I don’t know about you, but when I was first securing my WordPress blog, and I was researching to see what others were doing to keep their blog safe, I found so much information that I was completely confused. And some of the information was in fact over the top or supersticious. People told me to rename this file, rename this folder and install these ten plugins. It seemed to be quite a bit of work and effort.
An easy way to keep WordPress safe is to use a few built-in tools. First of all, don’t allow people to list the files in your folders, run a web host security scan and automatically backup your entire web hosting account.
By default, the latest version of WordPress is pretty darn secure. Anything that might have been added to any WordPress security plugins has been considered by the development team of WordPress. In the past, WordPress did have holes but now most of them are filled up.
The first thing you should do is check your various folders. For example, your WordPress blog has folders, such as WP-Content, WP-Admin, WP-Includes. So if you went to your site /WP-Content in a web browser, what shows up? Does it list all the folders and files in that folder? And if so, all you have to do is upload a blank file named Index.html into that folder to make sure that no one can view it.
What if you go to WP-Content/plugins, can you view that folder? If so, upload that blank Index.html file into that folder as well so people can’t view what plugins you have. Because even if your current version of WordPress is up to date, if you are using an old plugin or a plugin with a security hole, someone can use that to get access.
Next, most web hosts in the cPanel area allow you to run a security scan and see if anyone has injected any bad code that may be used to grant an authorized access, send emails, or something like that.
Just run that web host security scan and see what comes up, and if anything comes up that looks out of the ordinary or you are not sure of, contact your web host and see what they think. And whether or not you find anything bad, automatically backup your whole account. In cPanel you can backup your entire web hosting account and save it to your hard drive so that even if something goes wrong at some point, at least you have a back up copy of everything that’s there.
Those are three very simple things you can do to keep WordPress safe without plugins. Put a blank Index.html file in your folders, run your web host security scan and backup your entire account.
I bet you want to backup your WordPress blog to have peace of mind and be able to restore it anywhere, anytime you want, and you can now at www.backupcreator.com.
Here’s a quick question, if you have a WordPress blog and the username and password you use to gain entrance into that blog is Admin and Test, are you at risk for your website being taken over? The answer is yes. What is said is you can have all security measures, all the fancy security plugins in place, but if your password is something that they can easily guess then you are leaving the door wide open.
That’s why it’s important to have a safe WordPress login and password. What can you do? Make sure your username is not the name Admin or Adminstrator, change that WordPress password regularly and use different passwords than you use for other WordPress or FTP sites.
By default, when you set up WordPress it uses it with the username Admin, which means that when you login you type in the username Admin and some password. But this is giving the hackers half of the information they already need. If they already know that you are using this Admin, all they have left to guess is the password. But if your username is something like your first name or your first name and your last name, now they don’t know where to start. Now they are guessing about two different factors.
That’s why even though WordPress, by default, sets your username as Admin, the first thing you should do is create a new user account and name it your first and last name, save it and then delete that original Admin account, that will cut down on a lot of automated attempts.
Something else that is very-very easy to do is change your WordPress password regularly. For example, once per month. This means that you are always thinking of some new thing to type, and some new password that someone might never guess, because you are changing it every month. You would be surprised at how many passwords consist of someone’s name, child’s name, or pet’s name but if you are changing a password on a regular basis, adding in letters and numbers to it, now that’s a password that no one will guess which means that no one will have access to your site other than you and the people you choose.
Finally, set different passwords than other WordPress blogs you own. Set a different password other than your email address or your FTP account. The problem with setting the same password for different accounts is if someone gets access to your WordPress site, now they have access to your website, your other WordPress sites, your email, your FTP, and so on. But if you use different passwords for WordPress, for email and for FTP that means if someone happens to gain access to your WordPress they don’t have access to your other accounts.
Setting a safe WordPress login and password is easy, don’t use Admin as your username, change that password regularly and use different passwords for multiple WordPress blogs, for your email account and for your FTP account.
Install these three simple plugins to WordPress to minimize the risk of hacking and intrusion. It’s never fun for someone to get access to your WordPress blog, but unfortunately it happens every day. Every day websites are deleted, defaced or simply taken over and you can avoid that by installing the login lockdown plugin, the HTTPS for WordPress plugin and the WP-Security plugin.
First of all, a very simple plugin called login lockdown simply blocks access to your blog if someone enters the wrong password too many times. A very common technique for hackers to get entry to WordPress blog is simply try many passwords over and over and over and over until something works. So login lockdown will block access to someon after a certain number of failed passwords. It’s a very simple plugin and it’s worth it to install this to make sure that any intruder is now locked out.
Another plugin to install is called HTTPS for WordPress. If you don’t know what HTTPS or SSL is it simply means that it is encrypting everything that gets sent to and from your WordPress site, including the username and password you use to login. Normally your username and password is broadcasted out in the open. That means if you use any kind of public WiFi anyone else on that WiFi can install a simple plugin and capture every password you type into WordPress. That is really not good. You can either not use unsecured WiFi or you can use this HTTPS plugin which will force you to use HTTPS when logging into your WordPress dashboard, therefore protecting your password from prying eyes.
And finally, the WP-Security plugin installs right into WordPress and scans all your folders for many security vulnerabilities. It checks it for any weak points, any holes, out of date plugins and gives you a very easy to follow list of things that you must do in order to keep WordPress secure.
Obviously, I can’t guarantee you will be 100 percent hack proof, but you need to at least take these basic steps to keep yourself safe.
Those three plugins will get you on your way to having a secure WordPress blog. Install Login Lockdown to lock out anyone after a certain number of failed attempts, install HTTPS for WordPress to make sure that any time you login to your dashboard it moves you over into SSL, and WP-Security scan your folders.
Have peace of mind and backup your WordPress blog on a regular basis using the tool at www.backupcreator.com.
Easy steps you can take to keep your WordPress blog from getting hacked. I hope you are not losing too much sleep over the possibility of your website and your blogs getting hacked, being taken over, being destroyed or being changed. If you are worried about this kind of thing, there are a few preventative steps you can and should take right now to ensure that your blog is kept safe.
You should avoid shared and cheap hosting, you should install trusted themes and plugins, and finally you should keep your computer Spyware free.
What do I mean when I say to avoid shared hosting? I mean that many people, in fact, pay a web host, such as HostGator to have web hosting, and they will take some of their space. They might have for example, one gigabyte of space and they might sell 100 megabytes to you for the same price they pay. Now this opens up a few problems, because what if this one person sells space to ten people in the same area? Well there are a few things some people can do to get access to other folders that do not belong to them simply because they belong to the same reseller.
What you are going to want to do is pay at least $20 dollars per month for web hosting. Don’t get sucked into web hosts that will charge you just a dollar or one simple fee for lifetime access. Get a real web host such as HostGator or BlueHost which does charge $20 or $30 dollars per month, but it is well worth it to have the faster performance and extra security.
Now be sure to install themes and plugins that you trust. This means don’t install a plugin that came out just yesterday. Install a plugin or a theme that has real reviews, and just make sure that you are not installing a theme or plugin that contains what’s called Malware because most people don’t realize that any theme or plugin, if it so chooses can actually delete all the files on your website. It can actually copy your whole website and send it off somewhere else.
You need to trust the plugins and the themes that you are using. And finally, keep your computer Spyware free. Install a virus scanner on your local computer, such as AVG and scan it on a regular basis. Think about it, if someone has access to your office computer, your desktop computer and can record every single password you type in, that means just because they have access to your computer, they can now tell what your WordPress password in and login to that as well.
Some simple preventative measures to take to avoid your site getting hacked is to avoid shared and cheap hosting, install only trusted themes and plugins, and to keep your computer Spyware free.
Getting your WordPress blog hacked is a very scary thought. After all, you spent so many hours updating that site and making it perfect and now someone is coming along and they might have destroyed it, changed it, or is now trying to extort you for access.
There are a few things you can do when someone gets access to your site. The very first thing you should do is backup everything. Backup your blog, backup your files, keep it all in a safe place, and let your web host know immediately that someone has access. They can go in and make sure to change your passwords and clean out any extra FTP or Shell accounts that the hacker may have added.
The very important thing you should do is backup everything, change all passwords, and delete and restore your site.
Now backing up everything is a pretty straight-forward process. If you have a WordPress backup plugin and you should, make sure to run that and grab the backup that it has generated. Then also be sure to grab a backup of the entire account. If you don’t know how to do this, your web host should be able to do it for you. Now you have a copy of all your files, so that even if the hacker deletes everything you still have a copy.
The next step is to change all of your passwords, and I do mean ALL. Change your email account password, change your WordPress account passwords, your FTP login, your account login, change any and all passwords to make sure this hacker can’t get in later on.
And then what you should do is delete and restore. Most web hosts will recommend that if someone has really gained access to your site to back it up, blow away the entire account and set it up somewhere else, because you don’t know if they have set up some kind of a plugin or some kind of a script that will monitor for any new logins or any new passwords.
Delete whatever is on there, especially any new pages or content the hacker may have added, and restore your account somewhere else.
After you restore it, you are going to have to comb through it and make sure that these new restored passwords are changed as well, just to make sure that someone can’t get in. But at the end of the day, if you have removed any new things the hacker has added and changed all of your passwords, there really is not a lot they can do to get back in.
I think the most important thing for you to do is backup your site on a regular basis, that way if someone gets access to your site, it’s simply a minor inconvenience of changing passwords and restoring. There is no loss of information. That is what you do if someone gains access to your WordPress site. Backup everything, change all passwords and delete and restore what’s there.
Something that everyone should do who has a WordPress blog is keep it completely up to date. Keeping your WordPress blog up to date ensures all plugins will continue working, you will have access to the latest features and most importantly that your blog is now safe from hackers and intruders.
Most people don’t know how to update their WordPress installation, but luckily it’s very easy. You can use the auto-upgrade feature in the dashboard, and if that doesn’t work, upload all files manually, and if that doesn’t work use one simple technique to fix any problem plugins.
The first thing you should do when going to update WordPress is go to your dashboard, and on the top left corner should be an area that says updates. All you have to do is go to that updates area and click on one button and this will automatically download the latest version of WordPress, unpack it, and install it where your blog is.
Now you should take a backup of your blog before doing any kind of upgrade, but after that’s done, you now have the brand new features and version of WordPress without having to use FTP or edit any kind of databases.
Now if you have an older version of WordPress, or for some reason this automatic update feature is not working properly for you, the solution is still very simple. What you can do is simply upload the newer WordPress files, and WordPress will detect this. It will detect that your files are new but your database is out of date and it will do its best to update that database for you.
Here is what you do, you go to WordPress.org/download and this will show you a big blue button that you can click and download a zip file of the most recent, current, up to date version of WordPress. This will download a zip file and once that’s downloaded, you can right click and extract all of those files to your desktop where you saved the zip file. Then open up your FTP clients and move those files up to where your WordPress blog is now located. Making sure to overwrite any files that are already there.
Don’t worry this won’t overwrite any of your content because they are the files that run WordPress and your content is just stored in the database in a different location.
Now once those files are all done, simply load your blog and it will say that WordPress has an update, do you want to update? Click on a button and it will make sure your database is up to date, and now you have a current, up to date version of WordPress.
Every now and then when you upgrade this way a plugin might go wrong, it might crash your entire blog, it might show some extra errors, so take a note of what the plugin is named. For example, if the plugin is saying All-in-One SEO, write that down and then in your FTP client, browse to a folder that is called WP-Content, and within that browser folder called plugins and then find the offending folder such as All-in-One SEO and delete it.
Now when you load WordPress again, the blog should load properly and you can add the plugin back the way that it was, and that is the way you upgrade WordPress. Go into your dashboard to the update area and see if you can update it in one click, if not go to WordPress.org/download, grab the zip file, unpack and upload the files. If there are any problem plugins then go into WPContent/plugins and delete or rename that folder and reload WordPress, and everything should be okay.
If you have a WordPress blog or a website, you may be wondering how am I supposed to keep it safe from hackers and from accidental changes or deletions?
In addition to any kind of fancy modifications or security plugins, there are a few easy steps you can take right now within the next few minutes to make sure your WordPress website is secure.
The first thing you can do is only connect to WordPress on a secure WiFi connection, only use trusted plugins, and keep WordPress up to date.
Do you know that when you connect to a website using unsecure WiFi, which means airport WiFi, Starbuck’s WiFi, public WiFi, that anyone can see your username and password. That means when you connect via FTP or simply log into your WordPress dashboard anyone can see exactly what your username and password is and join for themselves.
That’s why it’s very important to only connect to your WordPress site and only connect to FTP if you have an SSL connection or you’re connecting a cellular 3G network instead of WiFi. If you don’t know what any of those things are, then simply make it a point to only connect to your FTP website and WordPress from home instead of in public.
Next, only use plugins that you trust. Are you aware that any WordPress plugin, if it so chooses, can have access to your entire WordPress site? All of your users, all of your content, most of the time, to every single file on your website.
That is the reason why it’s very important that you only use WordPress plugins that you trust. Don’t go out and install 200, 300 plugins just because they all seem like they have cool features. If a plugin is brand new, if no one seems to be using it, that is not a good sign, and it may be a Trojan Horse kind of plugin where someone had simply put it out onto the internet in the hopes that someone else will install it on their website, and now you have given the hacker complete access to your files and your content.
Finally, a very easy way to secure your WordPress blog is to keep WordPress up to date. People find security holes all the time, and WordPress is quick to fix those holes, but it does you no good unless you update your blog to the current version which is safeguarded against most attacks.
Luckily the most current versions of WordPress have a single button you can click to update it, which means it downloads and installs the most recent version so you are now protected.
Believe it or not, it doesn’t take a rocket scientist to keep your blog safe from most hackers. It just involves you taking a few simple steps and a few safeguards to make sure that you don’t have problems in the future.
Here are a few things you can do right now. Make sure all your WordPress usernames and passwords are strong passwords, keep your email secure, lock anyone else’s IP address in your backend C-Panel and install the Akismet anti-spam plugin.
You would be amazed and surprised at how many people simple passwords such as their name, pet’s name or names like test, or test1234 as the password to their WordPress blog. And in fact, there are robots or spiders that comb the internet trying to find these websites that have named their passwords in these simple names. That means when you set up your WordPress account, don’t call it Admin, call it something that is non-standard such as your name. And when you have a password, name your password something with at least one number, one uppercase letter or even one punctuation character to ensure that no one can guess it.
The next thing you should do is make sure that no one has access to your email account. It does you no good to have a strong WordPress password but a weak email password, because someone can always gain access to WordPress by using the lost password tool. This means if someone has access to your email account, they can use the lost password and reset your WordPress password and now gain access to your website.
This means that you should secure your email, change your password regularly and be very careful who’s computer and whose wireless network you use to check that email.
Now here’s a great thing that any paranoid webmaster can do, using your C-Panel backend, you can in fact block access to what’s called the WP-Admin Folder in your WordPress site. Basically you can go to a site such as what is my IP.com and it will show you a series of numbers. Now this number corresponds to you on the internet. And you can in fact block everyone on the internet from accessing your WP-Admin Folder, your administrator dashboard, and then only allow this specific IP address that is yours to access it.
This means that even if someone happens to have your WordPress password, even if you have a weak password, you are the only person who can login to that backend.
And finally, one thing that every blog owner should do that enables comments on their blog, is to use what is called the Akismet anti-spam plugin. What this does is checks any new comments coming to your blog for spam. And if you don’t have a plugin like this, your blog will at some point be flooded with thousands and thousands of spam comments flooding your site with all kinds of nasty links and garbage. Install this Akismet anti-spam plugin or turn off comments entirely and that will help your blog from being spammed to death.
Those are some very simple tips to help secure your WordPress blog. Use strong passwords, secure your email, block the WP-Admin IP addresses except for yours in C-Panel, and use the Akismet anti-spam plugin.
You should definitely backup, clone and protect your WordPress blog right now by going to www.backupcreator.com.
I don’t want to scare you but I want you to be aware of the reasons why you should backup your WordPress blog, and even better protect it against someone getting access to that site.
www.backupcreator.com/blog/wp-content/uploads/2012/02/Cartoon_Burglar_Stealing_a_VCR_100409-015834-545042.jpg” alt=”” width=”300″ height=”300″ />Someone getting into your WordPress blog can delete anything that is there, can replace it with something else, redirect it and in fact access every single file in that WordPress site, sometimes other websites on the same server. That is why it’s really important to keep people out and backup your site just in case something goes wrong.
Something that is very easy to do if someone gets into your WordPress blog is delete it. There is in fact a plugin called Bulk Delete that can delete all plugins within that blog, kind of a scary thought. But if you keep your blog backed up, then no one can really hurt you, even if you just use something once per month or once per week.
Let’s say in the worst case you back up your site on a Monday, and someone gets into your site and deletes it on a Friday, at least you have only lost the past five days of work. You haven’t lost the past two years, if not more.
What is even scarier is that someone who gets into your WordPress site might replace it with something else. Many terrorists, religious and activist groups have in fact used hackers to gain entrance to weakly protected WordPress sites and replace it with their own images and content.
What also might happen is someone might set up your site to redirect to a new site, or display some ads. And even worse, if your site gets flagged as an attack site, as a problem site other people will not be able to see it.
That is something that might happen, is if you load your WordPress site and it seems to be redirecting to some far off place on the internet, it might have been hacked and you should investigate that.
One of the scariest things about someone getting into your WordPress site is that they will probably be able to get access to all files in your site using the using the file manager plugin in WordPress. And even if you don’t have this file plugin installed, they can easily install it from the WordPress dashboard. And depending on how your server is configured, they might be able to see every single website and account on that server. Kind of a scary thought.
If someone gets into your WordPress blog, it’s not just about them changing content or redirecting to a new place, they now can see all your files, all your blogs, all your videos, all of your information. And all this is a reason for you to lock down WordPress.
Use a hard to guess password and be very careful about where you log into your blog from. And above all, backup your site, so just in case the worst happens you are still protected and you can still get your stuff back.