Warning: Your WordPress Blog/Website May Have Been Hacked

English: WordPress Logo

English: WordPress Logo (Photo credit: Wikipedia)

As I logged in to my WordPress account, I was feeling good because my blog receives subscribers every day.

I quickly looked at my subscribers list and clicked on Posts. I keep an Ideas post in WordPress, which I refer to when I’m stuck for a blog content writing topic.

And then I saw them.

A bunch of gobbly-goop blog posts created by one subscriber who I’ll call Subscriber A. How the hell did this happen?

I immediately deleted the posts and told myself to check my WordPress account every other day.

Lo and behold, Subscriber A created a bunch of garbage titled posts, again. WTF.

I’ve always been a huge advocate of WordPress and have used it since 2008. But Subscriber A’s antics has left me feeling violated and sick to my stomach.

I deleted Subscriber A and temporarily disabled the Subscribe option my blog (click here to subscribe), for now. If I could, I’d find Subscriber A and tell her or him (people use fake names) that what he/she did is unacceptable and that karma will come back to bite you in the ass.

Protect your WordPress blog

You’ll want to protect your blog because you spend time writing content and engaging with your community. Don’t allow trolls to ruin what you’ve created. Here are some steps you can take now.

Create or update your password

If you’re creating a WordPress blog or website for the first time, create a super strong password. Do not use “password” as your password. Forget about using your dog, cat or child’s name. Use upper and lowercase letters and characters. Or just use characters. If you haven’t changed your password in a while, change it right now!

Do not use the default “Admin” user name

WordPress defaults to “Admin” as the user name — do not use it. Why? Because you’re giving hackers the green light to log in to your site. Create your user profile by clicking on Users and then click on Add User. Assign “Administrator” to your profile so you can update your website. After you finished, go back and delete the default “Admin.”

Update WordPress

WordPress updates to the latest version so should you. You can find the update at the top of the Admin area or on the left-hand side of the Admin area; you’ll see the word “Update.” It’s tempting to wait on updating your site to make sure there are no bugs in the latest version of WordPress; however, it’s better to update and then update, again, if there’s another update.

In addition to keeping your WordPress current, keep your blog/website clean by deleting old plugins and themes. When in doubt, toss it out.

Install the Limit Login Attempts plugin

The Limit Login Attempts plugin will do just that — limit the amount of times you or anyone else can log in to WordPress. The plugin is compatible up to WordPress version 3.3.2. and should work. But, you may want to use Better WP Security, which is compatible up to WordPress 3.8.

Upgrade your anti-virus software

Do you use the free version of anti-virus software? If you do, it’s time for an upgrade. You’ll want software that scans your computer, looks for and removes malware, monitors and secures internet transactions, updates and basically makes your blog/website securer than Fort Knox! Here’s a list of the top anti-virus software.



Avast! (I switched to Avast! from AVG, and I’m quite happy with it. However, if you add the Online Security extension to Google Chrome, it blocks certain information such as comments and social sharing buttons.)


Compare each anti-virus software and purchase one today!

Backup your site

Create a backup schedule for your blog/website. You can download the WP-DP-Backup plugin, but it’s only compatible up to WordPress version 3.6.1. Do not store backups on your website!

Another way to backup your site is to download Filezilla (Mac and PC) and save your site’s files on your computer. You’ll need to do the following:

  • Log in to your hosting company.
  • Click on CPanel.
  • Type FTP in the search box and click on it.
  • Find the SFTP (secure file transfer protocol) file and download it to your computer.

To use Filezilla, you need your account’s FTP username and password. If you don’t know it, contact your hosting company. Do not store your username on password because they’re not encrypted.

Secure sensitive information

Find out if your phpinfo.php and i.php files are leaving a breadcrumb trail to your website. You may need to contact your hosting company and/or web developed to make sure the files are secure. To prevent a hacker from checking out your site’s folders and files, you or your web developer can disable the directory browsing by adding Options –Indexes to the .htaccess file.

It’s time to take a bite out of cybercrime!

Protect your small business blog/website by using the above tips right now to safeguard your information. Not only will they give you peace of mind, but they will make your blog/website more secure against hackers.

Over to you. What tips do you have to protect and secure your WordPress blog? Let me know in the comments below.

If you enjoyed this post, click here for free email updates!