• Facebook
  • Pinterest
  • Rss
Sassy Boss
  • HOME
  • START A BLOG
  • COURSES
  • WORK WITH ME
    • WEBSITE PACKAGES
    • BRANDING PACKAGES
    • ABOUT
    • CONTACT
  • BLOG
  • RESOURCES
  • Menu Menu
  • HOME
  • START A BLOG
  • COURSES
  • BRANDING PACKAGES
  • WEBSITE PACKAGES
  • BLOG PLANNER WORKBOOK
  • BLOGGING COURSE
  • PINTEREST SET UP FOR SUCCESS
  • ABOUT
  • BLOG
  • RESOURCES
  • CONTACT

How To Protect Your Blog From Hackers

Are you a new blogger and you’re not sure how to protect your blog from hackers?

Website security is very important and the chance of getting hacked is real. This is why you need to take some necessary steps to protect your blog.

Securing your site should be one of the first things you do when building a website so let’s have a look at a few simple things you can do to greatly reduce the risk of your blog getting hacked.

Pin this post for later

How to protect your blog from hackers
I may earn a small commission for affiliate links in this post at no extra cost to you. Please read my disclaimer  for more information.

Website security for WordPress blogs

This tutorial is for self hosted blogs on WordPress.org. If you don’t have a self hosted blog and would like to learn how to set one up, please read this easy blog set up guide here.

Or you can take my free course: Kickstart Your Money Making Blog here.

How to protect your website from hackers

There are 7 ways to protect your blog from getting hacked. These are:

  • Setting up a strong username and password
  • Installing a security plugin
  • Block users who are trying to login with username “admin”
  • Enforce strong passwords for all users
  • Delete all un-used plugins
  • Make regular site updates
  • Always have a recent site backup

It’s not that hard to set this up in the WordPress Dashboard, I’ll walk you through all the steps below.

1. Set up a strong username and password

When you first login to WordPress it will be with the login credentials that your web host has provided you with. If the username is admin you’ll have to change this asap. Every hacker tries to login with the user name admin so get rid of it fast!

When you first login your username will be the only user in the database so you can’t delete it. You’ll have to create a new admin level user fist:

Go to Users > Add New > fill in your new username (not your name or blog name, make it hard to guess) and your email address. Then click on password and change it to a sentence that you can remember but is impossible to guess. Make sure it has a few $ymbo1s and use UPPER & lower case. Four or five words is good. (I like to be able to remember my password so I don’t have to look it up all the time, this is why a sentence works better than just random characters.) Write your login details down and keep them safe.

Next to Role you select Administrator from the drop-down.

Make sure to save your settings by clicking > Add new user.

Now log out of WordPress: Top right corner > Click on Howdy Admin > Log Out.

Now you can log back in with your new username and password.

Next you have to delete the old Admin username. Go to Users > All Users, hover over the old admin and click delete.

One more thing you should do: Go to Users > hover on your username > click edit.
Scroll down to Nickname and fill out your first name. Underneath Nickname it says: Display name publicly as > from the drop-down choose your first name. Scroll down > click on Update Profile to save your settings. This will be the name that is visible on your blog.

Recent Posts:

Is Your Blog Legal? Follow These 7 Steps To Make Sure

Blog Niche Ideas (That Set You Up For Success)

20 Worst Blogging Mistakes You Need To Fix Now

2. Install a security plugin

One of the first things you need to do when setting up your WordPress blog is install a security plugin. A great free plugin for this is iThemes Security, it has features like:

  • Security monitoring
  • File scanning
  • Malware scanning
  • Blacklist monitoring
  • Firewalls
  • Brute force attack protection
  • Notifications when a security threat is detected

To install iThemes Security, go to Plugins > Add New, and type the name of the plugin in the search bar. Once located, click > Install. When it’s finished installing click > Activate.

3. Block users who are trying to login with username “admin”

Remember how I said that every hacker will try to login with the username “admin”? Because we changed your username to anything but admin, we can now block anyone who tries to login with the username “admin”.

In the WordPress Dashboard, go to the menu on the left and scroll down to Security, and then click on > Settings.

Here you’ll see all the categories you can change the settings of. Go to the Local Brute Force Protection box and click on > Configure Settings.

Here you can select how many times someone can login to your website before they get locked out. I recommend setting the Max Login Attempts Per host to about 5 (just incase you stuff up your password a few times, you don’t want to lock yourself out too easily.) You can copy my settings.

The last setting lets you > Automatically ban “admin” user. Tick this box because you don’t have any users with the name “admin” and this will greatly reduce hacking attempts on your site.

4. Enforce strong passwords for all users

Using strong passwords is super important. In your iThemes settings you can make sure that anyone using your website is forced to used a strong password.

Go to Password Requirements > Configure Settings.

Tick the “enabled” box to force users to create strong passwords and select all user groups.

5. Delete un-used plugins

Plugins that aren’t updated regularly can leave your website vulnerable and can become an entry point for hackers. This is why it’s important to delete all plugins that you’re not using (Hello Dolly and Jetpack for example…)

Blogging Courses

Also avoid installing plugins that don’t come from a reliable source or don’t have a good rating or good reviews. Always look for the highest recommended plugins and avoid installing plugins that haven’t been updated recently or aren’t compatible with the latest version of WordPress.

Update all other plugins whenever they have a new version available.

To update your plugins go the menu on the left in the WordPress dashboard and click on > Plugins.

Here you’ll see a list of all your plugins. When a plugin has a new version available, it will show you like this:

Simply click on > update now and wait for the update to finish.

Always give your site a quick check after any updates in case it messed anything up. Because this can occasionally happen, it’s a good idea to make a backup (see point 7)  before making any updates.

6. Update your site regularly

Besides updating your plugins regularly, you also need to update WordPress and your theme whenever there’s a new update available.

In the left menu of the WordPress dashboard go to Appearance > Themes.

Here you be able to see which themes need an update, click > Update Now.

7. Always keep a recent backup

Even when you do everything in your power to protect your blog from hackers, there’s still always a small chance that your site gets hacked. This is why you need to save a complete backup of your site to your computer.

Backups are not just important in case you get hacked. Sometimes a plugin or theme update can mess up your site and it often would be easier to restore a clean backup than problem solve a broken site.

It’s important to  make regular backups so you don’t lose new blog post, edits or comments.

I use Updraft Backup Restore, a free plugin that makes it super easy to regularly backup your site.

To back up your site, go to > Plugins. Find the Updraft Backup Restore plugin and click on settings.

In the horizontal plugin menu click on > Settings. Here you need to select a remote storage, this is where your backed up files will be saved to.

I use Dropbox, you can use a free Dropbox account to store your files on. Select which storage you want to use and fill out your details.

Once you’ve got this set up, you go to Backup/Restore in the top menu.

To back up your site click on the blue Backup Now button and wait for the backup to finalise. This can take a while, just make sure to leave this window open until it’s finished.

Once the backup is done, you’ll see your backup appear on the same page under Existing Backups, like this:

If you want to save this backup to your computer, you have to click on each folder separately to download them.

This is how you protect your blog from getting hacked

I hope you’ve found this tutorial easy to follow and you now feel more confident in making your website more secure.

If you’re still new to blogging and would like to take my free course you can sign up to Kickstart Your Money Making Blog here.

Free

Ultimate Blog Planner Workbook

Recent posts

How To Make Money With Your Blog (In Your First Month Blogging)

Is Your Blog Legal? Follow These 7 Steps To Make Sure

3 Things I Did To Increase My Affiliate Sales By 481% In One Month

20 Worst Blogging Mistakes You Need To Fix Now

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Thanks for sharing

How To Protect Your Blog From HackersHow To Protect Your Blog From Hackers
Pin108
Share2
Tweet
110 Shares

Hey I’m Lisa!

I help non-tech women start a blog and grow it into a profitable business.

Are you ready to become a Sassy Boss?

Let’s dive in!

Get the Free Blog Planner Workbook

Recent Posts

  • What Should I Name My Blog? 20 Tips For Finding The Perfect Blog name
  • Best Free Blogging Courses To Start Blogging In 2021
  • Best Black Friday Deals For Must-Have Blogging Tools
  • How To Speed Up Your WordPress Site
  • Tailwind Create Review – Let Tailwind Design Pinterest Pins For You!

Connect on Facebook

Follow Me On Bloglovin

Follow
host your blog with Bluehost

PAGES

  • HOME
  • START A BLOG
  • COURSES
  • BRANDING PACKAGES
  • WEBSITE PACKAGES
  • BLOG PLANNER WORKBOOK
  • BLOGGING COURSE
  • PINTEREST SET UP FOR SUCCESS
  • ABOUT
  • BLOG
  • RESOURCES
  • CONTACT

CATEGORIES

  • BLOGGING

LEGAL

  • TERMS OF USE
  • PRIVACY POLICY
  • DISCLAIMER

FOLLOW US ON PINTEREST

Pinterest Profile | Sassy Boss

Follow us on Facebook

© Copyright 2021 Sassy Boss | How to Start a Blog | Make Money Online | Wordpress Websites | All Rights Reserved | Web Design by Sassy Boss
  • Facebook
  • Pinterest
  • Rss
3 Things I Did To Increase My Affiliate Sales By 481% In One Month increase affiliate sales How much does it cost to start a blog How Much Does It Cost To Start A Blog | Blogging Costs For Beginners
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OKLearn more

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

PRIVACY POLICY
Accept settingsHide notification only
FREE BLOGGING COURSE →FIND OUT MORE HERE
110 Shares
Pin108
Share2
Tweet