The #1 Way to Keep Hackers Out of Your Blog

It’s every blogger’s worst nightmare.  You wake up, grab your coffee, sit down at your computer, pull up your blog…. and it’s gone.  It’s showing a weird code error message… or a strange foreign language political message… or it’s been taken over by bad guys using it to distribute malware to visitors or in a phishing attack…

Why?!!  I can’t claim to understand the mind of hackers–it’s just a terrible thing to do, and illegal.  But generally the motivations are either to spread a message (political/religious), distribute malware (programs that download to visitors computers and allow the hackers access to their computers), or just take down blogs because they can and they’ve got a warped sense of fun.

The good news is that a few simple steps can really reduce your chances of falling prey to an attack.

1.  Stay Updated

If you choose only one item from this list to take action on, make it this one.  Keeping your WordPress installation, all your plugins and themes updated is the best way to stay protected. When WordPress releases an update, many times it’s because they’ve found a security vulnerability and patched it.  If you don’t update, your blog is open for an attack.

Almost every time I’ve been asked to help fix a blog, it was not running the most up to date version of WordPress.

2.  Install Security Plugins and Use Them

The security plugins I choose to protect my blog with are:

Bulletproof Security — this one will help protect your blog from a variety of attack types by guiding you through removing vulnerabilities and beefing up your blog’s security.



WP Security Scan — a plugin from WebsiteDefender, this one will help you verify security settings for your blog and make sure you’ve got things setup right.

Threat Scan Plugin — this plugin is super useful if you’ve been hacked, and a great option for “peace of mind” checks, as it scans not only your files but your entire database looking for possible malicious code.

3.  Keep Backups of Your Blog

On a cPanel host, this is easy to do with the backup tool.  If you have access to it, that’s what I recommend using.  But remember to download the backup and save it to your computer.  If you leave it on the server and the server crashes, that backup won’t be able to do you any good.

With WordPress, you can use the plugin called BackWPup to save your entire blog (database and files) to your server space, Amazon S3, or a variety of other options.  There’s also WordPress EZ Backup which backs up the entire blog, but it hasn’t been updated as recently as BackWPup.

Have you been hacked yet?

Maybe you’ve been through it and know that terrible sinking feeling in the pit of your stomach.  Maybe you’ve been lucky so far.  Either way, take steps now to protect yourself for the future, okay?

Hacking attempts are like server crashes and computers dying.  It’s not a matter of “if” so much as a matter of “when.”  With good security you can help protect yourself against it happening and with a good backup you’ll be able to recover if it does happen.

Got any other suggestions on keeping our blogs safe and secure?  Any plugins you like or hacking experiences you recovered from to share?

Image Credit: iqoncept/StockFresh


  1. Great insight, Michelle, as always! I hadn’t used the security plug-ins, tho I do update and backup regularly. Thanks so much for keeping us informed. It’s too bad we have to consider something like this, but it’s great to have good resources like your site to walk us through! :)
    Steve Rice recently posted… Focus on the Sweet SpotMy Profile

  2. Susan Maricle

    Twitter: poultryprose

    I’m heading over to Blogger to see what security plug-ins they have. Thanks for the warning, Michelle! Susan
    Susan Maricle recently posted… Second Languages Sing when Spoken by Human TranslatorsMy Profile

  3. Nancy Rose

    Twitter: QuintessenceCre

    WOW! I just installed the 3 security plug-ins you recommended. thanks
    Nancy Rose recently posted… Soul of A CountryMy Profile

  4. Sheila Atwood

    Twitter: SheilaAtwood


    Thanks for the update on which plugins are the best. I will be updating my plugins today!
    Sheila Atwood recently posted… 4 Ways To Tell If Your Business Is Ready For a WebsiteMy Profile

    • Michelle Shaeffer

      Twitter: Michelleshaeffr

      They keep changing, don’t they? I just look for what’s been kept updated by it’s authors. So many great plugins get left to get dusty and while they still work, especially for a security plugin, something updated is better.

  5. Thanks for the good info.
    Ali Bierman recently posted… Relationships and How You Park Your CarMy Profile

  6. Roberta Budvietas

    Twitter: Robertabud

    As always – useful and practical information. Thanks for the update. Keep arguing with my support he says not necessary to do these things, I say necessary – just sent him you blog
    Roberta Budvietas recently posted… Get Stuck inMy Profile

  7. I’m thinking of giving WordPress Defender a try. You can find it at: securemyblog dot com . Any comments on it?
    Helenee recently posted… Kythera, Where Venus Was Born updated Thu Jul 14 2011 1:47 pm CDTMy Profile

  8. Calli | Wedding Favors

    Twitter: pwweddingfavors

    Hi Michelle,

    I haven’t experienced being hacked yet but the tips you gave are surely helpful. Its always better to prevent this from happening. Thanks a lot for the information.

  9. Hackers are always doing their job well…I hope we can prevent them…
    Tracy recently posted… Make a Career from Game Testing Job OpeningsMy Profile

  10. Traci

    Twitter: walksimply

    Hi Michelle, It has not happened to me yet thank goodness. It is one of my worst fears so I will do everything I can to keep it from happening. Thanks for writing this post. I am going to install some of these plugins now!

  11. Hi Michelle,

    Very Nice blog , and very informative.
    Vivek recently posted… Summer HeatMy Profile

Speak Your Mind


CommentLuv badge