blogging basics, Tools of the Trade, Virtual Assistant

Is your WordPress Blog Hacker Proof?

I have to admit, one of my greatest fears is that someone will mess with the Franticmommy blog.


I don’t think I am alone in that fear either. So many bloggers spend hours and hours fine-tuning their blogs and pouring over content. The thought of that all going up in smoke gives us the heebie-jeebies

It’s no secret that WordPress hacking attempts are on the rise too. Because of the popularity of this platform and the world-wide appeal, it’s become a big target for brute-force hacking attempts. Once your site is hacked, frankly, it can be a tremendous pain in the bajubees to get things back on track and “bug free.”  Though not flawless, there are some pretty solid ways to make your WP site “hacker-proof” that also happen to be pretty easy to implement.

Ninja Trick #1

Ditch the default “Admin” WP username: There’s a little bit of fartin around involved to get rid of the admin login since it can’t be “changed” easily like a password-but it’s well worth it. To ditch the “admin” username you will have to delete it, but before you do that you need to to create a new username profile to replace it. Go to the WordPress admin navigation, go into Users and click on Add New. Fill in your details and be sure to give yourself the role of an administrator. Being an Administrator retains your ability to make any necessary changes on your blog. Once this new username is created, log out of your WordPress dashboard and log back in with your new user details.

Here’s why you need to login with the newly added login. You will now go back into Users and delete the original default admin user. WordPress will also give you the option to transfer the posts authored by the admin user to your new user profile so you won’t lose any of your content or data.

Ninja Trick #2:

Make your Password Harder: This may be a “well DUH!” moment for some, but I believe there’s still plenty of folks out there using “password” or “ABC123” as their password and that just isn’t gonna cut it these days. Try to create a password that is eight characters long with uppercase and lowercase letters, numbers and special characters. Use a secure password generator like PCTools Password Creator.

Ninja Trick #3

Use Cool Plugins Like Limit Login Attempts:  This WP plugin is very valuable against repelling the brute-force hacker attacks by blocking access to the login page after a series of incorrect login attempts have been made. You as the user can set the number of login attempts before Limit Login Attempts puts the smack-down on whoever is attempting to log in, thus preventing unwanted hacking. The downside is that, if you have more than one user or admin on your site, a mindless “I forgot the password” round of guessing could lock you out of your blog/site until you contact your hosting company to lift the freeze.

Ninja Trick #4

Keep on Top of WP Updates: Recently WP added their new version 3.5.2 and the words spread very quickly that those who DID NOT update immediately were essentially sitting ducks for hackers. One click and about 4 seconds was all it took to update WP and make it more secure. The same applies for all your plugins as well. Stay on top of the updates.

Ninja Trick #5

Back Up, Jack: To install WP-DB-Backup, go into Plugins and choose Add New. Type “WP-DB-Backup” in the search box. Click Install Now and then click OK.

Ninja Trick #6

Delete Old Themes: I am not an expert and I couldn’t tell you exactly HOW this occurs, but hackers can get into your site via old themes that are still lingering on your site. According to Dreamhost’s Hacker Wiki, “WordPress themes are vulnerable to hacking. Always download and install a new copy of your theme rather than moving the theme files from your old install.” My guess is that it’s because site owners who are vigilant about doing the updates on their current theme fail to do so on themes they may own, but no longer use. Kind of an “out-of-sight-out-of-mind” mentality. Delete old themes from your WP site ASAP and close one more loophole that hackers may use.

Did I miss any? If you know of any other ways to protect your blog real estate, please share in the comments below!


Please share!