Skip to Content

3 Ways to Protect Your WordPress Blog from Hackers

There’s been a lot of press about WordPress sites under attack by hackers these last few months. Recently I myself was the receipient of several attacks as well.  Luckily for me, I was aware of them because I got an email from Wordfence while they were happening! Thanks to my good friend Matt from Lukens Consulting who introduced me to Wordfence, I feel like I am well protected. There are always going to be hackers trying to get into your site…perhaps for malicious reasons, or perhaps to add spam or pay per click links to your site…but there are ways to stop them from getting in and protect your blog!

Protecting Your Blog From Hackers

Have you seen this kind of traffic on your site?

foreign traffic on my blog

Here are some steps you can take to protect your blog from hackers!

Delete the admin user. But BEFORE you do that, first create a user with a unique name who has admin rights. Then you can delete the admin user. The most common attacks seem to be “dictionary attacks” on the admin user (because they only have to come up with the password; the user name admin is already there for them). The hacker uses a program to continuously try a combination of letters and numbers. If you don’t have an admin user name, they can’t get in using this strategy.

Another tip: Pick a nondescript name for your own user name so that if they decide to try to get in that way, you aren’t giving them part of what they need!

Install the WordFence plugin / tighten up your settings. Recently I had a hacker try to get in to my blog all night long. WordPress allows an unlimited number of tries by default; with WordFence you can tighten up your security even more. See the security options Wordfence offers below! If you make it hard for a hacker, chances are he’ll move on to an easier target.

Another way hackers find their way in is through plugins that aren’t up to date. Wordfence alerts you via email as soon as a plugin has an update available!

WordFence

Keep your eye on fake registrations / add comment control. When someone registers with an email that ends in .cn, .jp, .pl or other foreign email networks, watch them carefully. Consider whether their interest is valid or not. For my commenting system, I have to approve any new commenter. After the first time they are approved, they are able to comment freely. You still could get spam links if someone wrote a comment that looked like it was legitimate and you approved it, because that person would then have the ability to comment throughout your blog. However, if you’re like me and monitor your comments on a daily basis (all comments are emailed to me so nothing falls through the cracks), you’d see something like that right away and would have the chance to address it by deleting that person as a user or blocking them from your site. Here’s an example of comments that were not approved, and actually I didn’t even see, thanks to my Akismet plugin that stops most spam in its tracks!

Another tip: Occasionally a real comment will end up in spam. I check my spam folder periodically because I have had this happen with two people, neither of which are spammers. It doesn’t happen all that often though.

Unapproved comments on my blog

I hope you find this helpful in making your blog more secure! What’s your best tip to avoid hackers?

 

Follow on Bloglovin

Sharing is caring!

Patty

Sunday 9th of June 2013

My blog was hacked about a year ago. Fortunately we discovered it quickly and they didn't do any damage. But it was so scary! We had made a classic mistake that allowed easy access. After that we made lots of changes to protect ourselves - including choosing better passwords and changing them regularly. We also installed security software - which we ended up not really liking. I haven't heard of WordFence - I'll check that out. Even though we haven't had any more problems - although there are plenty of attempts - it still makes me nervous. I just can't believe there are people who do this. Why don't they get a real job instead of trying to destroy blogs.

Thanks for sharing. Visiting from SITS.

Michelle Nahom

Tuesday 11th of June 2013

I know, it makes me nervous every time I get an email about a hacker. But so far so good! I'd rather be safe than sorry!

Ambitious Curls

Sunday 9th of June 2013

I'll definitely be installing that plug-in. Thanks for sharing!

Michelle Nahom

Tuesday 11th of June 2013

Glad you found it helpful!! It's just crazy with all the hacker attempts!

Mothering From Scratch

Saturday 8th of June 2013

{Melinda} This is great, Michelle. Thanks SO much ... doing all of these. Hacker attempts have been driving me crazy and making me nervous lately. Installing WordFence now. Pinning this! ;)

Michelle Nahom

Tuesday 11th of June 2013

Glad you found it helpful enough to pin! It has been such a help to me!

Crystal

Saturday 8th of June 2013

Great tips, Michelle! As you know, I just had to hire someone to "unhack" me. I've implemented each of these tactics and cannot stress enough how right you are - you have to be proactive and protect your writing and blog!

Michelle Nahom

Tuesday 11th of June 2013

Ugh! So frustrating. So far so good...but not for lack of their trying!

Tracie

Saturday 8th of June 2013

Great tips! Especially the one about changing the admin. It is crazy how hard those hackers work to try to get into our websites.

Michelle Nahom

Tuesday 11th of June 2013

I know, isn't it? It drives me nuts!