Two of my blogs got hacked recently. I think the hacker used the same means for illegal blog entry: an old theme that I had tried out years ago and rejected. That particular theme was probably not updated over time, and it became a Trojan Horse for hackers to enter my blog.
It turns out that WordPress users are more vulnerable to hackers since it’s a big community. Don’t worry! Here are some FREE tips and action items to lockdown your security.
How about you? Have your blogs ever been hacked? What else did you do? Thanks for sharing!
Tip 1: Delete unused WordPress Themes that you might have tried out or used.
I never deleted the old themes because I never noticed a delete button. Here’s how you do that:
- Click on the old theme.
- Find the delete button on the lower right hand corner.
- Hit delete.
ACTION ITEM: Go right now and check to see if you have any inactive themes on your WordPress blog. I would suggest deleting them.
image from Trustiko
Tip 2: Update your plugins. Keep a list and check for any mysterious additions.
I had a Redirect Plugin that I used when I accidentally changed my permalinks. I noticed that my hacker had deleted this plugin and installed a new plugin that apparently replaced URL links in my blog posts. I did not have access to see what URLs were being replaced so I never figured out what the new URLs were but I suspect they are back links for some shady SEO company.
Just like you monitor your credit card activity, check your plugins. Make sure there aren’t any mysterious additions.
ACTION ITEM: Make a list of plugins (take a screen shot). Check monthly to make sure no new plugins have been mysteriously added.
Adware Medic is free and gets rid of spam malware.
Tip 3: Delete Malware using Adware Medic.
I did something stupid one night and downloaded an app onto my computer that was supposed to let me post my YouTube videos on Instagram. You can’t actually do that, my kids inform me. The app instead installed horrible link ads onto my blog. I had to make an appointment at the Apple Store Genius Bar to fix it, but you can do it yourself by using the same program the tech guy used: Adware Medic.
ACTION ITEM: Learn from my mistake. Be wary downloading anything off the Internet!
Don’t Use Admin for Your User Name!
Tip 4: Don’t Use ADMIN for Blog User Name; Make Your Password Difficult to Crack
Make sure your user name and password are not easy to figure out. Don’t use “Admin” for your user name; it’s often the default. Don’t use birthdays, pet names or hobbies in your password either. Use a combination of upper and lower case letters, symbols and numbers to make it hard to crack.
ACTION ITEM: Change your user name if it’s ADMIN, your name or your blog name. Change your password if it’s too easy to figure out.
Tip 5: Install a security plugin for your blog. Consider a monitoring service too if you can spend the money.
I use All in One WP Security & Firewall. I also use their monitoring system for one of my blogs.
ACTION ITEM: Install a security plugin on your blog.
Tip 6: Keep WordPress, Themes and Plugins up to date.
That window when a new update comes out for WordPress, your theme or any plugins that you have installed is twilight zone where hackers can slip into your blog. Make sure you check for updates daily.
ACTION ITEM: Check to make sure that everything on your blog is up to date.