Hackers are seriously attacking all wordpress blogs nowadays and it will be unwise not to take drastic measures to ensure the safety of your blog, right? Last month, a buddy of mine got his wordpress blog hacked and it took him days to recover his blog content. Assuming he paid some more attention to his blog, he wouldn’t have got hacked easily – right? You can install all security plugins that the wordpress directory has but if you can’t configure the structure of your wordpress blog properly, then all those security plugins are waste :).
At some time back, I wrote about how to secure your blog effectively and those who followed those steps, really did find it worthy. Incase you’d like to read my previous post on “how to protect your wordpress blog” can still do.
Must Read: Top 5 Must Have Plugins For A Better WordPress Optimization
3 Simple Steps To Protecting Your WordPress Blog
There are some little details that we know but do not pay close attention to that may get our blog hacked and today – I am only going to show you a simple way(s) of protecting your blog by covering those little tracks :).
I should start with the top most problem all newbie bloggers and most bloggers (who do not want to know) don’t know:
1a: Use a solid table prefix when installing your wordpress blog:
As funny as it looks, do you know that you can get hacked through your database? Yes, I learn about this sometime back and it is good for you to know about this as well. Many bloggers have gotten their blog hacked through their databases knowingly or unknowingly so it is good to protect it a ninja :).
But how do we protect our databases?
When you were registering your wordpress blog, on your “Database Settings” did you leave the table prefix to be WP_? If your answer is yes, then I am sorry to tell you that your blog is on its path to destruction…
To help your blog stay alive, you can start by going to your database dashboard and change the table prefix from wp_ to any other name you which to give it :). and do remember that doing this might damage or change your database structure if you do not know what you’re doing.
1b: Outdated plugins can be your blog’s doom:
Must Read: 5 Key Ingredient On How To Become A Better Blogger
Are you that type that hates to update his/ her plugins? Or are you that type that is still using the old wordpress platform? Then I am afraid that your blog will get hacked pretty soon if you do not update those plugins and that platform. We all know that outdated plugins can also cause hole in our database and leave it vulnerable to attacks, so be wise.
2a: Use a very difficult Admin login name for yourself:
I see bloggers today who do not know the difference between “admin login name” and “username”. They do not care to know so they make their username and login name as one. You might not know this, but you can get hacked easily if you do not change it right here and now. You can learn the difference between username and login name and you can also learn how to change it without problem by following this link “Changing your wordpress username/ login name” or you can view Adrienne Smith video tutorial if you want a video guide 🙂
Tips: If you are using your blog name, username, admin, administrator as your blog login name, then get ready because you will get hack very very soon…
2b: Pay attention to your password:
When I first started out the online journey, I made my passwords 6 letter words. Then I got my yahoo mail hacked :(. After my first hack, i increased my password to 20 mixed letters, numbers and symbols. But now I have increased my password to almost 90 mix letters… Don’t ask how I did that because even I can’t remember my passwords :).
My point is; never play with your passwords, do not use dictionary names because they are easy to figure out and make sure your password is above 20 words mixed.
3a. Limit login attempt:
Believe it or not – once your site starts getting popular, eyes will be on your blog and you might get hacked if you do not take further steps.
Do you know that my blog get more than 3000+ hack attempt daily? If you do not believe me, take a look at the screenshot below.
With the help of “Limit login attempt” plugin, you can easily know who is attempting to hack your site and block that ip from accessing your blog. If you do not have the “Limit login attempt” plugin, I will advise you to go get yourself one and it will surely help you battle those jobless people called hackers :).
3b: How do I block those bad ip’s:
Must Read: How To Backup Your Blogger blog Posts, Comments and images The Best Way
It is advisable to block those ip that are trying to hack your blog and the most fun ways to block the ips are as follow.
3b,i: If you are using cloudflare, you can block those ip that are trying to hack you by going to dashboard >>> Click threat control >>> Scroll down and you will see a block where you can add ip address to block.
3b,ii: you can as well use your cpanel if your hosting did not provide you a cloudflare account. To block those ip addresses using cpanel, loging to your cpanel >>> under “Security” click “IP Deny Manager”
From there you can start adding those attempted ip addresses. Believe me, those ips will never disturb you again.
Conclusion:
If big names like Facebook, Twitter and Linkedin can get hacked, then our blog might also get hacked someday (or never) but let’s do the little we can to protect our blog.
You take over:
It looks like I have said so much about so much, now it’s time to pass the microphone to you guys :). What other measures do you take to ensure the safety of your blog? Do share with us by using the comment box below and let’s get the party hotter than it is :).
Must Read: Adding Facebook Comment Box To Your Blogger Blog
Do you have questions, comments or thoughts that you’d love to share with us? Then please do by using the comment box below. Remember that your comments, questions and thoughts are highly welcomed and appreciated.
Be social:
Was the post helpful? Then do click the like button, share us and recommend us to friends because you’ll never know who among your friends might be in need of a post like this :). Owww… and do not forget to subscribe to our feed for your latest updates on the go.
Security is one major problem in wordpress/self hosted blogs and must not be overlooked..
Nice Info you Have Here Baba…. WordPress users should not overlook this Info.
Hey Antonio,
Yeah, WordPress disadvantage is the security issues they have. I do believe that some day, they will find a better solution to this like the blogger platform.
Thanks for the comment and do have a nice weekend ahead…
Excellent tip Babanature.
While everyone strives to create good contents, security must be the top most priority. One of the times I failed as a blogger was when I lost my blog to hackers and sad as it was.. My host was miserable at best. The only backup they could provide was an outdated 4-months old backup.
That spelt doom and was one of my frustrating aspect as a blogger aiming for success. The point is this; Choose a very good host and monitor your blog, have a self back-up at least twice a month.
Over the years, I learnt alot of things especially changing the default _wp prefix.
But what I never did was blocking those kind of ip’s. I am typing this and I have logged into my cloudflare account. I need to get busy today..
Thanks for these tips and have a great day 🙂
Hello Nosa, and thanks for the complement :).
Ahhhh… yes, backing up our blog should not be taken lightly. It does help backing up your blog incase of future attacks 😀
Yep, it is 100% advisable to always block those login attempted ip’s so you can feel more secured 🙂
Thanks for the comment and do have a nice time…
thanks for these tips, will take note of that, wordpress really need a strong security because is vulnerable to attack
You’re welcome. It is best to take action because there is not better time than now 🙂
Hi Babanature,
Gosh! Hacking attempts 3000 times! That makes your special so special and good – it’s targeted 😉
Honestly speaking, these hackers and spammers never really stop, do they? I am glad the attempts on my blog have lessened nowadays, or perhaps thanks to CloudFlare and the CommentLuv premium plugin that is much better and takes care of things. I agree with you there, blocking the hackers IPs is the best thing we can do.
Nevertheless, you need to take care about the things you rightfully mentioned. Passwords need to be changed frequently, and so must we need to remove the unused plugins too. I didn’t know about the database prefix, need to check that out.
Thanks for sharing. Have a nice week ahead 🙂
Hello Harleena,
I know that more than 3000 is indeed a high attempt right? But i am not afraid because i got me covered with those little tricks :).
Cloudflare is doing wonders and even if it is a free CDN it can sure do some crazy things. I’d definitely advise all to use cloudflare…
Some professional hackers do hack block through database and the only database that can be hacked are the one which table is WP_, it is best to change it to be on the safer side 🙂
Thanks for stopping by and dropping your comment, do have a nice weekend…
Hmmm.
You are right.
Vey helpfull Article. Thnx +Nature Baba
This also Helps to Other WordPress Blogger, Which r New Or Unknown From this.
Glad you liked the post Siddharth. Now do have a blessed weekend start 🙂
Hi Baba !
Thanks for sharing these tips . There are some good plugins available for securing the wordpress blog . To secure my blog , i use the wordfence plugin ..it automatically blocks the ip-address that attempted to log into my admin dashboard .
-Pramod
Hello Pramod,
That means, wpfence and limit login attempt does almost desame work, that feels great :). But the thing is, they only block those ips temporary, right?
Thanks for the comment and do have a nice weekend start 🙂
Using the right table prefix is one that most blogger are not aware of. I used a security plugin to change mine 😀 Thanks for sharing this though! We must take security seriously so that our efforts won’t be in vein.
Hello Ugee,
You got me curious here, what plugin did you used to change your prefix? I never knew that plugin can do such a task, i guest i was wrong :).
Waiting for your answer sha, until then have a nice weekend start 🙂
I used Better WP Security Plugin.
Thanks for coming by and and clarify issues with us hear. Do have a nice weekend 🙂
It has been problem with many bloggers that their blogs and sites got hacked by hackers.
These are very useful tips for newbies as well as stable bloggers who are in blogging arena from few months and years. I will follow them all. Not want to take a risk with my blog.
Hello Ashwani,
Hackers are seriously attacking all wordpress blog, so it is a wise idea to make our blog as tight as possible. so even if we get hacked, we’ll say, yes! we tried :).
Thanks for taking a like at the post, do have your self a blessed weekend start 🙂
Of course is a helpful post dear friend. I’m going to keep this in mind, is it true I already knew this but is also true I almost forgot to be alert.
See you next time. Best regards from I. C. Daniel
Hey Daniel,
Let’s try to keep our blog as secured as possible and make it the best we can :). Thanks for the comment buddy, do have a nice weekend
Hi Babanature,
What a great write up on what everyone should be doing in order to secure their blogs better. Of course telling them they should do and it them actually knowing how is yet another thing. Thank goodness I have some friends I’ve met online that have come to my rescue and taught me how to put these things in place.
As a matter of fact, I have a friend working on something right now that I’m hoping will stop the hack attempts. I think you and I have spoken about this but this past weekend, without counting them all, I bet I had over 6000 hack attempts and they were just wearing me out. That’s a heck of a lot of IPs to block so whichever way you go about it, it’s still time consuming.
I appreciate you sharing my video, thank you so much for including that and I think for those that need to be walked through this process by the hand then they’ll find it helpful. I just hope everyone takes action on what you’ve shared here because no one enjoys having to go through having your blog violated.
Thank you again for sharing this and for pointing them to my post.
Enjoy your weekend and know that your blog is safe.
~Adrienne
Hello Adrienne,
Ahhh… it’s good to hear that your friend is doing something about the login attempt, if and when he finishes it, please do let me know because i would also love to test me one :). you know, i do block most of the ip addresses (even if i can’t block all) even if it takes i bit of my time, i do keep time schedule for it 🙂
Yea, that video was clear and very nice and i know it will be useful to all as well, so i’d say “most welcome” my friend 🙂
Thanks for the lovely comment, i really do appreciate… Have a blessed weekend start 🙂
Hey Babanature,
Well the IP deny thingy is great but in some countries like mine, we have dynamic IP address. So this means that every time you logon or get connected with the internet, you will get a new IP 🙂
Now, back to your write up. I use limit login from WordFence plugin and that works pretty well for me.
Well written and thanks for sharing mate!
Hello Reginald,
You know, even if your country have a dynamic ip, you can still block the range of the ip and it will block any dynamic ip coming your way.
Ahhh… it looks like most bloggers prefer the wpfence more than the limit login attempt… well, it is best to use what’s best for you, right?
Thanks for stopping by and dropping your comment and do have a nice weekend start 🙂
I am using limit login attempt for sometime but never realize to check deeper on it. Thanks for this post. Going to check more about it.
Hello Okto,
You should pay attention to your limit login attempt because it do help a lot.
Thanks for the comment and have a nice weekend
Great tips Babanature, I really find it amazing that WordPress websites get hacked so often but I suppose if many are not aware of the tips you provided here it can easily happen with so many WordPress sites out there.I love the WordFence plugin as Pramod mentioned above. It emails me when there may be any issues. Thanks for sharing these and have a great day!
Hello Lisa,
That means, both wordfence and limit login attempt works the same and that feels good. It is best to always pay attention to our blog security issues, right?
Thanks for the comment Lisa and hope you have a great weekend start 🙂
Hi Babanature,
Excellent post about protecting your blog. Security is one of my main concerns. I want to do as much as I can in the beginning because later there will be so many other things to do. So I must create a solid protection “wall” even from the beginning.
The name of the table
OK. I admit. I didn’t know about this and I let the table with the default name that, of course, starts with those two letters. What can I do now?
You say you can damage your database if you don’t know how to do it.
This means that you need to do more than just change the name for that table prefix. Can you tell me what else I must do to change the name of the table safely?
I don’t know anything about Cloudflare. I must do a research to find out.
Have a wonderful day
Hello Silviu,
You know, most of our plugins do use our database, so if you change the table prefix, it will alter those plugins as well. except you do it with care. I heard that there is a security plugin you can use to mask your database table but i haven’t used it :). You can find some video tutorials on how to do it and i might as well do a video and a post on it soon 🙂
Thanks for the comment Silviu and do have a nice weekend start 🙂
hey bro there is plugin named as wp-security it is awesome it shows you all the security holes and ask for change just check it out if you want to really protect your blog in easy way,, 🙂
Ahh… thanks for the contribution Prince, :). Do have your self a lovely weekend 🙂
Hey Babanature,
I never knew that our databases could be hacked. I have added that to my blog launch plan, thanks!
As for security plugins, I have used Cloud flare and login lock down for my blog. Both are great plugins (although you have to be careful with Cloudflare. I have had many errors when using it).
I will be using Word Fence in the future (I learned about the plugin only last week from Barry Well’s blog :D). Seems like many others are also using Word Fence.
Anyways, thank you for the tips 🙂
Hello Jeevan,
Yes, your database can get hacked if you do not prepare it for the worst. that’s why developers will advice you not to use expired or outdated plugins for your blog because of the risk it carries.
Cloudflare is one great plugin every blog should have because it does all what the w3tc can do and many more. 😉
That’s nice to hear. Now do have a lovely week start 🙂
2a – it seems like if they know already what’s your userlogin then it’s easier to limit them the possible combinations if there are any right?
I’m really interested on these topics.
for 3a, maybe setting more than hundreds or round off to unlimited tries can be very vulnerable to brute force.
3b. nice nice nice.. interesting, yeah I’ve been banned on a friends forum because I used his log in and posting it as if I was him. hahaha. I think I got the point already on this.
Hello Teepu,
Once a hacker knows your username, it is easy to hack you even if you tighten your security defenses. So the best thing you can do for your blog, is to change your blog login name totally from the associated prefixes.
That’s why it is good to set your limit login attempt to just 2 tries so it won’t affect your blog when they use the aggressive way on your blog.
You can see the effect right? 🙂
Thanks for stopping by and dropping your comment, do have a nice week start 🙂
Hey Babanature, super important topic this one. There is so much in your post I think I need to read it again and again. Some of it I am well aware of , but hacking is such an ever increasing topic we can never keep up. Thanks for sharing all this information it really helps us alot
ashley
Most welcome Ashley, glad you could find the post informative. 🙂
Do have a nice week start…
Thanks for describing the steps to protect WordPress blog from the grasp of hackers. I have applied all your tricks for my own blog and I think now it’s safe .
Hello Sarmista,
Glad you liked the post. Protecting our wordpress blog is very important and should not be taken lightly… This tips has helped me and i am sure it will help you as well.
Thanks for the comment and do have a beautiful weekend ahead…
Great post sir really !!!
So have explian the concept so well. !!!!
Hats Off…..!
Glad you liked the post Nitin, have a great week start 🙂
Hi Babanature,
I have a fairly new blog and am shocked when I installed Wordfence and looked at the Login tab. I saw these strange IP’s that had tried to login to my website. I read your previous article that you referred to and you were spot on: most of the time they were typing in “admin” or my display name.
Thank you for this article and your other article. It is better to be nervous and take steps then to wait.
Hello Barb,
Wordfence is one nice plugin as well because it gives you the ability to block those hack in a short period of time. I will also recommend you install “better wp security plugin” so your blog can be even more secured :).
Thanks for dropping your wonderful comment and i do hope you have a beautiful weekend 🙂
Hello what can i do to my database table my blog is old can i still be able to change the table prefix?
thanks for this article
Hello Jorilson,
You can use Better WP Security Plugin to change your prefix and as well as securing your wordpress.
I use in some of my WordPress website plugin Better WP Security that allow to rename WordPress admin area,rename wp table prefix,ban ip etc.,i find him as one of the best plugins for security and preventing brute force attacks.
Better WP security is indeed a great security plugin. I once used it and felt the impact.
Thanks for your contribution and do have a nice week ahead 🙂