Pages
Stay In Touch
More
© 2011 Effortless eBook Writing Blog
What would you do if your blog was hacked?
Even the thought of it makes my skin crawl. Nobody wants to think about that, let alone experience it. That’s why I have decided to write a blog post about how to secure your WordPress Blog.
Needless to say, your blog can’t be 100% secure. But this doesn’t mean nothing can be done. There are basic things you have to do to secure your blog and prevent hackers from taking over it. In this post, I am going to show you 6 tips for securing WordPress blogs.
Avoid using Free Themes
Don’t go to Google and search for Free WordPress Themes. Most of them contain dangerous codes. I remember reading a very important blog post about this issue. The author of the post looked for free WordPress themes and checked the ones on the first page of Google. You’ll be surprised when you see what she found on them. If you want to read the blog post, check it here:
Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else
If you want to use a free theme, you can choose one from trusted companies or the one tested by WordPress. If you’re currently using one, you can do the same steps on the above post to check if your theme is clean.
Another thing you should check is the footer of your free theme. Sometimes people hide certain keywords there by giving them the same color as the blog background. If the background is grey, the keywords will be grey too. Now, in this case, you won’t be able to see them. And they’re usually nasty keywords like penis enlargement, buy Viagra, etc. To check if these aren’t in your theme, visit your blog and press Ctrl + A on your keyboard. Then any hidden text will appear. Press Ctrl + A on your keyboard and see what’s written here:
Don’t Use Free Themes!
Always Update your WordPress Blog and Plugins
As you may know, most of the WordPress updates are for security reasons. So make sure you always update your blog. The latest version as I write this post is 3.2.1.
Your must always update plugins as well. Make sure you read the details and look for warnings before you update. Sometimes plugins can break your blog. If this happens to you and you can’t access your dashboard, navigate to the plugin’s folder using FTP and delete it.
If you heavily rely on the plugin, you can get the older version that was working for you by following these steps:
Visit the plugin WordPress page
Click on Other Versions
Download the one you want
WordPress suggests that you delete any plugins you don’t use. Make sure you do that!
Hide your WordPress Folders
I previously talked about this in my other post How to Know if Someone is Stealing your Product and how to Prevent That. Hiding your blog folders is very important. Suppose your plugins folder isn’t protected. Hackers can see what plugins you’re using. If you’re using an outdated version of a plugin (because the updated version doesn’t work on your blog), hackers can exploit that hack your blog.
This is how you hide your WordPress blog folders:
I suggest that you create an empty html file and upload it to each folder.
Login to your cPanel and use File Manager to upload it to your blog folders. This is how you do that:
You need to open each folder and upload the empty html file.
Now if someone wants to check your folders through these links:
[YourBlogLink]/wp-content/uploads
[YourBlogLink]/wp-content/plugins
[YourBlogLink]/wp-content/themes
s/he will see the empty web page.
Always Backup your Blog!
If you have a backup of your blog, you’ll surely be safe. Even if something bad happens, you can always restore your blog! I know a friend who created a very good tutorial about how to back up your blog and how to restore your blog from a backup. Visit these links to learn how to do it:
Oh My @$#%^&%#, I Just Deleted My Entire Blog!!!
How To Restore A WordPress Blog From A Backup!
Install Security Plugins
Here are some of them:
This plugins detects suspicious activities and blocks them. When something like this happens, the plugin sends an e-mail that looks like this:
This one limits brute force login attempts. This is something hackers do to guess your password. They try hundreds of passwords until they succeed. This plugin stops that by limiting the number of login attempts.
This one is important. It checks your blog for security vulnerabilities and suggests corrective actions! This is an example:
In this case, the wp-config.php isn’t protected!
Protect wp-config.php File
The WP Security Scan Plugin suggests that you change permissions to 644. When I checked WordPress, this is what they said:
“Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission).”
I think we should listen to WordPress and change file permission to 400 or 440. This is how you do that:
- Login to cPanel
- Click on file Manager
- Choose the document root for your blog
- Locate the wp-content.php file and click on it
- Then click on Permissions at the top
- A pop up will open
- Change the permissions by unchecking those boxes
When you check the WP Security Scan plugin, you’ll no longer see the warning sign.
I know that I’ve missed a lot of info here. That’s why I am going to list some useful blog posts where you can learn how to protect your WordPress blog.
10 Easy Ways to Secure your WordPress Blog
A to Z of WordPress .htaccess Hacks
Harden WordPress Security By Moving wp-config.php to a Non-public Folder
HOW TO: Secure Your WordPress Blog
I know that some of you are well-versed in this topic of WordPress security. It’d be great if you could share your experience with us. If you know something that could help us secure our WordPress blog, please share that with us by writing a comment. If you have written an important post about how to secure WordPress blogs, please tell me so that I include it in this post.
If you know someone who could benefit from this post, you can always share it with him or her. 
Thanks a lot in advance!
Having a backup is the best solution from wordpress security problem.Other thing I want to add is to change the default admin user and use of strong password.
Nipon@Tech Forum recently posted..How much does a good URL affect seo?
That’s right, Nipon. Having a backup is always helpful. Even if something happens, you can easily restore your blog.
Thanks a lot for adding those two other tips!
Come back again, Nipon, OK.
Mouh
Mouh recently posted..My Blog Content was Stolen!! Here is an Effective 5-Minute Solution to That!
All great ideas.
Especially I liked the one that says “Avoid using Free Themes” because of the ” contain dangerous codes” they come with.
Some free themes do contain dangerous codes. You need to avoid them.
Thanks a lot for taking the time to comment. I appreciate that!
Mouh
Mouh recently posted..How to Know if Someone is Stealing your Product and how to Prevent That
Unfortunately, my blog already got hacked twice. First time i changed hosts, this time i went online trying to figure out what happened. This is how i found out there are firewalls for wordpress, and even antiviruses that scan your theme files for… whatever might be in there.
They’re not perfect, but it’s better than nothing.
Martin@CDL Exam recently posted..Q: What are the Drug Tests required for a CDL Driver?
Ow, I am sorry to hear that Martin. I am glad you now control the situation a bit.
If possible, can you tell us more about what happened? I’d love to read your story. I am sure we can all benefit from it.
Thanks a lot in advance, Martin.
Mouh
Mouh recently posted..How to Create Clean and Professional Diagrams Effortlessly Using this Free Tool
I’m not sure myself what happend, i just went online one day and instead of my blog i saw some ASCII text about a mexican hacker praising himself for ruining my blog
Good thing he didn’t also delete my database.
Martin@CDL Exam recently posted..How to Become a CDL Instructor
I am really sorry to hear that, Martin.
I pray this won’t happen to you again or to anyone of us.
Have a great day!
Mouh
Thanks Xekeno! I hope you benefit from them.
Mouh
Hey Mouh,
Thanks, these tips are priceless for many of us. I am using most of the plugins that you recommend. Thanks for helping us out here.
Justin@Coaching recently posted..How To Make Goal Setting Fun And Useful
Hi Justin,
I know there are many other plugins that one can use. My friend Ashvini use a plugin called Bullet Proof Security. I have never tried it, that’s why I didn’t mention it in this post.
I am glad you like the info. Hope other bloggers benefit from them.
Thanks for stopping by, Justin.
Mouh
Wow, great tips Mouh. Like I would expect anything less from you.
Okay, I do the majority of what you’ve mentioned but not all. I confess, but I ALWAYS back up my blog. That is something I’m very good at doing so kudos to me. Might have to look into some of the other things you mentioned. Will get on that one pretty quick my friend. Thanks for these tips. You’re awesome.
Adrienne
Adrienne recently posted..How To Start Working On Your Mindset
I learned many things by writing this post. I did find some security mistakes on my blog. I tried to correct things. You can never be 100% secure. That’s why you always need to make a backup of your blog, which is something you’re good at!
Thanks a lot for your comment my friend.
Mouh
Hi Mouh, Wow, what a great post. Except I shouldn’t have read it right before I went to sleep tonight as I’m sure to have nightmares. My Twitter account was hacked today. Luckily only two fake posts went out, but it’s still unsettling.
Thank you so much, Mouh, for sharing this very valuable information with us!!! You rock.
Carolyn recently posted..Visual Math: Making Math Fun!
You won’t believe! I had a nightmare about this last night! My blog or e-mail account, don’t remember, was hacked! It was so painful. I hope this won’t happen to any of us. I really do.
I am sorry for your Twitter account. Hope everything is fine now.
Thanks a lot for your comment Carolyn!
Mouh
Hi Mouh,
I once stumbled onto the directory of my blog open like the one you mentioned. It just horrified me that how much insecure my blog was . Gladly no one hacked it
.
I think the themes that do not have certified by wordpress or which do not have a reputation are dangerous and should not be used.
Then all the other things that you have mentioned should be done, mandatory.
I used your post as checklist and checked things again. THanks for sharing this with us.
Ashvini
Ashvini@thoughts on entrepreneuership,leadership and motivation le recently posted..Dealing with competion: lessons from Guitar shop on Entrepreneurship
I think the plugin directory is the most dangerous one when it is open. Hackers can find an outdated version of a plugin and exploit that.
I am glad no one hacked your blog. I really hope this won’t happen.
Thanks a lot Ashvini. You know I always love to read your input!
Mouh
It is easy for the hackers to access your own account because they are already expert to that. But good thing that you were able to do the research about it because we are aware now of the best thing to do so that we can avoid this circumstance in the future.
I do agree. We can’t never be 100% secure. That’s why it is always important to back up your blog on a regular basis. The things mentioned here are really important, but they don’t guarantee your blog safety.
Thanks for stopping by!
Mouh
Nice article Mouh,
Notice how mousing over a picture tells you exactly where your directories are located?
I have been shipping my backups to Amazon ever since I could spell “disaster recovery planning using S3″. I spend less than 2 bucks a month and using something called backwpup.
Also, my admin userid is something else and the nickname is a third.
I am also suspicious of using a plugin or theme that hasn’t been updated in, say, ’467′ days.
Don’t be in a big rush to always getting the latest and greatest. Let others be the trailblazers for a couple of weeks. v3.2.1 came out very quickly after v3.2.
Morris @ helps you get found at Navegare recently posted..Are You Selecting the Search Engine Keywords that Help You Get Found?
Thanks for your valuable input and tips!
“Don’t be in a big rush to always getting the latest and greatest. Let others be the trailblazers for a couple of weeks. v3.2.1 came out very quickly after v3.2.”
I like that Morris. That’s very, very true.
Thanks a lot!
Mouh
Mouh,
Fabulous post on securing our websites.
I went through and did all of that to my website.
I did not know that people could get into my plugin directory.
I am sure that hackers can get most anywhere they want to get but if we can slow them down or stop some of it that is great.
To bad these people that hack do not use what they know for something good instead of making a nuisance of themselves.
Thank you so much for putting this all together. I figured that my website was not overly secure, now I hope that it is better.
Thank you again.
Dee Ann Rice
Dee Ann Rice@Online Marketing And Blogging Basics recently posted..John Thornhills’ Master Class — What I Am Learning
Our blogs can be 100% secure. As Morris said, WordPress v3.2.1 came out very quickly after v3.2. That only means hackers find security vulnerabilities easily. It is always important to have a backup. I know you always do that. Your posts about how to backup your blog and restore it were amazingly helpful!
Thanks a lot for your comment, Dee Ann!
Mouh
Mouh!
Awesome tips here my friend. Having a backup – no let me rephrase that, having multiple backups – is critical. You don’t want all your days, months or years of hard work disappear in thin air (O:
It is not a pleasant experience my friend.
Keep them coming brother!
Adam Paudyal recently posted..How Do You Overcome Blogging Shyness?
Thanks Adam! You always have valuable info to share my friend. Thanks for drawing our attention to the issue of multiple backups.
Take good care, bro.
Mouh
I just had this sort of thing happen, and I’m still trying to figure out what happened! My something got infiltrated and my domain was being forwarded on anyone’s first visit to the site from a cookie free browser to this survey ad thing that said I had locked my site unless they did a survey….I spent the last two days trying to fix it, but I finally gave up and merged that domain with another one of mine……its unfortunate though because the domain that got hacked was on the front page of Google for my keywords, and now, its like starting back over from scratch.
Thank you for the tips – I have to have a better security plan in place to prevent this from happening again!
Rock That LG Optimus V recently posted..How to Get SWYPE Free and Legal on the Motorola Triumph
Ow, I am really sorry to hear that!
Did you contact your domain registrar? Maybe they could help…
I am really sorry for what happened to you. Some people do unnecessary things just to ruin our life…
Mouh recently posted..3 Free Tools I Couldn’t Live Without
I have read lots of articles about how you are going to protect your blog. And almost all of them talked the same topic which I find very necessary. We should always be reminded of the possibility of getting hacked by someone. We should all protect our blogs.
Samantha@Teeth grinding recently posted..3 Easy Steps To Stop Grinding Your Teeth
Being reminded of the possibility of getting hacked is something we must always do. You can never be 100% secure. So you always need to have backups in case something goes wrong.
Happy to see you here again Samantha!
Have a great day!
Mouh
Nice tips to protect the blog.
Thanks a lot for your comment.
I am glad you like the tips. 
Thanks for the tips. I’ve been keeping back up of files but i’m not aware of Login LockDown plugin. It’s true that hackers would try passwords until it will push try. This would definitely increase the security of my blog. Thanks for sharing!
I like what you said. Increase the security and not make it secure. There is a big difference. You can never be totally secure, you can just increase security.
You really covered it all. As for people accessing other people’s folders, it’s easy for people to get into it if it’s not secure, so everyone should take your advice.
A back up is a must whether it is one’s blog or some important data. Technology is amazing but we should also be careful enough to know how to be secure while working on the system. It needs a lot of hard work, dedication and money to set up a blog so protecting is a must.
Change passwords every now and then. I do this every couple of months and make the passwords just a long, random group of letters and numbers. Another great solution is Cloudflare. Not only adds extra security but improves the speed of WordPress too.
Michael@Cope With Asthma recently posted..Asthma Books