Securing Your New Blog

Imagine waking up one day to find your blog has gone! It’s been hacked so that either it’s physically broken or worse a virus has been inserted. Or it’s been closed down by your hosting company as, for some reason, it’s using up too many ‘resources’ and has broken their Terms & Conditions.

I’ve touched on Hacked Blogs in previous posts, and it has certainly happened to me – and I only found out when I investigated why all the Google Adsense ads, on a blog about dog training, were related to Viagra, ring tones and other ‘dodgy’ products!

Some of these hack jobs are caused by automatic bits of software trawling the web for WordPress blogs that they can easily break into. Kind of like potential burglars scouting for houses with mail piled up outside the front door, no car in the drive and no sign of activity ( or lights) in the evening i.e. nobody’s home.

Blogs that offer open doors to these malevolent programs and individuals are those running on old WordPress installations or have minimal password and Admin ID settings.

One basic thing to do, if your Admin sign has been set as admin ( which is doing 50% of the hackers job for them) is to create a new Admin account in ‘ ‘Users’ > ‘Add New’ with new strong ID and password ( don’t forget to fill up the email address box too). Then sign in as the new Admin and delete the old, less secure one.

Another is to disallow blog visitors to ‘Register’ for your site via ‘Settings’ > ‘General’ and make sure the ‘allow anyone to register‘ box is UNticked – you can always register contributing authors, editors etc. manually.

But these really are basics and we all need to raise our game on this. To use the previous analogy, no house is impregnable to burglars but given the choice between a well secured and defended home the burglar will simply stroll down the road to find more easy pickings – Lord knows he’s spoiled for choice!

I’m just checking out WordPress Defender and will report back shortly!

DONE! See the video over there in the Sidebar >>>

About the Author

Clive McGonigal is a full time Web Developer, Marketer, WordPress Evangelist and all round Decent Chap. He lives between London and France ( on a tiny rowing boat with an internet connection) and spends his offline time wining, dining and conversing with his dogs. He loves WordPress ( themes, plugins and tweaks) and blogs about them whenever he can.

Comments (2)

Trackback URL | Comments RSS Feed

  1. Clive says:

    Here’s a good post, just found, featuring other options that I didn’t mention in the original post:

  2. Peter says:

    Hi Clive

    Just at home for a couple of days and have been experimenting with my broken side tabs (subscribe-archives-tags-popular).
    Thought you might like to know for reference that I cracked the prob I mentioned in an email to you a litle while back.

    WP Dashboard/Appearance/Editor (Edit themes)/Sidetabs.php (from RH templates list).

    Then I copied the whole script from Aire WP and pasted into FlutePlay and…

    it didn’t work..

    until I deactivated the WP Firewall plugin.
    Interestingly, I came to this cos the plugin had been sending me warning emails that someone (ie me) had been trying to tinker with my code.
    Once I cottoned on I simply deactivated the plugin and did a recopy from Aire to FlutePlay and…


    I just wonder. How did I manage to break the sidebar in in the first place?



Leave a Reply

If you want a picture to show with your comment, go get a Gravatar.

34 queries. 0.254 seconds.