Adventures in Cloud Security

Malicious hackers have made computer security breaches a constant concern.  Groups like Anonymous have shown that even some of the most secure networks in the world are vulnerable to attack.  When I bought the domain it occurred to me that there is always the possibility that someone could break into my website.  To keep costs low for the site I picked a host that uses shared hosting.  There is nothing I can do to improve the security of the server itself.  The only action I can take is to make sure that my password for cPanel is secure.  My hosting provider was hacked some time ago before I was a customer and I can only hope they’ve learned their lesson and keep a better eye on security.

To protect the site I set up two cloud based security measures.  The first tool is CodeGuard.com.  CodeGuard backs up my site daily using delta backups to minimize storage consumption.  This protects the content of the site if my server is hacked or taken offline.  The second tool I’m using is CloudFlare.com.  CloudFlare is a content delivery network and security service.  CloudFlare is installed by changing the name servers for the site.  This means that all visitor traffic to my site passes through CloudFlare’s security screen first.  All the reviews I read about CloudFlare before I set it up were amazingly positive.  This company has the chance to turn the tide in the internet security war.  The content distribution portion of CloudFlare is an added bonus that speeds up loading times.

The other set of security measures I set up were meant to protect the blog as well as the other modules of the site, forum and photo gallery.  WordPress has made a lot of improvement in the inherent security of the software over the years.  That being said, there is still some vulnerability.  There are two plugins I installed to protect the blog.  First, I installed BulletProof Security (BPS).  BPS modifies the .htaccess files to prevent hackers from accessing certain portions of the site.  It was a little complicated to set up but I have a lot of confidence in the security it provides.  The second plugin I installed was Better WP Security.  This plugin automates backups of the WordPress MySQL database and monitors the files in the WordPress directory for changes.  In addition, the plugin also prevents brute force login attacks on the blog and prevents attackers for scanning through the blog for vulnerabilities.  The last security measure is probably the simplest of all, make sure the software is running the most current version.  WordPress makes updating painless.  phpBB hasn’t needed to be updated yet but I think the process is also automated.  Coppermine photo gallery is the one that is difficult to update but it’s still not too bad.

I put links at the bottom of my homepage to support the companies that have provided the tools to build this site.  Check them out.

Updates coming soon…

I’ve been working on a lot of changes to the site and I have a few drafts written but I’m still working on putting the posts together.

My first domain / WordPress site

This is the first time I’ve worked with a site where I’ve had significant control.  BrianRThomas.com is being hosted by WebHostingHub.  My main blog, through its many incarnations has always been hosted by Blogger.  It’s nice to try something I can have more control over.  The only possible downside is I’m now exposed to downtime from my hosting company.  Blogger has been super reliable over the years and Google hosted services have a lot of redundancy.  I don’t think I’ll run into any issues but it’s something I want to keep an eye on.  As a side note it’s a bit humorous that I insist on great uptime for a site that may never get much traffic.

For my own redundancy I’ll probably mirror all the posts between the two blogs.  I tried to run an importer to get the Blogger posts listed here but the formatting transferred poorly.

I want to test some formatting so this post is going up in multiple parts.

Load more