Hey Y’all!

♥ Menu

12 Ways To Keep Your WordPress Blog Safe

I hear it from fellow bloggers and entrepreneur friends, see it in Facebook groups I am in, “My blog got hacked.”  Those are words you never want to say yourself.

Every blogger wants to keep her WordPress blog safe, but even though it’s something you don’t want to deal with, precautionary measures aren’t taken. 

If your website is built on the popular website platform, WordPress and I’m sure many are, there are things you can do to prevent your website from being hacked.

Am I saying it will never happen to you?  Am I saying it can’t happen to you?  No. It can happen to any one of us, but why not do what you can to keep it happening from you?

I mean just thinking about your website being hacked is enough to make you want to cry, but to add insult to injury, it’s even worse when you know there are things you could have done to keep it from happening!

First, let me say that if you ever receive an email from your hosting company saying your website has been hacked, contact them immediately. Do not ignore those emails.  They can and will shut your website down to protect the other websites on their server.

In a study done in 2013, it was found that many who have WordPress websites do not perform the bare minimum tasks to keep their websites protected. This study was conducted on 42,106 websites. It was found:

  • There were 74 different versions of WordPress on these sites. To date, there have been 145 versions of WordPress since it began in May of 2003.
  • 769 of the websites were using version 2.0 (this version started in 2005. The latest version is 4.3.1)

Here are 12 ways a blogger can keep her WordPress blog safe

  1. Keep your WordPress version up-to-date. Throughout the year, WordPress comes out with several versions. There are two types of releases; major and minor. Major releases are 1.0, 2.0, 3.0, 4.0, etc. Minor releases are 1.0.1, 2.0.2.
  2. Keep your theme up-to-date. Your themes also have updates. These updates are a combination of new features as well as making sure they are compatible with the latest version of WordPress.
  3. Keep your plugins up-to-date. Plugins are usually one of the easiest ways to have vulnerabilities on your website. Make sure you do your due diligence and check out the plugin and the developer BEFORE you install any plugin on your website.
  4. Site login username. When it’s time to install WordPress, you’re asked to create a username. Make sure you NEVER EVER use admin as your username. Yes it’s easy to remember, but it’s also a hacker’s delight!
  5. Secure Password. I tell my clients to remember their website password is just as important as their online banking password. When you created your password for your online banking account, you gave it some thought to make sure it was secure. Do the same for your website.
  6. Monitor who has access.  One of the great things about WordPress is that you can have several users on a site all with different access levels.  Pay attention to who you give access to and only give them as much access as needed. This is not the time to get generous and add extras or get lazy and don’t pay attention.
  7. Change your login link. The default link to login to a WordPress website is the domain followed by /wp-admin or /wp-login (for example: www.yourdomain.com/wp-admin or www.yourdomain.com/wp-login). Hackers know this so change it. When you’re installing WordPress, you can change the default link. If you want to have your login as www.yourdomain.com/bacon, you could!
  8. Use WP Managed Hosting. There are many types of hosting; two of the most popular are Shared Hosting and WP Managed Hosting. Shared hosting is for all websites built on any platform. WP Managed Hosting, yep you guessed it.  It’s WordPress websites.
  9. Change your file permissions. The files that make up your website have permissions. These permissions allow for reading, writing, and executing. These permissions are represented by three numbers or they may also be represented by the letters r, w, and x. These numbers will determine what can and cannot be done with your website files. You want to limit the file permissions of your website as much as possible, but be careful because you can also run the risk of making your website not visible.
  10. Limit the number of times someone can log into your website. When someone is trying to hack into your website, they make numerous attempts. The Login Lockdown plugin will detect that the same IP address is trying to access your website many times within a certain time-frame. If the number of attempts is exceeded, the IP address will no longer be able to access your login page for a specified period of time chosen by you.
  11. Have your site scanned. One of the best ways to have your website protected is to be scanned in the background so if anything is found it can be fixed. That’s where Sucuri comes to the rescue! The Sucuri plugin monitors your website for any funny business going on. It can also remove malware and get your website cleaned if it is hacked. It’s some of the best money you’ll spend!
  12. Backup your website. You backup your website so that if anything should happen to your website, you’ll be able to restore a fresh version. Unfortunately, many website owners have no backup system in place and rely on their hosting company to perform their backups. Make sure that you contact your hosting company to find out what they backup. If it’s just your database, you’ll be very unhappy if something does go wrong.

Of course, this list is by no means all-inclusive, but it does give you a lot to work with to make sure your website is secure!

What would you add to this list? Has your website ever been hacked? Share below!
See ya later!

5-Day Declutter and Organize Your Blog E-course


Have you been neglecting your blog?

Sign up for the Declutter and Organize Your Blog 5-day e-course and together we'll get it in tip top shape!

You'll also gain instant access to the Back to the South Bloggers Resource Printable Library!

We won't send you spam. Unsubscribe at any time. Powered by ConvertKit
18 Comments… add one
  • Emily at theexpatmama.com 07/13/2017, 11:29 AM

    Such a great list of tips and a timely reminder that I should definitely think about my site security more seriously. I might print your list off and just keep as a weekly run through if that’s ok?

    • Lynn 07/13/2017, 12:05 PM

      Hi Emily, yes, that’s just fine! Glad you found these tips helpful.

  • Sophia Alisa Ali 07/13/2017, 12:00 PM

    This is a topic that is very scary indeed! it really does make you think! Thanks for the tips! And thanks for reminding of us of such things we tend to overlook!

    • Lynn 07/13/2017, 12:05 PM

      You’re welcome, Sophia! Thanks for reading.

  • Nicole 07/13/2017, 12:28 PM

    I definitely need to start thinking about this more. I have a really bad habit of ignoring the techy and hard parts of blogging but things like this are so important! Thanks for the step by step breakdown of what we can do!

    • Lynn 07/13/2017, 2:46 PM

      Sure, Nicole! Yes, it’s not the most exciting part of blogging, but as you said, so important! Thanks for reading!

  • Holly 07/13/2017, 3:00 PM

    I literally just moved my site over to Wordpress last week…these tips are SO helpful! I was intimidated by the platform at first, so it’s nice to get some solid advice 🙂


    • Lynn 07/14/2017, 10:52 AM

      Good Holly! How do you like WP so far? What platform were you on previously? Yes, it can be intimidating at first.

  • Joan Cajic 07/13/2017, 3:43 PM

    I almost got hacked when I just started blogging and got the red screen from google but I ended up fixing it. The updating of plugins and keeping wordpress up to date is really important too. I need to back up my site now, thank you for sharing.

    • Lynn 07/14/2017, 10:51 AM

      Oh no, Joan! Glad things worked out okay for you.

  • Emily 07/13/2017, 3:46 PM

    Awesome advice! Security is something that so many people overlook.

  • Michael @ Super Millennial 07/13/2017, 4:18 PM

    Super good post, site security is something that scares me as well but I’m doing most of the things you mentioned here.

    • Lynn 07/14/2017, 10:51 AM

      Great Michael!

  • Rachel Ritlop 07/13/2017, 9:18 PM

    Such a great post! It’s so important to keep your work safe for sure!

  • Denay 07/13/2017, 10:56 PM

    Lynn, I love your blog and really appreciate all the great knowledge you freely share with others. When it comes to keeping my WP site safe I feel lucky to have a great friend and website developer who helps me with hosting and associated services. But I had no idea you could choose your login link. Is it possible to change a login link once a blog is up and running, or only when you initially start your blog? Thanks again for everything. 🙂

    • Lynn 07/14/2017, 10:50 AM

      Thank you so much, Denay! You are so lucky to have someone who can take care of this for you. Yes, your login link can be changed even if your site is live.

  • Jenn 07/14/2017, 8:38 AM

    Totally have been wondering how to do this lately. So this came at the perfect time. I am going to try all of your tips.

    • Lynn 07/14/2017, 10:49 AM

      Gret, Jenn! Glad it was helpful.

Drop a line and let me know you stopped by!

CommentLuv badge

Filed away in: WordPress Resources for Bloggers