I wish hackers and spammers just didn’t exist; that you didn’t have to take such mega action to protect your blog. However… Since neither are the case… You must learn how to protect your WordPress blog from hackers and yes spammers too! You also need to know how to backup your blog properly.
Some of you may have noticed a few weeks ago when you came to visit Profit On Knowledge that you received an error and could not access our site…
This is because Larry’s websites got hacked and his dedicated hosting company shut him down to protect any further threats.
Larry, literally thought it was the end of the world. All of his hard work for years over a dozen sites… Gone with the wind!
Watch this video to see part of Larry’s meltdown…
So what happened? What went wrong and how can you learn from Larry’s mistakes and protect your blog?
In short Larry made a few mistakes, however he had an ace in his back pocket (we will just call her Jamie, yup me) 😉 that was able to salvage his hot mess. (It was literally a hot mess too.)
His dedicated hosting company, told him he had a few options since he failed to backup his blogs properly (last backup was well over a year and half ago)…
- He could delete everything and just start fresh. (This made Larry just a wee bit infuriated.)
- Get his web developer to fix it (his imaginary one), if he could not understand the long insanity of craziness they sent over for him to decode solo.
Guess which one Larry was about to do? Oh yeah, he was about to commit virtual blogging suicide and just delete everything!
However, I calmly talked him down from the cyber ledge and asked him to allow me to take a look at everything to see, if I could fix his sites.
The painstaking emails and files that Larry got from his hosting looked like incomprehensible gibberish to him, thankfully they made sense to me. Phew! I asked him to give me a few days, simply because the sheer amount of sites to fix and files to delete was pretty massive.
And did I mention his hosting company would not let him just fix one site at a time… No, it ALL had to be fixed first before they would give him the green light on any of his blogs.
It was literally… All or nothing!
It took me about two days of 5-6 hours each to get everything back up and running. I’m not sure what a traditional web developer would have charged him… However, at anywhere from $50-100/hr, lets just say it would have been a pretty penny!
Here are the steps Larry did not do, that you can do right now… To prevent virtual blog suicide.
Here’s how to protect your WordPress blog from hackers:
1. Have a strong password and update it every 6 months.
- One of the simplest ways to protect yourself.
(I know some people that change theirs quarterly.)
- Make sure it’s memorable to you.
- The longer the better! 8 character minimum.
- Have caps and lowercase letters.
- Don’t use your name or anyone else closely related to you, that goes for your pets too!
- Real words make it real easy… Consider using acronyms or abbreviations.
- Include special characters such as ?, !, *, – or #.
- Do this for your email and social sites too.
- Don’t auto save your passwords with your browser.
- If you want to use a password manager, I highly recommend: LastPass or 1Password.
2. Change the default information in WordPress.
- Don’t use admin, manager, administrator, your name or your website’s name for your username.
– If you made this mistake already, you will have to create a new user and delete the old.
– Make sure to attribute posts to the new username BEFORE deleting the old.
- Remove the ‘Hello World’ post.
- Change or remove ‘Powered by WordPress’ in the footer.
- Change the site description ‘Just another WordPress Blog’.
- Remove default comments.
3. Keep your plugins, CMS, themes, etc. up-to-date always.
- Do this for all your sites hosted with your hosting company of choice.
(I personally highly recommend HostGator here for shared plans and WP Engine here for dedicated WordPress hosting and maintenance, I’ve been using them flawlessly for years for clients and myself.)
- When you fail to keep things up-to-date, it creates a breach in security. This is what happened to Larry’s sites.
- Delete unused plugins and themes immediately. (Another error on Larry’s part.)
- Have multiple WordPress sites? Use a WordPress manager like ManageWP (free up to 5 sites) to make updating faster and manage all your sites in one place.
4. Plugins to protect your WordPress blog:
- Akismet to protect your WordPress blog against comment spam.
- All In One WordPress Security and Firewall Plugin (does just about everything you need, including limit login attempts.)
- to scan for malware, has anti-virus scanning, firewall and much more.
- Bad Behavior to reduce incoming link spam and malicious activity.
- BBQ (Block Bad Queries)
5. Limit access to sensitive information.
- Don’t store site backups on your server.
- Disable hackers ability to browse directories by adding “Options –Indexes” (without the quotes) to your .htaccess file.
6. Use a secure file transfer protocol (SFTP).
- Some people use their file manager through their hosting or CPanel to upload, delete files, etc. This is not as secure as using an SFTP, because file managers often save temporary copies of important files on your server.
- Do not save your passwords for your FTP login on your SFTP of choice as an extra precaution.
- I recommend Cyberduck and Filezilla, both are completely free to use.
7. Choose your hosting wisely.
- A shared hosting plan is not always the best, because if they get hacked, your site(s) most likely will be too. That being said, I’ve personally used HostGator’s shared plan here for clients for many years without fail. Though I make sure my clients have all the above protocols in place too!
- Dedicated hosting is more secure… However, if like Larry you fail to go with a company with great customer service and fail to do the steps above, you will be left out on your own to fix the problems or hire someone who will. For WordPress sites, this is my favorite dedicated hosting company because of the security and amenities it provides… WP Engine, get it here.
- Basically, it comes down to what you need, how much space, bandwidth, what amenities you need, etc. right now. Eventually, you will outgrow a shared plan anyways! 🙂
8. Backup your site and have a backup of your backup!
- Backup Creator is what I use and recommend to my clients, it has great features and a low one-time fee.
- Or you can have an all-in-one approach with ManageWP by upgrading your plan to either standard or professional for those that like automatic scheduled backups.
- Keep your backup on your computer, as well as an external hard drive.
- Also, have an online backup too! Our favorite is LiveDrive (we backup all our files for $8/mo), because yes… Sometimes external and internal hard drives decide to die. Like mine did this past summer!
9. Signup for a CDN (content delivery network).
- Protects your blog from hackers, spammers, bots and malware by filtering your incoming traffic. recommend the free version of CoudFlare here.
- We recommend the free version of CoudFlare here.
- An added bonus is it speeds up your site!
10. When partnering up with someone, never assume they did all the above.
- Here is where I went wrong! I knew Larry has been online longer than me, and he does know A LOT about blogging… However, like all of us he is not perfect, nor does he know everything. So, when partnering up with someone that already has websites. Make sure they have done the above steps!
- Also, when they say they have a backup and everything is under control, find out what their version of under control and backing things up is. 😉
- I also knew Larry’s hosting sucked going into this partnership, he complained too many times over the years about it. No CPanel for ease of use among other things. He refused to switch because how labor intensive the move was. I highly recommend services like WP Engine for WordPress sites to be managed, hosted, protected, monitored, fixed and even transferred with ease. (We will be migrating his sites very, very, very soon!)
If after reading this you feel your head throbbing, because it seems like a lot of work… No worries!
- Because you can hire someone like myself (Jamie Pelaez) to get your site(s) secure or to fix your site you did not keep secure. (Whoops!)
- If you are using WordPress for your sites, then I highly recommend also using WP Engine for serious bloggers and site owners. They have amazing protection and service. If Larry was using them, they would have helped him fix his problem instead of what his hosting company did which was left him on his own to sink or swim.
Limited Time Offer: Protect Your WordPress Blog From Hackers & Spammers
*For Profit On Knowledge readers only!*
Do you have more than 1 site that needs protecting or need a site recovered? Email us at
services[at]profitonknowledge[dot]com for even more savings and let us know how we can help you today!
And just in case the above was not compelling enough….
Here is another reason why you need a backup of your backup:
♥Like✔Comment✔share the LOVE♥
ℒℴѵℯ / Blessings ➸ Jamie Pelaez
P.S. To check out all our videos up to date, visit our YouTube channel and click here for more 90 Day Vlog Challenge videos.
P.S.S. Some of the above links are affiliate links. Because, we believe in only sharing what we personally use ourselves, you can buy now with confidence. Thank you for supporting us here at Profit On Knowledge.