Seven Ways to Prevent Those Bloggin Hackers

Prevent hacking of your blog.

Like all of our posts this one, on preventing your blog from being hacked, was generated from our circle of friends and clients.

Several of our bloggy friends have had their blogs hacked at some time in the not-too-distant past.

Realizing we probably didn’t know enough about preventing it, we decided this was a great opportunity to not only educate ourselves on avoiding the horrors of a hacked blog, but to also educate our reader(s). <— our attempt at humor. We really hope there is more than one of you out there.

Here are a few very simple tips we picked up in our research:

1. Spammers can insert code via comments. Along with the wonderful spam catcher Askimet, install Conditional CAPTCHA. This adds a CAPTCHA window only for those comments Askimet labels spam. The potential spammer must then enter the CAPTCHA code to have their comment go forward to the Askimet spam queue. Best of all, your regular, non-spammy commenters won’t even see the CAPTCHA screen. We’ve only had it in place for a couple days on all of our blogs and it is fantastic! No more having to dump hundreds of spam comments!

2. Hide your WP version. Hackers often need to know which WP version you’re using in order to hack it. This used to be visible in the footer. We’ve just checked and either the latest version of WP, or the themes we’ve chosen, are aware of this security flaw and have removed this information from the footer. It may also be in your blog’s header.php template tag. Remove the meta tag named “generator”, which states which version you’re using.

3. Always update to the latest version of WP. The newer the version, the less likely the hackers have found the backdoors in.

4. Delete the “Admin” account under Users. This is the default account when you login in to WP for the first time, and hackers know this. To close this door, log in and go to Users. Create a new user account using a different login ID and give it full admin permissions. Log out, and then log back in as the new user. Go to Users and delete the Admin profile.

5. The Limit Login Attempts plugin does exactly what it says: Limit the number of login attempts on your blog. If the hacker can’t decipher your password after a few attempts they’re locked out. You determine the number attempts and length of lockout.

6. WP-PreventCopyBlogs isn’t directly related to hacking, but it does prevent theft of your material. We have it installed on all of our blogs. It’s not that we feel our stuff is worth stealing, but apparently the thieves aren’t picky. Case in point, we’ve had some minor theft of the copy on this blog. This plugin prevents selecting of text and/or right-clicking. We love it, but some regular readers of another blog were a bit off-put. (Personally, it’s never bothered me to find this on other blogs. I right-click on my own blog and get caught all. the. time. LOL)

7. Install WP database backup so you can at least restore your blog if you do get hacked. It’s a very simple plugin that will email you a copy at whatever interval you set. While it offers options  for saving your database backup, we recommend opting for the emailed version and having it sent to a web-based email such as Gmail or Yahoo. This way you can restore it from wherever you are – as long as you have internet access. Saving it to the database/server that may be hacked or corrupt seems counter-intuitive.

There are a few more, some rather complicated, procedures for protecting your blog, but we think this is probably enough to prevent most attempts. If it’s too much trouble, the hackers will probably move on to one of the other 200,000,000 blogs in the blogosphere.

Got some anti-hacker tips we didn’t list? We’d love to hear them! Please leave them in the comments or shoot us an email at marketingsquirrel (at) gmail (dot) com.

Happy Blogging!

- The Squirrel