Now Reading
Five Rookie Mistakes Killing Your Blog’s Security

Five Rookie Mistakes Killing Your Blog’s Security

Blog security

It doesn’t matter if you write about Teletubbies, or are even relatively unknown. Hackers will go after anyone, often injecting malware or adding links to suspicious websites. This can put a sour taste in reader’s mouths, making them wary of visiting your blog again. While WordPress has gotten better over the years, and blog security has improved, there are still multiple factors that make your site an easy target, mistakes that can easily be avoided…

Not Updating WordPress Regularly

WordPress receives fairly consistent updates, and most updates contain important security improvements. Sometimes it’ll be just a simple fix while other times it’ll be a patch for a major security flaw. One reason blog owners don’t update right away is because they’re afraid the update will go haywire, having a conflict with a plugin or two. This is a valid concern, but not a good excuse.

Search around to see what other users are reporting with the latest version. Chances are, updating will go smoothly. Plus, given the fact you can increase your blog security with just a couple clicks, makes the process that much easier.

Letting Your Plugins Fall Behind

Plugins enhance the functionality of our blogs, but they can also enhance the likelihood of a hacker getting access to your site. Check your plugins page regularly for updates, and try to refrain from using plugins that haven’t been updated in a while.

Using A Sketchy Theme

There are thousands of themes to choose from, and unfortunately some are coded horribly or, even worse, contain malicious code. Always make sure your theme is from a trusted source, and if it receives consistent updates, even better. WPMU does a great job revealing the dark side of free themes from various sites.

As the saying goes, you get what you pay for. It’s best to stay away from free themes altogether, and services like Elegant Themes or WooThemes offer a high quality selection at one low price.

Having A Weak Password

You know what the most used password is? “password”. What about the second most popular? “123456”. The very first thing that hackers do to get past your blog security is go straight to the login page. Often times, if there is a weak password, brute forcing will usually get them in.

There’s absolutely no reason to use a poor password. Personally, I use LastPass to manage all my passwords. You never have to worry about remembering a password again, it automatically fills in your login details, and everything is encrypted. As an added measure, using GRC’s High Security Password Generator ensures guessing your password is next to impossible.

Your Username Is “Admin”

See Also

When you create a WordPress blog, your username is “Admin”. While this is okay, it makes a hackers job easier. You see, they already know your username which is one half of the battle. With how WordPress is setup, you can’t change a username once it’s created.

However, you can create a new account under a different username, and then delete the “Admin” account. Just make sure that when you go to delete, you choose to reassign all posts to the new username you’ve created. If you’re uncertain how to go about this, Kim Castleberry has a great walkthrough.

Recommended Tools

Here at Blog Herald, we use a service called Cloudflare. It’s an alternative DNS that not only helps improve the speed of your website, but will also amp up your blog security. There is a free or paid version, and both will protect your blog from DDoS attacks, bots, email harvesters, and more.

Although changing your username and using a strong password is sufficient, it’s best to take things one step further. A plugin called Limited Login Attempts will block someone after so many failed login attempts, making a brute force attack very unlikely.

Photo credit: Brian Klug

View Comments (5)
  • I think we’ve all done some mistakes with our blog, but the important thing is the lessons you learn from those mistakes. Thank you for your comment, enjoy your weekend as well.

  • I’ve dealt with a hacked site due to a theme. It used the reviled timthumb script which left it vulnerable. I believe the script has been updated now but what a headache.

    The Better WP Security plugin will take care many security issues nicely. One nice feature is that it will track changes to files which can indicate a hacked site. It may be overkill for most but I does bring peace of mind.

  • Also recommend a password manager. I’m currently using 1Password which works across all of my devices. While you are auditing your plugins, run the P3 Performance Profiler and disable the slowest plugins on your site. That should provide a speed boost and minimize plugin conflicts.

  • So good points, especially updating wordpress and plug-ins, though think it should be mentioned that the site should be backed up first before updates in case of compatibility problems, which have hit me a couple of times in the early days. I like the tools you have mentioned, I am going to check them out, especially the password one, I have so many now my brain is melting under the strain!
    No-one is perfect and I have made and will make mistakes, but your post has gone some way to showing how easy t actually is to put security in place, thanks.

Scroll To Top