Two of my blogs got hacked recently. I think the hacker used the same means for illegal blog entry: an old theme that I had tried out years ago and rejected. That particular theme was probably not updated over time, and it became a Trojan Horse for hackers to enter my blog.
It turns out that WordPress users are more vulnerable to hackers since it’s a big community. Don’t worry! Here are some FREE tips and action items to lockdown your security.
How about you? Have your blogs ever been hacked? What else did you do? Thanks for sharing!
Tip 1: Delete unused WordPress Themes that you might have tried out or used.
I never deleted the old themes because I never noticed a delete button. Here’s how you do that:
- Click on the old theme.
- Find the delete button on the lower right hand corner.
- Hit delete.
ACTION ITEM: Go right now and check to see if you have any inactive themes on your WordPress blog. I would suggest deleting them.
image from Trustiko
Tip 2: Update your plugins. Keep a list and check for any mysterious additions.
I had a Redirect Plugin that I used when I accidentally changed my permalinks. I noticed that my hacker had deleted this plugin and installed a new plugin that apparently replaced URL links in my blog posts. I did not have access to see what URLs were being replaced so I never figured out what the new URLs were but I suspect they are back links for some shady SEO company.
Just like you monitor your credit card activity, check your plugins. Make sure there aren’t any mysterious additions.
ACTION ITEM: Make a list of plugins (take a screen shot). Check monthly to make sure no new plugins have been mysteriously added.
Adware Medic is free and gets rid of spam malware.
Tip 3: Delete Malware using Adware Medic.
I did something stupid one night and downloaded an app onto my computer that was supposed to let me post my YouTube videos on Instagram. You can’t actually do that, my kids inform me. The app instead installed horrible link ads onto my blog. I had to make an appointment at the Apple Store Genius Bar to fix it, but you can do it yourself by using the same program the tech guy used: Adware Medic.
ACTION ITEM: Learn from my mistake. Be wary downloading anything off the Internet!
Don’t Use Admin for Your User Name!
Tip 4: Don’t Use ADMIN for Blog User Name; Make Your Password Difficult to Crack
Make sure your user name and password are not easy to figure out. Don’t use “Admin” for your user name; it’s often the default. Don’t use birthdays, pet names or hobbies in your password either. Use a combination of upper and lower case letters, symbols and numbers to make it hard to crack.
ACTION ITEM: Change your user name if it’s ADMIN, your name or your blog name. Change your password if it’s too easy to figure out.
Tip 5: Install a security plugin for your blog. Consider a monitoring service too if you can spend the money.
I use All in One WP Security & Firewall. I also use their monitoring system for one of my blogs.
ACTION ITEM: Install a security plugin on your blog.
Tip 6: Keep WordPress, Themes and Plugins up to date.
That window when a new update comes out for WordPress, your theme or any plugins that you have installed is twilight zone where hackers can slip into your blog. Make sure you check for updates daily.
ACTION ITEM: Check to make sure that everything on your blog is up to date.
BEST #OWNVOICES CHILDREN’S BOOKS: My Favorite Diversity Books for Kids Ages 1-12 is a book that I created to highlight books written by authors who share the same marginalized identity as the characters in their books.
What a nightmare, Mia! Thanks for the pointers!! May they keep the hackers at bay!
I hope this never happens to you Maria!
Great advice. Having a site hacked is a miserable experience.
Hi MaryAnne,
I think you are more techy than I am, so you are probably doing the right things to avoid this! I always seem to learn the hard way! 🙂
I’m sorry your site got hacked. Thank you for explanations. I’m reviewing my site today with your action tips in mind.
Hi Mona,
An ounce of prevention … totally worth it!
Your blog survived and you are kind enough to help others! Thank uou so much!
Thanks Carolyn! I seem to have a major blog blowup every year or so, so I think I was due! 🙂
Thanks for the advice; I deleted old themes.
Hi Gayle,
That will take care of the issue!! Old themes seem to be the Trojan Horse for entry. And old plugins that are not updated.
Yikes! How frightening. I’m glad you managed to get everything sorted out again. Thanks for the useful tips.
Thanks Elle! Just watch those old themes on your blog! Get rid of the ones you are not using!
You should also mention to install security plugins like Better WP Security or Wordfence security.
These are the most popular plugins to protect WordPress blogs.
Hi Lisa,
Thanks so much! I haven’t used those so I didn’t include them but that’s a great tip!! There are free versions for both of those, right?