how not to get your wordpress blog hacked

How Not To Get Hacked: My Advice after 2 of My Blogs Were Hacked

Two of my blogs got hacked recently. I think the hacker used the same means for illegal blog entry: an old theme that I had tried out years ago and rejected. That particular theme was probably not updated over time, and it became a Trojan Horse for hackers to enter my blog.

It turns out that WordPress users are more vulnerable to hackers since it’s a big community. Don’t worry! Here are some FREE tips and action items to lockdown your security.

Trojan Horse

How about you? Have your blogs ever been hacked? What else did you do? Thanks for sharing!

 

Tip 1: Delete unused WordPress Themes that you might have tried out or used.

I never deleted the old themes because I never noticed a delete button. Here’s how you do that:

  1. Click on the old theme.
  2. Find the delete button on the lower right hand corner.
  3. Hit delete.

ACTION ITEM: Go right now and check to see if you have any inactive themes on your WordPress blog. I would suggest deleting them.

How to delete themes in WordPress

image from Trustiko

Tip 2: Update your plugins. Keep a list and check for any mysterious additions.

I had a Redirect Plugin that I used when I accidentally changed my permalinks. I noticed that my hacker had deleted this plugin and installed a new plugin that apparently replaced URL links in my blog posts. I did not have access to see what URLs were being replaced so I never figured out what the new URLs were but I suspect they are back links for some shady SEO company.

Just like you monitor your credit card activity, check your plugins. Make sure there aren’t any mysterious additions.

ACTION ITEM: Make a list of plugins (take a screen shot). Check monthly to make sure no new plugins have been mysteriously added.

Adware Medic

Adware Medic is free and gets rid of spam malware. 

Tip 3: Delete Malware using Adware Medic. 

I did something stupid one night and downloaded an app onto my computer that was supposed to let me post my YouTube videos on Instagram. You can’t actually do that, my kids inform me. The app instead installed horrible link ads onto my blog. I had to make an appointment at the Apple Store Genius Bar to fix it, but you can do it yourself by using the same program the tech guy used: Adware Medic.

ACTION ITEM: Learn from my mistake. Be wary downloading anything off the Internet!

 

admin user name

Don’t Use Admin for Your User Name!

Tip 4: Don’t Use ADMIN for Blog User Name; Make Your Password Difficult to Crack

Make sure your user name and password are not easy to figure out. Don’t use “Admin” for your user name; it’s often the default. Don’t use birthdays, pet names or hobbies in your password either. Use a combination of upper and lower case letters, symbols and numbers to make it hard to crack.

ACTION ITEM: Change your user name if it’s ADMIN, your name or your blog name. Change your password if it’s too easy to figure out.

 

All in One Security and Firewall plugin for WordPress

Tip 5: Install a security plugin for your blog. Consider a monitoring service too if you can spend the money.

I use All in One WP Security & Firewall. I also use their monitoring system for one of my blogs.

ACTION ITEM: Install a security plugin on your blog.

 

update plugins

Tip 6: Keep WordPress, Themes and Plugins up to date.

That window when a new update comes out for WordPress, your theme or any plugins that you have installed is twilight zone where hackers can slip into your blog. Make sure you check for updates daily.

ACTION ITEM: Check to make sure that everything on your blog is up to date.

how not to get your wordpress blog hacked


If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

By Mia Wenjen, PragmaticMom

14 Comments

  1. What a nightmare, Mia! Thanks for the pointers!! May they keep the hackers at bay!

  2. Great advice. Having a site hacked is a miserable experience.
    maryanne recently posted…How to Use Google Analytics (Book Review)My Profile

  3. I’m sorry your site got hacked. Thank you for explanations. I’m reviewing my site today with your action tips in mind.
    Mona AlvaradoFrazier recently posted…21 Inspiring Quotes From Beloved Children’s BooksMy Profile

  4. Your blog survived and you are kind enough to help others! Thank uou so much!
    Carolyn Wilhelm recently posted…Multicultural Children’s Book Day Post 5My Profile

  5. Thanks for the advice; I deleted old themes.

  6. Yikes! How frightening. I’m glad you managed to get everything sorted out again. Thanks for the useful tips.

  7. You should also mention to install security plugins like Better WP Security or Wordfence security.
    These are the most popular plugins to protect WordPress blogs.
    Lisa Chaves recently posted…Top 5 Best Acoustic Guitars under $300 [ MOST WANTED ]My Profile

Leave a Comment

CommentLuv badge