Has your blog ever been hacked?
If so, then you understand how important it is to have security measures implemented.
In today’s episode, I discuss WordPress security and share how to protect your blog from hackers.
Inside This Episode
There’s something I REALLY hate about the internet – Hackers.
There have been a few times in my blogging experience where I woke up to a hacked blog.
It has ranged from simply hackings that resulted in links added to my blog in random places, to hackers taking my entire blog down.
This has forced me to study WordPress security a bit, to reduce the chances of my blog getting hacked in the future. Here are some steps you can take (from simple to complex).
Be proactive about updates
The WordPress community is a very proactive community. Whenever there’s a security breach/loophole that we need to be aware of, that info is quickly shared.
Fortunately, WordPress is also very proactive with updating WordPress to take care of those fixes.
In the past, I used to tell people not to update WordPress whenever there’s a new update because it can cause stuff to break. However, WordPress seems to have gotten better with updates.
Now I recommend that bloggers be proactive with updates, both of WordPress and plugins.
passwordsUse a unique and complex password
One of the types of attacks that’s often issued on WordPress is called a brute force attack. In short, this is when a hacker systematically guesses a bunch of different passwords until they get the right one.
Once they are able to log into your WordPress admin area, or your hosting control panel, they are able to do some serious damage.
Make sure you are using unique, complex passwords for every relevant account. I would even recommend using a service like Dashlane to generate complex passwords and to keep track of all of your passwords for all of your accounts.
Use the All In One WP Security Plugin
securityThe All In One WP Security plugin is the best security plugin for WordPress. It walks you through a series of steps to take to make your WordPress installation stronger and then grades you on how protected you are.
Here are some examples of what it helps you to do:
Enable brute-force protection.
Change your usernames if you’re using a common one (i.e. admin).
Automatically block IP Addresses if there are multiple unsuccessful logins from that IP.
Change your database prefixes
Much more
If you go through most of the steps it walks you through, you will have a WordPress blog that is less susceptible to hacking.
Upgrade to managed hosting
HostingIf you’re at a point where you’re getting significant traffic, it might be time to consider upgrading your hosting.
With shared hosting, you have less control over your server, because it’s shared with hundreds, if not thousands of other sites.
By upgrading to a managed VPS or dedicated server, you have tech people monitoring your server and making the necessary changes that are needed.
There have been a few occasions where one of my sites was under attack. I submit a ticket, and they make the changes to the server that’s necessary to block the attack.
What exactly did they do? I don’t know, and I don’t care. All I care about is that my site is protected.
Have a reliable backup system
serverHere’s the truth – You can do everything I recommend and have a solid security system in place. Unfortunately, hackers are often quite smart, and can sometimes get around even the toughest of security systems.
In the event that something goes wrong and you are hacked, I highly recommend for you to have a solid backup system in place.
Depending on your host, this might already be taken care of. However, I still recommend that you have a WordPress backup system installed.
I use Backup Buddy, and another alternative is VaultPress. They basically accomplish the same thing – they provide an easy backup solution for your WordPress blog. However, VaultPress is a little easier to use, especially if you’re not a techy person. I use Backup Buddy because my tech team provides it as a service.
As an additional backup, I also write all my content in Google Drive. That’s automatically backed up to the cloud
If so, then you understand how important it is to have security measures implemented.
In today’s episode, I discuss WordPress security and share how to protect your blog from hackers.
Inside This Episode
There’s something I REALLY hate about the internet – Hackers.
There have been a few times in my blogging experience where I woke up to a hacked blog.
It has ranged from simply hackings that resulted in links added to my blog in random places, to hackers taking my entire blog down.
This has forced me to study WordPress security a bit, to reduce the chances of my blog getting hacked in the future. Here are some steps you can take (from simple to complex).
Be proactive about updates
The WordPress community is a very proactive community. Whenever there’s a security breach/loophole that we need to be aware of, that info is quickly shared.
Fortunately, WordPress is also very proactive with updating WordPress to take care of those fixes.
In the past, I used to tell people not to update WordPress whenever there’s a new update because it can cause stuff to break. However, WordPress seems to have gotten better with updates.
Now I recommend that bloggers be proactive with updates, both of WordPress and plugins.
passwordsUse a unique and complex password
One of the types of attacks that’s often issued on WordPress is called a brute force attack. In short, this is when a hacker systematically guesses a bunch of different passwords until they get the right one.
Once they are able to log into your WordPress admin area, or your hosting control panel, they are able to do some serious damage.
Make sure you are using unique, complex passwords for every relevant account. I would even recommend using a service like Dashlane to generate complex passwords and to keep track of all of your passwords for all of your accounts.
Use the All In One WP Security Plugin
securityThe All In One WP Security plugin is the best security plugin for WordPress. It walks you through a series of steps to take to make your WordPress installation stronger and then grades you on how protected you are.
Here are some examples of what it helps you to do:
Enable brute-force protection.
Change your usernames if you’re using a common one (i.e. admin).
Automatically block IP Addresses if there are multiple unsuccessful logins from that IP.
Change your database prefixes
Much more
If you go through most of the steps it walks you through, you will have a WordPress blog that is less susceptible to hacking.
Upgrade to managed hosting
HostingIf you’re at a point where you’re getting significant traffic, it might be time to consider upgrading your hosting.
With shared hosting, you have less control over your server, because it’s shared with hundreds, if not thousands of other sites.
By upgrading to a managed VPS or dedicated server, you have tech people monitoring your server and making the necessary changes that are needed.
There have been a few occasions where one of my sites was under attack. I submit a ticket, and they make the changes to the server that’s necessary to block the attack.
What exactly did they do? I don’t know, and I don’t care. All I care about is that my site is protected.
Have a reliable backup system
serverHere’s the truth – You can do everything I recommend and have a solid security system in place. Unfortunately, hackers are often quite smart, and can sometimes get around even the toughest of security systems.
In the event that something goes wrong and you are hacked, I highly recommend for you to have a solid backup system in place.
Depending on your host, this might already be taken care of. However, I still recommend that you have a WordPress backup system installed.
I use Backup Buddy, and another alternative is VaultPress. They basically accomplish the same thing – they provide an easy backup solution for your WordPress blog. However, VaultPress is a little easier to use, especially if you’re not a techy person. I use Backup Buddy because my tech team provides it as a service.
As an additional backup, I also write all my content in Google Drive. That’s automatically backed up to the cloud
ConversionConversion EmoticonEmoticon