Grassroots Internet Strategy

How to Protect your WordPress Blog from Hackers

by

then-i-got-hacked

Everything was going along smoothly. The site was bringing in money, I was getting paid by Google, and it wasn’t even needing much effort to maintain. Until…

I got hacked. Like really hacked. Then I fixed it and got hacked again.

By the time I realised and fixed it Google had de-ranked me because they had decided my site was now about hacking rather than fixing iPhones:

The blurred out word is the name of the hacker. It flooded each page with these 2 words which changes how Google sees it a lot!

The blurred out word is the name of the hacker. It flooded each page with these 2 words which changed how Google classified the page

The good news

The good news is it actually only takes about 15 minutes to make your WordPress site significantly more secure. I found this out the hard way but here’s what you can do before it’s too late:

The simple stuff

Here’s a bare minimum that should only take 10 minutes (including the time to log in!)

  1. Make your password better: It sounds annoying but it’s way easier than getting hacked
  2. Update WordPress whenever it asks you at the top of the screen (make sure you backup first!)
  3. Update all plugins at least every few weeks (this is a lifesaver)

Call in the artillery

There are several security plugins that are easy to install and watch over your site day and night!

I really like Better WP Security as it’s awesome and free (I actually like it so much I made a donation to say thanks!). It protects against most wordpress hacks and effectively bundles several different plugins into one package.

This can be overkill so if you’d prefer to keep your site more lightweight you could also just install this plugin to change the admin username for your blog as well as this one to blacklist certain IP’s.

To install it is dead easy too:

Click on 'Add New' to install a new plugin

Click on ‘Add New’ to install a new plugin

 

Search for 'Better WP Security' and install the plugin

Search for ‘Better WP Security’ and install the plugin

 

Go to the security tab and press the big green button on the dashboard. This will secure your website against the most common attacks.

Go to the security tab and press the big green button on the dashboard. This will secure your website against the most common attacks.

And that’s it! There’s a lot more you can do to make your website more secure but this is a great start.

Will it make my blog slow to load?

In short the more stuff you put in your site the more speed issues you’re going to have. However I haven’t found this to be a problem after activating basically everything I could on this site.

Still if you need the ultimate in speed you could do some before/after testing to make sure it’s not going to affect your load times.

Happy securing!

What other tips do you have for keeping your WordPress website secure?