Looking for Something?

5 Tips I Learned From a Security Breach on My Blog


I’m writing this post from an offline blog writer because my blog is being restored back to it’s most recent backup by my hosting company. My FTP password was compromised and someone went in and deleted my entire blog. Everything that they could delete, they did. Fortunately, my hosting company has a backup from 3 days before so I won’t lose everything.

Please learn from my experience and take a few precautions.

1. Backup many times. Don’t rely solely on your hosting company, although do check with them to be sure they do backup and how often. I also did a daily backup through WordPress, but I made one mistake. I have the backups saved in a folder in WordPress. That is gone now too. Have the backups emailed to you. Set up a separate email account just for your backups.

2. Change your FTP password often. I have never changed mine because if I did, I’d forget it. I will be changing mine more often now.

3. Delete FTP accounts you don’t need. I’m not sure how they got into my FTP. My main account that I use has a very secure password, although I never change it. But I didn’t realize that I had 15 other FTP accounts set up. Each time I set up a new email, a new FTP was created. I never thought to do anything with those. They were very old and probably didn’t have secure passwords. I deleted all of them.

4. Use an offline blog writer as another backup. I use Quamana on my Mac and Windows Live Writer on my PC. I don’t always write offline, but I go in weekly and sync the blog posts so I have another backup of my work. This is also helpful if you do not have Internet access and you want to work.

5. Use very secure passwords. Use a password that looks more like this, iue*#3]2Eki6 than like this, momblogger26. I know that the first password is harder to remember, but the second one is way too easy to figure out. You need to use a combination of letter, symbols, numbers and both small and capital letters. I do have mine all written down in a notebook and I also use Last Pass to store passwords online so I only have to remember one secure password to get into Last Pass.

These are 5 things I learned in the last few days after going through a security breach on my blog. What other tips do you have for making your blog secure?


  • Dave Taylor

    Much, much smarter is to simply avoid FTP entirely. It’s a known insecure utility that sends your account and password pair “in the clear”, easily sniffed and detected. Insist that your tools work with SFTP, the secure version of FTP that runs over SSH. For my blog back end, it’s all configured to only allow “https” URLs for administrative work, effectively offering the same encrypted security.

    • scrappinmichele

      hmmm! I will have to look into that. That’s a much better choice. Thanks for the tip!!

    • scrappinmichele

      So, if I want my back end to only allow “https” is that something I need to request from my hosting company or is a settings that I change? My blog is finally back up and I didn’t lose anything, but I want to make sure this doesn’t happen again. I might not be so lucky next time. 

  • Anonymous

    for those that don’t know. Dave is a very smart man.

  • scrappinmichele

    FYI for anyone interested in using sftp and accessing their back end securely. I talked with my hosting company and they had me fill out an online form and then I had to fax them a copy of a picture ID with my address and name on it. Then they turned on the sftp for me. Obviously, this isn’t fool proof, but no one else will be able to request sftp access to my account now and as long as I change my password often and use a secure password, I am better off than I was before.

    Thank you Dave for the advice. 

  • Alexandra Lawrence

    I don’t know why people would do these things!  What can they possible get out of it?  I had never even thought about backing up my blog, but I will be looking into now.  Thanks for the info 🙂

  • Tim [techfruit]

    One other tip I recently read (on Lifehacker I think) was to make your password a full phrase with punctuation – it makes it very hard to crack.

    For example:
    I’m a cheese lover!

    That is easy to remember so you won’t have to leave (obviously insecure) stickies around with the password on to remind you of it, and more importantly pretty much impossible to crack with brute force (that many characters including letters, uppercase, lowercase, and punctuation would take even the strongest botnet years to crack)

  • GeorgeGNS

    Talking about the backups, they have become an absolute necessity when it comes to the management of data, content and private information among all other functions that they meet.

Learn About NMX


Recent Comments