218 How To Protect Your WordPress Blog From Hackers

By Leslie Samuel | Blogging

Jun 03

Has your blog ever been hacked?

If so, then you understand how important it is to have security measures implemented.

In today’s episode, I discuss WordPress security and share how to protect your blog from hackers.

Listen to This Episode

Inside This Episode

218_WP-Security_Pinterest

How To Protect Your WordPress Blog From Hackers

There’s something I REALLY hate about the internet – Hackers.

There have been a few times in my blogging experience where I woke up to a hacked blog.

It has ranged from simply hackings that resulted in links added to my blog in random places, to hackers taking my entire blog down.

This has forced me to study WordPress security a bit, to reduce the chances of my blog getting hacked in the future. Here are some steps you can take (from simple to complex).

Be proactive about updates

The WordPress community is a very proactive community. Whenever there’s a security breach/loophole that we need to be aware of, that info is quickly shared.

Fortunately, WordPress is also very proactive with updating WordPress to take care of those fixes.

In the past, I used to tell people not to update WordPress whenever there’s a new update because it can cause stuff to break. However, WordPress seems to have gotten better with updates.

Now I recommend that bloggers be proactive with updates, both of WordPress and plugins.

passwords

Use unique username and passwords

Use a unique and complex password

One of the types of attacks that’s often issued on WordPress is called a brute force attack. In short, this is when a hacker systematically guesses a bunch of different passwords until they get the right one.

Once they are able to log into your WordPress admin area, or your hosting control panel, they are able to do some serious damage.

Make sure you are using unique, complex passwords for every relevant account. I would even recommend using a service like Dashlane to generate complex passwords and to keep track of all of your passwords for all of your accounts.

Use the All In One WP Security Plugin

security

Security

The All In One WP Security plugin is the best security plugin for WordPress. It walks you through a series of steps to take to make your WordPress installation stronger and then grades you on how protected you are.

Here are some examples of what it helps you to do:

  • Enable brute-force protection.
  • Change your usernames if you’re using a common one (i.e. admin).
  • Automatically block IP Addresses if there are multiple unsuccessful logins from that IP.
  • Change your database prefixes
  • Much more

If you go through most of the steps it walks you through, you will have a WordPress blog that is less susceptible to hacking.

Upgrade to managed hosting

Hosting

Managed hosting

If you’re at a point where you're getting significant traffic, it might be time to consider upgrading your hosting.

With shared hosting, you have less control over your server, because it’s shared with hundreds, if not thousands of other sites.

By upgrading to a managed VPS or dedicated server, you have tech people monitoring your server and making the necessary changes that are needed.

There have been a few occasions where one of my sites was under attack. I submit a ticket, and they make the changes to the server that’s necessary to block the attack.

What exactly did they do? I don’t know, and I don’t care. All I care about is that my site is protected.

Have a reliable backup system

server

Have a reliable backup system

Here’s the truth – You can do everything I recommend and have a solid security system in place. Unfortunately, hackers are often quite smart, and can sometimes get around even the toughest of security systems.

In the event that something goes wrong and you are hacked, I highly recommend for you to have a solid backup system in place.

Depending on your host, this might already be taken care of. However, I still recommend that you have a WordPress backup system installed.

I use Backup Buddy, and another alternative is VaultPress. They basically accomplish the same thing – they provide an easy backup solution for your WordPress blog. However, VaultPress is a little easier to use, especially if you’re not a techy person. I use Backup Buddy because my tech team provides it as a service.

As an additional backup, I also write all my content in Google Drive. That’s automatically backed up to the cloud.

What about you?

What kind of security measures (if any) are you taking to protect your blog from hackers? Let me know in the comments below.

Resources Mentioned

  • Dashlane – a tool that allows you to create unique, complex and encrypted passwords and be able to share them securely
  • All In One WP Security – a security plugin for WordPress
  • Backup systems for WordPress:
  • WP Curve – provides tech service for my blog

Infographic

218_WP-Security_Infographic

How To Protect Your WordPress Blog From Hackers

Transcript

Some people just love being able to read along with interviews, or they might just prefer to skip the audio completely and just read through the transcript. Hey, if that’s what floats your boat, it is all good. Here’s the transcript just for you :)

Click here to download transcript.

 

  • Katyan Roach says:

    Thanks so much for the tips Leslie. I actually installed the All In One WP Security right away! Thanks again.

  • Sue says:

    I’ve been using the Wordfence plug-in for security. Before I installed it I had no idea how many times hackers, or even bots perhaps, were trying to access my blogs! Now I do! I’ll give All in One WP Security a look as well.

  • John says:

    Hi Leslie – thank you for your answer to my question! I really appreciate it and got great value! I will definitely be following up on what you said!
    One thing I learnt through my recent hacking experience was that many of my plugins were no longer being developed – they had been abandoned by the developer and were no longer being updated. Some of them had not had any updates to the code for 4 years, which as you know is huge when it comes to code and hacking! So here I was, thinking I always had the latest code for my site just by always updating plugins, themes and WordPress when updates became available, but from here on, I will also be pro-active and actually check each plugin from time to time.
    If you go to the installed plugins page, and on each plugin click on ‘View Details’ – you can then see when the plugin was last updated and what version of WordPress it is compatible with, and if it has been tested with your current version of WordPress. So this was something I found useful.
    Again, thank you so much for your answer to my question! Here’s to hack free sites!

  • Ron says:

    I am using iThemes Security on my blog but since you mentioned All In One WP Security, I tried using it on my other blog site. I also tried the VaultPress so I thank you. By the way what backup plugin that connects with Google drive automatically? Thanks. 🙂

  • >
    116 Shares
    Share2
    Tweet12
    Pin101
    Share1