6 Steps to Keep Your WordPress Blog Safe and Secure

6 Steps to Keep Your WordPress Blog Safe and SecureWordPress is a great platform to build a small business Web site, but you must stay on top of security measures.  As some of you know, my blog was recently hacked by a bot looking for weakness in my WordPress and/or plugins.  Hackers left thousands of spam comments with embedded links, all of my plugins were stripped from the site, and it wasn’t working very well.  It was pretty much a nightmare and there was no easy fix.  It was tough for some of my readers to find the forms to submit to be a guest on #SmallBizChat or to be a guest blogger. I learned a lot about WordPress in this process that I think you all could benefit from.  Here are 6 steps to keep your WordPress blog safe and secure.

  • Do regular maintenance.  Just like with your car needing an oil change, your WordPress blog should have a basic tune-up regularly.  Make sure you are using the latest version of WordPress and keep your plugins up-to-date too.  It’s easy for plugins to create a conflict in the backend of your WordPress site.
  • Get professional help. Do not diagnose the problem yourself, hire a professional that does website recovery work.  Keep in mind, the person who built your Web site might not be able to determine how to stop a hacker attack.
  • Make sure you have the appropriate hosting option. If you have a site that gets major traffic – over 25,000 visitors a month like this one, a shared hosting server will not cut it.  You might need to look into having a dedicated server, which is pricey, but can provide an additional security options to give you better peace of mind.
  • Keep a list of your passwords and plugins. You should have a permanent file in Google Docs or DropBox with all of the logins to the site and your hosting account. You also need a list of plugins that are being used on your site.
  • Do regular back-ups.  Make sure you have at least monthly back-ups done for your blog. (I do them weekly.) WordPress has a great free plugin for back-ups called myRepono. You can automate your WordPress, website and database backups using the myRepono plugin.
  • Delete the Admin login to your site. You never want to make it easy for people to gain access to your website. By using “Admin” as your login, you are giving hackers half of the information they need to break into your blog – then all they need to do is guess your password to gain access to everything.

If you do these things, hopefully you will avoid the chaos that can happen when your WordPress site is hacked.

“Username Password word” courtesy of digitalart / www.freedigitalphotos.net

Do you have any other suggestions for protecting a WordPress site? 

Become Your Own Boss Now!

Order SmallBizLady's new book Become Your Own Boss, 2nd edition! It includes everything you need to launch a small business and new chapters on crowdfunding, build a great website, content strategy, and leveraging social media.


  1. Alice says

    Instead of keeping passwords in a document, which is asking for a different kind of trouble, I would recommend using a more secure tool to keep track of them. I use LastPass, which is awesome, but there’s bound to be other good options too. The thought of keeping passwords in a document makes me shudder.

Leave a Reply

Your email address will not be published. Required fields are marked *