Prevent Your WordPress Blog from Being Hacked

hacked-blogWhat is the worst thing you can imagine that could happen to your blog?

While there are certainly a number of things that can go wrong, the worst of them all would be for it to be hacked.

If somebody hacks into your WordPress account, he or she could infect it with a virus, use your account to spam others, or delete all of your files.

Imagine how bad it would be for all of your hard work to be deleted.

Thankfully, there are ways to prevent something like this from happening.

You need to learn how to backup your blog, posts, comments…everything.

There are also ways in which you can restore your WordPress blog in the event that it is hacked and/or deleted.

Even if your blog is new and doesn’t have very much content yet, you will still find yourself frustrated if it’s hacked.

Here are some tips for preventing your blog from being hacked:

  • Don’t make your WordPress dashboard password easy for others to guess.  If you use something simple, such as your name, a hacker may be able to figure it. Use a mixture of upper / lower case letters, numbers and symbols.
  • Change the WordPress admin username – most hackers know that ‘admin’ is the username and then they only have to guess the password. Make it twice as hard and change the admin username to something other than ‘admin’.
  • Be careful when using plugins, scripts, and layouts that you find on the internet.  Make sure they come from trusted sources before using them, as they can contain spy-ware.
  • Themes. If you want to use one that you found somewhere on the web, again make sure it is from a reputable source. Some theme creators add hidden links and advertisements.
  • Keep up with all the latest WordPress security upgrades. Although it can be a hassle to keep upgrading all the time, it’s crucial to do so.  All it takes is one small flaw for a hacker to break into your account, so make sure you keep up with all the upgrades and patches.
  • Include the following security plugins, Login Lockdown and Secure WordPress.

As I said at the beginning of the post, make sure you back up EVERYTHING, including your posts, comments, files, images, logos, template, links, and HTML coding.  That way, even if your blog does get wiped out, you’ll have everything you need for quickly putting it back together.

The best plugin to do this is: Backup Buddy.

Many bloggers think that backing up their databases using plugins like WP-DBManager is backing up their whole blog. IT ISN’T.

I am not saying the plugin is not good – it is and I have it installed as it automatically optimizes your databases for faster loading but it only backups your databases.

You need a plugin that backups EVERYTHING like: Backup Buddy.

Follow these tips to protect your WordPress blog from being hacked.  If it still ends up being hacked, make sure you have everything backed up and that you know how to restore it all. The plugin, Backup Buddy, makes it very simple.

What do you do to make your blog more secure?

Please share your views in the comments below.

________________________________________________________________________________

,

44 Responses to Prevent Your WordPress Blog from Being Hacked

  1. John Soares September 22, 2010 at 2:34 pm #

    Andrew, I’m still considering Backup Buddy.

    My host, Hostgator, backs up all my sites once a week and will do a full restore of a site for a small fee.

    And I got hacked when I was on Godaddy, so I know what it’s like to have to deal with these matters.

    • Andrew September 22, 2010 at 7:04 pm #

      John,

      Nice to see you hear…for me Backup Buddy is a must and worth the money.

      Andrew

  2. Patricia September 22, 2010 at 2:50 pm #

    Now that I have read this post Andrew; I will be getting Backup Buddy. Just thinking about getting hacked; scary stuff. Thanks for the reminder.
    Patricia Perth Australia

    • Andrew September 22, 2010 at 7:05 pm #

      Patricia,

      I agree! It’s worth the investment – just for the peace of mind.

      Andrew

  3. Steve September 22, 2010 at 4:08 pm #

    Hi,

    How do you determine if a plugin is from a reputable source? I install them through the WP panel and there is nothing really to differentiate between one developer who I’ve never heard of and the next.

    • Andrew September 22, 2010 at 7:07 pm #

      Steve

      You could look at the number of downloads, the support, do they respond to comments, do a search for it and see what others say about it.

      That would be a good start.

      Andrew

  4. Andrew September 22, 2010 at 7:01 pm #

    Corinne

    I know many who have been hacked and not nice!

    It can take days to recover.

    Andrew

  5. Vishal Gaba September 22, 2010 at 12:41 pm #

    I agree, it was of utmost importance to back up your data. While I was aware of this concept, Back up buddy seems to be a great plugin, will install it right away.

    • Andrew September 22, 2010 at 7:00 pm #

      Vishal

      I think it is worth every penny!

      Andrew

  6. Howard Harkness September 22, 2010 at 2:17 pm #

    What does BackUp Buddy do that I can’t get by just using FileZilla to download my entire website? Other than making it slightly easier to migrate to a new URL (which the new version of WP makes easy enough)?

    • Andrew September 22, 2010 at 7:02 pm #

      Howard

      Can you get FileZilla to backup your files automatically or do you have to go in and manually start the download each time?

      Andrew

      • Howard Harkness September 22, 2010 at 7:16 pm #

        It’s a manual process, which I do every few days. However, it’s not particularly painful. You log into your account, make sure you are pointed to the right place on your local system, then right-click, choose download on the www directory, and specify only files that are newer.

        I’m usually in FileZilla at least once a day anyway to put new stuff up on my site. I suppose if you are running WP as your whole site, you might not be doing regular FTP access, so that might be a hassle to set up, at least the first time.

        FileZilla is free, open-source, and does the job.

        Could be that I’m influenced by my 30 years of programming experience, but it just doesn’t seem to me to be worth $45 to automate something that isn’t that can be accomplished with minimal hassles with a free tool.

        Although now you have given me an idea… I can probably write a script that uses FileZilla (or just about any other FTP client) to automatically backup your sites, with a schedule and a list of URLs.

        The only shortcoming I can think of for that approach is that you have to have FTP access to make it work, and need to have a specific place to store it all. Folks who do WP sites like the fact that the site is accessible from any browser, anywhere.

        • Andrew September 25, 2010 at 4:01 pm #

          Howard

          The last thing I want to do is remmeber to do something each day to back up my files.

          That, to me, is easily worth $45. Buy it, set-up (once), test…done!

          But we are all different, aren’t we?

          Andrew

          • Howard Harkness September 26, 2010 at 12:59 pm #

            I’m doing something to nearly every website I have at least 3-5 times a week anyway. I have developed a habit of anytime I log into the FTP account with FileZilla, I do a “download all files that have been changed”, which involves about three extra mouse clicks. I do that before I make any changes, just to make sure that I have the latest copy of everything, since I use more than one computer — and I end up with a complete backup of my sites on every computer I use.

            I plan to start using SVN to keep track of changes, since I’m getting to the point where I have a lot of PHP code in a lot of places, and I need to implement some source code configuration control.

            To each his own, I guess. I’ve been a profession programmer for over 30 years, so I probably have a different view of things.

          • Andrew September 26, 2010 at 4:48 pm #

            Hi Howard,

            Thanks for coming back and sharing your process.

            As we have both said…we all like different ways.

            Andrew

  7. Ryan Biddulph September 22, 2010 at 2:22 pm #

    Hi Andrew,

    Super tips here.

    I follow them, especially your advice about plug-ins. Before you trust the tool check the source.

    Thanks for sharing your insight.

    Ryan

    • Andrew September 22, 2010 at 7:03 pm #

      Ryan,

      You are welcome – I hope it helps a little!

      Andrew

  8. Henway September 22, 2010 at 9:59 pm #

    Great points, especially backing up your data. However, I try to stay away from WordPress and other CMS, and build my own simply b/c I find the act of restoring a WordPress blog a bit scary.

  9. Jean Sarauer September 22, 2010 at 3:05 pm #

    Excellent post on a vital topic. A lot of my blogging friends have been hacked lately, and they’ve all said they wished they would have followed advice like what you’ve given here.

    • Andrew September 22, 2010 at 7:05 pm #

      Jean,

      Horse, gate and bolt spring to mind.

      We often think ‘if only…’, don’t we?

      Andrew

  10. Mavis Nong September 22, 2010 at 8:43 pm #

    Hi Andrew,

    I recently wrote a post about how to protect your blog from being hacked into.

    Great tips you are sharing here. Bloggers need to follow this to secure their blogs.

    Thanks for sharing.

    All the best,
    Mavis Nong

    • Andrew September 25, 2010 at 4:02 pm #

      Mavis

      Did your post say anything else we could do to improve the security?

      Andrew

  11. Felicia September 23, 2010 at 5:06 am #

    Hi Andrew, thank you for educating us about the possibilities of being hacked and also, thank you very much for telling us the steps on how to prevent it in the first place. I think the worst thing that could happen to a hacked blog site is when they choose to delete all of your files. That would be like all your hard work is just going down the drain.. 🙁

    • Andrew September 25, 2010 at 4:05 pm #

      Exactly, Felicia…hence recommending Backup Buddy.

      Andrew

  12. Ron September 23, 2010 at 7:48 am #

    Thanks Andrew for bringing this topic up. I have wordpress blog and I admit, it was injected with some codes or malwares before by unknown hackers or script kiddies.

    I think, they can easily get in to our WP blog via the plugins, themes and of course FTP software we are using as well.

    Also, updating WP platform is a must for us to minimize this kind of incident to happen.

    • Andrew September 25, 2010 at 4:06 pm #

      Ron,

      Did you have backups in place?

      Andrew

      • Ron September 26, 2010 at 11:52 pm #

        Ugh, I am having a backup now. Actually, I don’t have any backup setup before this attack happen. And after that script attack, I immediately look for the backup option.

        But I think its much better if you can give me some insights or advice, Andrew, regarding wordpress backup. Some sort of whats works best for backing up wordpress blog. I will really appreciate opinions and advice from you.

  13. Shally Martin September 23, 2010 at 7:57 am #

    Thanks for the tips. It will be useful to avoid account from being hacked and also account restoration after was hacked.

    • Andrew September 25, 2010 at 4:07 pm #

      Shally,

      You are welcome. Have you made any changes as a result?

      Andrew

  14. Julius September 24, 2010 at 12:13 am #

    Using a long and complex password is the main security measure I use. Great that you reminded us to back up our content as I’ve not done that recently. I also copy the main content itself and save it in my hard drive, if I don’t have it there yet

    • Andrew September 25, 2010 at 4:08 pm #

      Julius

      That is a good start. You may want to install the other plugins as well…they do help.

      Andrew

  15. Alan Mater September 30, 2010 at 9:25 pm #

    Hey Andrew,

    Excellent tips here. I can’t imagine going through an ordeal like getting my blog hacked. I’m going to download the Secure WordPress plug-in right now; although, I’ve taken other precautionary steps already. It never hurts to be doubly sure your blog is safe!

    I’ve seen other, free plug-ins available for complete backup solutions, but Backup Buddy seems to be the easiest and most hands-off of all of them. I would prefer not to have to download the files manually… a completely automated, hands-off method to me is well worth the price for piece of mind.

    • Andrew October 1, 2010 at 9:07 am #

      Alan

      Exactly – set it up and forget about it. Hopefully you’ll never have to use the restore function!

      Andrew

      • Alan Mater October 2, 2010 at 2:13 pm #

        Yeah… that would be a very good thing!

  16. ADHONYS October 8, 2010 at 4:32 pm #

    Thanks for these tips, i didnt knew that some one can stole or delete or my blog. I have a plugin for backup the blog, but nothing to avoid beeb hacked.

    By the way, Congratulations for this blog.I really like it. I have Bookmarked in ny favorites. I will keep visiting you to learn more of seo.

    • Andrew October 9, 2010 at 3:33 pm #

      ADHONYS

      I’m glad the post helps and you like my blog – really appreciate your kinds words.

      Andrew

  17. ThatsBlog.com December 15, 2010 at 1:58 am #

    Thanks for your submission to the Eighty Seventh edition of the Blog Carnival: Blogging. Your post has been accepted and its live:

    http://thatsblog.com/blog-carnival-blogging/blog-carnival-blogging-eighty-seventh-edition

    -ThatsBlog.com

  18. Tony Medina July 8, 2012 at 8:23 pm #

    Hi Andrew, as usual, I always learn something from your posts, thanks.

    I haven’t had any nasty experiences yet, however it could be more luck than good management.

    I have been using FileZilla, and get a daily email with my site’s database backup, also HostGator does a regular weekly one. Would you recommend to just use Backup Buddy?

    Cheers.

    • Andrew July 9, 2012 at 4:22 am #

      Tony,

      It sounds like you are pretty well covered.

      My only concern would be if you lost all your data on the day before HostGator did their weekly backup. How much data would you lose and how inconvenient would it be to go back 6 days?

      Andrew

  19. Wade Balsdon August 28, 2012 at 6:50 am #

    Funny you should post this Andrew. Our inbound and content marketing blog was hacked a while ago. My wife is now designing a brand new blog 🙂

    • Andrew September 7, 2012 at 12:23 am #

      Wade,

      I hope you add in some extra securioty this time!

      Andrew

  20. Salman Ahmad February 25, 2013 at 12:09 am #

    Well the tips looks promising. Gonnna implement all the methods explained in the article. Was looking for similar kind of tips from a long time. Thanks for the share.

Trackbacks/Pingbacks

  1. Follow Friday, A Birthday Bash Giveaway, and Thesis Awesome - January 1, 2011

    […] Prevent Your WordPress Blog from Being Hacked (@andrewrondeau) […]

Leave a Reply

Please note: Here at WeBuildYourBlog.com, we welcome your comments...supportive, critical or otherwise. However, we censor and delete all comments if they contain the following: Off-topic statements, links to sales pages or services, abusive content, vulgarity, personal attacks, spam or simply saying 'nice post...keep it up!'. Those who violate this policy will be blocked from commenting.