A long time ago, a hacker managed to get into one of my blogs and completely destroy it. It was horrible. There was nothing I could do except scrap everything and start again.
So security of your blog is paramount if you don’t want all your hard work to end up pear-shaped.
As it happens, I’m currently being bombarded by a particularly persistent hacker, so this subject is very much on my mind.
And I want to share with you some actions you need to do to make sure your blog is safe against hackers.
1. When did you last backup?
This is so important, even if you aren’t plagued by hackers.
Anything could happen to your blog without warning, and there’s nothing more horrifying than being presented with the white page of death!
I know – it brings you out in a cold sweat!
Do you have to hand a system to back up your blog? Your hosting people should have some sort of system available which you should take full advantage of.
Also there are a number of backup plugins you could use, some free, some paid for.
If you are serious about this, I would consider a paid version such as VaultPress, which is supposed to be easy to reinstate a backup if needed.
(Other experts, please add your recommendations for backup plugins in the comment box below.)
2. I hope your username is not ‘admin’
I shudder to think of how many blogs out there with their usernames stuck in the default ‘admin’.
This is such a security risk. It is the first thing hackers will use.
And it’s so easy to avoid.
When you first set up your blog in your hosting account, it’s always worth checking out the Advanced Options so you can create your own username.
And, for goodness sake, don’t use your own name. That is another one the hackers are most likely to try.
Think of a username that is totally unrelated to your blog, something meaningful to you or whatever your objectives are.
If you want to know how to change your username, you’re in luck. I wrote a post about this on my Beginner Bloggers blog.
3. How tricky is your password?
Passwords are a pain, but they are essential. Especially when they work in conjunction with your username.
And you need to avoid using a familiar pattern hackers will use to crack it.
WordPress does provide a stringent grading system for defining ‘strong’ passwords.
But the trouble is, once you’ve created your wonderfully strong password, they are notoriously difficult to remember.
You could swap letters with numbers, and add in a few punctuation marks for good measure.
But if you think about disguising your name, it will be only a matter of time before the hacker has worked it out.
Think of something that only you know about, that nobody could possibly guess. Your favourite pet’s name, your first crush, your grandmother’s wedding day, or whatever.
And don’t be afraid to change your password on a regular basis. Perhaps on the first of the month, for example.
And be careful how you write your ‘aide memoire’ to remind you what your latest password is. It’s best to disguise that too!
4. Is everything up to date?
It is worth regularly going into your blog, even if you don’t want to write a post, to check to see if things need to be updated.
Because there invariably will be.
WordPress seems to be constantly updated at the moment. That is because it is aware of all those clever hackers and their tactics, and it needs to keep one step ahead.
And if you aren’t currently sporting the latest version, you could be leaving yourself wide open for anybody to do their dastardly deeds.
So it’s worth going into Dashboard > Updates (found underneath the ‘Home’ link underneath ‘Dashboard’ in the left sidebar) to check what needs doing.
Check out my latest post that explains why you need to regularly update your blog.
And this also includes the plugins and themes.
Because if you don’t keep these up to date, they are again a wide-open door for clever techie baddies to take advantage.
Don’t be afraid to click on the Update buttons. It is for your own good.
It may be a scary time when things are happening, but once everything has finished, you’ll have that quiet glow you’ve saved your blog.
And you know you’ll be OK because you will have backed up beforehand – haven’t you?
5. Give ’em only a taste of logging in
How do I know I’ve got a persistent hacker hounding me?
Well, because I have installed a good limiting login plugin. You can see two suggested versions in my post about changing usernames above.
And whenever hackers attempt to log into my blog, and get it wrong four times, they are banned from trying again for a specific amount of time.
I’ve set this at 1000 minutes. Which is about a day.
I also get an email telling me that his has happened, which username they used, and also their IP address.
And if you’re techie enough, you will know what to do with the IP address to blacklist those hackers.
That’s when I realised these hackers had sussed out my previous username and I needed to change it.
Did you know I once got 380 hacking attempts on my blog within 2 hours?
That was pretty frightening. But luckily none of them managed to break my blog within four attempts.
So it is worth having something like this in place, just in case.
But what about WordPress.com?
You’re lucky. You don’t need to worry so much about hackers.
You have the power of WordPress behind you, guarding your blog and keeping it safe.
But if you are worried, they do have a double-login system using your mobile phone.
WordPress will send you an additional login code so only you can enter your blog.
So it is worth taking a look at this blog post that explains it in more detail.
And feel happy you’ve given those hackers short shrift!