Could your WordPress blog be hacked in minutes? It could be if you’re using the default “admin” user, a word from the dictionary for your password, or not otherwise properly secured.
Ready to fix that right now and keep it safe? Try these two quick action steps.
And, be sure to also read the important safety steps in these two posts:
- Warning: Social Media May Be Putting Your Security At Risk
- 5 Critical Steps You Must Take to Secure Your Website Today
What are you doing to keep your site safety? Share your online security tips (or questions!) in the comments.
Spread the Love
Debra Jason says
If you’re not a “techno geek” how do you know that when it says “click here to fix” that you’re not going to mess something up?
Wanna be able to sleep at night knowing I didn’t do that.
Thanks. ~Debra
Michelle Shaeffer says
Hey Debra, great question. If you’ve got a backup and your host support # or email handy, that’s the first important thing, just in case. Because for most configurations and servers none of these should mess things up. But for anything custom it’s hard to predict and sometimes themes or plugins do conflict. One thing you can do is check the support forum or google the specific change and see what comes up — if you see a lot of “this broke my blog!” type entries you might want to skip that step. ;)
Tia Dye says
Thanks Michelle!
New to WP and just getting started, so I’ll be going through every bit of advice you have!
~ Tia
Tia Dye says
Michelle – If I set the strong password to subscriber, then will they have to put in a password to read or comment? What would a subscriber need a password for?
~ Tia
Michelle Shaeffer says
Hi Tia, do you require a password to comment? Some blogs are set that way and it requires visitors to register as subscribers. If you aren’t set that way, then requiring the strong password won’t change anything for your readers. :)
Here’s more detailed info about it: http://codex.wordpress.org/Roles_and_Capabilities
And despite it being called “subscriber” it’s most likely not linked to your subscribers. If you’re using a different service to email your subscribers (Feedburner, AWeber, MailChimp, etc) then this doesn’t affect that, either.
Hope this helps! :)
Koj Tajo says
Hi Michele, well timed post. I wonder why still today people are using ‘admin’ as username. One should totally avoid it. And having backup is all important job to do as blogger. I am using limit login attempt plugin. Hope it helps!
Hey! your blog got listed in my list. So am coming back again and again.
Regards.
Michelle Shaeffer says
Thanks Koj, appreciate it. And the limit login attempt is a good security move, too.
Ken Glick (EEI) says
I can’t imagine anyone wanting to hack our company blog but thankfully we don’t use either the default “admin” user nor do we use in word in the dictionary in our password. Nevertheless, I would love to know if our blog is still easily accessible to hackers as keeping them out is my responsibility.
Michelle Shaeffer says
Hey Ken, you might like the WP Security Scan plugin or Website Defender. They’ve got deeper scans and security settings if that’s something you’re responsible for and dealing with more regularly than the typical blogger.
Suzie Cheel says
Michelle,
Great post thanks i will put on the Better WP security
You share button at the top are not working?
Suzie Cheel says
all working now ???? What plugin are you using? looks good and neater than digg digg
Michelle Shaeffer says
Hey Suzie, I think the javascript is a little slow to load sometimes, I’ll see what I can do about that. Appreciate you letting me know they didn’t work for you the first time. :)
It’s Flare – both the ones at the top and the ones floating on the left. I loved the visual style, too.
Debra Jason says
No sooner did I install this, then I got an email about an IP address trying to access my site. Called my Host provider and they said the program was “doing its job and did what it was supposed to” (i.e. blocking an IP from being able to access my site).
However, as an FYI: when I asked the Host for help with all the settings/changes Better WP Security had on the dashboard, they said “we don’t support individual plug ins.”
Don’t know if all Web hosts would say that, but thought some of you might want to know.
Thanks “mighty Michelle.”
~Debra
Michelle Shaeffer says
Many hosts won’t (can’t) support WordPress at that level because there are just too many plugins for them to be familiar with. But if it throws an error message they should be able to fix that part. :)
Isn’t that crazy though? Just being aware that there are “bad guys” out there trying to access our sites is valuable since it makes us that much more cautious.
Justin says
This is awesome, thanks for the tips!
Barbara says
Thanks so much for the info. I’m passing this one to a few people I know who need it! :)
Barbara
Suzanne says
Thanks for this wonderful video Michelle. I have recently changed my password to something pretty tough to crack but these additional pointers are very helpful. Last weekend I tried to pull up my website and found it was not available. When I went to my hosting company’s facebook page I saw that they were under attack. Pretty scary stuff.
Rob Mullins says
Hi Michelle,
Rob Mullins, here, from the Navigator program. Thank you for this security update. The video really made it clear “what to do next.”
During one of your sessions with the Navigators, you walked us through a number of WP plugins that would add functionality as well as security.
My question is should I add Better WP Security on top of the other WP plugins like WebsiteDefender WordPress Security plugin?
Thanks for your thoughts…
Marc Lanzarin says
I movedvaway from WordPress sometime ago for this reason, and for its dependence on too many plugins. I prefer Drupal as my content management system of choice. Good article though on how to protect your your blog. WordPress is a good platform for blogging, just don’t use admin as your default password- for starters.
Connor Harley says
I never used the default admin as user. Hackers always try their luck in using this to hack websites and there are really times they succeed because there are lots of site owners who are not changing it.
Cassie says
Hi Michelle, thanks for the suggestions. I did want to let you know that I also installed the Better WP Security plugin and it crashed my site. My webhost just helped me get it back up and running, though it was a bit complicated as it had changed some things that had to be rewritten. I read some forums and said that this plugin either works perfectly or takes sites down completely so it’s a bit of a risk. I’ll have to do some research to see if there is anything else similar that may give me some suggestions for things to fix. But I appreciate your article!