rss
8

WordPress Security – Evil Is Among Us!

You’ve been smart enough to get yourself a self-hosted WordPress blog so don’t let yourself down when it comes to WordPress security. Let’s be careful out there!

Are you really serious about protecting your WordPress blog from a hack attack?

Wordpress SecurityHere are the unfortunate facts!

1) It’s not just successful blogs that get attacked.
2) Sometimes it’s just because they ‘found’ you.
3) Your blog weaknesses are easily ‘found’.
4) By ‘default’ an average WordPress blog is a target!
5) You might not even know you’ve been ‘hacked’.
6) A hacked blog can get banned from Google etc.
7) Often you are hacked by software, not necessarily just by evil individuals targeting you specifically.

Here’s the good news…

I recently had the good fortune to come into contact with John Hoff, the creator of WordPress Defender – which as far as I’m concerned is the most complete system, even for a technophobe like me, to get all the right defenses in place so that at best you can counter any attempted hack attack on your blog and, at worst, those f&@#ers will realize that you are not a sitting target and so will move on to some other poor S.O.B. who hasn’t read this post!

My blog was hacked - image

Hmm, seems that some bloggers are having WordPress security issues!

So here’s the thing:

  • Did you know that a hacker, or his ‘bot’, could type into Google: inurl:wp-login.php to find every WordPress blog’s sign in page. Do you think it might be an idea to ask Google not to show your site when they do that?
  • Are you aware that all ‘out of the box’ WordPress installations have a bundle of things you can change to personalize your blog set up if you only knew how? The fact is that 99.9% of people do not!
  • Have you heard of the WordPress ‘Secret Keys’? Another way to limit hackers accessibility to your site that most of us were never told that we had the option to change?
  • Did you realize that, sometimes, the simple ‘good housekeeping’ that we do when backing up our blogs via a plugin is not always the best way to do it?
  • What about the fact that the ‘default’ WordPress install does not, as yet, give you this info?

Well let me be brutally honest and say, mea culpa, that I did not know this stuff! Or any of the 30 techniques that John talks about and explains in great detail. The more complex WordPress security aspects of his training is in the video tutorials – but it ain’t that complex folks!

So! Is this all news to you, as it was to me? I simply can’t understand why every blog site about blogging is not shouting about these issues from the rooftops. Why is that? I have no idea but you’ve read it here folks so go out and do something about it!

Or would you rather wait until you’ve a few hundred posts on your blog, an avid following and actually finding that your blog is doing all that you’d hoped for! Next thing you know you’re promoting a dodgy Viagra site, or worse!

Scare Tactics? Damn Right!

Wordpress security via WordPress defender - image

Clive

Clive

Managing Director at Big Buzz Projects
Clive McGonigal is a full time Web Developer, Marketer, WordPress Evangelist and all round Decent Chap. He lives between London and France ( on a tiny rowing boat with an internet connection) and spends his offline time wining, dining and conversing with his dogs. He loves WordPress ( themes, plugins and tweaks) and blogs about them whenever he can.
Clive
Clive

Comments (8)

Trackback URL | Comments RSS Feed

  1. Morgan says:

    This is scary. I totally have to go and change my security settings now! I hate hackers!

  2. Sandra says:

    This is terrible, especially if your someone really serious about getting traffic to your website and Google won’t even look at you because some hacker got a hold of you website. We have to get this info out to the world and fast.

  3. Amy says:

    OMG! I am totally shocked about this just like you Clive. Why aren’t we screaming to the world about this? I certainly will do my best to get the word out to my circle of friends about this Hacker crap that is going on without most of us knowing about it.

  4. Candice says:

    Where the hell have you been all my life Clive? I can’t tell you how fed up I am with malware and bots attacking my wordpress blog, as someone who didn’t know what I was doing when I started by blog, I have had to learn the hard way. Thank you, for letting me know about these awesome little tidbits about protecting my blog from those hacker SOB’s. Cheers.

  5. Clive says:

    My first ‘recorded’ and blocked hack attack! See image. Man, this has spurred me on to get all my other sites sorted in double quick time!
    Warning email

  6. Charlie says:

    I bet the recent problems at GoDaddy and the other hosting companies are going to scare people away from self-hosted WordPress blogs and drive them to those like Google’s Bloggr and similar

    • Clive says:

      I really hope not. It’s just a case of having the right hosting and good WordPress security in place – and who’s to say that Blogger etc,. are invulnerable?

  7. Clive says:

    **** UPDATE ****

    Call it ‘Synchronicity’ or whatever but 1000’s of WordPress blogs have been hacked by evil Malware over the last few days:

    See this Buzz thread I’m involved in.

    Chris, the starter of the Buzz post has lost ALL his blogs!

    Seems the initial attack was via Hosting companies first (ones with poor security e.g. GoDaddy – who I’ve always said to use as a domain registrar only and not as a hosting provider.) and then the hacker got access to all the other sites on the ‘shared’ hosting server.

    Most of us have ‘shared hosting’ so I’m well pleased that my hosting company, Heart, has secure protocols in place (i.e. FTP Lockdown) to stop this sort of thing.

    I contacted them yesterday and their reply gave me cause for comfort:

    “Hi Clive,

    Thank you for contacting us.

    Our administrators have been monitoring the situation as it has unfolded in the US and any changes that are viewed as needed to help secure our systems further are already being made. We also run our FTP servers separately from the web servers which keeps processes separate and more secure.

    I have also passed your comments onto our management as well.”

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.

109 queries. 0.998 seconds.