Skip to content

Your Website Is Liable To Get Hacked Because…

We are all trying hard to protect our blog with what we know and how we know. But believe me, many blogs out there still don’t know how to protect their blog and or don’t know what step to take to ensure the safety of their blog.

Must Read: Content Creation – How You Crowdsource Your Efforts

For example; many blogs today still use their username as their admin name or using their name as their admin name, many blogs still has the default table prefix “wp_”, many bloggers still use their name as password and also, 99% of bloggers fail to mask their admin login page “/wp-admin”. Should I still continue?


Have you ever had 3000+ login attempts in a day before? If yes, know that your blog is under attack and taking drastic measures is indeed the best choice for your blog or you might just get hacked someday.

Your Website Is Liable To Get Hacked Because…

On my today’s blog post, I am not going to be discussing the hard ways on how to protect your blog because I have discussed that on my previous blog post. But today, I am going to be discussing the simple and most effective ways to protect our blogs from getting hacked that we hardly pay attention to.

Must Read: Top 5 Best SMF Mods You Should Use On Your Forum

Note: This post might get technical as we proceed but I promise that I will make it as simple and understanding as possible. And if you find any part confusing, just drop a comment and we’ll figure it out together.

Protect your WP-Admin:

Sometime back I was getting serious login attempts. No plugin could have rescued me from the hack attempts I was receiving (I almost got my blog hacked), till my friend Adrienne from gave me an awesome way to protect my WP-admin from those jobless guys calling their selves hackers :).

Now I am using the style Adrienne gave me and also using the below code as well to maximize the security of my blog.

The truth is, protecting your blog goes beyond plugins. You need to implement some things (code) that will make it hard for those hackers to penetrate your defenses.

Now here is what you’ll do to protect your wordpress WP-Admin page from getting hacked.

Go to your C-panel >>> Click on “Legacy file manager” >>> Thick the “Show hidden files (dotfiles) >>> Click “Go”

Now go to where your “/wp-admin” folder is and create a new “.htaccess” file.

Have you done that, now place the below code in the new .htaccess file…

[code] AuthUserFile/dev/null


AuthName "Access Control"

AuthType Basic

order deny,allow

deny from all

#whitelist home IP address

allow from

#whitelist work IP adress

allow from  [/code]

Remember to replace your IP with the

Please also note that if you are using a dynamic ip, this first tip is not suitable for you.

Now what this code does is, it only allows the IP you white list to access your wp-admin section. If you are using more than one ip, you can add it up by simply pressing your enter key in the “#whitelist home IP address” section and add “allow from 421.65.63.890”. Hope you understand?

This trick was introduced by Matt Cutts and it is working 100%. How do I know? Because I am using it 🙂

Option 2:

For those using dynamic IP, Using the security plugin to change the address of your /WP-Admin/ is the best option for you to do.

Do you still have your readme.html file?

Do you know that your readme.html file can be your blogs deadly weapon? Yes, hackers can use it against you. Are you asking how? They can simply use it to know the version and info of your blog. Keeping the readme file is a dangerous choice and should be either deleted or renamed.

Must Read: W3 Total Cache Vs Wp Super Cache: Which Do You Love?

To delete or rename your readme.html file, simple go to your C-panel >>> Go to your WordPress directory and search for the Readme.html.

Now what you’ll do is either delete it or if you do not feel like deleting it, rename it to something else..

This one is simple right?

WordPress usernames enumeration?

Ok seriously, I too did not know what Username Enumeration means or how it can affect your blog till I was contacted by my security team (6scan) for that same issue.

Even if you change your username, even if your username is totally different from your admin name, those hackers that are good can still easily find out what admin name you’re using. As long as you’re using permalinks, it will only take quick seconds to find out your real user name.

There are two ways to fight this, either by using a plugin or you’re implementing the code directly.

Option One

If you’re not tech inclined, then going for the plug-in might be your best idea. You can download the plugin at WordPress directory here

Option Two

This second is most advisable and do work wonder 🙂 .

Note: Please before you take this step, make sure you backup your blog so that you can always restore any time you make a mistake.

Must Read: Top Five Rafflecopter Alternative To Host Your Blog Giveaways

Go to your admin panel Where your WordPress installation is reside >>> Click “wp-admin” >>> Click “user-edit.php”. Click the edit button to edit the file or download the file for editing.

Inside the “user-edit.php” edit, search for: ‘wp_enqueue_script(‘user-profile’);”

Have you seen it? If yes, simply paste the below code right below the code.

[code]if ( current_user_can(‘edit_user’,$user_id ) == FALSE )

wp_die(__( ‘Forbidden’ ) );[/code]

Have you done that? Click the save button to save your work and you’re done with the edit. Now your blog has been saved from username injection 🙂

Basic Tips

Seriously, I would have added more strong security measures for you to try out on your blog but the post might just be too long and boring 🙂 . So for now, this post will help you tighten up your security defense.

Do remember that securing your blog goes beyond just using plug-ins. Securing your blog is about using strategies and thinking like them…

Prevention is always better then cures, so be active and apply this step for a better secured blog.

Let’s Talk

Ha… Look like I have said so much about so much on how to secure our blog right? Now might just be the perfect time to pass the keyboard to you guys 🙂

How well do you secure your blog? Do you rely on plugins alone to protect your blog? Please do drop your answer by using the comment box below

Must Read: My Awesome Blogging Friends

Do you have questions, comments or thoughts you’d love to share with us today? Then please do use the comment box below. Remember that your comments, questions and thoughts are highly welcomed and much appreciated.

Do not forget to share this post on your social networks. To help your blogging friends help better protect their blogs :).

Oh… before I forget, do not forget to subscribe to our feed for your latest and most fresh update on the go.

40 thoughts on “Your Website Is Liable To Get Hacked Because…”

  1. At my college digital library, I accidently login my cpanel with wrong password and made 5 to 7 attemps. Now I’m unable to open my site at college digital library. Please somebody help me.

  2. Hi Babanature,

    Ah…hackers are everywhere, and they keep trying to break your password and hack your blogs, and their attempts at times surprise all of us! I did read about the code Adrienne had shared in one of her older posts, but didn’t follow it through because you know my scare for codes prevents me from trying it, but perhaps it would be a good option as you are already using it and say it’s recommended and safe to use as well now.

    I agree that prevention is better than cure – guess if you take timely measures, you are bound to be safe.

    Thanks for sharing. Have a nice week 🙂

    1. Hey Harleena,

      This particular code that Babanature is talking I haven’t shared on my blog. This is one that Ashvini helped me with but I didn’t want to personally display it because if it didn’t work for some people I didn’t want him to get caught up with having to come to their rescues. There are some issues with some themes so the code has to be tweaked. He was just doing me a favor with this one so I did share it with just a few people but told them they had to use it at their own risks.


  3. Great post babanature, this post might just make a friend of mine buy me dinner! Because he’s blog is seriously under attack. Let me inbox him the link to this post now.

    And Babanature, Great Blog Post.

    Thanks ;).

    1. Hey Abdullah,
      Nice to here you say that. To be real with you, the tips mentioned here do work 100% and should help any blog achieving hack protection.
      Thanks for the comment and do have a wonderful week ahead…

  4. I always do say this, I am somehow scared when it comes codes but everything is worth taking the risk.

    I have had some recent attempts on my blog and I really ought to follow those tips you’ve shared.


  5. Hackers are everywhere, these days they multiplied as fleas does. Ha! Ha! Ha!

    Making a quick buck and move on that’s their dream. What they don’t realise is the danger behind hacking a website. Their IPs are registered by our host provider and their data is used and tracked by authorities up to their door. And what police does? Well they seize their computer, also give some cool fines and even worse in some countries… Oh yeah!

    Thanks for sharing these cool tips Babanature. I’ll check your updates next time!

    1. Hell Daniel,
      Hackers are indeed making some good bucks with their skills :). A good hacker will always have a mask I.P So it might be impossible to trace them, if the Authorities wanted to bust them…

      Thanks for the comment as well, do have a blessed weekend…

  6. Hey Babanature,

    If there’s anything about being hacked, I’m can definiitely tell you my story. It’s not fun at all, but a lot of us go through it. These are some excellent tips and I particularly am going to look at the readme file and username enumeration. Wow, those hacker guys have a lot of time on their hands! But it also makes us bloggers a lot smarter about our blogs! Thanks for sharing!

    1. Hello Sherman,
      So you’ve actually been hacked before? Wow!!! That must have been stressful to you. Thank God you’ve passed that now 🙂

      This tips i dropped today, do work 100%. I am sure that you’re going to find it useful… Do implement it and tell me how it goes.

  7. Hi Babanature,

    Those are some great measures you shared that people really need to pay attention to. I had a friend last year who I had just been on a hangout with her going over some things she needed to do and she had a lot of plugins that I didn’t feel were necessary but at the time we were talking that wasn’t the issue I was helping her with. About two months later her blog was hacked and it’s like I tried to explain to her, it’s not just the username option, a theme that hasn’t been upgraded or plugins. There are other measures you need to take because they can get in any darn way they want if they want to bad enough. Apparently they did with her and my heart broke for her.

    I’m so glad that code is working for you and it’s just been a lifesaver for me. I don’t have to tell you the relief I have not having to worry about them trying to get in that way at least. They were really becoming a huge nu-sense to me.

    Thank you for the mention and for this post. We can never say it enough but our blogs are our livelihood so protect it with everything you have.

    Have a great end to your week.


    1. Hello Adrienne,
      Yeah, you are so right. outdated Plugins and themes can also affect your blog if not taken care of properly. But seriously, I do wonder at times, why people fail to update their plugins, theme or move to an upgraded version of wordpress.

      Before you gave me that code, I was sleeping with one eye open, but now i can sleep with my 2 eyes open not worry about my blog being hacked.
      If Facebook or twitter can get hacked, then none is safe… but If i should get hacked any darn day, i’ll gladly say; at least i tried and i gave them a hard time 🙂

      Thanks for stopping by and dropping your comment. Do have a wonderful weekend

    1. Hello Kedar,
      I have a friend who is using blogger for her blogging platform. Some months back, her blog got hacked but thanks God she had somebody like me.
      Protecting your blog is the best thing that will keep your blog safe. Even if blogger is on Google server, you might get hacked so help protect your password

  8. Awesome tips, Babanature 🙂

    I implemented the techniques while reading your post, all except for the IP white listing part. I just got back to college…so I need white list the University IP address too.

    I’ve always had it confused…is IP address unique for each machine or for each internet connection?

    I will be in college for most of the day, so I will be doing some blogging in college; I don’t want to block the admin panel in college 😀

    Anyways, thank you for sharing these tips 🙂 Do appreciate it!

    1. Hello Jeevan,
      I wouldn’t advice you to use the first tip since you’re in school, because school has dynamic ip so performing the first step might lock you out as well. what i will advice you to do, is to mask your admin panel so only you can know how to enter your admin…

      The rest of the tips will work wonderfully well for you.
      Thanks for the comment and do have a good week ahead

      1. Okay 🙂

        Is there a plugin for that? I think I have seen a post about that recently (not sure whether it was on your blog!).

        Thank you Babanature 🙂

  9. Security of wordpress is really important, I have also faced this issue but handling these things with a calm mindsets help a lot. I agree if you have a good backup routine, you can fight with any issue in wordpress.

  10. Hi Babanature,
    I was visiting Adrienne Smith’s blog and I got a message that it got hacked. So what you discussed is true. Hope Adrienne fixes the issue soon…

    1. Hello Vijesh,
      I am sure she must have fixed it by now if she got hacked.
      taking drastic measures to ensure the safety of ones blog is what we should be thinking of. I am sure that this tips will help any blogger trying to secure their blog.
      Thanks and do have a good weekend

  11. Hello,

    Well first of all I’d like to say the new theme is really awesome as I just landed to your blog after the theme is changed.

    Secondly your tips for wordpress hack solution is really helpful and i remember the days when my new blog got hacked and it was really terrible situation but it got resolved later.


    1. Hello Samir,
      Really, Thank you for saying that. Thank God the theme looks okay – at least, better than the previous one 🙂

      This tips that i shared here today is working fine and should help bloggers trying to protect they blog from those jobless guys calling their selves hackers

      Thanks for the complement and the comment. do have a wonderful weekend

  12. hi babanature. thanks for this post. i never knew tricks like this exist. i taught plugins like wp better securit, wordfence etc can handle all this task. but if i may ask, what about those that don’t have a permanent ip address(using cyber cafe and others), how do we go about it?.

    1. Hello Emmanuel,
      As far as hacking is concern, there are some things plugin can’t solve. It is good to apply this tips to help cover some of your blog’s loopholes.

      If you don’t have one ip, you can list all the ip’s you visit frequently. But since you use cafe a lot, i wouldn’t advice you to use the first tip because some cafes have dynamic ip

  13. My blog was hacked yesterday, not actually my blog but my hosting but the good news is that there’s a backup. Now the question is, what will these hackers gain after hacking a blog?

    1. Hello Gilbert,
      That is indeed terrible. But seriously, these hacker do again some infos… Some use it to sell out links while some do use it to fish out some vital infos 🙂 Some might even have other reasons but which ever their reason is, it is good to protect our selves so we won’t fall victim.

      Thanks for stopping and dropping your comment on this post. Do have a wonderful week ahead…

    1. Hello Maneesha,
      It is good to protect your blog because your blog is your business center. The tipps here today will indeed help you in any way possible.
      Thanks for the comment and do have a good week ahead…

  14. Your aticle is good and easy to understand the ways you have described. I use Bulletproof security plugin but found this interesting information first time. Thanks Babanature.

    1. Hello Umer,
      Thanks for the kind words it was truly appreciated.
      You know there are some things plugins can not protect you from and the things i mentioned above are examples. So taken care of those issues is indeed essential.

      Thanks for stopping by and dropping your comment. Do have a wonderful week ahead…

  15. Hi Babanature,

    Great topic and I am always interested in this kind of things.

    Protect your WP admin

    How do I know my IP is dynamic and not static? For example, if I go to whatsmyip site, I always find the same IP address there. However, my I.S.P. asked me if I wanted to pay for a static IP and I refused. This means that my IP is dynamic? If it is dynamic, why it doesn’t change?

    What is the name of that plugin that can help me change the wp_prefix and mask the admin login page?

    One more thing

    I know this is out of the topic but it is something very strange and I want to know if this happened to you, too. I went to a blog and wanted to make a comment but wasn’t able to check the box where it says: “Confirm that you are not a spammer”. It simply didn’t let me do it. I wasn’t able to post that comment.

    What can possibly cause this?

    Have a wonderful day

  16. There are some plugins that van help you do most of this things instead of you doing them manually. WP Security is one of them.

    1. Hello Inyavic,
      What i have mentioned here today, plugins don’t do the functions. even if we have (i am sure they don’t) it will slow down a blog.
      It is not everything you do with plugins, there are some things better to do using the simple hand coding method 🙂

      Thanks and do have a nice week ahead…

Leave a Reply

Your email address will not be published. Required fields are marked *