Get FREE email updates »
INSTANT ACCESS

Make Sure Your WordPress is Not Hacked

wordpress

Trust me, hackers are not particular. If you think your blog is safe because it’s new or you don’t have a lot of traffic, think again. Your blog is even more attractive because you’ve left it unprotected, thinking that you don’t have anything to worry about yet. But let me tell you, it only takes one hack job and you’ll pay attention. So right from the very beginning you need to make sure your WordPress blog isn’t hacked.

How will you know you’ve been hacked? Well, that Viagra ad that comes up when you visit your blog is a good indication. And yeah, your regular visitors are seeing it, too. Kinda makes you sick to your stomach, doesn’t it?

But hackers don’t always take your blog down. Sometimes they load it up with links that lead to their nasty little products. If you’re using Firefox you can check by clicking on “Tools” then on “Page Info” and then on “Links.” This will show you all the outgoing links that are coming from your blog.

If you’re not on Firefox you can check the source code for your page. Pay special attention to the HTML coding for the header and footer areas and look for any links that shouldn’t be there.

Most blogs that get hacked are either very new blogs or they’re very old. Newer versions of WordPress have pretty tight coding in place that eliminates most holes. But new bloggers have a tendency to use easy passwords, and they use the same password for everything. Older versions of WordPress get hacked just because they’ve never been updated with more secure software. So let’s take a look at what you need to do to make sure your WordPress isn’t hacked.

First, change all of your passwords frequently. This includes the password to your dashboard, your email, your control panel and your database and use a different password for each location. If you’re allowing other users to access your blog, they need to change their passwords, too. And it’s a given that you should never allow access to anybody unless you trust them completely.

Next, make sure to update your WordPress theme every time a new one becomes available. There’s a lot of behind-the-scenes coding in those updates and a lot of it has to do with closing up holes to prevent hackers from being able to access your blog.

If you haven’t seen an update come through for a while it might be time to change your theme. No updates usually means that theme’s been discarded and there’s no longer any support. A new theme will better, more modern security coded in. If you’re really attached to that older theme, though, you can delete your theme-editor.php file from the WP-Admin folder to prevent hackers from being able to install links. It’s not the best solution but it’ll do in a pinch.

If you enjoyed this article, Get email updates
JOIN FOR FREE

2 Comments (Add one)

  1. Howard

    The first thing I do when setting up a new WP site is to create an account called “admin” with a very long randomly-generated password, which I don’t bother to save. I also set up two-factor authentication for that account. “admin” has no role for the site at all, so if a hacker finds a back door to hack into it, there is no access to anything from the account.

    My real admin account is named something else. Since I’m seeing brute-force attacks on “manager” and “administrator” I use a name unrelated to any of those terms, although I’m sure that a dedicated and knowledgeable hacker could find it. But that does seem to be effective against the scriptkiddies.

    I think I will also strip out the WordPress indicators and use the folder names and tags usually associated with Joomla, in the hope that will result in the scriptkiddies using the wrong scripts.

    1. Sté Kerwer

      Why don’t you just rename the admin account to something else? It would sound more convenient… As per changing the folder structure to the Joomla one, good luck, because moving the theme folders is not going to be as easy as it sound