Protect Your Blog! 2 Action Steps to Implement Today

110 Flares Twitter 82 Tweet Facebook 14 LinkedIn 9 110 Flares ×

Hazard warning attention sign on a metal surfaceCould your WordPress blog be hacked in minutes?  It could be if you're using the default "admin" user, a word from the dictionary for your password, or not otherwise properly secured.

Ready to fix that right now and keep it safe?  Try these two quick action steps.

And, be sure to also read the important safety steps in these two posts:

What are you doing to keep your site safety?  Share your online security tips (or questions!) in the comments.

Comments

  1. Debra Jason
    Twitter: mktgcopywriter
    says:

    If you're not a "techno geek" how do you know that when it says "click here to fix" that you're not going to mess something up?
    Wanna be able to sleep at night knowing I didn't do that.
    Thanks. ~Debra
    Debra Jason recently posted… Attention Marketers: Boomer Women Are A Booming AudienceMy Profile

    • Michelle Shaeffer
      Twitter: MichelleShaeffr
      says:

      Hey Debra, great question. If you've got a backup and your host support # or email handy, that's the first important thing, just in case. Because for most configurations and servers none of these should mess things up. But for anything custom it's hard to predict and sometimes themes or plugins do conflict. One thing you can do is check the support forum or google the specific change and see what comes up — if you see a lot of "this broke my blog!" type entries you might want to skip that step. ;)
      Michelle Shaeffer recently posted… Warning: Social Media May Be Putting Your Security At RiskMy Profile

  2. Tia Dye
    Twitter: tia.s.dyegmail.com
    says:

    Thanks Michelle!
    New to WP and just getting started, so I'll be going through every bit of advice you have!
    ~ Tia
    Tia Dye recently posted… Hello world!My Profile

    • Tia Dye
      Twitter: tia.s.dyegmail.com
      says:

      Michelle – If I set the strong password to subscriber, then will they have to put in a password to read or comment? What would a subscriber need a password for?
      ~ Tia

      • Michelle Shaeffer
        Twitter: MichelleShaeffr
        says:

        Hi Tia, do you require a password to comment? Some blogs are set that way and it requires visitors to register as subscribers. If you aren't set that way, then requiring the strong password won't change anything for your readers. :)

        Here's more detailed info about it: http://codex.wordpress.org/Roles_and_Capabilities

        And despite it being called "subscriber" it's most likely not linked to your subscribers. If you're using a different service to email your subscribers (Feedburner, AWeber, MailChimp, etc) then this doesn't affect that, either.

        Hope this helps! :)
        Michelle Shaeffer recently posted… 5 Critical Steps You Must Take to Secure Your Website TodayMy Profile

  3. Koj Tajo
    Twitter: jo_koj
    says:

    Hi Michele, well timed post. I wonder why still today people are using 'admin' as username. One should totally avoid it. And having backup is all important job to do as blogger. I am using limit login attempt plugin. Hope it helps!

    Hey! your blog got listed in my list. So am coming back again and again.
    Regards.

  4. Ken Glick (EEI)
    Twitter: EnviroEquipmnt
    says:

    I can't imagine anyone wanting to hack our company blog but thankfully we don't use either the default "admin" user nor do we use in word in the dictionary in our password. Nevertheless, I would love to know if our blog is still easily accessible to hackers as keeping them out is my responsibility.
    Ken Glick (EEI) recently posted… How To Effectively Handle A Noise NuisanceMy Profile

  5. Suzie Cheel
    Twitter: suziecheel
    says:

    Michelle,
    Great post thanks i will put on the Better WP security

    You share button at the top are not working?

    • Suzie Cheel
      Twitter: suziecheel
      says:

      all working now ???? What plugin are you using? looks good and neater than digg digg
      Suzie Cheel recently posted… BEach Inspiration: Be ClearMy Profile

      • Michelle Shaeffer
        Twitter: MichelleShaeffr
        says:

        Hey Suzie, I think the javascript is a little slow to load sometimes, I'll see what I can do about that. Appreciate you letting me know they didn't work for you the first time. :)

        It's Flare – both the ones at the top and the ones floating on the left. I loved the visual style, too.

  6. Debra Jason
    Twitter: mktgcopywriter
    says:

    No sooner did I install this, then I got an email about an IP address trying to access my site. Called my Host provider and they said the program was "doing its job and did what it was supposed to" (i.e. blocking an IP from being able to access my site).

    However, as an FYI: when I asked the Host for help with all the settings/changes Better WP Security had on the dashboard, they said "we don't support individual plug ins."

    Don't know if all Web hosts would say that, but thought some of you might want to know.
    Thanks "mighty Michelle."
    ~Debra
    Debra Jason recently posted… 5 Benefits of Using Your Strengths as Fuel For Your Blog PostsMy Profile

    • Michelle Shaeffer
      Twitter: MichelleShaeffr
      says:

      Many hosts won't (can't) support WordPress at that level because there are just too many plugins for them to be familiar with. But if it throws an error message they should be able to fix that part. :)

      Isn't that crazy though? Just being aware that there are "bad guys" out there trying to access our sites is valuable since it makes us that much more cautious.
      Michelle Shaeffer recently posted… I Dare You to Do This With Me Every Single DayMy Profile

  7. Barbara
    Twitter: BarbaraCharles
    says:

    Thanks so much for the info. I'm passing this one to a few people I know who need it! :)
    Barbara
    Barbara recently posted… Sometimes Life Gets In The WayMy Profile

  8. Suzanne
    Twitter: prosperouscoach
    says:

    Thanks for this wonderful video Michelle. I have recently changed my password to something pretty tough to crack but these additional pointers are very helpful. Last weekend I tried to pull up my website and found it was not available. When I went to my hosting company's facebook page I saw that they were under attack. Pretty scary stuff.
    Suzanne recently posted… 6 Keys to Improving Your Website User ExperienceMy Profile

  9. Rob Mullins says:

    Hi Michelle,
    Rob Mullins, here, from the Navigator program. Thank you for this security update. The video really made it clear "what to do next."
    During one of your sessions with the Navigators, you walked us through a number of WP plugins that would add functionality as well as security.
    My question is should I add Better WP Security on top of the other WP plugins like WebsiteDefender WordPress Security plugin?
    Thanks for your thoughts…
    Rob Mullins recently posted… Craigslist Ad Mistakes You Must AvoidMy Profile

  10. Marc Lanzarin
    Twitter: MarcoMLanzarin
    says:

    I movedvaway from WordPress sometime ago for this reason, and for its dependence on too many plugins. I prefer Drupal as my content management system of choice. Good article though on how to protect your your blog. WordPress is a good platform for blogging, just don't use admin as your default password- for starters.

  11. Connor Harley says:

    I never used the default admin as user. Hackers always try their luck in using this to hack websites and there are really times they succeed because there are lots of site owners who are not changing it.
    Connor Harley recently posted… Business to Business Marketing StrategiesMy Profile

Leave a Reply to Michelle Shaeffer Cancel reply

*

CommentLuv badge
110 Flares Twitter 82 Tweet Facebook 14 LinkedIn 9 110 Flares ×