The #1 Way to Keep Hackers Out of Your Blog

It’s every blogger’s worst nightmare.  You wake up, grab your coffee, sit down at your computer, pull up your blog…. and it’s gone.  It’s showing a weird code error message… or a strange foreign language political message… or it’s been taken over by bad guys using it to distribute malware to visitors or in a phishing attack…

Why?!!  I can’t claim to understand the mind of hackers–it’s just a terrible thing to do, and illegal.  But generally the motivations are either to spread a message (political/religious), distribute malware (programs that download to visitors computers and allow the hackers access to their computers), or just take down blogs because they can and they’ve got a warped sense of fun.

The good news is that a few simple steps can really reduce your chances of falling prey to an attack.

1.  Stay Updated

If you choose only one item from this list to take action on, make it this one.  Keeping your WordPress installation, all your plugins and themes updated is the best way to stay protected. When WordPress releases an update, many times it’s because they’ve found a security vulnerability and patched it.  If you don’t update, your blog is open for an attack.

Almost every time I’ve been asked to help fix a blog, it was not running the most up to date version of WordPress.

2.  Install Security Plugins and Use Them

The security plugins I choose to protect my blog with are:

Bulletproof Security — this one will help protect your blog from a variety of attack types by guiding you through removing vulnerabilities and beefing up your blog’s security.



WP Security Scan — a plugin from WebsiteDefender, this one will help you verify security settings for your blog and make sure you’ve got things setup right.

Threat Scan Plugin — this plugin is super useful if you’ve been hacked, and a great option for “peace of mind” checks, as it scans not only your files but your entire database looking for possible malicious code.

3.  Keep Backups of Your Blog

On a cPanel host, this is easy to do with the backup tool.  If you have access to it, that’s what I recommend using.  But remember to download the backup and save it to your computer.  If you leave it on the server and the server crashes, that backup won’t be able to do you any good.

With WordPress, you can use the plugin called BackWPup to save your entire blog (database and files) to your server space, Amazon S3, or a variety of other options.  There’s also WordPress EZ Backup which backs up the entire blog, but it hasn’t been updated as recently as BackWPup.

Have you been hacked yet?

Maybe you’ve been through it and know that terrible sinking feeling in the pit of your stomach.  Maybe you’ve been lucky so far.  Either way, take steps now to protect yourself for the future, okay?

Hacking attempts are like server crashes and computers dying.  It’s not a matter of “if” so much as a matter of “when.”  With good security you can help protect yourself against it happening and with a good backup you’ll be able to recover if it does happen.

Got any other suggestions on keeping our blogs safe and secure?  Any plugins you like or hacking experiences you recovered from to share?

Image Credit: iqoncept/StockFresh


  1. says

    Great insight, Michelle, as always! I hadn’t used the security plug-ins, tho I do update and backup regularly. Thanks so much for keeping us informed. It’s too bad we have to consider something like this, but it’s great to have good resources like your site to walk us through! :)
    Steve Rice recently posted… Focus on the Sweet SpotMy Profile

    • says

      It really is too bad. If only everyone cared how their actions affected others… but until then, good to protect ourselves as best we can and be ready to deal with it if it happens.

    • says

      They keep changing, don’t they? I just look for what’s been kept updated by it’s authors. So many great plugins get left to get dusty and while they still work, especially for a security plugin, something updated is better.

  2. says

    As always – useful and practical information. Thanks for the update. Keep arguing with my support he says not necessary to do these things, I say necessary – just sent him you blog
    Roberta Budvietas recently posted… Get Stuck inMy Profile

  3. says

    Hi Michelle, It has not happened to me yet thank goodness. It is one of my worst fears so I will do everything I can to keep it from happening. Thanks for writing this post. I am going to install some of these plugins now!

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge