Start A Secure, Anonymous Blog

Start A Secure, Anonymous Blog

So you want to start a blog? You’ve come to the right place! This guide will give you step-by-step instructions to create a secure, anonymous blog.

This post contains affiliate links

For a little background, I have two degrees in Computer Science with a specialization in Cyber Security. My first job out of college was with a major defense contractor doing advanced cyber security research for DARPA. You’ve definitely heard about them in the news recently. Although it is impossible to make your blog 100% secure, you can stop more than 99% of hacking attempts and maintain your anonymity by doing a few things. This guide will help you build your blog from the ground up with security in mind so that you don’t have to worry about your site being compromised and losing all of its content.

If you want to find out more about blog security in general, check out my blog security post.

I recommend reading this entire guide before you start creating your blog. If you like my guide and decide to create your own secure blog, I would really appreciate it if you come back to this post and click through my links. If you have any questions at all, feel free to contact me.

1. Start With An Idea

The first step in creating a blog is to have an idea. It should be something that you are passionate about. Running a blog takes a lot of time and energy, so it helps if your blog’s topic is something you really enjoy. I regularly spend 4+ hours a day running Zero Day Finance, and I really enjoy it. In addition, you should be fairly knowledgeable about your blog’s topic. You don’t need to be an expert and you’ll do plenty of learning, but you should at least know the basics.

After you come up with your blog’s idea, you need to think of a name. The name should really describe your blog’s topic. For example, I run a financial blog so I made sure to put the word “finance” in it. I also really wanted to focus on trying to minimize spending so I came up with the idea of “zero days,” thus my blog’s name was born. There doesn’t need to be a strong relationship between your blog topic and name, but don’t name your fitness blog “Tales From My iPhone.”

2. Pick A Domain Name

Now that you’ve got an idea and a blog name, you need to figure out a domain name. A domain name is the web address of your blog. If you look in your browser’s address bar, you’ll see zerodayfinance.com, which is my domain name. You’ll want your domain name to match your blog’s name as best as possible. “Zerodayfinance.com” sounds like a financial site and matches my blog name so I get a nice checkmark. I could have very easily made my domain name “budgetbetterbyspendingzerodollarseveryday.com,” but this is terrible: too long and impossible to read.

After you pick your domain name, see if it is available. If it isn’t available, you can either rethink your blog’s name, or slightly modify it. Once you pick a domain name that is available, you can choose to buy it from a domain registrar (like GoDaddy), or you might be able to get it for free from your web hosting provider.

3. Choose A Web Host

Now that you have an idea and a domain name, you must choose a web host. A web host is a company that “hosts” your blog on the Internet so anyone can read it. There are many web hosts out there that will suit a variety of your needs. Since you are just starting out, I would recommend some of the cheaper web hosts, specifically their entry-level plans. You’ll typically pay about $3.95 a month with these plans if you pay for the whole year in advance. Not all of the hosting plans are the same, but you’ll get similar features with all of them:

I personally use BlueHost. They were very cheap, offered a strong set of features, have solid reliability, and also support “1-click WordPress Install.” It easily handles my blog’s traffic, and they also provide me with 5 email addresses which I find extremely useful. In addition, they will give you a free domain name if you choose them as your hosting provider. To summarize the most popular 3 web hosts:

  1. BlueHost: If you are just starting out, they offer a very good product for the money. Solid product and very easy to setup and use.
  2. SiteGround: Similar to BlueHost, although you can enable SSL/TLS on your website for free which makes your website seem more legitimate, although most people won’t notice.
  3. DreamHost: Offers similar services to BlueHost and SiteGround. If you are a techie like me, you’ll enjoy this more because you have developer access (SSH) on your host. I ran a company website hosted on DreamHost for a few years, and it suited my needs quite well.

At this point, you’ve chosen your domain name and your hosting provider. Sign up with your hosting provider, and reserve your domain name for free if they offer it. If they don’t offer it, go to a site like GoDaddy and buy your domain name, it should be pretty cheap.

If you bought your domain name from a third party company and NOT your hosting provider, complete the following step. You have to configure your domain name’s “Domain Name Server.” To do this, you must get your domain name server address from your hosting provider, and enter it into your domain name registration provider. It’s actually really easy. Just google “<your hosting provider> get domain name server” to get the addresses of your domain name servers and “<your domain registrar> set domain name server” for instructions to update them with your registrar. Once you do this, you are good to go!

4. Anonymize Your Domain

Anonymity is very important to the modern blogger. I would encourage you to start your blog anonymously. You can always start out anonymous and eventually tell your readers who you are. However, if you want to stay anonymous and your identity gets leaked, you can never go back.

After you’ve purchased your domain name and web host, you need to anonymize your domain registration. When you bought your domain, you provided a lot of personal information such as name, email, address, phone number, etc. That personal information is compiled and stored, referenced to your Domain. For example, if your name is John Smith and you buy johnsmith.com, anyone on the internet can find out that you paid for the domain and get all of your personal information.

To stay anonymous, you need to anonymize your domain registration details. If you bought it through an outside provider, there should be a way to do this with them. Just google “<domain provider> anonymous domain” and you’ll get results. If you got your domain through your web hosting provider, you should google the same thing. It may cost money, but making yourself anonymous is important and worth the $10 or so a year. As an example of what information is exposed with your domain, check this out. Note all of those fields that can expose your personal information? My domain name is anonymized, that’s what you want.

5. Install WordPress Securely

Phew, that was a lot! But now you are set up with your domain name and web host, now it is time to install WordPress! You don’t need to use WordPress, but it is the most common blog platform. This really helps when you want to comment on other people’s blogs: you’ll already have a WordPress account.

Installing WordPress will be slightly different for each hosting provider. It should be a very simple process where you just press a button. If it isn’t, google “<your hosting provider> install WordPress” and there should be some good instructions.

After you install WordPress, you’ll need to make the admin account for your blog. When you do this, DO NOT USE YOUR REAL NAME OR EMAIL ADDRESS as the account username. This is because when WordPress creates users, the username can never be changed. In addition, it will create a page for that user. So if your admin username is “johnsmith,” now you are identified by your personal information and your blog will have a page www.yourblogname.com/johnsmith for the world to see.

If you accidentally enter in your personal information for your WordPress admin username, don’t freak out. After your WordPress is is completely installed, go to your admin panel, create a new, anonymous user account, give them admin privileges, and just use that account forever.

Finish the install procedure and your blog should be set up perfectly! In addition, create a Gravatar account. This is what you use to comment on other people’s posts, and will uniquely identify you. Definitely upload a profile picture, but not of your face so you stay anonymous :).

6. Install Security Plugins

Before we get into themes and all that, you must install plugins to secure your blog. For more detailed information, check out Secure Your WordPress Blog The Right Way. I will provide a list of plugins that you should install. Failure to install any of them will leave your blog vulnerable to hackers.

WPS Hide Login: changes the default login page to one of your own choosing
Limit Login Attempts: locks out people who enter in the wrong username/password credentials too many times
BackWPup: automated WordPress blog backup plugin

After you install these 3 plugins, your default login page is disabled so attackers need to guess your login URL, your blog will lockout users who fail to enter in your username/password correctly, and it will automatically back itself up. The first 2 plugins are aimed at stopping malicious hackers from accessing and damaging your blog. The third plugin is for recovering after an attack. These aren’t the only plugins that you should install, but are the core plugins that will securely protect your blog.

After you install the security plugins, I would not install any other plugins until you’ve played with your blog’s themes. You can spend hours finding a thousand plugins that you will never use.

7. Choose Themes

Now that all of the security stuff is done, it’s time to start customizing your blog with a theme! There are many of them out there. I would google “free wordpress theme” to get started. Absolutely do not spend lots of $$$ on a theme when you first get started. If you keep blogging for a few months and grow tired of your theme, I would start looking at paid ones. Most will be $15 – $60. If you don’t know which theme to choose, look at other blogs in your niche and see what they use, and take note of the features that you want.

After you choose a theme, make sure you create a favicon for your site as well. A favicon is that small image that appears next to your site when you have multiple tabs open. Your favicon should be your logo. If you don’t have a logo, now is the time to create one. A good way to get one is to use fiverr. If not, I personally believe that it’s worth it to spend some money on a nice logo. There is bound to be someone you went to school with that is into graphic design who can help you out.

8. Read Other Blogs

Now that you have your blog setup with an awesome theme, start reading other blogs related to yours. There may only be a few or there could be thousands. Find maybe 5 and start reading their posts. Figure out what you like and what you don’t. Start commenting on them as well, using your gravatar profile. This will start drive traffic to your site, and also created external links to your site which is very good for SEO (Search Engine Optimization).

One of the “common courtesies” when you start out blogging is to respond to other people’s comments. It is a nice thing to do, and you’ll also increase your readership in the process. Hey, you might even make a few friends. Speaking of friends, start befriending people in the community. They will help you out if you have any questions, and will most likely become your first readers.

9. Write Your First Post

Writing your first post is tough. You should generally talk about the site and what you are doing. Don’t make it too long, the majority of people will read your about page instead. But make it personal and people will enjoy it. I really wouldn’t labor over your first post too much. Looking back at mine, it is terrible! But I refuse to modify it because I like it.

I definitely, 100% recommend using high-quality stock photos for all of your posts. These are usually really expensive (think $50-$1000 per). I personally use Pexels, they have completely 100% free stock photos for download, you don’t even need an account. All of my blog’s photos (including the one at the top of this page) are from Pexels.

10. Create Social Media Accounts

Now that you have a secure blog and have published a welcome post, it is time to advertise. Social media will be the best way to do this. You can buy advertisements, but I wouldn’t spend money until you have significantly more content. I am familiar with and use the 3 major social media platforms, and each has their strengths and weaknesses.

  1. Twitter: perfect for interacting with others anonymously, fairly easy to gain followers
  2. Facebook: terrible for finding new followers if you are anonymous, extremely difficult to gain followers, but very easy if you want to share with friends
  3. Instagram: perfect for publishing beautiful pictures

I use all three social media platforms, but focus on Twitter. Twitter lets me interact with all of my readers in a personal yet anonymous way. Facebook is great for people who want to invite their friends to read their blog. It is very difficult if you want to stay anonymous because you cannot invite friends to read your content. Instagram is great if your blog focuses on posting really cool pictures with short, catchy titles. Unfortunately, the majority of Instagram interactions will come from bots saying “Nice stuff!” or “keep it up!” I’ve had to block more than 10 accounts because they went through all my pictures, liked each one, and commented “great job!” on each one. I do generate a few clicks per post from my Instagram profile, but it is fairly poor at interacting with others.

When you pick your social media accounts, make the account names the same as your domain name, which should be the same as your blog name. Please make them all identical, you do not want to confuse people. Worst case scenario, make all of your social media accounts match, but they don’t have to exactly match your domain or site name.

11. Engage With Your Audience And Have Fun

Now that you have everything set up, talk to your audience! Anytime somebody comments on your blog, comment back. Comment on other people’s blogs, comment on their social media. The more people you interact with, the more traffic you will create. Make friends, and start having fun. Blogging is inherently social. Good luck!

I hope you enjoyed this step-by-step guide to help you create a secure, anonymous WordPress blog! If you read this guide and decide to create a blog, please come back and use my affiliate links, I would greatly appreciate it. Also send me a comment/message and you’ll gain a new reader!

Good Hunting,
David


If you liked this article, join the Zero Day Finance mailing list and gain access to exclusive content!

4 thoughts to “Start A Secure, Anonymous Blog”

  1. Nice work! I hadn’t changed my login page initially, and started to get 100s of login attempts/lockouts for generic accounts (that didn’t exist). After changing my login URL, I’m back to zero attempts. So far, it’s stayed that way. I like the new theme btw.

    1. Thank you! Finding good free themes is hard, I’ll bite the bullet and buy one eventually.

      My most popular post is the one about securing your blogs, figured I should write a post about how to secure your blog and stay anonymous from the get go. Kind of sad that I run a finance blog and people care more about my security insights, but I guess that isn’t bad.

  2. Hiding your login page is genius. I also noticed that WordPress automatically has it set up so people can ‘subscribe’ to your site. I had to manually uncheck that box in the settings because I was getting spammy signups. But I guess that problem could have been resolved if I hid the login page to begin with.

    1. Changing the login page eliminates all of the random hacking attempts at your site. It still isn’t too difficult to figure out your login page, but then locking accounts out after 3 attempts pretty much stops all password cracking attempts. The only thing left is if a bad guy knows about some zero day in WordPress, and I can guarantee you there are plenty.

Leave a Reply