Believe it or not, it doesn’t take a rocket scientist to keep your blog safe from most hackers. It just involves you taking a few simple steps and a few safeguards to make sure that you don’t have problems in the future. After all, a hacked website is NO fun!
Here are a few things you can do right now. Make sure all your WordPress usernames and passwords are strong passwords, keep your email secure, lock anyone else’s IP address in your backend C-Panel and install the Akismet anti-spam plugin.
You would be amazed and surprised at how many people simple passwords such as their name, pet’s name or names like test, or test1234 as the password to their WordPress blog. And in fact, there are robots or spiders that comb the internet trying to find these websites that have named their passwords in these simple names. That means when you set up your WordPress account, don’t call it Admin, call it something that is non-standard such as your name. And when you have a password, name your password something with at least one number, one uppercase letter or even one punctuation character to ensure that no one can guess it.
The next thing you should do is make sure that no one has access to your email account. It does you no good to have a strong WordPress password but a weak email password, because someone can always gain access to WordPress by using the lost password tool. This means if someone has access to your email account, they can use the lost password and reset your WordPress password and now gain access to your website.
This means that you should secure your email, change your password regularly and be very careful who’s computer and whose wireless network you use to check that email.
Now here’s a great thing that any paranoid webmaster can do, using your C-Panel backend, you can in fact block access to what’s called the WP-Admin Folder in your WordPress site. Basically you can go to a site such as what is my IP.com and it will show you a series of numbers. Now this number corresponds to you on the internet. And you can in fact block everyone on the internet from accessing your WP-Admin Folder, your administrator dashboard, and then only allow this specific IP address that is yours to access it.
This means that even if someone happens to have your WordPress password, even if you have a weak password, you are the only person who can login to that backend.
And finally, one thing that every blog owner should do that enables comments on their blog, is to use what is called the Akismet anti-spam plugin. What this does is checks any new comments coming to your blog for spam. And if you don’t have a plugin like this, your blog will at some point be flooded with thousands and thousands of spam comments flooding your site with all kinds of nasty links and garbage. Install this Akismet anti-spam plugin or turn off comments entirely and that will help your blog from being spammed to death.
Those are some very simple tips to help secure your WordPress blog. Use strong passwords, secure your email, block the WP-Admin IP addresses except for yours in C-Panel, and use the Akismet anti-spam plugin.
You should definitely backup, clone and protect your WordPress blog right now by going to Backup Creator.
I didn’t know about the C-Panel IP control. Thanks for the info!
That is a bit more techie, but very effective, Nancy! Remember to add your ‘local ip’ when you are traveling!
Thanks for the tips and reminders, Paul. I didn’t know about being able to hide your IP either, but I appreciate the reminders about being careful where we access our email. In the age of easy access via Wi-Fi it’s easy to let down our guard.
There are other things to be weary about with wi-fi! Maybe I will write a post about that!
Paul, you know the nightmare I’ve had recently! I’m on a mission to see that it never happens again. I do have a question, though. When blocking IP addresses (all but my own), how about my VA’s who need access? Can I add them to s Safe List?
Jeanne – You can supply a list of ip addresses that have access. So, Yes! You can supply your ip as well as your VA’s ip address. Keep in mind if you are remote from your office, you will need to go into your cPanel and add the ip address of the new remote location.