How To Secure a Blog Application

You have set up your blog and now have installed some blog applications and tools. You are concerned about security concerns when you upload files, images, graphics, videos, audio, etc. You now wish to learn how to secure your blog application from arbitrary file disclosures to remote arbitrary code execution.

What most people do when they find that their blog has been attacked or hacked? Most run to their nearest accessible techie or nerd friends, and describe the problem. Others would engage someone who would use paid service. Hackers can either directly hack into your blog or would have uploaded some mischievous robot software that is intended to create random mischief. You have to first try and understand the problem even before you approach your known network. If you want to be hyper secure before using blog applications or software, you would want your friend, paid or otherwise, to help from attacks such as injection attacks, PHP remote file include, cross site scripting (XSS) whereupon he will probably use content and extension verification for PHP attacks to secure uploads to your blog application. You can also have your blog applications coded in XHTML and CSS for better protection.

On a slightly more technical way of securing your blog, here is Vincent Cheung’s site that tells you how to encrypt and password-protect your blog itself outside of logging into your blog with your username and password.

You want to know how to secure a blog application and what to do when your blog application is hacked without going into techno-babble or using hardware to secure your blog application.

Simple steps to secure a blog application

When you set up your blog, you are interacting with many people, known and unknown, unlike intranets which can be secured locally, your blog is wide open to the internet. Some of the simple steps you can take from your end are:

Blog hosts: If you can afford it, choose hosting companies to host your blog sites. Free blog sites means there is no guarantee, no assurance of security no matter what the hosts tell you. In blog sites maintained by hosting companies, you have recourse to the hosting company itself if your blog sites or blog applications are compromised by third parties.

Passwords: If a person can access your blog, he can create havoc with not only your content, but your blog applications as well. One of the simplest and quite effective ways of preventing access to your blog is your password. While signing in, use a good password – one with a combination of upper and lower cases, symbols and numbers. Avoid dictionary words or words connected to you, your personal information and / or relatives, friends or pets.

Updating: Update your blog application software and web server software as often as you can. Companies supplying blog software and blog applications, even if they are free, regularly post updates and revisions patching security flaws and leaks in their software and blog applications.

Local machines: keep you computer up to date with releases and patches as well. If you are a windows user, you already know what we are talking about.