What is the worst thing you can imagine that could happen to your blog?
While there are certainly a number of things that can go wrong, the worst of them all would be for it to be hacked.
If somebody hacks into your WordPress account, he or she could infect it with a virus, use your account to spam others, or delete all of your files.
Imagine how bad it would be for all of your hard work to be deleted.
Thankfully, there are ways to prevent something like this from happening.
You need to learn how to backup your blog, posts, comments…everything.
There are also ways in which you can restore your WordPress blog in the event that it is hacked and/or deleted.
Even if your blog is new and doesn’t have very much content yet, you will still find yourself frustrated if it’s hacked.
Here are some tips for preventing your blog from being hacked:
- Don’t make your WordPress dashboard password easy for others to guess. If you use something simple, such as your name, a hacker may be able to figure it. Use a mixture of upper / lower case letters, numbers and symbols.
- Change the WordPress admin username – most hackers know that ‘admin’ is the username and then they only have to guess the password. Make it twice as hard and change the admin username to something other than ‘admin’.
- Be careful when using plugins, scripts, and layouts that you find on the internet. Make sure they come from trusted sources before using them, as they can contain spy-ware.
- Themes. If you want to use one that you found somewhere on the web, again make sure it is from a reputable source. Some theme creators add hidden links and advertisements.
- Keep up with all the latest WordPress security upgrades. Although it can be a hassle to keep upgrading all the time, it’s crucial to do so. All it takes is one small flaw for a hacker to break into your account, so make sure you keep up with all the upgrades and patches.
- Include the following security plugins, Login Lockdown and Secure WordPress.
As I said at the beginning of the post, make sure you back up EVERYTHING, including your posts, comments, files, images, logos, template, links, and HTML coding. That way, even if your blog does get wiped out, you’ll have everything you need for quickly putting it back together.
The best plugin to do this is: Backup Buddy.
Many bloggers think that backing up their databases using plugins like WP-DBManager is backing up their whole blog. IT ISN’T.
I am not saying the plugin is not good – it is and I have it installed as it automatically optimizes your databases for faster loading but it only backups your databases.
You need a plugin that backups EVERYTHING like: Backup Buddy.
Follow these tips to protect your WordPress blog from being hacked. If it still ends up being hacked, make sure you have everything backed up and that you know how to restore it all. The plugin, Backup Buddy, makes it very simple.
What do you do to make your blog more secure?
Please share your views in the comments below.
Dear Andrew –
I was hacked. It was a nightmare. They took my whole blog down with spam. Lots from foreign countries.
When I asked my tech, “Why Me” he answered, “Because they can”
Like a sport.
I know many who have been hacked and not nice!
It can take days to recover.
Andrew, I’m still considering Backup Buddy.
My host, Hostgator, backs up all my sites once a week and will do a full restore of a site for a small fee.
And I got hacked when I was on Godaddy, so I know what it’s like to have to deal with these matters.
Nice to see you hear…for me Backup Buddy is a must and worth the money.
Now that I have read this post Andrew; I will be getting Backup Buddy. Just thinking about getting hacked; scary stuff. Thanks for the reminder.
Patricia Perth Australia
I agree! It’s worth the investment – just for the peace of mind.
How do you determine if a plugin is from a reputable source? I install them through the WP panel and there is nothing really to differentiate between one developer who I’ve never heard of and the next.
You could look at the number of downloads, the support, do they respond to comments, do a search for it and see what others say about it.
That would be a good start.
I agree, it was of utmost importance to back up your data. While I was aware of this concept, Back up buddy seems to be a great plugin, will install it right away.
I think it is worth every penny!
What does BackUp Buddy do that I can’t get by just using FileZilla to download my entire website? Other than making it slightly easier to migrate to a new URL (which the new version of WP makes easy enough)?
Can you get FileZilla to backup your files automatically or do you have to go in and manually start the download each time?
It’s a manual process, which I do every few days. However, it’s not particularly painful. You log into your account, make sure you are pointed to the right place on your local system, then right-click, choose download on the www directory, and specify only files that are newer.
I’m usually in FileZilla at least once a day anyway to put new stuff up on my site. I suppose if you are running WP as your whole site, you might not be doing regular FTP access, so that might be a hassle to set up, at least the first time.
FileZilla is free, open-source, and does the job.
Could be that I’m influenced by my 30 years of programming experience, but it just doesn’t seem to me to be worth $45 to automate something that isn’t that can be accomplished with minimal hassles with a free tool.
Although now you have given me an idea… I can probably write a script that uses FileZilla (or just about any other FTP client) to automatically backup your sites, with a schedule and a list of URLs.
The only shortcoming I can think of for that approach is that you have to have FTP access to make it work, and need to have a specific place to store it all. Folks who do WP sites like the fact that the site is accessible from any browser, anywhere.
The last thing I want to do is remmeber to do something each day to back up my files.
That, to me, is easily worth $45. Buy it, set-up (once), test…done!
But we are all different, aren’t we?
I’m doing something to nearly every website I have at least 3-5 times a week anyway. I have developed a habit of anytime I log into the FTP account with FileZilla, I do a “download all files that have been changed”, which involves about three extra mouse clicks. I do that before I make any changes, just to make sure that I have the latest copy of everything, since I use more than one computer — and I end up with a complete backup of my sites on every computer I use.
I plan to start using SVN to keep track of changes, since I’m getting to the point where I have a lot of PHP code in a lot of places, and I need to implement some source code configuration control.
To each his own, I guess. I’ve been a profession programmer for over 30 years, so I probably have a different view of things.
Thanks for coming back and sharing your process.
As we have both said…we all like different ways.
Super tips here.
I follow them, especially your advice about plug-ins. Before you trust the tool check the source.
Thanks for sharing your insight.
You are welcome – I hope it helps a little!
Great points, especially backing up your data. However, I try to stay away from WordPress and other CMS, and build my own simply b/c I find the act of restoring a WordPress blog a bit scary.
Excellent post on a vital topic. A lot of my blogging friends have been hacked lately, and they’ve all said they wished they would have followed advice like what you’ve given here.
Horse, gate and bolt spring to mind.
We often think ‘if only…’, don’t we?
I recently wrote a post about how to protect your blog from being hacked into.
Great tips you are sharing here. Bloggers need to follow this to secure their blogs.
Thanks for sharing.
All the best,
Did your post say anything else we could do to improve the security?
Hi Andrew, thank you for educating us about the possibilities of being hacked and also, thank you very much for telling us the steps on how to prevent it in the first place. I think the worst thing that could happen to a hacked blog site is when they choose to delete all of your files. That would be like all your hard work is just going down the drain.. 🙁
Exactly, Felicia…hence recommending Backup Buddy.
Thanks Andrew for bringing this topic up. I have wordpress blog and I admit, it was injected with some codes or malwares before by unknown hackers or script kiddies.
I think, they can easily get in to our WP blog via the plugins, themes and of course FTP software we are using as well.
Also, updating WP platform is a must for us to minimize this kind of incident to happen.
Did you have backups in place?
Ugh, I am having a backup now. Actually, I don’t have any backup setup before this attack happen. And after that script attack, I immediately look for the backup option.
But I think its much better if you can give me some insights or advice, Andrew, regarding wordpress backup. Some sort of whats works best for backing up wordpress blog. I will really appreciate opinions and advice from you.
As I say in the post, the best backup facility is:
The best plugin to do this is this one:
Thanks for the tips. It will be useful to avoid account from being hacked and also account restoration after was hacked.
You are welcome. Have you made any changes as a result?
Using a long and complex password is the main security measure I use. Great that you reminded us to back up our content as I’ve not done that recently. I also copy the main content itself and save it in my hard drive, if I don’t have it there yet
That is a good start. You may want to install the other plugins as well…they do help.
Excellent tips here. I can’t imagine going through an ordeal like getting my blog hacked. I’m going to download the Secure WordPress plug-in right now; although, I’ve taken other precautionary steps already. It never hurts to be doubly sure your blog is safe!
I’ve seen other, free plug-ins available for complete backup solutions, but Backup Buddy seems to be the easiest and most hands-off of all of them. I would prefer not to have to download the files manually… a completely automated, hands-off method to me is well worth the price for piece of mind.
Exactly – set it up and forget about it. Hopefully you’ll never have to use the restore function!
Yeah… that would be a very good thing!
Thanks for these tips, i didnt knew that some one can stole or delete or my blog. I have a plugin for backup the blog, but nothing to avoid beeb hacked.
By the way, Congratulations for this blog.I really like it. I have Bookmarked in ny favorites. I will keep visiting you to learn more of seo.
I’m glad the post helps and you like my blog – really appreciate your kinds words.
Thanks for your submission to the Eighty Seventh edition of the Blog Carnival: Blogging. Your post has been accepted and its live:
Hi Andrew, as usual, I always learn something from your posts, thanks.
I haven’t had any nasty experiences yet, however it could be more luck than good management.
I have been using FileZilla, and get a daily email with my site’s database backup, also HostGator does a regular weekly one. Would you recommend to just use Backup Buddy?
It sounds like you are pretty well covered.
My only concern would be if you lost all your data on the day before HostGator did their weekly backup. How much data would you lose and how inconvenient would it be to go back 6 days?
Funny you should post this Andrew. Our inbound and content marketing blog was hacked a while ago. My wife is now designing a brand new blog 🙂
I hope you add in some extra securioty this time!
Well the tips looks promising. Gonnna implement all the methods explained in the article. Was looking for similar kind of tips from a long time. Thanks for the share.