BTXP 009: 15 Tips to Help Keep Your Blog Secure from Threats

35 Comments, Leave One

blog hackers

Getting hacked is one of the worst things that can happen to a blog or website owner.

It can destroy weeks or months of work, cause large amounts of personal stress and even affect your revenue streams.

Sadly, getting hacked is one of the realities of online business.

In today’s episode I am going to go over 15 tips that will hopefully help you become more prepared. It’s my sincere hope that some of this information might be a catalyst for keeping you and your blog safe.

View the episode in iTunes here or if you like you can download it to your computer here and listen later.

What’s in this episode?

Here are a few of the things mentioned in this episode, as well as links to some useful relevant material.

Do you have any extra tips?

I’d love to know any other tips you might have in terms of security or managing a bad event. Please leave a comment below as it might really help someone who reads it.

© Top photo: Valeriy Kachaev.

SO, WHAT'S NEXT?

Hi, I'm Ramsay. If you enjoyed this post you might like to check out:

Finally, hit the button below to get a free report and email updates so you're never out of touch.

LEARN MORE

35 Comments... Leave yours.

  • shaun

    Good topic to tackle and very important for anyone that has taken the time and effort to create a blog – it’s amazing how quickly they can simply vanish!

    My tip is to be careful of the ‘free’ plugins you use and to make sure you update them regularly.

    Unfortunately I learnt the hard way and lost hundreds of hours of work!

    Keep up the great work Rams


    1. Ramsay

      Yeah that’s a big one. There’s a lot of not so great plugins out there.


  • Martin

    Great article.

    What about 2 factor authentication?


    1. Ramsay

      Yep, I talked about that in the podcast. Very good idea.


  • Stéphane

    Thank you so much for these reminders, Ramsay.

    We’re never prudent enough. That’s why I have checked my blog as soon as I’ve received your clear councels.

    I’m a user of Wordfence and UpdraftPlus and I like them.
    I think I’m going to give a try to BulletProof Security today.

    I’m still cautious about Limit Login Attempts because I live most of the year in Africa and I don’t want to be blocked myself one day. Is there any risk?

    Keep up your good work, even for the French fan that I am.


    1. Ramsay

      Yep, there is a chance you’ll lock yourself out for sure.

      Also, not sure you need BPS and Wordfence. Might create a conflict.


      1. Stéphane

        Thank you for your quick answer 😉


  • David

    The Distribute.IT story reminds me of an incident at a company I worked for in South Africa. A disgruntled ex-employee from one of our clients got into their servers because his accounts weren’t deactivated (including his company VPN account). Caused havoc for them as he created a ‘backup’ account for the VPN and servers that looked very similar to a system account so it took a while to be found.

    Also, ‘DDOS’ stands for *Distributed* Denial of Service :p


    1. Ramsay

      What did I say? I meant to say that. lol


      1. David Steven-Jennings

        “Deliberate” 🙂 I still think it’s an accurate description though as 99% of the time it’s deliberate.


  • Osvaldo

    Hey Ramsay!! As for the plugin wordfence you mentioned, it’s a nice state of the art plugin, but i was forced to uninstall it because it was sucking my blog’s memory on my shared hosting account.

    any other feasible and lighter option you know to protect my blog?


    1. Ramsay

      That’s really interesting. BPS is really lightweight as far as I know, but takes some time to get set up.


      1. Val

        Any security plugin requires to have some good knowledge and takes some time to setup. And it’s normal to be this way because the last thing you want is to block yourself.


  • Francis Quarshie

    Hi Ramsay,

    That’s another great piece for us to consume, but you see, VPN is expensive, and it’s not 100% as you rightly mentioned (VPN Review).

    I believe in combination of WordPress security plugins with all other measures to fortify our site’s walls.

    Well, they all won’t definitely be 100%. Maybe that’s why this post is made available.

    I’ve tried most of the measures outlined. What’s left right now is to try David and VPN.

    Thanks for the guide.

    Francis


    1. Ramsay

      Strong VPN is around $9 for three months I thik. Good investment.


  • Joe

    Hi Ramsay,

    Thanks for covering this topic. It has me so confused- sorry for this long response but perhaps you can help.

    I use Limit Login Attempts, and at least once every day I get locked out of my own site.
    It says too many failed attempts, yet it happens when I’m already logged in! So does that mean someone somewhere knows my IP address and is using that when trying to guess my passwords?
    And then inevitably logs me out of my own account?

    The LLA log shows loads of attempts everyday from random IP addresses trying to guess the username and/or password. I am too afraid to uninstall the LLA plugin though.

    I also use Sucuri (because I got flagged as a malware site once about 9 months ago and it took them a week to fix it).
    Everyday I get notifications from Sucuri saying “your site is under Bruteforce attack”. And it lists loads of IP addresses and timestamps that are attempting to login every few seconds (it must be automated).

    Is this normal, does it happen to your site?

    The sucuri notification doesn’t actually tell me to do anything or make any recommendations. Unsure whether I should be worried.

    Thanks!


    1. Ramsay

      Hey mate.

      My site gets something like 40,000 hack attempts a month. LLA does do a lot of lockouts but you shouldn’t be getting locked out yourself.

      What host are you on? A brute force attack should be handled by your host pretty quickly as it will start to affect them as well. I’d get in touch with support ASAP and fill them in.


      1. Joe

        Okay so hack attempts is “normal”.

        Yeah very confused about lockouts considering it locks out IP addresses.

        Im with hostgator.
        Thanks for your response.


  • SalesFizz

    Thanks for the reminder of how important security is for a blog.


    1. Ramsay

      Thanks.


  • Adeniran

    Very helpful. Thank you, Ramsay


  • Joseph Jones

    A lot of bloggers or even website owners take these security measures for granted.


  • Eze sylvester

    Hi, Ramsey it’s a great post you have here. I benefited a lot. Thank you


  • Pankaj

    Hi Ramsay,

    Are you using any kind of security on your own blog? I own a blog but it is very small at this time and I am not much worried but when it grows to a good level, I am sure I would want to have it secured. Thanks for this great info.


  • rahul sihmar

    hi Ramsay,
    first time on blog tyrant and welcomed with a stuffy podcast.

    btw, I got a genuine idea from your podcast for my next blog post.

    thanks buddy


  • ANKUR

    Hi, Ramsey your post help me a lot thanks


  • Vanessa Jencks

    Hey – do you make transcripts of your podcasts available? I tend to be a better reader than listener. Not a big deal if not. 🙂

    Luckily I learned my lesson of a really poor password AND poor username after I stopped blogging on my first blog attempt. The thing got hacked a few months after it was dead.

    Back-ups and plugin updates are so, so, so important!


  • David John

    Hello Ramsay..
    Really Nice security tips you got here ,
    Instead of hiding the WordPress version of your site a better solution is to simply keep your site updated.


  • Pat @ Posting For Now

    Thanks for this post Ramsay. I have a blog set up with Managed WP w/GoDaddy. I hope they have my back with some of the thing you’ve talked about. I’m thinking of starting a second website and thought I’d stop by to see what you have to say. I appreciate the reminder not to use free internet at Starbucks etc. and to have more secure passwords.


  • Ravi

    grate post very informatic thanking you, and try to improve the conversation level…


  • Juliet

    Realy Thanks for this post Ramsay.


  • Akash Gurnani

    Very Nice Post Ramsay, In my view on can use limit login attempt with login captcha to get tight security of website.


  • Ashley

    Hi Ramsay,

    Thanks for the security tips. What are your thoughts on setting your blog up yourself versus having a web developer company do it for you? I don’t know if this could possibly run into a security issue. I have all of the tools to start my blog myself using Bluehost, but I have recently found a company named Varisage. They are willing to start my blog (everything from hosting, email subscriptions, web design, etc.) to where all I would have to worry about is my content. They already work with several very successful bloggers that I look up to and who are blogging full time which is my goal. I guess I thought my blog success would be more secure if signing with this company because they would help with my branding. Is this common and a good idea?


  • Roger

    It’s crazy how frequently our sites are getting attacked every day and we don’t even know it. I installed the iThemes Security plugin, and within minutes my logs were full of failed login attempts. Holy crap! Without the plugin, I’d have (and I had) no idea that was happening on a daily basis. I can’t even begin to imagine what bigger sites like Facebook and Amazon must go through in terms of hacking attempts.


start a blog popup