How to Keep Your Blog Hacker Proof?

March 28, 2011 - Last Modified: February 14, 2013 by Wong Chendong

This post was inspired by Tinh from AZBlogTips, who’s blog was recently hacked. He now has everything back to normal, but I’ve got to say… It was a hell of a ride! So, lets get started and make your blog hacker proof.

Imagine this…

You wake up one morning, go online to check your stats and see if you made some dough overnight, and all you find out is that your website is…

…down!

And not only that, your database is messed up, your graphics are gone, and your blog is all scrambled up…

What happened?

The answer is easy. You got hacked!

Now, I know the feeling of losing something you’ve worked on for years, and that’s why I decided to tell you about a few things you can do to make sure your blog is completely secure and hacker free.

1. Don’t use free themes if…

…you don’t know where they’re from.

It’s really easy for a hacker to code a website theme in a way that when you install it, it’ll execute commands that will leave your blog wide open for that hacker to mess around with.

You won’t even notice it before it’s too late.

Of course, there are many great and free themes available online, and as long as you know that whoever puts them out is legitimate and trustworthy, you’ll be just fine.

2. Always upgrade your WordPress installation.

This is another very important point to consider. WordPress gets upgraded constantly, and one of the reasons why that’s the case is to make sure that your installation is as protected as possible.

All it takes to upgrade to the newest version, is just a few clicks, really.

Sometimes, especially when you have a lot of content up already, you might feel that you’ll run a risk of losing it if you upgrade your installation. Just back everything up before you do it, and you won’t have any problems.

3. Use a strong password…

…and don’t forget to change it frequently.

This is very basic, and you probably already know about it, but you’d be shocked if you knew how many people use the exact same passwords for everything they do online. They have one master password and just use it for all their sites, email and FTP accounts, bank accounts…everything.

Crazy, I know, but it’s true.

4. Use plug-ins that’ll keep you safe.

There are many plug-ins you can set up that will make it difficult for hackers to get into your site. Here’s a quick rundown of some of the most important ones out there:

Stealth Login

This is a very cool plug-in that will do two things for you:

– It’ll make it possible for you to set up the login URL for your blog to be anything you want, so instead of going to to www.yoursite/wp-admin to login, you’ll be able to change it to something a little less obvious.

– Another thing that plug-in does is it hides your login URL, so that it’s going to be really complicated for a hacker to actually find out where they need to login even if they figure your password out.

User Locker

This plug-in will let you set the number of times a user on your site can attempt to log in before their account is blocked. Then, if they still want to log in, they’ll have to ask you for help, or request a new password.

This is an awesome option if your site is getting attacked by malicious software that attempts to login before doing anything.

Limit Login Attempts

This plug-in works just like User Locker described above.

SpiderSquash

SpiderSquash will determine whether your site is being accessed by a legitimate user or a bot that tries to post spam, harvest email addresses or even destroy your site entirely.

Just as the name suggests, this plug-in will encrypt your WordPress password by using both DES and RSA.

Chap Secure Login

Another plug-in that will encrypt your password, but this one will use the CHAP protocol to do that.

One-Time Password

If you tend to login to your WordPress sites at public places, such as Internet Cafe’s and such, you run a risk of having your password stolen, unless…

…you use this plug-in!

This little thing will let you login to your site using a password that’s good for just one session, so, even if someone grabs it after you use it, it’ll simply be good for nothing…

So, there you have it!

Those few simple things, if you put them into action, will make it possible for you to make sure that your site is hacker free and safe. Of course, if a hacker is very persistent, he’ll be able to get in, but those tips will make it extremely difficult for them.

The one thing I do want to say to you before we split is that no matter what, you should get in a habit of backing your site up frequently. If you do that, even if it’s hacked, you’ll be able to restore it back to normal with just a few clicks of your mouse.

It’s easy and quick, so, as the shoes say… Just Do It!

About Wong Chendong

Follow @wongchendong

Wong Chendong is genuinely concerned about bloggers’ efforts in the blogosphere. While many online and marketing gurus prey on the uneducated and impressionable, he share his blogging knowledge instead of robbing people blind like the wicked of the web. He has been where you are and knows for a fact that he can help you. Find out how you can improve your blogging techniques by visiting TheBadBlogger.com

{ 72 Responses }

Neeraj Rawat says:

Hey Wong, Nice plugin lists I was thinking to change the normal admin url like yoursite.com/wp-admin thought there must be something and need to ask in the forum but you mentioned Stealth Login which seems to solve the things but how reliable it is? Strange to see I checked your site`s url for the admin login that you might be using this and what error or screen I get on yoursite.com/wp-admin but I think you arent using this plugin,out of all the listed above any tested and reliable one?Anyhow if you are not using any list will help a lot to me and many
- Wong Chendong aka The Bad Blogger says:
  
  I'm only using "Limit Login Attempt" and "One Time Password" and if you did like to try "Stealth Login" make sure you test it on a "dummy wordpress platform" as this plugin is not so user friendly for first time user, as I had tried before it will change the code in your data base in order to work and if something goes wrong you have to go into your ftp to create another access in order to get back your main URL which is quite a trouble if you ask me.
  - Neeraj Rawat says:
    
    Ok, yup sure I will try all of them after my exams cant test now if something goes wrong dont have time to reverse the things,will surely let you know once I try all of them
Maria Pavel says:

I've just read about some wordpress firewall, i still haven't tried it to see how well it works. Thing is, my website got hacked a few months ago and i'm still recovering from that. It was my mistake that i didn't put enough thought into security. Good thing i at least had some backups.
- Wong Chendong aka The Bad Blogger says:
  
  Well, lucky you had some backup, and even though you did have security, I still recommend to have at least a weekly backup just in case anything happen which we human can never never predict... thanks for coming by reading my guest post... talk soon
Aekansh vats says:

I wish I had seen this post last week, one of my blogs just got down for about a week and had to experience a fall in revenue.
- Wong Chendong aka The Bad Blogger says:
  
  Hopefully it everything will come back to normal again... and hope this post could help in in a way or two...
Rajesh says:

One of the best posts on website security I have ever read. Great post. Particularly, I loved to know the plugins which can really be useful for wordpress blogs. Checking them the earliest. Now, I can secure my wordpress site against attacks. Thanks for the information.
- Wong Chendong aka The Bad Blogger says:
  
  No problem, I hope the information I provide will help you secure your blog in a way or two, but I highly recommend you to test them out on a dummy blog first before using it on your main blog, because the above plugin will change something in your data which any error will cause your blog to be unable to load properly...
Fran Aslam From Onlinewriter says:

This is a great post, at times i ended up with problems of the same nature. But now I know what to do. Thank you. All the best
- Wong Chendong aka The Bad Blogger says:
  
  Thanks for coming by reading my guest post and hope it can help you in anyway...
Bryan says:

Wow, I didn't know that there are so many plugins for wordpress security. Got to check them out. Stealth Login sounds really cool. Might get that one!
- Wong Chendong aka The Bad Blogger says:
  
  Make sure before you try any plugin do a backup or test the plugin on another dummy site because a few plugin such as stealth login changes your man log in page access...
  - Bryan says:
    
    sure...thx for the heads-up :)
Harsh Agrawal says:

Basic and must have tips.. Also if you are really paranoid about security and getting hacked, make sure you take timely backup of your blog...
- Wong Chendong aka The Bad Blogger says:
  
  Yes, backing up a blog is just as important as having a back up of money in a bank account... It's an assert...
  - Harsh Agrawal says:
    
    I agree on that.. Glad to see your reply. :)
Alex says:

I think there also was a plugin called something like Wordpress Firewall that has the functions of more then one of the plugins you posted. But hackers can't be resourceful and they might hack your server, then insert some scripts in your wp or any kind of website in order to hack your computer. Or even worse, you can get a trojan and the hacker can bypass almost all your on blog security. So, be sure you have a good host that is known to deploy anti-hackers tactics or something similar, do not upload or let user upload to your website without you checking it first as a legit file. When it comes to your business you have to be a bit paranoiac in order to be safe!
- Wong Chendong aka The Bad Blogger says:
  
  Great recommendation. Well I uses Norton Anti Virus, anything that access my computer will always be check and scan, although in this world there are nothing is 100%, but still it's better to always backup files from from your blog and save it somewhere on your memory drive.
Himanshu says:

Its very important. but most of us understand this after getting a shock
- Wong Chendong aka The Bad Blogger says:
  
  Yes, you are right... hopefully my post can wait some blogger up.
Ankit Saini says:

Thanks for sharing this great Guide... I follow your guide to make my blog hacker free.... Thanks once again.
- Wong Chendong aka The Bad Blogger says:
  
  No problem Saini, and thanks for reading my guest post and hope it can help you in anyway possible to make your blog hacker free.
William Tha Great says:

Really Great article. I always try to update my wordpress plugins as much as possible, because it keeps things running smoothly. I also am using a free theme, but i'm confident it is safe from a trust worthy provider. I'm going to try to do as much as possible to keep hackers out of my blog. Don't want to have to go through that! ( :God bless, William Veasley
- Wong Chendong aka The Bad Blogger says:
  
  Yes, you should do as much as possible to keep away from hackers, and I hope this post will be the answer to your blogging security needs thanks....
DiTesco says:

This is top notch. I have been suffering from directory attacks lately and if it wre not for FireWall 2 and SiteLock I guess I am pretty much close to a nightmare. Anyway, I might try user locker. Of these plugins which one do you think will use less resources and which single one would you recommend?
- Wong Chendong aka The Bad Blogger says:
  
  I will highly recommend "Limit Login Attempts" and also "One-Time Password" for the reason, when you set the limit of login it will make hackers hard to test all kinds of passwords and the other one is... when you are in the public... you do not know who the hell is looking at your notebook.
  - DiTesco says:
    
    Thanks! I'll give those two a test drive. Hopefully they will do the trick
Saket Jajodia says:

Thanks a lot, These are really great tips.. I am going to use some of these plugins.. And I also bookmarked this page so in future when needed can reach to this page easily.. :)
- Wong Chendong aka The Bad Blogger says:
  
  Remember to backup your blog or test the plugin locally before activating in your main blog, this is for safety reason, because some plugin might conflict with other plugin or themes, so make sure you backup your blog...
  - Saket Jajodia says:
    
    I don't know how to test locally, will find out that.. And ya I do take backup of my blog many times in a month.. And I hope till now I am using genuine plugins.. Thanks for letting me know.. :)
    - Wong Chendong aka The Bad Blogger says:
      
      Not a problem, although I cannot guarantee all the above plugin is to be save, but I had tried all the plugin and there is no problem, so I believe those plugin is updated all the time and that's one great thing...
Mani Viswanathan says:

Ya I know when Tinh's blog got hacked. Hope he has taken the specific measures mentioned here.
- Wong Chendong aka The Bad Blogger says:
  
  I think he had taken his own measures, and hopefully the above plugin will help everyone including Tinh's blog to be hacker proof...
- Tran Tinh says:
  
  Thanks mate I have done more than these now LOL
Praveen says:

To be honest, the plug-ins mentioned here are very new to me. Didn't know these many plug-ins are available to keep our blog safe. Hacker proof is very important in this competitive world to maintain our blog's rank and quality. Will implement them now. Thanks for your valuable post.
- Wong Chendong aka The Bad Blogger says:
  
  No problem, but before you try any plugin make sure you either do backup or test the plugin locally before activating it in your wordpress dashboard, although I had no problem in using the above plugin but still... just to be safe...
Sandeep says:

Thats' a nice list of plugins you've mentioned to keep our blog safe.. to be frank I've never heard of many of them and will need to check out each one of them Cheers
- Wong Chendong aka The Bad Blogger says:
  
  Actually I too never heard of them till I go into research about them, and moreover there are even more plugins out there above are just a few I had listed.
karan says:

Last week I was struggling finding such a post but gave up as nothing was satisfactory... Well, thanks for putting the list of plugins up..
- Wong Chendong aka The Bad Blogger says:
  
  I hope the list of plugin above can help you in anyway possible...
Steve says:

Wong, Great post!! I Just wish I had read it 30 days ago. I was also recently hacked and had some malicious code dropped on my site. I ended up taking my site offline for over a week to make sure I got rid of everything. Becuase of that my organic traffic took a hit (all the 404 errors) that I am "still" recovering from. Being hacked sucks. I totally failed on #3 and didn't have a good WP plugin either. Now I have both. my password is so good now i have to look it up every-time I type it in. It may be shutting the barn door after the horse got out, but I really do not want to ever deal with this again. Security is certainly something people should take more time to think about.
- Wong Chendong aka The Bad Blogger says:
  
  Well, I always use words and numbers combine which is hard to crack and yes being hack sucks, although I never get hack before, but I'm always afraid that one day I might, so I always backup my files to S3 server using a plugin that I'm revealing on my next post. Anyway, if I could go back in time, I would had send this post to you...
- karan says:
  
  I guess I was lucky enough to find this post before getting any of that...phew.
John Soares says:

I also recommend Login Lockdown. It limits the number of attempts before blocking the IP address.
- Wong Chendong aka The Bad Blogger says:
  
  Thanks for the recommendation, it's sure a good plugin.
Tinh says:

Thanks @Wong for your support and you should include another plugin WP security login :-)
divas says:

Great post, especially the list of plugins... I dont know why but akismet is not working properly these days, It did block a few genuine comments for me.
- Wong Chendong aka The Bad Blogger says:
  
  Same here, it blocks a few great comment, I'm not sure why too. Anyway thanks for reading my guest post and hope the plugins listed above will be beneficial to you...
Krishna says:

Whilst i agree its not good to use free templates, i feel one cannot go with paid templates unless the person is sure that he is really interested in blogging(at least as a hobby).
semmy says:

Hi Wong thank you very much for your article! Yes I agree with you, keep your blog updating. Thanks for your plugin lists. I'll try one of them.
Jitendra Singh says:

Wow so many tips on blog security. I would like to say few things here.. guys make sure before applying any of the above tool first test them locally.
- Wong Chendong aka The Bad Blogger says:
  
  Yes, this is important should test them locally or backup your data base before trying out any plugin because some of the plugin I found that it actually modify some of your inner files that might cause conflict, but till now I had not yet got this problem... so it should be save but still... TEST THEM LOCALLY....
  - Jitendra Singh says:
    
    Yes, thanks.
Khalid J Hosein says:

One other WP security plugin to consider is VaultPress which is made by Automattic, the same folks that maintain WordPress.
- Wong Chendong aka The Bad Blogger says:
  
  Thanks for sharing, I will check that plugin out...
  - Sheila Atwood says:
    
    I tried looking for VaultPress at http://wordpress.org/extend/plugins/ and came up empty. But I did find some of the ones listed above.
    - Khalid J Hosein says:
      
      Hi Sheila - it's not a free plugin. You can find out more at http://vaultpress.com/ Best,
      - Sheila Atwood says:
        
        Thank you for the link.
- semmy says:
  
  Hi Khalid thank you very much for sharing! I'll take a look it.
Wasim Ismail says:

Keeping your websites secure is possible is important as you never know when you can get hacked, along with the above precautions, it's also recommended to take regular backups of your site. so if ever your site does get hacked, you can quickly restore it back as quick as possible. i like the idea of Stealth Login :)
- Wong Chendong aka The Bad Blogger says:
  
  Just a word of warning, if you want to use stealth login makes sure you read the instruction from it's website because once it set, it's in stealth mode and if you forget your url then you have to use ftp to access your files to solve the solution.
Devesh says:

These are great tips Wong. Some more plugins to secure your wordpress blog are - BulletProof Security, secure wordpress and antivirus plugin.Anyways, Thanks for sharing this great tips & plugins.~Dev
- Wong Chendong aka The Bad Blogger says:
  
  I like the plugin name "Bulletproof Security" it sounds like a great plugin... I will go check it out and thanks for coming by reading my post again... Talk to you soon...
AJ Clarke says:

Assuming you are using Wordpress... One of the best tips I tell everyone is to change the name of the administrator account to something besides "admin" and then create a new user account with the name "admin" but set their role to "subscriber". A lot of hacks will try and break into the "admin" account, so if they succeed, they will only be subscribers and won't be able to change anything on the site. Ultimately, you need to make sure you are constantly backing up your site (wp-content folder) and your database (SQL Dump). This way, if you ever get hacked it will only take you a few minutes to get everything back up and running. I highly recommend Amazon S3 for an online backup - most bloggers will only have to pay a few cents a month to keep their blog backed up securely online.
- Wong Chendong aka The Bad Blogger says:
  
  Oh, that's a good way too, using Amazon S3, and thanks for giving out a great tip about creating a new user account and make those hacker thought it was you, ha... that's tricky...
Wong Chendong aka The Bad Blogger says:

Well.. I can't be sure about this... have you got hack before by someone you knew?
Suresh Khanal says:

Great post and really useful. Love the plugins you referred. Thousand thanks for this. In case of Tinh I guess it was not due to the low security arrangement on wordpress blog and it was not his content and database that were scrambled, but the domain itself was hijacked. As he suspects, it should be an attachment on Yahoo mail that he downloaded. It would be nice if you come up with future posts related to protect your domain from hacking. Thank you very much for the lovely post. I'm installing Stealth Login plugin now.
- Wong Chendong aka The Bad Blogger says:
  
  No problem, I hope the plugin will be a great use to you and your blog, although I only use three of the plugin, but I believe any of those plugin will be beneficial in terms of security. And thanks for coming by reading my guest post... talk to you soon :)
- Tran Tinh says:
  
  Yes, it is only related to my domain while database and contents are 100% secure and safe with hostgator. Thanks
Efren says:

Sometimes the hacker is the person you least expect it to be.
- Wong Chendong aka The Bad Blogger says:
  
  Well.. I can’t be sure about this… have you got hack before by someone you knew?

About Wong Chendong

Our Newsletter

You have Successfully Subscribed!

What happened?

About Wong Chendong

Reader Interactions

Related Posts

{ 72 Responses }

Our Newsletter