As you may know my WordPress site was hacked twice in the last two weeks.
I have always been super aware of taking security precautions, but I am even more so now.
Here is a list of things I’ve done, past and present, to secure my blog.
Note: If you are not comfortable doing these things, hire someone. If you have a question or need help let me know and I help point you in the right direction.
- Back-up your content – Depending on how often you blog, use the WordPress > Export option once a week or at list once per month to export all of your content, pages, categories, tags, etc. The export creates an ‘xml’ file.This file can be used to restore your information at a later date if needed.
- Spam Blocker – You must have a spam blocker. The most popular spam blocker for WordPress is Akismet. You can get this free plugin at: http://wordpress.org/extend/plugins/akismet/ If you need a WordPress.com API key go to http://akismet.com/get/
- Updates – Make sure you are running the latest version of WordPress, as well as, the latest version of all your plugins.
- Admin Login – Remove the admin login link from your home page.
- Passwords – Change your passwords (WordPress login, hosting login, database/FTP user login, etc.) at least once every six months.
- Passwords – Make your passwords strong, meaning use a combination of lower case and upper case letters, numbers and symbols. Write your password down and keep it in a safe and secure place.
- Security Keys – A WordPress secret key is a password that makes your site harder to hack. Go to http://codex.wordpress.org/Editing_wp-config.php for more information and to https://api.wordpress.org/secret-key/1.1/ to get your automatically generated security keys.
- Anti-virus software – Not directly related to WordPress, but it is very important to use an anti-virus program on your PC or laptop and to keep it updated. I was using the free version of AVG and it helped me catch and stop the virus link embedded in my WordPress site. I have recently upgraded to their full, paid version.
Hope this helps.
And, if you have any more suggestions please leave a comment and share them. Thanks!!
Related links (about my hack and crash experience):
One of the reasons I’ve felt a connection to you is your generous spirit that is reflected in all things that you do. Thanks for sharing your pain/lessons learned so the rest of us can try to fend off the bad guys.
[...] This post was mentioned on Twitter by Mohammed Omar Faruk, Cris Buckley. Cris Buckley said: WordPress – Protecting Your Blog From Hackers via @SandyDfromNJ http://bit.ly/apzL7T <–from someone who knows! [...]
Sandy, thanks for all the good pointers. Scary to be hacked twice in a week! Some of these I do, but didn’t know about the Security Keys. Is the Admin login automatic? I don’t think I have one, but….