How do you protect your blog from hackers?

by wassim
40 replies
Warriors,

I'm so much concerned. I have this great idea on mind about my new blog that I gonna launch soon. I have prepared many stuff, and have so many ideas to write about in my new blog. I know so much about many things, but as you know... Nobody knows everything! One of the things that I'm not good at is.. Security!

What if I got that amazing wordpress theme, and then I started to write articles and beautiful posts on my blog day after the other, and aside working on doing lots of SEO and increasing visitors to my site... RSS Subscribers, Twitters, etc... What if after a year passes, and I have a decent traffic to my site and readers reading my articles everyday.. Then someone hacks my site!

You know... The more popular your blog becomes, the more invasions will occur from spammers, hackers and others. Have any of you warriors faced this issue? How do you go around it? How do you protect your blog and make sure that NOBODY will be able to break your site and mess with it... or possibly hacking your password and destroy the whole thing for you, including your posts and domain and hosting. I know backup is always good... but what if someone simply got over your blog overall? Can this happen? and if yes... please let me know the best ways to avoid this from happening, and how should I act if that really happened someday.

Thanks.
#blog #hackers #protect
  • Profile picture of the author TheRichJerksNet
    It's simple secure your blog and do not rely on wordpress to do it for you ... It is an open source platform which means hackers have access to the full code, including any updates.

    It will never be secured unless you take that security into your own hands and modify the coding so the hackers do not know what was changed. Nothing is 100% secure but I rather depend upon my own self vs some company that will not secure their scripts..

    James
    {{ DiscussionBoard.errors[1407471].message }}
    • Profile picture of the author Big JP
      Originally Posted by TheRichJerksNet View Post

      It's simple secure your blog and do not rely on wordpress to do it for you ... It is an open source platform which means hackers have access to the full code, including any updates.

      It will never be secured unless you take that security into your own hands and modify the coding so the hackers do not know what was changed. Nothing is 100% secure but I rather depend upon my own self vs some company that will not secure their scripts..

      James
      That sounds simple enough...

      Oh wait, I just remembered I have no coding experience, does that mean myself and others who don't know how to code, are screwed?
      {{ DiscussionBoard.errors[1407508].message }}
    • Profile picture of the author wassim
      Thanks for the tip James. Well actually the last time I created a website it was very successful and I was getting good traffic everyday. Despite that, nobody was able to break the site because I developed it myself, and took most security issues into consideration. I got some spammers and hackers attempting to mess with the site, but they failed at the end.

      I have some security background, but not one that's perfect. The reason of why I am asking about wordpress security, is that I don't want to waste time on developing the website. Wordpress as you know, is a perfect platform for blogs, so I hope it's secure enough to rely on it.

      I really don't wish to develop a website that takes me months (since I have a regular job and can't work on it all day), where I can create the same result in Wordpress within a few hours.

      Originally Posted by TheRichJerksNet View Post

      It's simple secure your blog and do not rely on wordpress to do it for you ... It is an open source platform which means hackers have access to the full code, including any updates.

      It will never be secured unless you take that security into your own hands and modify the coding so the hackers do not know what was changed. Nothing is 100% secure but I rather depend upon my own self vs some company that will not secure their scripts..

      James
      Signature
      {{ DiscussionBoard.errors[1407520].message }}
    • Profile picture of the author halfpoint
      Wassim,

      Listen to James' post. I know he isn't going to tell you to click on the link in his sig because it's against the rules but you should definitely get his product.

      I initially decided to create plain html sites because I was scared of using Wordpress due to all the hacking stories, however, I then stumbled across James' product and I now use Wordpress for every site I create. I know absolutely nothing about programming and the like, yet I can now have a secure blog installed in 10 mins.

      It's one of the best products I've bought for my business. Period.

      Originally Posted by wassim View Post

      Thanks for the tip James. Well actually the last time I created a website it was very successful and I was getting good traffic everyday. Despite that, nobody was able to break the site because I developed it myself, and took most security issues into consideration. I got some spammers and hackers attempting to mess with the site, but they failed at the end.

      I have some security background, but not one that's perfect. The reason of why I am asking about wordpress security, is that I don't want to waste time on developing the website. Wordpress as you know, is a perfect platform for blogs, so I hope it's secure enough to rely on it.

      I really don't wish to develop a website that takes me months (since I have a regular job and can't work on it all day), where I can create the same result in Wordpress within a few hours.
      {{ DiscussionBoard.errors[1407862].message }}
      • Profile picture of the author LilBlackDress
        Originally Posted by Pat Jackson View Post

        Wassim,

        Listen to James' post. I know he isn't going to tell you to click on the link in his sig because it's against the rules but you should definitely get his product.

        I initially decided to create plain html sites because I was scared of using Wordpress due to all the hacking stories, however, I then stumbled across James' product and I now use Wordpress for every site I create. I know absolutely nothing about programming and the like, yet I can now have a secure blog installed in 10 mins.

        It's one of the best products I've bought for my business. Period.

        Thanks for sharing this Pat. I didn't realize James had a product to protect WP, so I will definitely check into it. I just joined one of his sites recently and have been very impressed with everything he offers. He is really awesome about sharing info and giving support.
        Signature

        Pen Name + 8 eBooks + social media sites 4 SALE - PM me (evergreen beauty niche)

        {{ DiscussionBoard.errors[1408032].message }}
        • Profile picture of the author netkid
          There is a WP plugin called "WP Security Scan" by Michael Torbert (Google to find that site) that is another way of further protecting your WP blog.

          I have installed it on all my blogs and it is great for changing database names, passwords and other key areas where hackers can get hold of your blog.

          Hope that helps,

          Bruce
          {{ DiscussionBoard.errors[1408085].message }}
          • Profile picture of the author webvigor
            I always keep my blogs updates with latest version and disable registrations on your blog. That's all which I am doing as security measures.
            Signature
            {{ DiscussionBoard.errors[1408094].message }}
    • Profile picture of the author sligon00
      Originally Posted by TheRichJerksNet View Post

      It's simple secure your blog and do not rely on wordpress to do it for you ... It is an open source platform which means hackers have access to the full code, including any updates.

      It will never be secured unless you take that security into your own hands and modify the coding so the hackers do not know what was changed. Nothing is 100% secure but I rather depend upon my own self vs some company that will not secure their scripts..

      James

      So how does one do that , what code do you modify ?

      BayAreaSteve
      Signature

      No Sig Free Zone

      {{ DiscussionBoard.errors[1412824].message }}
  • Profile picture of the author Victor.L
    If your blog is that popular , I strongly suggest hiring someone to do the secruity on your hosting.
    {{ DiscussionBoard.errors[1407497].message }}
  • Profile picture of the author Alexa Smith
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[1407502].message }}
    • Profile picture of the author wassim
      Good point Alexa... what you said makes sense. Do you think it's better to improve the security of the wordpress blog? And how to do that? or instead... just code the website myself and make sure there are no security gaps (basically)?

      Originally Posted by Alexa Smith View Post

      I don't use Wordpress.

      It's the same logic as not using Outlook (or Outlook Express) for email: most email viruses are designed to attack through Outlook (Express). Just not using it probably removes 90% of the potential problems.

      Similarly with blog hackers. I don't say that anything else is any better made or more hacking-resistant. The reality is just that most hackers hack Wordpress blogs. Just one of the little downsides that you don't often see mentioned.
      Signature
      {{ DiscussionBoard.errors[1407536].message }}
  • Profile picture of the author AnniePot
    Just an observation. I use 2 hosting companies: BlueHost and HostGator, with 3 WP blogs hosted on each, plus various regular websites. Recently 2 BlueHost blogs have been hacked, plus one regular website and they offered me no help, simply informing me that security is my problem.

    On the other hand, nothing I have hosted with HostGator has been hacked.

    Several months ago, I installed the WP-Ban plugin on all my blogs. Now, whenever Akismet flags anything as spam, I simply add the email address / domain / IP address to the plugin list and I now hardly ever see any junk commenting at all.
    {{ DiscussionBoard.errors[1407684].message }}
    • Profile picture of the author ronr
      Dont get too comfortable. Years ago we had a dedicated server with Hostgator hacked. Hostgator was supposed to be providing security.

      After it happened I had a server admin pro look at the server and he found a lot of insecurities.
      He also discovered the person who broke in was just a kid who used some basic tactics to compromise my dedicated server

      Before then I was comfortable to but only because I didn't know how unsecure my server really was.

      Be proactive about security. Don't assume you are secure because you haven't been hacked-YET.

      Originally Posted by AnniePot View Post

      Just an observation. I use 2 hosting companies: BlueHost and HostGator, with 3 WP blogs hosted on each, plus various regular websites. Recently 2 BlueHost blogs have been hacked, plus one regular website and they offered me no help, simply informing me that security is my problem.

      On the other hand, nothing I have hosted with HostGator has been hacked.

      Several months ago, I installed the WP-Ban plugin on all my blogs. Now, whenever Akismet flags anything as spam, I simply add the email address / domain / IP address to the plugin list and I now hardly ever see any junk commenting at all.
      {{ DiscussionBoard.errors[1407920].message }}
      • Profile picture of the author TheRichJerksNet
        Originally Posted by ronr View Post

        Dont get too comfortable. Years ago we had a dedicated server with Hostgator hacked. Hostgator was supposed to be providing security.

        After it happened I had a server admin pro look at the server and he found a lot of insecurities.
        He also discovered the person who broke in was just a kid who used some basic tactics to compromise my dedicated server

        Before then I was comfortable to but only because I didn't know how unsecure my server really was.

        Be proactive about security. Don't assume you are secure because you haven't been hacked-YET.
        90% of the time this is due to third party open source scripts or your computer itself not being secured...

        It is not the server itself, especially from hostgator as they keep their servers up to date unlike many other hosting companies.

        James
        {{ DiscussionBoard.errors[1407984].message }}
        • Profile picture of the author ronr
          Originally Posted by TheRichJerksNet View Post

          90% of the time this is due to third party open source scripts or your computer itself not being secured...

          It is not the server itself, especially from hostgator as they keep their servers up to date unlike many other hosting companies.

          James
          It can be other factors but this was the server itself and it was Hostgator. Not to disparage them only because it's common with hosting companies that they are not as proactive about keeping their sites updated with security as they should be.
          {{ DiscussionBoard.errors[1408132].message }}
    • Profile picture of the author kennethg
      Originally Posted by AnniePot View Post

      Just an observation. I use 2 hosting companies: BlueHost and HostGator, with 3 WP blogs hosted on each, plus various regular websites. Recently 2 BlueHost blogs have been hacked, plus one regular website and they offered me no help, simply informing me that security is my problem.

      On the other hand, nothing I have hosted with HostGator has been hacked.

      Several months ago, I installed the WP-Ban plugin on all my blogs. Now, whenever Akismet flags anything as spam, I simply add the email address / domain / IP address to the plugin list and I now hardly ever see any junk commenting at all.
      Dear Annie,

      When you add an IP address to your ban list, are you not afraid of alienating all the good visitors coming from that particular IP as most ISP's use DHCP (dynamic IP assigning) and that would mean everytime someone logs onto the Internet, they get assigned a different IP address.

      I normally ban the user's email address, so I was wondering if you knew of a way to overcome the above problem?

      Thanks.
      Regards,
      Kenneth,
      {{ DiscussionBoard.errors[1411624].message }}
  • Profile picture of the author johnlagoudakis
    There was a recent hack on a Wordpress vulnerability that caused the index.php to have code added which redirected your blog. When someone visited your site it would just come up as a blank page.

    It was fixed with a new release (version 2.8.6) but if you were on a shared server, you had to make sure that you updated all blogs otherwise all your domains would get infected.

    I was infected and cost me a fair bit of downtime
    Signature
    Need help getting more leads and sales? *** Click here to work with me ***
    {{ DiscussionBoard.errors[1407685].message }}
    • Profile picture of the author Big JP
      Originally Posted by johnlagoudakis View Post

      There was a recent hack on a Wordpress vulnerability that caused the index.php to have code added which redirected your blog. When someone visited your site it would just come up as a blank page.

      It was fixed with a new release (version 2.8.6) but if you were on a shared server, you had to make sure that you updated all blogs otherwise all your domains would get infected.

      I was infected and cost me a fair bit of downtime
      Did you have to log into each of your WP blogs and update them?
      {{ DiscussionBoard.errors[1407692].message }}
  • Profile picture of the author josspam
    I found this article How to Protect a WordPress Blog from Hackers | eHow.com you might like it

    Jocy
    Signature
    Celuadictos
    X-Box Peru - Fitbox and Martial Training
    {{ DiscussionBoard.errors[1407705].message }}
  • Profile picture of the author KenS
    Just a quick tip

    Use the autoupdate plugin for wordpress. WordPress › Wordpress Automatic upgrade WordPress Plugins

    I have found this to be a god send for all the wp installs I use.

    ken
    {{ DiscussionBoard.errors[1407772].message }}
    • Profile picture of the author TheRichJerksNet
      Originally Posted by KenS View Post

      Just a quick tip

      Use the autoupdate plugin for wordpress. WordPress › Wordpress Automatic upgrade WordPress Plugins

      I have found this to be a god send for all the wp installs I use.

      ken
      Ken,
      That is a huge secuirty risk right there... Never use any autoupdate stuff that has access to your system. Not to mention you should "NOT" update just because wordpress released an update, many times that can be more damaging than it is good.

      James
      {{ DiscussionBoard.errors[1407830].message }}
    • Profile picture of the author KenS
      Originally Posted by KenS View Post

      Just a quick tip

      Ken,
      That is a huge secuirty risk right there... Never use any autoupdate stuff that has access to your system. Not to mention you should "NOT" update just because wordpress released an update, many times that can be more damaging than it is good.

      James

      ken
      Actually the autoupdate is just an option. I should have been more clear about that. The way I use this plugin is to just go onto my blogs and update it by manually telling it to update since I have been leery about letting it run all by itself. Not quite auto, but it still save a lot of time and I haven't had any security issues.


      Are you saying that the plug-in itself is dangerous, or just any sort of auto updating script?

      Would that include something like wp-o-matic or some other rss feeder?

      Also, why would you recommend against updating WP as soon as a new version comes out? I was under the impression that was a good thing in order to prevent exploits.

      Thanks for your input.

      ken
      {{ DiscussionBoard.errors[1408868].message }}
      • Profile picture of the author TheRichJerksNet
        Originally Posted by KenS View Post

        Actually the autoupdate is just an option. I should have been more clear about that. The way I use this plugin is to just go onto my blogs and update it by manually telling it to update since I have been leery about letting it run all by itself. Not quite auto, but it still save a lot of time and I haven't had any security issues.


        Are you saying that the plug-in itself is dangerous, or just any sort of auto updating script?

        Would that include something like wp-o-matic or some other rss feeder?

        Also, why would you recommend against updating WP as soon as a new version comes out? I was under the impression that was a good thing in order to prevent exploits.

        Thanks for your input.

        ken
        Any auto updating script on a open source platform is Bad !!! Stay away because if the main site is hacked so are you and yes wordpress itself has been hacked before..

        I do not recommend to update to the latest version due to the fact that is what the hackers expect you to do so they can go play in your playground with new exploits.

        The best thing you can do is keep the version you have secure it and do not upgrade at all.. Take action into your own hands and secure your own blog by modifiying the coding.

        James
        {{ DiscussionBoard.errors[1409367].message }}
        • Profile picture of the author Big JP
          Originally Posted by TheRichJerksNet View Post

          Any auto updating script on a open source platform is Bad !!! Stay away because if the main site is hacked so are you and yes wordpress itself has been hacked before..

          I do not recommend to update to the latest version due to the fact that is what the hackers expect you to do so they can go play in your playground with new exploits.

          The best thing you can do is keep the version you have secure it and do not upgrade at all.. Take action into your own hands and secure your own blog by modifiying the coding.

          James
          AAAH! Now I have 2 minds on whether or not to continue using wordpress for my marketing!

          Whenever I see an update available for anything I own, I just automatically go ahead with it, because surely it is being updated for good reason.

          If you don't update, then how do you get access to any new features included?
          {{ DiscussionBoard.errors[1410162].message }}
          • Profile picture of the author TheRichJerksNet
            Originally Posted by Big JP View Post

            AAAH! Now I have 2 minds on whether or not to continue using wordpress for my marketing!

            Whenever I see an update available for anything I own, I just automatically go ahead with it, because surely it is being updated for good reason.

            If you don't update, then how do you get access to any new features included?
            If it is not broken don't fix it ... It's that simple...

            James
            {{ DiscussionBoard.errors[1410237].message }}
            • Profile picture of the author kennethg
              But James, all versions have bugs in them. When we not update, dont we leave ourselves exposed to hackers who can manipulate these holes? Isnt that why Wordpress issues updates?

              Regards,
              Kenneth.

              Originally Posted by TheRichJerksNet View Post

              If it is not broken don't fix it ... It's that simple...

              James
              {{ DiscussionBoard.errors[1411635].message }}
              • Profile picture of the author TheRichJerksNet
                Originally Posted by kennethg View Post

                But James, all versions have bugs in them. When we not update, dont we leave ourselves exposed to hackers who can manipulate these holes? Isnt that why Wordpress issues updates?

                Regards,
                Kenneth.
                That is why you secure your own blog... I have posted on this and posted on this many times. Thousands of customers have decided to take their security seriously and secure their blogs. Some have chosen to ignore the facts until they was hacked.

                If you want to stop hackers, then you must secure your blog youself and change the coding. 2 Customers of mine above has already answered this problem with a real solution.

                Stop trying to use those so-called security plugins and those wannabe security tips that many non-security experts post about. Would you hire an electrician to wire your house for electricity or hire a plumber ???

                Many of those created blogs and security tips are from people that have never coded a site in their lives and they know nothing about security.

                Sorry to say it but hard core facts are hard core facts, stop trying to be cheap and find free solutions to secure your business.. Do you seriously leave your business to so-called experts based on some free information that some non-coder post on a site ??

                Fact is business cost money and if you are making money then investing in your site is also a must.

                James
                {{ DiscussionBoard.errors[1411677].message }}
                • Profile picture of the author Mo Goulet
                  [QUOTE=TheRichJerksNet]That is why you secure your own blog...

                  I'm willing to confess to the following so others will take this serious.

                  I know most people buy stuff and really use it.............NOT!

                  Well I'm guilty of this many times over but lately I've been hearing more and more horror stories on blogs getting hacked.

                  I'm dedicating this week end to actually securing my blogs.

                  I purchased your program James and never bothered to follow through and actually do it.

                  I've been fortunate or lucky to have not gotten hit.

                  Don't fall victim to this. If you've bought James program, use it today. I'm going to.

                  James I bought WP secured about 6 months ago.

                  Are there any updates?
                  {{ DiscussionBoard.errors[1411747].message }}
                  • Profile picture of the author TheRichJerksNet
                    [quote=proapc;1411747]
                    Originally Posted by TheRichJerksNet View Post

                    That is why you secure your own blog...

                    I'm willing to confess to the following so others will take this serious.

                    I know most people buy stuff and really use it.............NOT!

                    Well I'm guilty of this many times over but lately I've been hearing more and more horror stories on blogs getting hacked.

                    I'm dedicating this week end to actually securing my blogs.

                    I purchased your program James and never bothered to follow through and actually do it.

                    I've been fortunate or lucky to have not gotten hit.

                    Don't fall victim to this. If you've bought James program, use it today. I'm going to.

                    James I bought WP secured about 6 months ago.

                    Are there any updates?
                    Thanks... Yes I know you have purchased ... I have all v2 customers on a list waiting to annouce v3. When I get some extra time I will be releasing v3 and as promised all v2 customers will be getting it for free...

                    I can not give an exact date right now as I am working on several projects and updates to my sites.

                    James
                    {{ DiscussionBoard.errors[1411754].message }}
                • Profile picture of the author kennethg
                  James, I got your point on security.

                  How do I know the loopholes in my Wordpress blog (Think & Create) that is susceptible to be compromised

                  Regards,
                  Kenneth.

                  Originally Posted by TheRichJerksNet View Post

                  That is why you secure your own blog... I have posted on this and posted on this many times. Thousands of customers have decided to take their security seriously and secure their blogs. Some have chosen to ignore the facts until they was hacked.

                  If you want to stop hackers, then you must secure your blog youself and change the coding. 2 Customers of mine above has already answered this problem with a real solution.

                  Stop trying to use those so-called security plugins and those wannabe security tips that many non-security experts post about. Would you hire an electrician to wire your house for electricity or hire a plumber ???

                  Many of those created blogs and security tips are from people that have never coded a site in their lives and they know nothing about security.

                  Sorry to say it but hard core facts are hard core facts, stop trying to be cheap and find free solutions to secure your business.. Do you seriously leave your business to so-called experts based on some free information that some non-coder post on a site ??

                  Fact is business cost money and if you are making money then investing in your site is also a must.

                  James
                  {{ DiscussionBoard.errors[1411763].message }}
                  • Profile picture of the author TheRichJerksNet
                    Originally Posted by kennethg View Post

                    James, I got your point on security.

                    How do I know the loopholes in my Wordpress blog (Think & Create) that is susceptible to be compromised

                    Regards,
                    Kenneth.
                    ALL open source platforms are open to hacking, it's a fact of internet life.. I custom code all my sites but I am a developer. I do not use any open source code for my sites. I do have a few blogs installed from wordpress but they are secured by me changing the code and using my own product.

                    I do not just sell this product or that product, I use everything I sell myself also...

                    James
                    {{ DiscussionBoard.errors[1411775].message }}
                    • Profile picture of the author Alminc
                      I highly recommend James' Wordpress Secured, it's probably the
                      best wp security product you can find.

                      It does make you work a little bit, and you cannot update your
                      secured blogs right away, but your blogs are protected!

                      I secured my blogs on wp version 2.6.3 with Wordpress Secured, did not
                      update them since then, and I had no hacked blog for a looong time.
                      Signature
                      No links :)
                      {{ DiscussionBoard.errors[1411848].message }}
  • Profile picture of the author MichaelHiles
    Don't use applications that are based on interpreted script?
    {{ DiscussionBoard.errors[1408886].message }}
  • {{ DiscussionBoard.errors[1410967].message }}
  • Profile picture of the author Bhaskar Jain
    umm,

    look:
    if trying to protect your blog you will be have use best security level and

    I used to be an Auditor & Security Analysts so here is a list that I use frequently to find what I need for securing my WP Blogs
    hackers are too genius but they are said to idiot because they did there work for bad reply of there futre.

    thanks
    keshav

    i have my own idea about entertainment wann know noth up me soon
    {{ DiscussionBoard.errors[1411576].message }}
  • Profile picture of the author 808glass
    1. Don't auto update anything ever, do update and patch when obviously stable, but automating this process is setting yourself up for unstable software that is more readily hacked.

    2. Don't use Wordpress if you don't have to. You'll get a bunch of script kiddies that will figure out a way in... these aren't even hackers, most hackers wouldn't really care to break into your site, these are lazy wannabe techies that borrow someone elses script and modify it to bust your site.

    3. You can never fully secure your site, but do take the obvious precautions mentioned above and use a hardware firewall, take backups, and think long term when crafting your security.
    {{ DiscussionBoard.errors[1411642].message }}
  • {{ DiscussionBoard.errors[1411723].message }}

Trending Topics