It seems that in today’s society people rush everything. A prime example of this can be seen on some amateur WordPress blogs. Being caught up in the rush, bloggers forget that simple security flaws can go a long way. These five simple mistakes can lead to hours of headaches and regret. These mistakes can leave a blog vulnerable to anything from malware to being hijacked.

Permission Rules

The most common error made by people is the setting of permissions. Almost all the folders in a WordPress blog have the permission of “755″ which means the owner has the right to read, write and execute, leaving the public to only read and execute. All regular files have a permission of “644″ which basically means the public can only read your blog they can’t change anything. Note how the public does not have the “write” permission, there’s obviously a good reason for this. You wouldn’t trust a random stranger to hold and check through your wallet would you? So why would you give a random stranger on the Internet permission to write/edit anything he or she wants to on your blog? A lot of files I see with unnecessary permissions are “wp-config.php” and “.htaccess”. People get confused when WordPress tells them it needs to edit these and they set the permission to “777″; this can be catastrophic. The main rule of thumb to remember is after changing any permissions, always change them back to their lower level or your site may be left vulnerable.

Outdated Plugins & WordPress

Another common mistake that bloggers make is that they get too tied up with updating their site and forget to update the script and plugins that power it all. Updating WordPress includes fixing a hole every once in a while. This includes fixing SQL Injection vulnerability or other vulnerabilities that allow hackers to upload a shell to your site and take over everything. I’ve seen many new blogs get attacked this way, a simple Google query search will show which sites are vulnerable. So with that being said always remember to keep your plugins and WordPress site up-to-date or you might one day see the consequences.

Themes and their hidden secrets

Another annoying problem I see is themes that are downloaded or “Free”. Some people feel the need to download free themes from untrustworthy websites. Or they feel they don’t want to pay for downloading, so they go and download it from a free resource. These themes may contain vulnerabilities that the hacker has put in the theme so they can quickly search it on Google to find and attack sites with their code. Or they may have annoying backlinks to their page for a little SEO optimization. Always check where your themes are coming from!

Copying & Comments

The last two things I shouldn’t have to mention but some bloggers have to hear it. Always make sure you review comments so they don’t contain links to malicious sites or files, it’s your blog - be responsible for it. Also copying any content from anyone will get you placed really low in any Search Engine ranks so obviously don’t even think about it. If you like a topic, do your research and write something meaningful.