Do you know that several hundreds of WordPress blogs and websites get hacked or infected on a daily basis? A lot of blog owners lose the blog they’ve worked hard to build to hackers under avoidable circumstances.
For instance, by September 2016, around 16,000 WordPress sites were already hacked in that same year. In the same period, 3099 Joomla sites were equally hacked. Isn’t that supposed to give everyone concerns?
Google went ahead and blacklisted 52% of the infected sites, overtaking the 38 percent by Norton Safeweb and the 11 percent flagged by McAfee SiteAdvisor. The action taken by Google hardly makes those whose sites have not been hit to wake up and do something urgent to curb the trend.
In January 2017 alone, over 66,000 WordPress sites were compromised, with the hackers replacing the content of those sites with “Hacked by” messages. Your site could be hacked or infected with malware the same way others have. Just some level of proactive efforts could have saved those sites from being taken down by those criminals.
If you fail to take precautionary measures for your site, hackers will help bring the site down for you. But why would someone hack another person’s site? Well, they do so to steal vital information like credit card details, emails, etc.
They also do so to demonstrate their tech wizardry, use your site to destroy other sites, use your email to send out phishing or scam messages to enable them to defraud the unsuspecting public, etc. So, don’t allow hackers take full control of your site and shut you out of your own property.
How to Ensure The Security of Your blog
There are a lot of steps you could take to secure your website or blog. Agreed that you may not be able to prevent 100%, but putting some extraordinary security measures in place could save your blog. Here are a few of the measures you can implement on your blog:
-
Create a new administrative account
It is a known issue that the default username for every newly created account in WordPress is “admin.” When a hacker or an attacker comes to your blog, it is easy to guess the ‘admin’ username, and 50% of his hacking effort is already taken care of. He only needs to do more 50% to get to the rest part which is guessing the real password.
You can stop the hacker in his track by changing this default username to a personal one that he may not be able to guess. To do this, go to the admin dashboard of your site and click on the “Users” link. Proceed to “Add New” to add a new user.
Use a username that is different from ‘admin” and then your email address, full names, etc. Go the box with “Role” tag and choose administrator to assign an administrative role to the user and then click on “Add new user” button and save.
Now that you’ve created a new administrative account, log out of the default ‘admin’ account and then log into your newly created account with the personalized username. Go to the “Users” and then “All Users” and click on the old admin account and delete it.
If there are any posts associated with it, you will be shown two boxes, choose the one that says “Attribute all content to:” and scroll to get the new username. Click on the new username you created and then confirm the deletion. That would transfer all posts in the old admin account to the new one so that you don’t lose the content alongside the deletion of the account.
-
Make use of a secure password
If you do everything right but fail to create a strong password for your site, you are only inviting hackers for a feast. You must avoid using simple passwords like single English names, names with all lower cases, straight figures like 12345, month, date of birth, popular words like “iloveyou,” “jesusislord,” “qwerty,” etc.
Your password should be up to at least eight characters long. It should be made up of letters (combination of uppercase and lowercase), special characters, figures, etc. If you’re still confused about how to create a secure password, use the Norton Identity Safe Password Generator to create one for your blog.
-
Use a security plugin
One of the beauties of using WordPress is that you can get virtually any tool you need to run your blog successfully. One of those tools to help keep your blog secure is to make use of a security plugin.
There are several of them, but the two most popular ones that quite reliable are WordFence Security and Sucuri Security. These plugins come with features that ensure the safety of your site.
Some of the things they can do for your site is to scan the site regularly for infection/malware or signs of compromise, create Firewalls, block out IPs of potential attackers, block bot traffic, enable login security, check if your website IP is generating spam, etc.
Once a problem is noticed, they send you an alert on the email you’ve provided in the course of activating the plugin. Besides, when there are security issues across the web, they quickly send you a notification and advise you on what to do so that your site would not be affected. Using the premium version of these plugins will give access more advanced features.
-
Do a regular automatic backup of your site
It is necessary to backup your database and content from time to time. Hackers are not the only reason why you may lose your site or relevant documents. Periodic WordPress and plugins update are known to result in some issues on blogs.
It is, therefore, very critical to do regular backups of your site and when you want to update any plugin or theme. This will ensure your site can be restored if your database gets corrupt as a result of any update.
It is true that lots of the hosting companies out there do a backup of your site periodically. However, we have seen a lot of situations where in the event of a hack or infection, the host is unable to provide a current version of your site.
So, to prevent this ugly situation from happening to you, you need to do backups as part of your personal responsibility. You need to backup your database and your blog files including the plugins.
You can either backup your site from the cPanel or use backup plugins from the admin dashboard. Some of the backup plugins you can easily use include, BackUpBuddy, UpDraftPlus, BackWpUp, BackUpWordPress, VaultPress, Duplicator, etc. If you’ve not been backing up your blog, it’s better you start doing so now.
However, if you’re blog is hosted on any of those free blogging platforms on the internet, this post will help you to learn how best to be backing it up.
-
Update to latest WordPress version
Hackers are often on the lookout for security loopholes on your site. These holes are usually created by the failure to update your WordPress to the latest version. WordPress regularly upgrades its platform to ensure that it remains safe for all websites and blogs.
But the updates do not automatically apply to your site, except you’ve configured it to do so. It is your duty to check for regular updates and make sure that as soon as a new version of WordPress is released, you quickly apply the update.
While does WordPress do regular updates? The primary reason why WordPress upgrades or updates its platform is to address a known security issue or fix vulnerabilities. Besides, the system is also updated to improve its functionality and enhance user experience. You will be doing yourself a great disservice if you fail to apply the updates to your sites.
Furthermore, you should not stop at updating WordPress version alone. You need also to update your plugins. Plugins developers also take proactive measures to fix bugs and take care of any vulnerability by updating their scripts.
The moment new updates are available for your plugins, you should try as much as possible to apply them to your site otherwise hackers would spot the hole in your plugin and use it to attack your site. As a rule of thumb, never install any plugin that is not updated for over six months to a year on your site. It could just become the gateway for hackers to bring down your site.
Conclusion
Blog security is an issue that must never be treated with kids’ gloves. You have worked to put a blog and maintain it all along. Why allow it to be hacked and you lose your means of livelihood? You can actually do a few things to ensure the security of your blog.
Some of the tips we provided in this post include creating a new administrative account, making use of a secure password, using a security plugin, doing a regular and automatic backup of your site, as well as maintaining a current version of WordPress and plugins. Make sure you do not ignore our warning because they can save you a lot of heartaches in the long run.
Over to you
How have you managed to secure your blog and website? We would love to know the measures you put in place to ensure that the security of your blog is not compromised. Please, share your experience on the comment section below. If this post is helpful to you, kindly share it with your friends.
Hello Theodore ,
Great shout over here 🙂
There are numerous reports in the recent year that number of web site are being hacked down and these numbers are not low
or average but things are getting worse every year.
Adding a strong password type in our accounts do help, or better if one can add two step security set up to access their
account. This would be a little tough to get going through our web sites.
Backing up our blog is also very important, as if something get wrong then we would be having a back up so that all of our hard work
would not go in vain.
Thanks for these tips to share among us.
Shantanu.
I am really stunned… Awesome writing. Most useful information
Thanks
Thanks for sharing a wonderful article and i got very interesting by reading it
Regard
Hey Theodore!
The security measures are much needed now a day to secure a blog. However, I was unaware of some measures and you have made me alert on securing the blogs. Thanks mate.
Cheers,
Mark
Thanks for sharing this wonderful article about security. I will follow your step to secure my blog 🙂