Is your blog completely safe and secure from hackers? That’s the question! Only you can answer that. But I can help you to keep it absolutely safe and secure. Why is this important?
Most bloggers tend to overlook their blogs’ security and many new bloggers don’t even know they should take necessary measures to protect their blogs.
Hackers are always trying to find different ways to temper with the WordPress blogs, direct them to inappropriate websites and do whatever they want with them.
That would mean starting all over again, creating content and re-building relationships with search engines if your blog gets tempered with – that will not be fun at all 
Here’s how I keep my blog safe and secure and I suggest you do the same:
1. Use a Strong Password
Some people take picking a strong password for granted until things go really wrong. I use a unique password with a combination of different characters (no, I’m not going to tell you what it is 
. Using abcdef or 12345 for a password is just asking for trouble. It’s also a great idea to change your password from time to time, just to be safe.
2. Use a Unique Username
Pick a unique username and avoid using “admin” as your username. It doesn’t have to be your name you know. Don’t make things easier for hackers.
3. Access Protection
I use a plugin called, Login Lockdown, that will freeze out someone after a certain number of failed login attempts.
The plugin records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
4. Update WordPress Version
This is critical because hackers will use the fact that your software is not up-to-date to get into your blog and do something malicious. So, keep upgrading to the newest versions to do away with the previous versions which may have flaws – hackers’ paradise!
Word of caution: Wait for about a week before you upgrade. Why does it matter? It’s because as soon as the new version becomes available, there’s work that goes behind the scenes to get tons of plugins updated, to protect the users’ blogs and to give them a good experience.
5. Update Your Plugins
Yes, plugins need to be updated as well and the good thing is you can see the reminder(s) in your admin panel as you can see in the image. (Disclaimer: I captured this before updating the plugin, to illustrate the point).
Some people can’t be bothered to upgrade their plugins and this can cause security problems and slow down your blog.
IMPORTANT: Before you upgrade to the latest version of WordPress or update the existing plugins, you MUST back your blog. Otherwise you run the risk of losing your entire blog – your whole creation!
6. Database Backup
You MUST do regular database backups for your blog. I do mine automatically every single day and a copy gets sent to my email inbox. I use a plugin called, WP-DB-Backup. So, should anything happen to my blog, I can use the backup to rebuild my blog.
My friend and fellow blogger had an unfortunate WP 3.0 upgrade a few months ago and had her blog back up in less than 5 minutes. Imagine if she wasn’t backing up her blog daily? And I have heard a lot of horror stories of bloggers who learned the hard way. Don’t let this happen to you.
Check out the video to show you how to back your blog. Back up, back up, back up!
7. Protect WordPress Directories
This is another security measure that it’s often overlooked. You definitely don’t want people to access your WordPress directories. So, go ahead and add this line in your .htaccess file: “Options – Indexes”.
Key Takeaway
It’s all exciting to have a nice looking blog with value-packed content, attracting traffic and comments, but if it’s not safe and secure, then there is nothing to be excited about. You could lose all that in a matter of seconds! So, spend this weekend working on your blog security – it’s very important.
I would like to hear from you… What other measures have you got in place and what are you going to do to improve your blog security?
If you enjoyed reading this post, make sure you fill out this form to receive my blog post updates via e-mail, leave a comment below and share this with your friends and followers.
Mavis Nong is the creator and author of this blog.
She is passionate about helping others create success online.
{ 78 comments… read them below or add one }
Hi Mavis,
thanks for putting this informative post together.
I installed the Login Lockdown plugin right away.
I have been using WP Database backup for a quite a while and I received my daily email. For some reason, I didn’t get any emails anymore with the backup. I wasn’t able to figure out the cause while the plugin itself seems to work correctly. And idea ?
Take care
Oliver
Oliver Tausend invites you to check..Fear Of Loss Of Love – Playing With Love
Hi Oliver,
You’re welcome. Fast action taker you are!
I would suggest you reset it, Oliver then you’ll start getting the emails again – it’s very important. Let us know how it goes.
Have a great weekend my friend!
Mavis
Important topic to cover, Mavis!
I learned the hard way about backing up my blog before upgrading wordpress and plugins. It’s so important to do regularly. Tip for your readers, in case it happens and you think you’re out of luck, your hosting company probably backs up weekly. It cost me around $15 but they were able to get me back up with only a few days of content missing. I’ve since taken measures to protect myself and back up daily.
Great post!
Heather
Heather C Stephens invites you to check..3 Secrets to Overcoming Obstacles and Turning Teams into Fulfilled Dreams
I know, Heather! I have covered this before but not in great detail, then I figured my new readers would definitely benefit from this. This is something that many people don’t pay attention to when starting their blogs. It’s better to be safe than sorry…
Yes, I remember what happened with your blog. It could have been worse, Heather. Thankfully it got sorted.
Thanks for the tip. It would be great to have all your content back, so again it’s important to back up daily.
I appreciate your visit and input. Have a great weekend my friend!
Mavis
Mavis, these are some very thoughtful and practicle security tips. I for one had an experience with my blog and lost everything and had to start from scratch (still in the recovery mode) all over again. Would not wish that on anyone so this is a great reminder to “Tighten Up” on some things we kind of take for granted.
Roger
Roger Holmes invites you to check..4 Reasons You Shouldn’t Do The 100 Day Challenge
Hi Roger,
Sorry to hear that you had an unfortunate experience. It’s really important to take the necessary precautions to make sure that our blogs are safe and secure. You’re right, we sometimes take things like this for granted… Why fix something that’s not broken?
Thanks for the visit and comment, Roger. Hope to see more of you here.
All the best,
Mavis
Hi Mavis!
Hey do you have any experience in the past
in the IT Systems field? Or have you done
any hacking? (You don’t have to answer that…)
Your post certainly positions you as an expert.
I know this as I’ve done over 10 years in the IT field.
I installed the lockdown plugin immediately.
Thanks for keeping us on top of these serious
security points.
~Robert
Robert Peil invites you to check..Will Your MLM Opportunity Die Ty Tribbles Did!
Hi Robert,
I have no experience in the IT systems field and have definitely not done any hacking…
I pick up tips, implement and share
Thanks for your kind words.
All the best,
Mavis
Hi Mavis,
Simply using a strong password and changing your user name from “admin” to a unique name thwarts many would-be hackers.
Thanks for sharing the practical tips.
RB
Ryan Biddulph invites you to check..Why Be a Clown – Work Less Hours to Supercharge Your Home Based Opportunity
You’re welcome, Ryan. It’s really important to take necessary precautions to protect our blogs.
All the best,
Mavis
Hey Mavis!
Just changed my password and backup up my blog since I’ve read your suggestions. I just realized how easy it is to try to access someone’s blog. It’s really as easy as putting /wp-admin/ on the end of the URL. I previously had an easy password, but have now changed it to something more complex. Thanks for the protection tips!
Adrian Padua
Adrian Padua invites you to check..MLM Training- Using Autoresponders to Build Your List!
You’re welcome, Adrian. It’s so easy to overlook your blog security. Glad you found this helpful.
All the best,
Mavis
Hi Mavis, thanks for the great tip! I wasn’t aware of such a thing but I shall certainly
install it. Love when all you great people share these awesome tips with “newbies”
like me!:)
Have a great weekend!!
Karlene
You’re welcome, Karlene. Glad to help
All the best,
Mavis
Thank you Mavis,
To be honest, I haven’t been backing up my blog.
I will take your advice, and get started doing that.
These other 6 points are very valid, and good as well.
Thank you for helping us be more safe and secure!
Martin Dale
MartinDale invites you to check..Don’t be a Jerk on Facebook!
You’re welcome, Martin. I’m glad you found this helpful.
All the best,
Mavis
Once password can be accessed easily. If you have more than one blogs, try to use unique name and password for each blog.
Great tip, Basam.
Thanks for this information, it is helpful to for my blog security.
ipad apps uk invites you to check..Web Design- Showcasing the Goals of Company
You’re welcome.
The first thing to learn is, there is no such thing as Completely Safe and Secure From Hackers..do the best you can without interfering with normal traffic.
The above tips are definitely a good start.
Dennis Edell invites you to check..Official Rules for Monthly Comment-Tweet Contests
Thanks, Dennis. We can only do our best
Good reminders. It’s extremely important to not use “admin” as a username. Getting my partner to follow through with changing his account name is becoming a pain
. I always make a series of complicated passwords: Naturally, though, I sometimes forget which password belongs to what account. It’d really suck to get locked out of my own account.
Thanks, Joseph. I know how it’s like to forget your passwords. It’s good to have a record in place.
I appreciate your visit and comment. Hope to see more of you here, Joseph.
All the best,
Mavis
Thanks for some more great advice, Mavis. Although I have been advised by my hosting platform not to upgrade to the latest Wordpress version yet, as there are some issues with it.
Valerie Cuell invites you to check..How To Get Your Blog Posts Noticed
You’re welcome, Valerie. I wonder what are the issues they are referring to?
Thanks for the visit and comment. Hope to see more of you here, Valerie.
All the best,
Mavis
Great resources, Mavis – I must say I’ve been ignoring some of these steps for a while; some I didn’t even know about.
Thanks for giving me a kick in you know what!
Ana
Ana invites you to check..Sunday Coffee with Ana- And That’s Where I Put My Foot Down
You’re welcome, Ana
All the best,
Mavis
Hi Mavis
Great article, blog security is SO important, and it’s always the primary subject on my mind when opening a new blog/website.
For blogs using wordpres I always use these plugins:
Limit Login Attempts – http://wordpress.org/extend/plugins/limit-login-attempts/
This plugin limits the number of login attempts possible both through normal login as well as (WordPress 2.7+) using auth cookies.
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Semisecure Login Reimagined – http://wordpress.org/extend/plugins/semisecure-login-reimagined/
Semisecure Login Reimagined increases the security of the login process by using a combination of public and secret-key encryption to encrypt the password on the client-side when a user logs in.
WP Security Scan – http://wordpress.org/extend/plugins/wp-security-scan/
Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
I also of course use your suggestion WP-DB-Backup and I think your run down of 7 tips for keeping wordpress secure, should be ones which we all use and keep in mind at all times.
Thank you
Angus Finlayson invites you to check..Quitting Smoking Day 7 – 40 Obvious and Less Obvious Reasons to Quit
Hi Angus! Welcome to my blog!
Thanks very much for sharing these other plugins to increase the security of our blogs.
I appreciate your visit and input. Hope to see more of you here, Angus.
All the best,
Mavis
Hi Mavis, thanks for the welcome! Good content is useful content, so I’ll pop by more often now I know your here! Angus
It’s my pleasure, Angus. See you around
Mavis
Mavis,
These are great security tips.
I didn’t realize I should back up my blog before updating my plugins.
The one thing I try to do is change my password every month.
I am going to try Login Lockdown, sounds like a really good one. Thanks for sharing!
Tommy D.
Tommy DiPietro invites you to check..MLM Blogging & Social Networking Plugins For Your Self-Hosted WordPress Blog You Should Like
Hi Tommy,
You’re welcome. We really need to take necessary precautions to protect our blogs.
Thanks for stopping by and for leaving a comment.
All the best,
Mavis
Hey Mavis,
Some of these things I didn’t even know. Thanks for the heads-up.
Tosin
…fear is the passion of slaves!
Tosin invites you to check..New Facebook Group- How to Get Even More Exposure
You’re welcome, Tosin.
All the best,
Mavis
I think that you are never fully protected from hacking, only thing that you can do is to take some measure to diminished the risk. As more measures you take the more protected you are. I think that you have putt here a grate list, I admit that I don’t use all of this, I hope not to get in trouble.
Bit Doze invites you to check..Best Free WordPress Affiliate Plugins to be More Successful
We can only do our best to protect our blogs. Now, you have a few more measures to take
Mavis
Hi Mavis,
Great advice for keeping your Wordpress blog safe. It’s not just a matter of choosing a username and good password, backups, directory protection and keeping plugins updated is all part of staying secure.
I’m particularly interested in the login lockdown, I’m thinking that’s one I’ve got to think about.
Thanks, Mavis
Liz invites you to check..10 Simple Rules for Blogs That Readers Appreciate
Hi Liz,
I agree. Implementing will really help a great to keep a blog secure.
You’re welcome, Liz
Mavis
Hey Mavis,
I was one of those bloggers that overlooked their blogs’ security. I finally got serious about my blog’s security when Facebook got hacked into.
I figured if it was so easy for them to hack into my Facebook account what’s to stop them from hacking into my blog. Until now the only thing I did was use a strong password but I didn’t know that there was so much more things I could be doing to protect myself.
Thanks for all these tips, I plan on implementing them today. It is definitely a scary thought to imagine losing everything you have done in just seconds.
John invites you to check..How to Naturally Stop Sweating With Household Items
Hey John,
Great to hear you’re now taking your blog’s security seriously. It’s unfortunate that most bloggers don’t pay attention to this.
I know and I don’t wish this to happen to anyone but it can happen.
Thanks for the visit and comment, John.
Warmly,
Mavis
Hey Mavis,
Greta tips! It’s an issue worth thinking about for sure, though my personal concern is more for technology problems that saboteurs breaking into my small blog! Do blogs ever actually get hacked?
SO for me the main element I’ll takeaway from this is the Database Backup – I’ve meant to do it for a while, your post tells me it’s about time!
Thanks for arming us against these possible threats to our blog security!
Jym
Jym Tarrant invites you to check..Anatomy of a Brilliant Online Marketing Blog Post
Hey Jym,
It’s an issue that requires taking action. Yes, blogs do get hacked
Better be safe than sorry
All the best,
Mavis
Hi Mavis,
This is a very useful list that will come in handy for new bloggers. Another thing that I would like to add is using a good host. Going with big names always has an advantage as they (most of them) backup data regularly. With small hosts, problems may take hours to get fixed!
Thanks.
Ishan invites you to check..Do You Want To Stay A “Nobody” Or Become A Real Blogger
Hi Ishan! Welcome to my blog!
That’s a good point regarding hosting. Small and free hosting providers don’t do very well with data backup. It may take you ages before you are up and running again.
Thanks for the visit and for adding value to this discussion. Hope to see more of you here, Ishan.
All the best,
Mavis
Another useful post Mavis. You’ve shared some awesome tips.
This post reminds me of my recent article on WordPress Security Tips & Hacks http://www.wpkube.com/wordpress-security-tips-hacks-and-plugins/
Anyways, Thanks for sharing this awesome tips. Keep rocking
!
Devesh invites you to check..12 Quality Premium Magazine Style WordPress Themes
Thank you very much, Dev. I’ll check your article out – thanks for sharing it with us here
All the best,
Mavis
Hey Mavis,
Wonderful tips on protecting our blogs. It’s a part of our business, and our ‘online real estate’ so it’s something that needs to be taken seriously.
Thank you for providing so many resources for keeping it safe.
Susanna
You’re welcome, Susanna. Thanks for your visit and comment.
All the best,
Mavis
Hi Mavis,
Some very valuable points! A few of these I didn’t even realize and will get right on it. It would be a shame to lose the work of months even years. Thank you for the reminder!
All the best,
Ilka
Ilka Flood invites you to check..Top Supporters of The Enlightened Networker for January
You’re welcome, Ilka. It’s important to do our best to protect our blogs.
Thanks for stopping by and for leaving a comment.
All the best,
Mavis
Mavis,
Thank you for sharing these! I’m glad to know that I’m already following most of these! I had no idea that updating everything helped with security, I’m glad that I always take care of those. Thanks for the lockdown plugin tip, I just installed that!
I don’t know what the .htaccess file is, where is that?
Thanks!
Stacy
Stacy invites you to check..What is Your Motivation Direction
You’re welcome, Stacy… It can be found in the root folder of your blog. Remember to do a backup before you have a go. If in doubt, ask for help
Mavis
great tips it is very useful for me and the others people using blog. I use blogspot for my blog. Any good plugin or tips for blogspot? thank u…
Papa Echa invites you to check..How To Monetize Your Web Site
Thank you, Papa. I use WordPress, I have no idea about plugins for blogger.
Mavis
Hi Mavis!
Awesome tips for every bloggers, I have tweeted, digged & stumbled it
Thanks for sharing juicy info. Have a great day
Rammesh invites you to check..Free SEO Guide Part 2- Free SEO Tools
Hi Rammesh! Welcome to my blog!
I’m glad you found this helpful. Thanks for the visit, comment and for sharing
Hope to see more of you here, Rammesh.
All the best,
Mavis
Lots of great common sense type advice, however i have never heard of Login Lockdown until today. I am going to check that out right now.
Thanks for the tips Mavis.
- Jenny.
You’re welcome, Jenny. Glad you found this helpful
Thanks for coming by and for the comment.
All the best,
Mavis
Fantastic post Mavis. I had never really thought about security to this extent so it your update has come at a good time. I have been focused too much on stopping spammers rather than hackers. All security measures now installed.
Thanks again.
Giuseppe
Giuseppe Saieva invites you to check..Interactive Marketing – Why Is It So Important to My Business
Thanks very much, Giuseppe. Great to see you here
All the best,
Mavis
Thanks Mavis! I hadn’t really considered the security of my blog all that much, thanks for opening my eyes. I’m about to go download login lockdown, that’s great idea!
Erin Smith invites you to check..5 Business Killing Blogging Mistakes You’re Probably Making
You’re welcome, Erin. Great to see you here
All the best,
Mavis
Hi Mavis,
Thanks for the really great information i will start using these measure to protect my blog right away
It’s my pleasure, Peter.
All the best,
Mavis
Mavis, thanks for this great info. I went and added a couple of the plug-ins that you recommended.
I’m fairly new with my blogs, but want to prevent the “horror story” from becoming mine!
Steve Rice invites you to check..What Makes You Come Alive
You’re most welcome, Steve. Glad to hear that you found this helpful.
All the best,
Mavis
Hey Mavis, this is a wonderful reminder. I am using the DB plugin, although, come to think about it, didn’t see an email this week. hmm. will have to look for it.
You can never be too safe.
I will have to try to figure out how to add that line of code.
Thanks for the safety tips. You always amaze me with your knowledge1
Jayne
Jayne Kopp invites you to check..So You Think You Have A Problem Do You Really or Should You check Your Perspective
You’re welcome, Jayne. Thank you sooo much for the encouragement.
Let someone help you with that code, Jayne – you know who!
I would check DB plugin settings and make sure you get the emails daily.
All the best,
Mavis
P.S. This week is pretty hectic for me. Can we do early next week? (Onlywire)
Backing up database and files is the best way to protect your blog. I do always make a weekly backup.
I’m curious about no.3! I’ll try that plugin on my wordpress also.
Thanks for sharing Mavis
You’re welcome, Edison
. Daily backup gives me peace of mind, I must say.
All the best,
Mavis
Hi Mavis,
I am once hacked and I thank you for sharing this ideas to get secured.
Rachell invites you to check..OnlyWire Account Creator – FREE Download
It’s not a nice experience. Glad you found this tips helpful, Rachell
Mavis
Hi Mavis,
Just reading a couple of your posts, one concerning Wordpress 3.3 and this one about security. There are a couple of things to share here that I was taught inside the Personal Passion Formula by Craig Desorcy. One of these is too elaborate to share in a post, I will have to write a post on, but it is extremely important, should have done this sooner. One thing I can say here about password and username is this motto: If you can remember it, your blog is not secure.
The second thing I will share in a post is how to change your username and password, but in a different way than just from your admin dashboard along with another critical change.
Thanks, as always, for your heads up!
Best,
Joe
JosephJYoung invites you to check..R We Returning To Gold?
You’re welcome, Joe. Thanks for that. Now I really look forward to your post. Please let me know when it’s live
Cheers,
Mavis
Mavis –
What was that last line about .htaccess? Just add the words:
Options – Indexes
?
I’m not a coder, what does that do?
Also, another plugin to consider is Lockdown WP Admin, you can rename your wp-admin to something else (I don’t know how to do it w/o a plugin), or “Better WP Security” is an all in one security option (have yet to try it myself, but it will do what Login Lock and Lockdown WP Admin does, and then some other measures).
Couldn’t agree more that ‘hardening’ your instance of WP is a necessity, wished I’d done it sooner.
James Hussey invites you to check..What to Get an Internet Marketer for Christmas
Sometimes, when you request a directory with no index file (index.php), you will instead see a directory listing of all the public files in the current directory. For a lot of people, this can be a nuisance and they’d rather remove the ability of users to view these directory listings and for that Options – indexes is used.
I mentioned that plugin in the post, James
Best,
Mavis
{ 2 trackbacks }