Cooking Up an Income - July Profits

Hey guys,

Back again for another Cooking Up an Income Report. This month, I want to talk to you guys a little about ways to make sure your blog is secure. It might not seem like a big deal (like, who would want access to the admin area anyway?) but you put a lot of work into your blog and a few simple steps can help you ensure that it is secure.

But first, here are the numbers for July …

In July The Endless Meal Earned:

  • Google analytics      $106.73
  • blogher                      $54.65
  • Infolinks                    $15.51
  • Buy Sell Ads              $56.67
  • Ligit                           $12.40
  • Other blog income   $83.90

Total blog income: $329.71

A few other numbers:

  • 51,701 people visited The Endless Meal in July
  • There were 74,020 page views
  • 21.9% of visitors had been here before

The top 5 post in July were:

  1. Honey Garlic Chicken
  2. Noodles in a Creamy Coconut Peanut Sauce {vegan + gluten free}
  3. Asian Salad Recipe
  4. Bite Sized Appetizers: Mini BLT Cups
  5. Smoky Parmesan Corn on the Cob

This month, The Endless Meal has been hit hard by brute force attacks. Brute force attack certainly sounds serious, and it can be. It basically refers to when hackers try over and over again to guess your admin name and password, often using script and multiple ip addresses.

So what can you do to increase the security of your website?

1.  Install the plugin Limit Login Attempts

About a year ago, Rachael from Simply Fresh Cooking emailed me to tell me about this plugin. (Thank you, Rachael!) It basically locks out any ip address that fails the correct username/password combination for a period of time that you set. Since installing it I have had 2871 ip addresses blocked from logging into The Endless Meal.

Right now I have it set to lock out for 96 hours after the first failed login attempt. Even with this I was still getting 50+ lockouts per day during this past month.

2.     Install the plugin Lockdown WP Admin

This plugin adds an extra layer of protection to your website by allowing you to change to address of your login page. The default login page for any WordPress site is your web address with wp-login.php at the end. The original login page for The Endless Meal was www.theendlessmeal.com/wp-login.php; pretty easy to figure out.

Since installing Lockdown WP Admin, I have not had one person get locked out from attempting incorrect login information. They obviously were not able to figure out the login web address.

3. Once you've installed Limit Login Attempts and Lockdown WP, you need to have a look at your password. Here are a few things to keep in mind:

  • NEVER use a word that is in the dictionary
  • Always use both upper and lowercase letters
  • Always use at least one number and one character (or preferably two or more of each)
  • Make sure your password is at least 12 characters long

Then make sure you keep your password somewhere secure. I sent mine to myself in a text message and wrote it down in a few places. Complicated passwords are hard to remember but even harder to crack.

If you have any questions, please don't hesitate to ask. Also, if you love a security feature you've installed on your blog I would love to learn about it!

xx Kristen