Is Your Blog Secure?

ACFWFriends of ACFW, tips, writing Leave a Comment

by Michael Lee Joshua

There have been so many incidents of hacking email accountss, but we sometimes don’t take the proper care to secure our blogs. Having built a number of blogs or websites on the WordPress platform in the past year for clients has made it obvious to me that our blogs must be secured too.

You might wonder why anyone would hack your blog, but think about it – traffic is all that hackers want. A hacker can take your traffic and turn it into a mailing list by installing a squeeze page over your front page. Your visitors have no idea that they are signing up for anything other than your email list or blog posts. Hackers might place an ad on your page that looks like it is from you but instead signs your visitors up for an affiliate program, getting the hacker a commission in return for the email address.

The fact is, it doesn’t really matter why they would hack into your blog. What matters is, once it is hacked, it is difficult to get it back on track if you do get back in.

It’s important to note that these instructions are for WordPress sites or blogs hosted on your own domain. Free hosted blogs are not as easy to protect, and are extremely difficult to retain control if you lose one.

Here are the few steps needed to secure your WordPress blog or site. (Note that the word “blog” in the steps below can be substituted with the word “site” or “website.”)

1. Sign into your WordPress blog’s admin panel (domain.com/blog/wp-admin/).

2. Click ‘Users’ from the sidebar menu on the left

3. Click ‘Add New’ next to ‘Users’ towards the top of the page.

4. Provide a Username, Email, First Name, Last Name, Website, Password (twice) & then select ‘Administrator’ from ‘Role’ drop-down before clicking ‘Add New User’.

5. You now need to log out of the admin panel, log back in as this new user, and return to this ‘Users’ page in admin.

6. You should now be back on the ‘Users’ page and viewing both users. Hover over the user called ‘admin’ and click the ‘Delete’ hyperlink that appears below.

7. On the page that comes up you should leave the button clicked next to ‘Delete all posts and links.’ and click the ‘Confirm Deletion’ button below.

8. NOTE – It is also advisable to not post to your blog using your admin user name (the new name that you assigned to the “admin” role). If hackers cannot get in using “admin” and they really want into your blog, they will try to get in using an author name.

If and when a hacker finds your blog, the default “admin” account will be missing and they won’t have a starting point to work from.

You have now greatly improved the security of your blog. If you need help, feel free to contact me.


Michael Lee Joshua is a happy grandpa and a freelance writer. He is also skilled in SEO techniques and can help you find and dominate your niche on the internet. Visit his blog or contact him through his website at www.GrandpasHeart.com or his SEO site at www.PayNoPostage.com.

Comments 0

Leave a Reply

Your email address will not be published. Required fields are marked *