very secure account. Hacking is very remote since Wordpress.Com is maintained by its master server that manage all of the accounts in Wordpress.Com. But having a self-hosted word press blog weighs more advantages compared to the free ones. (1) Blog design is unlimited (2) you are the master of your own blog (3) you can control everything from spammers, hackers to commenter’s and lastly (4) you are able to decide everything from publishing to editing. You don’t even have to worry if someone will send a bogus complaint on wordpress.com customer service telling lies that your contents are offensive. Simply Because you are independent, sovereign and free ruling, just like the MILF-MOA haha. But seriously…

Most of the hacks are due to our carelessness. It is our mediocrity in system security that always put us in a vulnerable situation. Actually we should all be wary of the consequences of hacking because most of the time hackers just don’t hack you for the trip of it. They hack you because they wanted a purpose and almost always, the purpose is evil… from putting malicious contents down to deleting the entirety of your blog. When this happens, its too late for you to recover your file. So the best thing to do is to be in a defensive stance.

Defending your blog from hackers starts from the inside of your blog and not from the outside. There are no plugins to be used. Just plain common sense. In part 2 we will utilize the features of Wordpress that will strengthen the defense of your blog. Other than using a special plugin, we will of course make use of our available resources to defend our bastion. So here are the common features in wordpress that we can utilize to protect our blog.

1. Password. Many blogs are hacked because they use too common words as a password. It is said that words like “password“, “God“, “wordpress” and “blog” should not be used as a password since they are the words likely to be utilized by hackers. The best and strongest password will come from you. The more varied the letter and characters of the password is, the stronger it will become. If you can have a password that has more than 8 characters, then do it because it will be less likely to be hacked. And also, learn to update your password regularly to ensure variation.

2. Register Field. Wordpress has this feature in every blog that registers anyone for the membership of a certain blog. Sometimes the blog membership is set to “Administrator” in which when a person registers, he or she acquires power over the blog. This is a common mistake by bloggers taking for granted the blog features because anyone can become an administrator and delete your blog anytime if the defensive setting is not set. So to modify the user roles in your blog, go to SETTINGS and then go to GENERAL. Scroll down and on MEMBERSHIP un-tick the two boxes. Then in the NEW USER DEFAULT ROLE, choose SUBSCRIBER in the drop down menu. This will disable any unauthorized registration on your blog. In some cases, hackers register on your blog and assume the Administrator roles which we often forget to modify. This gives them unlimited access to your blog even changing some of your contents, themes and plugins.

So when we disable the registration feature in Wordpress, you will have the sole discretion of choosing the people you want to register on your blog either as a contributor, author or subscriber but never ADMINISTRATOR. You are the only one who can register them on your blog. You can confirm this by going to the USER TAB and under it on the AUTHORS AND USERS options where you can see this message:

3. Multi-User Blogs. In cases wherein you encourage your readers to register on your blog, or your blog is a collaboration, make sure that you modify the user roles in the user field. Go to USER TAB and under it go to AUTHORS AND USERS option. In the registered user field, you can modify their roles to Subscriber, Contributor or Author by putting a tick (check) mark on their user ID on the extreme left of the table and then on the drop down menu select a user role for that specific registered user. In this way you can limit their access to your blog. Never ever have two or more Administrator on your blog even if they are your closest friends since anything can happen on your blog if there are too many administrators especially if the said user is not yet well versed with wordpress. It is risk-free and safer to just limit the administrator role to you.

4. PHP Files. Always check your PHP files if their CHMOD PERMISSION IS SET TO 644 (for files) and 755 (for folders). As what I have mentioned in Part 1, when the PHP file is un-editable, that is the time that a message appears at the bottom of your PHP file in your THEME EDITOR TAB. It means no hacker can ever save any changes on your file except you. To check if your PHP files are protected you can go to DESIGN TAB, then click THEME EDITOR. On that section you can click on the right side the various PHP files of your blog and see if some of them that are editable. If so, go to your FTP client and change the CHMOD Permission. To know more about the CHMOD permission, read the part 1 of this series.

5. Spammers, and Sploggers. I don’t know if you experienced before in which when a certain spam enters your “akismet spam block queue” then weird things began happening on your blog either showing a blank page with a number 51 on your blog’s homepage or the entire akismet spam block dashboard disappears. This is because some comment spams contains codes that produces this chaos on your blog. It happened to me before and that’s why up to now, my war against spammers is always active, finding new ways to reduce the spams in my spam queue.

Sploggers by the way are those who link to your blog and steals your post title and post content for the benefit of their own interest. There are two ways in which a spammer enters your blog: (1) through the comment section wherein they leave comments that are seemingly harmless but when you check the link it points to a website that is profit oriented and promotes a certain product. (2) through your trackback and pingback feature wherein they seem to have mentioned your article on their blog but the truth is they are just stealing contents from your own and at the same time spamming your post with various products from organ enhancing meds to sex toys.

I noticed a certain newbie blogger who approves splog comments and spam comments in her posts in order to show that her post is very much commented. This is very dangerous since she is not only putting her blog on a spam spree mode but also enabling google to penalize her blog and blacklist it from the search engine. Remember that any affiliation of your blog towards casinos, illegal and unregulated pharmaceutical products, porn sites and sex toys is a one way ticket for google to strip you of your Page Rank and remove your spot on the search engine. That is why whenever you receive such spams or comments pointing to this sites, delete it immediately and don’t ever approve it, even if your blog is on moderation.

Now the question is, are unmoderated comments risky? yes if you are careless. But not if you are careful. I set my blog in unmoderated mode so that the conversation between readers are real time and not too exhausting for me, by approving every comments that are submitted on my blog. Your comments area can be safe even if it is unmoderated by following these simple steps:

a. go to SETTINGS then click DISCUSSION OPTIONS then under neath it you will see a field that says “Before a comment appears”. Check the two boxes shown below and. The first box refers to an unmoderated comments feature when you leave it blank. The second box refers to a security feature on your comments area that only comments with name and email will be valid. And the last box refers to a feature that all first time commenter will be automatically be queued for moderation. This sums up to this: that all comments of your regular readers will be automatically approved and the comments of spammers and sploggers who are often appear to be first time commenter will always be in moderation no matter how they try to plague your blog with thousands of comments, unless of course you approve them.

b. Next just below the form we discussed above is another field that says COMMENT MODERATION. This feature of Wordpress allows you to hold a comment in queue for moderation automatically depending on the allowable number of links on your comments that you will set. The safest number is two since regular comments contains one link to their blog and sometimes when a commenter includes a link to a certain article which they want you to read. Spammers mostly contains three or more links so this means that if your spam software like AKismet failed to filter spam (which is very rare) it will still be on hold for moderation for you to brand it as a spam.

c. And lastly you can always block a spammer or a nuisance commenter and heckler on the comment blacklist feature on the same DISCUSSION OPTIONS on the settings tab. In this way they can give you traffic but they can never give you any headaches with their comments. Just type the IP address that can be seen beside each comments on the COMMENTS TAB and copy paste the entire serial number on the black list field, and voila, they cannot anymore bother you with their comments yet they can still give you traffic.

Why is it so important to block spammers from commenting on your blog? simple: Spammers make comments on your blog a number of times each day. The more they are able to comment on your blog even if its is moderated or queued on the Akismet Spam block, the more they are using and eating your bandwidth. The bandwidth refers to the usage of the loading time and size of your blog. if unauthorized and ambiguous comments like spam uses your bandwidth incessantly, unfortunately there will be nothing left for your regular readers to use thus enabling your blog to be suspended by your webhost (unless you have an unlimited bandwidth). This is the reason why we often see some blogs being suspended for a while in the blogosphere for the excess usage of their bandwidth which are always exploited by spammers, crawlers and sploggers.

NEXT ON PART 3 WILL BE THE OFFENSIVE STRIKE
AND HOW TO DEFEND YOUR BANDWIDTH FROM HACKERS,
SPAMMERS AND CRAWLERS FROM BEING STOLEN