25 Ways To Prevent Your Blog From Hackers – Before It’s To Late
Being a Blogger I can understand what it feels when you’re blog has been hacked by some anonymous person or a group of hackers. In 21 century there are two things that rapidly increase first is programming and the second is hacking. And both related to each other.
If Blogging is the passive income of yours, then you must read out this complete article. Because if you don’t know what comes to you in future then you’re not able to protect your blog from hackers.
However, it was way too hard to hack any website for a small hacker, recently I meet up with one of the buddies name Abishek he is currently studying ethical hacking used for the security of computers from hackers. Abhishek tells me a hacker and website using the SQL injection and some other codes.
On Google, you can easily search online free Video Tutorials for learning to hack just type “How To Hack A Blog” on the google search box.
Here you see there are millions of articles results come up on google search engine with step by step guides.
Why I am tell you this, because as you see from yourself your blog can easily be hacked. If not take your blog future seriously.
Also Read : 7 Most Common Mistakes Which Losses Your WiFi Security Network
Top Indian Blogger Amit Agarwal owns a blog named (Labnol.org). In 2012 Amit post a tweet his blog is hacked.
Amit is an smart blogger he already generated a backup of his blog. In case if his blog hacked in future. Amit quickly restore his blog using a backup data in few hours and he turns the table.
Be A Smart Blogger – Always Ready To Face Problems
So to become smart blogger you must know all about blogging in simple word “Nile To Hill” if you underestimate basics of blogging then you don’t go far on your blogging carrier. Everyone known Mark Zuckerberg he is the founder of Facebook the most interesting about him is until now when he has lots of money and power he still code.
Which means he love coding, there are million of programmers who says they can’t live without coding because they love it.. Same goes for bloggers if you love blogging and take seriously your future will be safe and secure.
If you don’t know much about blogging take help from pro bloggers email them your issue. As a newbie I also face lots of problems in my past three year blogging carrier. Until now when I come up with the issue that I can’t resolve I take a help of an expert.
5 Basic Things You Never Underestimates If You’re A Blogger
If you’re think to make blogging as your life time profession. Then there are some things you’ll never underestimate.
Always Ready To Help Your Blogger Followers Along with Unique Visitors
If Someone Ask You For A Help Relating To Blogging. Try To Resolve The Issue
Never Stop Learning – There is Always Something New To Learn
Must Read Blogger Journey Stories – It Tells You Which Things Could Affect Your Blog
Always Try To Find Ways To Expand Your Blog Among Others
By helping others you become popular among newbie.
For Example – If you own a blog related to the Health niche and when someone asks you “How Can I Increase Traffic On My Blog” what you could say visit this following site it gives better solution related to SEO.
Because you know that particular website is all about Search Engine Optimization along with resources and expert advice for new bloggers to increase google ranking of blog.
25 Tips To Prevent Your Blog – A Simple Things Can Safe Your Blogging Carrier
Losing your blog contents can destroy a business reputation, Imagine a blog having thousands of posts, comments, internal linking etc and you find the next day all blog data base clear like an empty apartment.
In this article, I will show some tips given by SEO experts,
Professional Bloggers along with online securities agencies to prevent
blogs from hackers.
# Backup The Blog – Generate Backup of Blog Posts, Comments, Links
How To Backup Self Hosted WordPress Blog Generating backup of any important data is one of the best thing to do. In case if you lost or your current data or it’s corrupted or hacked. You can easily use backup data to restore things same as before.
If you own a blog on WordPress, you can easily generate a blog backup on WordPress platform. There are some free and paid plugins (BackupBuddy) from which you can easily backup of WordPress Blog. You can also make your blog backup on self-hosting sites. Such as if you’ve hosted WordPress blog on Bluehost you can backup of of your blog data in few minutes.
There are also some other ways on WordPress from which you blog owns can easily generate backups. WordPress offer users to backup there blogs using BackWPup read the complete article about how to generate backup of blog through BackWPup.
How To Backup Blogger Blog
However, on Blogger there is one way to make backup of the blog and that is exporting the blog contents to computer. To make backup of blogger blog login into your blogger account open up the blog you want to backup.
Click on the Backup Contents button and save the file on your computer hard drive. That it you’ve successfully created the backup of your blog. Now scroll down open up Settings > Others.
#Try To Use Strong Password – Use Upper Case and Lower Case Letter Along Symbols
Using a strong password is the key feature that saved from hackers. Secure passwords are essential for high-privileged users such as administrators. Without secured password your blog its just like an open door house for hacker.
On web, there are lots of tools and software which you can easily decode the password using some tricks based on username, date of birth, name, address etc. Remember It, the stronger the password it harder to guess.
How To Create A Strong Password And How To Remember It
If you think if you could create a strong password and what happens when you forget it. Everybody doesn’t like to go through password recovering process and answered security question to recover a password of an account. When you’re going to create a new account on encrypted websites you seen a advice – “Be sure to use a strong password”. Because for hackers it was hard to crack password that contain different types of letters along with symbols.
Most importantly remembering a strong password is confusing task. There are some ways from which you can easily remember passwords that contain upper and lower case letters.
Read out these Articles to know get tips and tricks to remember master password – Article 1 / Article 2
# Use Premium or Paid Blogging Themes – To Secure Blog From Hackers
Most likely blogger use free child theme for there blog because its easy to edit and fast to load. Hackers can easily hack into a free WordPress Theme or free blogger template because some themes comes with back gateways and it also connect using backlink to the develop of the theme.
WordPress Premium Blog Themes stick with a security risk and not everybody know how to write a secure code.
For example – WordPress Bootstrap Starter Theme look dynamic but the plus point of this theme is its contain secure code that stop hackers.
Premium Themes also called Paid themes you can these theme. You must see these amazing 10 secure WordPress Theme for bloggers.
# Prevent From Code Script Injection – Cross-Site Scripting (XSS Attacks)
Cross Site Scripting also called XSS Attacks is the type of script injection simpler to SQL injection in which malicious scripts are injected into trusted web sites. Mainly the cross site scripting example are send through web application to the users website.
To Avoid XXS attacks on your blog, you must not allow developers to put untrusted data on your website. Else hire a web developer for blog that has compete knowledge about cross site scripting vulnerability.
# Use WordPress Security Plugins – To Protect Your Blog From Malicious Hackers
Check out the list of WordPress Security Plugins along with Firewalls. This type of WordPress plugin investigates web requests with simple, WordPress specific heuristics, to identify and stop the most obvious attacks. The WordPress firewall plugin easily scan blog post, comment bodies, numeric parameters, blog articles and lot more. This WordPress Security plugin lets bloggers sleep better at night.
# Switch The Database Table Prefix – One A Month
In order to make your blog database more secure you should change the database table prefix once a month. The WordPress default prefix is (WP_) you must change it with some competitive use symbols along with number that make it hard to guess.
For Example – ( 6rt4yo_).
However, WordPress Security Plugins will automatically change your database table prefix while scanning the blog. These plugins will show you potential security risks on your blog along with their solutions.
# Limit The Access of WP-Content Directory – Important Step to Secure Blog
WordPress Directory or WP-Content Directory that allow users to access certain files types within the directory from which anyone can get through your blog database. Basically these file types include – ( jpeg, .gif, .png), Javascript (.js), CSS (.css) and XML (.xml) ) these files typically related to blog body. Which also open the door of blog database for hacker.
To limit the access to the WP directory you must prohibit it. By adding the programming code that given below into WP Directory. This allow user to only access the Images, Javascript, XML and user cannot get to any other database.
The code should me placed in the “.htaccess” file within the WP-content folder.
# protect wp-config.php
Order deny,allow
Deny from all
What you’ve to do to set up the limit in WordPress Directory.
# Install Plugin That Monitor Blog Change – Immediately Inform You In Case If Any File Switched
Everyday there lots of little changes happen on your blog, but you should know some changes are harmful for your blog heath. You should keep eye on the blog using a plugins or else hire any person how keep an eye on your blog changes and inform you at right time. You can also ask your blog host service provider to configure your server to let you notify in case there is any change in any of your blog data files at any time, or else you can install a paid plugin that makes this easy for you.
# Admin Account – Create More Than One Admin Account
It better to have more than one admin account because in case your blog admin account may hacked you can immediately login with second admin account and make changes on you blog to stop hacker to access database of your blog.
As you also know, this technique is just dangerous as it helps. So before doing anything you must prepare yourself the more WordPress Admin Account you have the more gateways hacker have to get inside your blog.
So there some tips we recommend you must follow while creating a new admin account to protect yourself from hackers – Choose the username and password so unique and different that it confused the hacker in simple word its hard to guess.
For Example –
Admin Username = TruckRPDhitman
Admin Password = 4589@R0ck#Build
# Use Different Password For Every Aspect Webmaster
As you already know every Webmaster can create up to three username and password (Hosting Account, Cpanel and WordPress ) of your hosting. That make easier to recover your website when it has been hacked. You can also apply for host insurance in case something happen to your blog host server.
The first username and password for your hosting account, where you can pay for blog hosting service and see tickets. The second password is used for Cpanel settings where you can easily make change on your blog and lot more on blog layout. The last one is WordPress Installation which itself setup, where you can add new post, replay comments and lot more.
The common mistakes every blogger does by making all three password same, that gives complete control to the hacker to your website. Make sure to create different strong passwords for all three webmaster aspects that gives you benefits in case if your blog hacked in future.
# Use Secure Login Platform Such as Encrypted Channel
If you owns a blog which have SSL enabled than you should login into your WordPress account using Encrypted Channel to access WordPress Dashboard. You can easily force user to login over HTTPS by setting up (FORCE_SSL_ADMIN ) variable to wp-config.php to true.
For Example – ( define (‘FORCE_SSL_ADMIN’, true); )
#Upgrade Your Blogging Platform To New Version If Its Available
If WordPress or Blogger released any new upgrade that specially includes security fix, new firewall and lot more. Upgrade your blog even though if there are feature that you don’t use for your blog.
Doing this can secure your blog because by upgrading the WordPress blog all previous data such as temporary deleted automatically that may contain the malicious virus or sometime more dangerous that affecting your blog.
# Hide WordPress Version In the Header Tag – Drop This String
WordPress themes shows meta tag that can easily visible to every user. Although if you’ve deleted that WordPress Meta data from your theme. However still you may see WordPress version sting line in the page return by the blog software.
You can easily hide the WordPress Version line from header tag by adding the “functions.php” file to the theme directory.
For Example – Add below given code to the functions.php file.
However still by adding this files there is no guarantee that your blog will be safe. Its just decrease the chances of getting attacks to your blog.
# Scan Plugins For Virus Before Installation – Plugins Contain Virus That Affect Your Blog
Now a days bloggers can easily download plugins and installed them on their website. But you’ve to be careful with these kind of web extensions before adding on your blog. Hacker mainly search a way from which they can easily enter into your website. Plugins may contain malicious code that open hidden gateways from hackers.
To prevent from malicious virus it best to scan the Plugin just after you download it. There are some web tools from which you can easily scan plugins.
Here we mention some best WordPress Plugin Scanning tools.
Theme Authenticity Checker (TAC)
For more alternatives of Anti-Virus Plugin read out this article published by Hongkiat.
# Terminate Default Admin Account – To Get Anonymous
By removing your WordPress Default Admin Account the malicious user does not know your username easily. Which keep you one step ahead from hackers, as you’ve probably know WordPress installations comes with a default user account and it was easier for hackers to breakthrough it.
If you don’t have a multiple admin account then create not more than two admin accounts. After creating a new admin account. Delete the default admin account if you don’t how to delete default admin account the read given below guides.
Login into your WordPress or other alternative admin account using new admin username and password. Go the settings and delete the default account that you get when you started your blog.
# Enable Two-Step Authentication- Secure Blog Using Two-Step Verification
If you don’t enable two-step verification on WordPress then enable it right away because its the best way to secure your blog.When you enable Two-Step Verification or (two-factor authentication), you add an extra layer of security to your account. You sign in with something you know such as your (password) and something you have (a 4 digits code ) send to your phone.
For more information about enabling two factor authentication on WordPress you must read out this article.
# Limit The Access Attempt to wp-admin Directory – Essential step in securing your blog
The WordPress Administration folder is one the most important folder on WP directory. You can easily access your blog dashboard using it. Which means if you can then anybody can so you must block access attempt to WordPress Directory.
You can easily do this by “.htaccess” file in the wp-admin directory. But before adding this on your blog directory you must change the IP Address to your own.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “WordPress Admin Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist Syed’s IP address
allow from xx.xx.xx.xxx
# whitelist David’s IP address
allow from xx.xx.xx.xxx
# whitelist Amanda’s IP address
allow from xx.xx.xx.xxx
# whitelist Muhammad’s IP address
allow from xx.xx.xx.xxx
# whitelist Work IP address
allow from xx.xx.xx.xxx
However if lots of people writing on your blog if they constantly change then in this case this code doesn’t make any sense. There are also some other drawback of using this technique such as you’ve to access your blog with same internet provider. Which means you cannot access your blog or website from another place. Change the IP address on the above code and it will work.
# Setup A Limit the Number of Login Attempts
By setting up the limits of number of login failure attempts can prevent you from users how use brute force techniques on your WordPress account for login. The basic of brute force attacks is kind of attacks in which hackers try to find out user password through login failure attempts.
To prevent from such as thing you can easily step up a limitation for login failure using a plugin called Login Lockdown.
# Hide Login Error Message – Incorrect Password or Username
When you’ve mistakenly enter wrong password while login into your dashboard account you seen a login error message – “Incorrect Password”. If you login with wrong username then the error message shows “Invalid Username”.
Now you going to shock after reading this. Hackers can easily decode your username and password using these error message through password decoder software. So to be safe from this you must hide the login error message.
To hide the login error message on WordPress you’ve to add given below code line to the functions.php file on using admin account.
add_filter(‘login_errors’,create_function(‘$a’, “return null;”));
After adding these code on your on WordPress blog, when you try to login with wrong password or username you see blank error message.
After adding the code login failure message look like this.
# Lock Down WP-Config File – Most Important File on Complete Blog
WordPress Configuration (WP-Config) file is one the most important file among all because this file contains all information for access key of your website. You must lock down this file to secure your blog because any how if hackers get access to WP-Config they can easily get complete control on your blog.
To secure the file you should add this code to the “.htaccess ” file on the WordPress root directory.
Order deny, allow
Deny from all
By adding this code it lock down the WP-config file and don’t any users to access it.
# Clear Your Web Browser Cookies Clear – Hackers Can Also Access Them
To clear cookies, Open web browser you use to access your blog and then open up the setting of browser. After that move to the Privacy tab. Click on “Show Cookies” hit clear button. However for more details guides along screenshot. Read out this article for deleting browsing cookies on Firefox, Edge Browser and Google Chrome. Hackers can easily breakthrough web browser cookies or browsing history from which they can get information to get access to your website. To be secure from getting hack once a week or at the end of the day clear all browsing history along with cookies.
# Keep Away Search Engine From WordPress Directories
Search Engine crawled almost every content of your website as along as you stop it. You may don’t know that your blog admin section is also get index in search engine that can become a major security threat for your blog.
That why its better to keep away search engine from WordPress directories. To do that you’ve to create a root.exe file on your WordPress root directory before adding this code (Disallow: /wp-*).
# Switch Default Access Right To The Users
If on your blog, regularly multiple users login with the username and password to the default access of your blog. As you may know that default settings such as username and password are pretty easy to break.
Its essential and you can easily get control over the rights of users access to your website. To do that you’ve to install a WordPress Plugin called “Advanced Access Manger” and Active it.
That all using this plugin you can easily control WordPress repository to manage access to areas of users, post, pages, comments etc. For more alternative see WordPress Access Control plugin.
#Keep Your Computer Up to Date – By Installing Update Software Pitches
You should regularly scan your complete computer using anti-virus software. You can get and run free anti-virus software Avast, Panda Free Antivirus, Comodo, or AVG to check if there any virus on your computer system. Sometimes hackers can also get access to your website due to security vulnerabilities on your computer. So to be safe from this you must keep updating your computer with latest software and latest version of anti-virus. When the new Operating System is released do you best to get upgrade as soon as possible.
# Pick Best Web Hosting Service For Your Blog
To Pick the best web hosting service you have to get some tips. 10 factors to consider before choosing web hosting. This is most of the important thing for any new blogger to choose a best web host however lots of you don’t know anything about web hosting. The things if you can use all of these trick on your blog to secure your blog. But if your blog host is not secure its all gone to waste.
# Hide Author Username – It’s Good Idea To Hide Author Username
Yeah you heard me right, its a good idea to hide the username because showing username on your blog make lot easier to hacker to breakthrough on your blog.
Its pretty easy to find each author username of your site. And since more often than the main author of the blog is also the administrator. According to the DreamHost article, its better to hide the admin username or author username from the blog to ensure you are not make hacker job easier.
To hide the author username from your site, you’ve to add given below code to the “function.php” file.
add_action(‘template_redirect’, ‘bwp_template_redirect’);
function bwp_template_redirect()
{
if (is_author())
{
wp_redirect( home_url() ); exit;
}
}
After adding this code to ensure that username not visible to anyone. Try to insert ?author=1 after your main URL. You won’t see any information about administrator.
Wrapping Up – Conclusion
Securing your blog is much more than installing plugins and themes to make your blog look better. To become a smart blogger you’ve always ready for the upcoming problems that includes blog traffic , blog earning and on the top of all blog security.
Try to build your blog 100% secure do whatever it take to secure your blog after a proper research. You must know that daily around 35K blogs hacked in which 25% blogs are of WordPress.
Feel free to give your views tell me if I’ve miss some details in this article via comment box.