Why is One Click Blog Installation the Dangerous Way to Install Wordpress?
By [http://ezinearticles.com/?expert=Micheal_Savoie]Micheal Savoie
It scares me to think that experts all over the world are telling people that they can easily install Wordpress from their control panel using a "One Click Install" of the Fantastico Wordpress Icon. They are setting up a lot of people to a life of frustration and vulnerability.
Fantastico is a very useful resource for a new webmaster who just purchased a domain and hosting account and now wants to put something on his or her website instead of the little logo from the hosting company. Usually there is a minimum of 10 to as many as 30 different scripts set up to be installed by just entering a few forms and BAM! Your script is installed.
Unfortunately, the same script that makes these program installations so simple for the user, also makes it much simpler for a hacker to make figure out 2 of the 3 keys that can open the blog (or any of the other scripts like Joomla) up for complete control. The only line of defense you have is a strong password, which means it must be written down, and by default makes it insecure.
How can I make such an outlandish claim? As a webmaster, I often worked with databases in the server and I began to notice a pattern among all of the Wordpress Installations that had been installed by the Fantastico script: all of the database names and usernames were nearly identical!
I wrote a manual to teach my clients how to repair this security flaw themselves, and I have been giving it away for free. Soon I started hearing others talking about Fantastico negatively, but for a different reason. When they tried to upgrade Wordpress after a Fantastico installation, some of the files would not allow the installer to overwrite them and many users were left having to completely reinstall their blogs from scratch.
What happens is that when Fantastico installs the files, some of the permissions of the files belong to the server instead of the user, which means that the user cannot make changes to those files unless the administrator actually takes control of the files. One of my clients had that happen to his blog, and it was not until I opened up a support ticket with his hosting provider that I managed to get them to give me control of those files.
When installing blogs, it is important to create a database name that is not easily guessed. It is also important to use a user name that is different from the database name (unless you do not have a choice). Then you can use a hard to guess password to round out the strength of your installation.
So you can see that the very convenience of the One Click Blog Install is also the reason you should stay away from it, because it is just as easy for a hacker. For people who are afraid to do blog installations themselves, I have created the guide to allow you to repair the blog installation and patch the security holes. It will not help you with the file permissions, but it will take care of the hacker situation.
With a secure blog, you are more likely to spend your time writing articles and earning money from it, instead of having to worry that all of your hard work is stolen from you by hackers.
Micheal Savoie teaches blogging, blog installations and making money from blogs at My Blogging School where you can also get a [http://mybloggingschool.com/freebloginstall/]free Wordpress installation for trying his [http://mybloggingschool.com/maint/]blog maintenance program for a month. Use the helpdesk link at the bottom of either of these pages to request my free Fantastico Fix guide!
Article Source: http://EzineArticles.com/?expert=Micheal_Savoie http://EzineArticles.com/?Why-is-One-Click-Blog-Installation-the-Dangerous-Way-to-Install-Wordpress?&id=2209312
Monday, September 28, 2009
Blog Security - Vital Protection For Blogs
Blog Security - Vital Protection For Blogs
By [http://ezinearticles.com/?expert=Bob_Beacham]Bob Beacham
Blogging is fun, easy and profitable. Leading software such as WordPress is "open source" so anybody can write bits for it and there's a whole army of people writing superb add-ons (plug-ins and themes) to make you blog do all kinds of useful things. Unfortunately that openness is also the big weakness in your blog security.
Blogs get hacked all the time. It doesn't matter if you're famous, rich or just starting out, the hackers don't care. Some of them write nasty little robots that just go round knocking on a blog's back door until some blogs let them in. These robots can hit thousands of blogs a minute so protection is vital.
It's also near impossible to do unless you're a full-time code geek and you watch your blog like a hawk 24/7. Not practical.
So what can you do? Well the first thing is to be aware of it. Don't think it won't happen to you, take steps to protect yourself. When you choose a password, don't make it your name, for example, and don't share it. You'd be surprised how many people email passwords around or post them on forums when they're asking for help. If you absolutely have to do that to fix a problem, change it to a new one right after it's sorted out.
Sadly that won't stop them all. Something else you can do is always make sure your WordPress version and all it's plug-ins are up to date. It won't take you many minutes and it's worth it. Sometimes an update is for function but sometimes it's to fix a security flaw. Have a glance every time you log in. If there's an update, just do it.
After all that some hackers will still get through. To be brutally honest, protection for blogs could be seen as a bit of a myth. An impossible goal. If someone really wants in, bang, you'll be hacked.
The blog security tips above will help. Then, if you're unfortunate enough to have it happen, you need to be able to recover quickly. To do that you need to make sure your blog is regularly backed up. That way you can simply strip out the hacked files and replace it with a recent copy of your blog. Automated plug-ins can back up certain files for you and you can probably get access to your hosting to do a full back up there as well.
A couple of things. Just check to make sure your blog is working properly before you back up, and in case you accidentally back up a hacked version, always keep several archived back-ups. Finally, do it regularly. You can have auto back-ups as frequently as every hour - which is probably overkill, but at least once a week is good.
Protection for blogs is a question of taking simple, sensible precautions. I hope it doesn't happen but your blog security may be compromised one day. Make sure you can recover quickly and carry on your business.
Get blog security tools and tips here: [http://firstmoneyonline.com]Blog Security plus.
Article Source: http://EzineArticles.com/?expert=Bob_Beacham http://EzineArticles.com/?Blog-Security---Vital-Protection-For-Blogs&id=1927273
By [http://ezinearticles.com/?expert=Bob_Beacham]Bob Beacham
Blogging is fun, easy and profitable. Leading software such as WordPress is "open source" so anybody can write bits for it and there's a whole army of people writing superb add-ons (plug-ins and themes) to make you blog do all kinds of useful things. Unfortunately that openness is also the big weakness in your blog security.
Blogs get hacked all the time. It doesn't matter if you're famous, rich or just starting out, the hackers don't care. Some of them write nasty little robots that just go round knocking on a blog's back door until some blogs let them in. These robots can hit thousands of blogs a minute so protection is vital.
It's also near impossible to do unless you're a full-time code geek and you watch your blog like a hawk 24/7. Not practical.
So what can you do? Well the first thing is to be aware of it. Don't think it won't happen to you, take steps to protect yourself. When you choose a password, don't make it your name, for example, and don't share it. You'd be surprised how many people email passwords around or post them on forums when they're asking for help. If you absolutely have to do that to fix a problem, change it to a new one right after it's sorted out.
Sadly that won't stop them all. Something else you can do is always make sure your WordPress version and all it's plug-ins are up to date. It won't take you many minutes and it's worth it. Sometimes an update is for function but sometimes it's to fix a security flaw. Have a glance every time you log in. If there's an update, just do it.
After all that some hackers will still get through. To be brutally honest, protection for blogs could be seen as a bit of a myth. An impossible goal. If someone really wants in, bang, you'll be hacked.
The blog security tips above will help. Then, if you're unfortunate enough to have it happen, you need to be able to recover quickly. To do that you need to make sure your blog is regularly backed up. That way you can simply strip out the hacked files and replace it with a recent copy of your blog. Automated plug-ins can back up certain files for you and you can probably get access to your hosting to do a full back up there as well.
A couple of things. Just check to make sure your blog is working properly before you back up, and in case you accidentally back up a hacked version, always keep several archived back-ups. Finally, do it regularly. You can have auto back-ups as frequently as every hour - which is probably overkill, but at least once a week is good.
Protection for blogs is a question of taking simple, sensible precautions. I hope it doesn't happen but your blog security may be compromised one day. Make sure you can recover quickly and carry on your business.
Get blog security tools and tips here: [http://firstmoneyonline.com]Blog Security plus.
Article Source: http://EzineArticles.com/?expert=Bob_Beacham http://EzineArticles.com/?Blog-Security---Vital-Protection-For-Blogs&id=1927273
Subscribe to:
Posts (Atom)