How to protect your blog from hackers?
As you guys know that I run a web design company, and I have many local / online clients. When I suggested the idea of using wordpress to some of my clients, they were very unsure. Reason being wordpress is an open source software hence insecure. But does it really make it insecure. In my opinion no, but due to the popularity of wordpress a lot of blogs become a target of hackers. Well, you can prevent it by taking the few simple steps.
Steps
-
Stay Updated
WordPress come out with new releases all the time. Which means you need to update all the time because if you get hacked using an older version then you can’t blame wordpress. If you guys are going to say well, I don’t know when a new wordpress version comes out. Well subscribe to Balkhis, because I write about it every time. Guys the reason why it is important to stay updated is because when wordpress finds the bug, they fix it, and release the next version. In that next version, they tell the world what was the bug that they fixed. So now the hackers know the vulnerability of your site if you are using the older version. So you just make the job easier for them. So always download the most stable version. It doesn’t take a long time. Stop being lazy and stay updated.
-
Download Database Backups
I am very sure that almost all of you get new comments everyday even if you don’t write new posts everyday. Well, then keep your database safe by making a backup everyday, so if anything happens you can always restore your site in moments. How do you download database backups. Well if you have cpanel, you go to Backup and download the mysql. But that seems like a lot of work. So you might be better of getting a WordPress Database Backup Plugin because this will let you schedule backups daily, weekly, monthly or what not. I have it as daily. Then you can chose to download the backup or have it sent to your email. Either one its up to you. But make sure you have database backups daily.
-
Good Web hosts
Good web hosts make a big difference in the security of your wordpress blog, or heck any site. So you are better of with going with the most reliable names in the industry unless you have your own server. If you ask me which one is the best to run your blog. I will say, Host Gator, or Blue Host should do the job perfectly fine. Because I know that they take care of almost all of their security issues.
-
File Permissions
Always delete your install folder from your root directory. Because a person can just rerun the install and change your password and screw your site. Next thing you want to make sure is that your wp-config.php is not writeable. If it is then you are technically revealing your passwords to the whole world. And someone can just change it if they really want to. You are better of with keeping all files writable just by yourself (user). A good plugin to have in this case is WP-Scan because it goes through everything and tell your site weaknesses.
-
Comment Spam
Comment spam is another issue which makes your blog insecure (Not really from hackers but you have spammers on your site trying to get unwanted content on your site). So a good way to protect them is just getting the plugin called Akismet, and Spam Karma. For most people Akismet alone can do the job, but as your blog size increases, Akismet can’t do everything.
-
Change Username
I know many people just use the wordpress default user admin. It is not a smart idea to do that because hackers know which field it is in the mysql database, so it is wise to make another user with your username, and a strong password give yourself adminstrator controls, and then delete the first user “admin”.
-
Keep Different Passwords
You need to keep different passwords because a simple hack can turn into something big. Because say if you have a same password for your wordpress and the email. Someone hacked your wordpress, then saw your email listed there. Hacked your email then hacked who know what else… So always have different passwords. And have strong passwords meaning use Capital and Small letters, Numbers, and Characters.
So wordpress even though is an open source software, but it is very secure. It have a lot of plugins that can make your site rock. If you are not using wordpress then use wordpress. If you are using wordpress, then make sure you look at all these tips and protect your blog from hackers.
Hey, I am Syed Balkhi, The guy who is behind Balkhis Inc. I entered the industry back in 2002 not knowing a single thing. I barely spoke English at that time. In the past six years, my language barrier has been eliminated. Aside from English, now I also speak html, and php. Along with the languages I have also managed to master a few arts. Art of web-designing started when I first entered. Messing around with photoshop, I learned how to create my first web design. Now I founded a web designing firm Uzzz Productions. After running numerous amount of websites in various niche, I have mastered the art of web-development. Now I am compiling a resource of what I already know, and what I am learning on this blog. This resource is to help me if I ever need a guide to look back to, and it is help my fellow webmasters.
These are some really good tips. A few friends of mine have been hacked and I would ahte to be hacked. I backup my database every week/fortnight and I have different usernames. I try to do everything you said so my blog can continue to stay up and running
I hope you change it to daily because it is essential what if you are a day before your week cycle ends. You lose all the stuff for that week.
Love it Syed! I’m going to checkout spam karma and that wp-scan plugin. I agree with the different usernames and passwords, even though it’s a pain, if you have a proper password management program like roboform, and iron key, or avg password vault, you’re good.
Thanks, good stuff buddy.
What a coincidence! My blog was hacked two days ago and the whole episode serves a good lesson and reminder to all on the importance of backing up their blog.
I couldn’t imagine the worst if I had not back up my database. Thanks for the tip #5.
Yan
Backing up the database is essential therefore I do it daily…
Great tips. Thanks! I’m good on #s 1, 5, 6 and 7 but could stand to implement the others.
I have many of these going already. Just installed the backup plugin a few weeks back. I am going to have to take a closer look at that one wp scan.
Just install it and see if you like it or not. It just tells you what you need to do to make your blog more secure thats all.
Lots of good info in that post, and I’m sure many bloggers are not doing the things you mention
There’s one other factor that’s worth mentioning, and that is the operating system used on your webhost.
I avoid using Windows servers, but prefert to have my sites hosted on linux servers. However, it’s not just the choice of operating system that’s important – you need to be using a webhost that keeps the operating system fully patched and up-to-date, else a security vulnerability in the operating system could still result in your blog being compromised.
Fully agreed martin. I personally don’t like windows hosted servers either. Therefore I recommended two of the top notch hosting providers above.
Its very scary to think that there are hackers waiting to pounce on bloggers like this. Thanks for some great and timely tips.
Great post highly recommend backing up weekly
[...] How to protect your blog against hackers? [...]
I have never been hacked and hope to remain that way
Those are some simple but great tips, such as changing the username to make it twice and hard and using the scanning plugin
I think I need to back up my blog
am a big fan of the idea of backup. at least that way, no hack job will end up in a catastrophic loss of information. and it’s a lot easier to do it now that it used to be (by this, i talk of backups in general).
Agree with that, Syed. Especially when I got apammers install invisible links on my footer. I learned a few more things here: http://www.homebiz.bukiki.com/blog-security-hacked-hijacked/
A lot of blogs get hacked time and time again and mine did too before. Its important to remember to make database backups frequently, usually every day or every week if possible. Its something that we may all have to go through at some point or another and its a painful process if you don’t have anything saved.
Thanks for sharing this. I found it on social median. I have had my WordPress blogs hacked repeatedly and wish I had known this in the past. The hackers also were able to access my other sites on the same server and damage them as well. I also recommend Hostgator, where I now host all my blogs, so far with no problems.
[...] Check my other article on How to protect your blog from hackers? [...]
[...] have been hacked in the past, and I hate the period. I have written in the past a post about how to protect your blog from hackers. Today I will talk about another key thing that WordPress have which makes it a lot more secure [...]