Did you hear on the news where government websites are getting hacked? It’s pretty scary, isn’t it?

But what about us bloggers? Are we in danger, too?

Some say “No. Who would want to mess with us?”

But the truth is, blogs get hacked on a regular basis.

Knowing this, I’ve asked John Hoff of WpBlogHost if he would share with us a few simple steps we can take to make our blogs a little more safe.

With this being such an important lesson, let’s not waste any more time.

Please take your seats as I turn the classroom over to John.

Welcome John.

The floor is yours.

photo of einstein for blog security post

Hello class, my name is John Hoff and I will be your substitute teacher today.

Mrs. Funster, I’ve heard about you and your bra flingin’ activities, so I’ll be watching you!

Today’s Lesson

Do you ever put something off which you know is important and you know you need to do but it goes on the back burner because you don’t know enough about it?

Perhaps you don’t think you have the time to figure it out?

Or maybe the subject simply isn’t “fun”, and who likes to do stuff that’s not “fun”?

But if you stop for a moment and think about how many long hours, days, months, and even years of blood, sweat, and tears you’ve put into making your blog what it is today, imagine the gut wrenching, blood pressure boil you’d get if one day a friend emailed you letting you know your site has downloaded an evil virus to their computer.

Geared up to see what’s going on, you fire up your computer’s Anti-Virus and firewall and nervously enter your site’s URL in the address bar and hit “enter”.

But wait. Your site isn’t there. It’s been replaced with a notice. A notice from Google telling those who come to your site that your site appears to be downloading viruses and as a result has been removed from Google’s index.

All of a sudden the world around you becomes silent and time comes to a screeching halt.

By the way, this situation really happened to a customer of mine. It was only after they were hacked that they realized the importance of protecting their blog from malicious jerks who could care less what you blog about or how badly this could hurt you.

Security Plugins For WordPress (it only takes 7 minutes)

There are lots of ways to secure your blog, some more complicated, some very easy. Most bloggers know how to upload and install plugins, so let’s look at 4 plugins that will cover both awareness and security.

1. Login Lockdown

The Login Lockdown plugin is simple to install and will protect your blog’s front door (the login page) from intruders trying to guess your password by running a brute force password discovery program.

2. WordPress Firewall

SEO Egghead released an excellent plugin called simply, WordPress Firewall Plugin. This is a powerful firewall plugin which guards your blog against such things as SQL Injection attacks. It will even email you when it detects a possible attack. Make sure to whitelist your computer’s IP address so the plugin doesn’t think you’re an intruder.

To discover your computer’s IP address, visit What Is My IP Address? And if you’re curious what kind of email the plugin will send you should it encounter a possible attack, click here to see a screen shot of several attacks it thwarted from some person in China trying to hack my blog.

3. Exploit Scanner

The WordPress Exploit Scanner by Donncha O Caoimh, you know, the guy who created the WP Super Cache plugin, will scan your files and database for possible insertions of malicious code. Part of the battle with securing your blog is also knowing when you’ve been hacked.

4. Bluetrait Event Viewer (BTEV)

Bluetrait Event Viewer (BTEV) is a plugin that monitors events that occur in your WordPress install so you can track such things as who’s logging in and out, what plugins have been deactivated/activated, what programs have been uploaded, etc. You can even lock down this plugin so people cannot deactivate it, even if they have access to your dashboard.

Today’s Assignment

Stop for a moment and think how important your blog’s security is to you. Is it worth 7 minutes of your time?

Do you think your site isn’t a target because you blog about things no one would really care about? Or do you think any and all blogs are targets?

If your blog’s security is important, what steps are you going to take today to ensure you’ve increased your protection?

Questions or concerns?

Please raise your hand and let’s talk about it.


john_hoff_avatar.jpegJohn Hoff heads up the blog services department and is the Blog Editor for WpBlogHost, a site which offers blog hosting, WordPress tutorials, and various blog related services (upgrades, security enhancements, etc.).

You can also find John on Twitter micro-blogging about topics you see in his avatar. When asked what he does for WpBlogHost, his response is typically “I stand behind our blog customers and make myself available for help when they need me.”


Related Posts with Thumbnails
You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
Look Who's Talking
  1. LanceNo Gravatar says:

    Hi John,
    Interestingly, my web hosting company was hacked into a couple of nights ago. Luckily they caught the problem quickly, and although some servers and clients lost service for nearly a day – the server I’m on was okay. To their credit, they sent an email to all customers, telling them exactly what had happened. So – this is so timely for me – as I’ve been thinking about it much the last couple of days. I will be off to get some of this stuff you’ve mentioned setup. This is excellent advice – and really I’ve witnessed firsthand just how crippling viruses/attacks can be. So, thank you for sharing all of this – excellent stuff!
    .-= Check out Lance´s awesome post: There Is Greatness Within =-.

    • Hi Lance. Ouch. Yeah when a web host itself gets hacked, there’s pretty much nothing you can do on your end to stop you from getting hacked. This is why current backups are always so important.

      Glad they got it cleared up. Like Barbara mentioned in the intro, even governments get hacked. Imagine the kind of security walls they have.

      Nothing is 100%, but we can sure increase security from the default installations of WordPress.
      .-= Check out John Hoff – WpBlogHost´s awesome post: How To Install WordPress Outtakes & Deleted Scenes =-.

  2. Really appreciate these links and will avail myself of them. That’ll be 7 minutes very well spent indeed. THANKS.

    And you’ll be glad to hear my all my garments have stayed in place for this entire lesson. 😉
    .-= Check out Jannie Funster´s awesome post: Another video from my CD release show =-.

  3. […] everyone, today I have a guest post over on Barbara Swafford’s blog on the topic of blog security, and if you’re visiting here from there, I’d like to […]

  4. Debbie YostNo Gravatar says:

    I use Google blogger for my blog. Any tips for that? Also, does anyone know how to archive your blog in blogger in case you do get hacked so you don’t lose everything? I’m getting close to 500 posts and I think that’s the limit for blogger. Maybe this could be another lesson, Barbara?

    John, you always have lots of good information, though. Thanks.
    .-= Check out Debbie Yost´s awesome post: Reality Check =-.

    • Hi Debbie. To be honest I don’t know much about Blogger. I set up an account a year or two ago just to toy with it and see what it’s like, but I never really dug into it.

      For the most part, I believe it is Google that handles most of your security.

      Here are some general tips to help protect yourself no matter what blogging software you are running.

      1. Never give out your username and password unless it’s to a tech working on your site.

      2. Use a very strong password. One like: $vsk%TV92x2s@
      If that makes it a pain to remember, use a program like Roboform to keep all your logins and automatically log you into your sites.

      3. Keep a good (and updated) antivirus and firewall set up on your personal computer. One way people can hack your blog is by hacking your personal computer and getting your info that way.

      4. Use different logins and passwords for each site. Remember, your info there is only as protected as that site’s security. Do you trust it? So if I hack some forum and obtain everyone’s usernames, passwords, and links to their sites, make sure that username and password is not good anywhere else (especially your banking).

      5. Periodically Google security tips for protecting the kind of program you’re using to blog with.

      6. If you use FTP, try to use FTP over a secured connection (https). Unsecured FTP does not encrypt your login and password while it’s transmitted over the Internet. This is a huge problem because even if you add all those things above to your “WordPress” blog (I know you don’t have one), they won’t work because someone has access to your hosting account where they can delete, add, and modify files.
      .-= Check out John Hoff – WpBlogHost´s awesome post: How To Install WordPress Outtakes & Deleted Scenes =-.

  5. Debbie YostNo Gravatar says:

    Sorry, forgot to check follow comments for this one. – Deb
    .-= Check out Debbie Yost´s awesome post: Reality Check =-.

  6. This is definitely something I think about and it scares me. Even though I don’t think I’m running a big operation with tons of people reading every day, I do think it’s possible that someone could hack into my blog. Definitely worth taking a few minutes to take some extra precautions. Thanks for the links and the information!
    .-= Check out Positively Present´s awesome post: why i need other people to change myself =-.

  7. Jim GaudetNo Gravatar says:

    I love CommentLuv, ha, that sounds weird. I recently wrote a post, thanks to John, about WP security and now I can link it below…

    Thanks for the extra plugins, got them in FF tabs now to check out. I wanted to mention for the readers that you can get a plugin called WP Database Backup that will backup your DB for you with many options. My db is small so I just have it emailed every night *off server*. And I have a local copy on the server.

    Also if you click on my link below you can find the links for the G4 Blacklist and some other helpful links, like one back to John’s original post that started this whole thing :)
    .-= Check out Jim Gaudet´s awesome post: Secure your WordPress Blog in 5 Minutes =-.

  8. Jim GaudetNo Gravatar says:

    PS Great photo, great font work on the chalkboard…I need to learn more Photoshop
    .-= Check out Jim Gaudet´s awesome post: Tweetmeme WordPress Plugin | ReTweet Button =-.

  9. J.D. MeierNo Gravatar says:

    Great lessons John.

    On the WordPress Firewall Plugin, if your IP address changes or you connect from multiple machines, can you get locked out? If you get locked out, but it’s your blog, how do you get back in?
    .-= Check out J.D. Meier´s awesome post: Likeability is a Skill =-.

    • Good question.

      If you’re working from a different machine (or IP address), either add that new IP address to the plugin’s whitelist or simply deactivate the plugin while you’re doing work on your blog.

      As I recall, the plugin won’t bother you if you’re editing posts and pages. But if you try going into your Theme files or Plugin files and edit those while your IP is not whitelisted, your saves probably won’t take. Just deactivate the plugin while you work and then reactivate it.

      Again, if you don’t want to deactivate it, then just add the machine you’re working on IP address to the whitelist. The plugin won’t lock you out from logging into your dashboard.

  10. DavinaNo Gravatar says:

    Hi Barbara & John. I remember after you installed some security features on my blog. My blog was not whitelisted and I was trying to reorganized my widgets. I couldn’t figure out why the changes weren’t saving. Then I received about a dozen emails notifying me of an apparent hacker attempts. Of course that hacker had been me :-) Seven minutes of our time is not a lot to ask for peace of mind; although for me I imagine it would take more like 21 minutes, so I am happy to use your services for support John.

  11. Lori HoeckNo Gravatar says:

    Hi John,
    Your write: “Use a very strong password. One like: $vsk%TV92×2s@”

    My husband has tried to get me to do this, too, so I guess I need to give up “123456” as a password? Ha! Just kidding. All great information. Thank you.
    .-= Check out Lori Hoeck´s awesome post: Three ways a narcissist can take control =-.

  12. Great list of links and resources. I’m always trying to stay on top of what’s happening in the WordPress security world.
    .-= Check out Justin Wright´s awesome post: WordPress 2.8.1 Released =-.

  13. I learned my lesson the other day. I didnt think my (probably D list) blog would be hacked, but it did an contracted a virus. Thankfully I was able to get it taken care of before it gotten really bad. I will check out the plugins!
    .-= Check out carla | green and chic´s awesome post: Financial Prosperity = Planet in destitute? =-.

  14. PatriciaNo Gravatar says:

    I am sending this link to my IT person. Thank you
    She does security for a University computer system but I just wish to be sure of everything.
    .-= Check out Patricia´s awesome post: A Birthday Ritual =-.

  15. jan geronimoNo Gravatar says:

    Very valuable checklist, John. All I care about is getting update my blog on schedule and to respond to readers. This opens my eyes to the vulnerability and security issues with regard to maintaining a blog. Thanks, John. I have this bookmarked already.
    .-= Check out jan geronimo´s awesome post: How Do You Squeeze in the Time for Blogging? =-.

    • My pleasure, jan. If you ever have a question, you know where to find me.

      • jan geronimoNo Gravatar says:

        I have no problem with log in lockdown – it’s already installed on my blog. I have some problem with no. 2 : WP Firewall.

        My technical expertise starts in downloading the plug in and ends when I’ve activated it. I’m not proud of my little knowledge, but so far that’s the way it is for me.

        I’m using Thesis theme. Can you walk me through the process of having it integrated in my blog? I’m a little wary modifying anything especially as regards coding. What if my blog disappears into thin air! Okay, I’m just kidding. :)
        .-= Check out jan geronimo´s awesome post: My Philosophy in a Bottle of Ketchup =-.

  16. Barbara SwaffordNo Gravatar says:

    Hi John,

    Thank goodness I have you as a substitute teacher today as I had to leave the classroom and attend to our annual neighborhood garage sale. You know I do appreciate your help and this fabulous article.

    This is something I need to pay closer attention to. With so many posts in my archives and thousands of comments, I certainly wouldn’t want to be hacked and risk losing it all.

    I’m so happy we have someone like you John, who knows their stuff and for the a small price you’ll do what we all procrastinate on or may to too intimidated to attempt ourselves.

    This post reminds me, like Davina, I also need to have you update all of the security features on my blogs. I don’t think we can ever be “too safe” when we’re talking about our “baby” (blog).

    • All good, Barbara. And thank you for the kind words.

      So how did the sale go? Are you doing it again today?

      • Barbara SwaffordNo Gravatar says:

        Hi Teach,

        Yes. Today is the second and final day. Oh what fun we’ve had thus far. Although it’s been tons of work, it’s been great to simplify. In the process, our customers have found new treasures and we’ve all made a few bucks. I call that a win-win. :)

  17. The net is swarmed with all kinds of malware. To be safe, always backup files and change your passwords frequently. It also pays to have a secured host.

  18. BunnygotblogNo Gravatar says:

    Thumper is reading this now, he is also my techman. He is going to install the first one. the security plugin.
    Thanks for information.
    .-= Check out Bunnygotblog´s awesome post: Advertising Towards Dummies – Teenage Illusions =-.

  19. Thanks for this post. I learned this lesson the hard way by failing to promptly upgrade WordPress. Someone put gibberish code into every single file in my site directory a few months back, disabling the site. Thankfully none of the actual site content was harmed and I could just install WordPress 2.7.1.

    • That’s the problem. All they need to do is upload one file and it can run a script which infects every file on your blog. Nasty little buggers.

      Glad you got back up and running smoothly. Hacks can be difficult to debug.

  20. janiceNo Gravatar says:

    Thanks for these plugins (and for the image doctoring site address, John.) Barbara, I wish you were the kind of head teacher who used to give the class a scary, silent raised eyebrow look. Maybe lines if they didn’t do homework. I must protect my site. I must protect my site.There’s no excuse for us all if we don’t follow these security tips after having them handed to us on a plate like this.
    .-= Check out janice´s awesome post: How to Breathe Life Into Your Writing =-.

    • Hi Janice. I like the lesson of writing it over and over again. If only that was enforceable. LOL

      Yes it seems so many people always put these things off until the day they say, “If only I had . . .”

      Thanks for stopping by.

  21. Blogger DadNo Gravatar says:

    Awesome list, thank you! While I utilize a few methods, you’ve got a few here I didn’t know about. Will take care of immediately!

    Thank you again.
    .-= Check out Blogger Dad´s awesome post: New design and other changes =-.

  22. Thanks for the great information and the helpful reminder I always need: Don’t put off until tomorrow something that can be easily taken care of today. The peace of mind always far outweighs the effort.
    .-= Check out Kristin T. (@kt_writes)´s awesome post: Divorce can break/heal your heart =-.

  23. AlexNo Gravatar says:

    Great article! Everyone is a target as far as hackers concerned. I get attacked on daily bases as my logs show and one can never be too secure!

    Thanks
    .-= Check out Alex´s awesome post: How To Get Paid Blogging About Your Hobby =-.

  24. I started to blog about half a year ago and it scares the hell out of me to think that all that work and effort can be gone in no time. My blog is about academic writing, I have a lot of visitors there now, people share what they’ve found out, they find lots of new information there, which I try to introduce in my blog as often as I can. And that is much time spent on finding the info, checking it, introducing it. I am not that well versed in all those security issues, but you really got my attention! I will try to puzzle out how it works and I will implement some of your tips for sure. Thank you for your lesson!
    .-= Check out Writing a book report´s awesome post: 23 Aug 2007 A completely re-designed PrivateWriting! =-.

  25. jan geronimoNo Gravatar says:

    The Login Lockdown plugin? WordPress plugin download page says it’s not been tested with version 2.8.1. Is it compatible? You have no issues with it?
    .-= Check out jan geronimo´s awesome post: My Philosophy in a Bottle of Ketchup =-.

  26. GalvinNo Gravatar says:

    Nice article on Blog security, no wonder why we see quick updates to wordpress :)
    .-= Check out Galvin´s awesome post: greater noida =-.

  27. Barbara and John,

    So, far the most dangerous person for my site has, unfortunately, been ME. I’ve crashed my site because of stupid things I’ve done.

    On the hand, these are excellent suggestions and I really appreciate the links. I will definitely be checking them out. I believe it’s better to be safe than sorry. Thank you very much for this lesson:~)
    .-= Check out Sara B. Healy´s awesome post: A Good Story: Check it Out! =-.

    • Hi Sara. My pleasure. And I know exactly what you’re saying about being your own worst enemy. I’ve learned the hard way that it’s always important to have backups. Now I do nothing without a backup.

  28. @Debbie Yost , hey i am hearing about google blogger for first time. Where can I get it? Is there any special benefits when compared to other blogger in using it?
    .-= Check out propane burner´s awesome post: Using Propane Burner =-.

  29. Jon Hoff looks like Albert Einstein. Did anyone noticed that? But I ….Am I right?
    .-= Check out propane gauge´s awesome post: Propane Gauge Guide =-.