How to Secure Your WordPress Blog

by Vered DeLeeuw

When you go through having your blog hacked, you learn a thing or two about how to protect it in the first place. While nothing is foolproof, there are several things you can do to protect your blog from hackers.

1. Choose your passwords wisely. Your WordPress admin password and your FTP password, the one you use to access your blog’s control panel, need to be good, solid passwords. Ideally, they should contain 12 characters and be a random mix of lower and uppercase letters, numbers and symbols. Definitely never use the same password for more than one account, and do not use your email password as your blog password.

2. Change your passwords regularly. Changing your passwords a few times each year is a good idea. Yes, it’s a pain, but it will help secure your blog.

3. Check for unauthorized users. On your blog’s settings, if you don’t need to ask readers to register, it’s best to make sure “anyone can register” is unchecked. If you do allow registration, make sure everyone except you has a “subscriber” role and never an admin role. Many hackers start by adding themselves as an admin on your blog.

4. Keep your WordPress version and all your plugins up to date. Most hackers enter through an old, vulnerable WordPress version.

5. Use only the plugins you truly need. Each plugin is a potential entry point for a hacker. Go over your plugins regularly and deactivate/delete the ones you don’t really need.

6. Install a security plugin. Install the Sucuri WordPress plugin. It will add an extra layer of security to your blog.

7. Back up regularly. Perform a backup of your blog, and schedule future regular backups. I use the Backup Buddy plugin. If you have a recent backup, even if your blog gets hacked and some content is lost, you can recreate it.

8. Sign up with a security service such as Sucuri and have your blog regularly monitored for malware. The annual subscription buys you monitoring, cleanup as needed, and peace of mind.

I realize that not everyone would be willing to pay for services such as blog monitoring and backup, but it all depends on how much your blog is important to you. If it’s just a hobby and you won’t mourn too much if it evaporates, fine. But if your blog is very important to you, whether it generates income or not, I believe it’s worth paying for top notch security and backup. And just to make things clear – I am not an affiliate of any of the services mentioned here, just a grateful customer.

Similar Posts:

Print Friendly