Don’t Make These Mistakes with Your Blog Security

By: | December 8, 2015 | Tags: , , , , , |

#Blog Security can be a problem for #bloggersAre you concerned about hackers?

Are you worried about the security of  your blog?

Should you be?

Blog security is a blog topic this site has not yet explored.

My guest author, Keith Lunt from 13 Week Challenge, is here today to help us explore it.

Keith, take it away!

Hackers want to break into any blog and that includes yours. It doesn’t matter whether it’s a big site or a brand new blog; if they can gain  entry into your blog, then they can control it and go about their activities anonymously.

Don’t think that just because your blog is new, doesn’t have much traffic, doesn’t have many pages etc that it is safe. I’ve seen daily hacking attempts recently on sites that are from 4 weeks to 4 years old.

Whether you are using (“Hosted”) or (“Self-Hosted”) there are some vital tricks to help protect your site from intrusions. On the Self-Hosted version there are a lot more levels of security that you need to apply yourself, which are otherwise looked after by WordPress on the Hosted version, but for now I’m going to look at the basic tricks that any blog owner can do whether they run their blog on WordPress, Blogger or any other provider. In fact, the first two tips apply whenever you are using anything on the internet that is password protected.

How to Improve Your Blog Security

Use a Secure Connection

Whilst at home then you should be fine, assuming you have your wi-fi correctly set up. Bu,t if you are using a public wi-fi, make sure it is a secure connection before entering your password. If not, there is the risk that someone else could be “listening” in to your connection.

Keep virus protection up to date on your machines and remember to log off if it’s not your own machine.


Use a Strong Password

Hackers will try to attack your blog using ‘bots’. They can try hundreds of potential passwords every few seconds. If you have chosen an obvious password (e.g. password, password1, letmein, 123456, 12345678) then they are going to guess that in the first second or two.


Use a combination of upper and lower case letters, numbers and symbols and is at least 8 characters long. Now it’s going to take a long time for their bot to guess the right combination and before that happens they might try elsewhere and / or other protection on your site kicks in. Have a look at the list of passwords hackers have used when trying to attack my blog at


Don’t Be “Admin” or “Administrator” (Self-Hosted)

‘Admin’ used to be the default username on all new blogs and I’d say that in 99% of the cases of someone trying to hack my blogs, they are using one or the other of these 2 user ids.


If you have already setup your blog and are using one of these, then it’s difficult to change it, but not impossible. Log in and create a new administrator with a more secret name. Give it a nickname to display that doesn’t give the name away and then log off and logon as the new user.


Finally, whilst logged on as the new admin user edit the old admin user. Changing them to a subscriber will prevent any damage should they be guessed, or delete them and move all posts to the new user.


Don’t Give Away Your User Id

If a hacker tries to use a robot to guess your password then they also have to know your user id. If you can hide your user id from them, then they have to guess not only your password, but also your user id.


In self-hosted WordPress, it’s quite simple. Go to the users’ section, click on your user id to edit it, and scroll down to Nickname and edit that.


For the Hosted WordPress, it can be more tricky because there are several ways of giving away your user id, but if you click on your profile picture to edit your profile, then Account Settings, you can change your Username there. Make it something secret and on the My Profile screen ensure that the Public Display Name is not giving the game away…


Keep A Private Email Address

If you display a contact email address on your blog, don’t display your blog admin email. It’s a dead giveaway to any hackers what your registered email address is and might be usable for logging in. If you have displayed the email address create a new one, e.g. gmail, and then change your admin to use the new “secret” email address.


If you own your domain name and can administer emails then you can have 1 address that’s public and others that you use for services that simply forward to the main address. You then only collect email from 1 address, but you keep the secret address to yourself.



I promised Janice I’d keep this simple and aim at all WordPress users, but if you are using a Self Hosted version then plugins can be very useful. If you want to know more, then there are some suggestions on my blog (, and if you leave a comment below, if there is interest, I can follow this post up with another one looking at useful security plugins.


Have you had your blog hacked in the past (I have!)? Have you detected and blocked hackers attempting to gain entry (I have…)? Let me know your thoughts and any other tips you’d like to share in the comments.

Admin Blogger’s Commentary

Keith did an amazing job with this post. He mentioned my concerns that it would only be helpful to self-hosted bloggers. However, he managed to write a post that was relevant to everyone.

Readers, please share Keith’s post. Internet security is a real concern these days. Keith has been generously devoted his time and knowledge to writing a thorough checklist of all we can do to protect our blogs from hackers.

When you are done sharing and thanking Keith in the comments section, go show him some blog love and visit his fascinating site, the 13 Week Challenge.

Related Post:

8 Backlinking Mistakes that Every Blogger Should Avoid

  1. John Doe

    This was a great post on security; thank you for having such a knowledgeable guest blogger. Sometimes we all lose sight of security, and he has turned on the light

    • Keith Lunt

      Hi John, glad you appreciated the post. Sadly, security is something that a lot of people think of only after the event, so it’s well worth reminding people frequently.

  2. Patrice M Foster

    This is a comprehensive list on blog security. My wordPress blog has never gotten hack. Now I am arm with knowledge to deter the hackers thanks for sharing.

    • Keith Lunt

      Thanks Patrice. I see that you use Self Hosted WordPress. I tried to keep the post relevant to all bloggers, but there are various plugins when used together really make WordPress much more secure, so don’t forget to look at them too.

      • Patrice M Foster

        Keith Lunt, Thanks for the information about the different plugins for WordPress this was new to me. Your blog post had a lot of resource and tips will continue to explore.

    • Janice Wald

      Hi Patrice,
      I am glad you liked Keith’s post and found it valuable..

  3. Jeanette Hall

    Had an old site (not wordpress hacked years ago) lost thousands of dollars over the hack. About cost me my marriage. My site follows all the security suggestions in the gentleman’s post.

    • Keith Lunt

      Hi Jeannette,

      Sorry to hear you lost a site to hackers. It’s horrible what they do when they get access and amazing the efforts that they go to in order to break into a site.

    • Janice Wald

      Hi Jeanette,
      How awful. You are brave to stick with blogging. I bet the experience would have turned others away.

  4. Melinda

    Great guest post, Keith.
    Janice, thanks for having him. It’s a topic of concern for all of us!
    Your BBFF, Melinda

    • Keith Lunt

      Glad you enjoyed it Melinda! Using the hosted WordPress gives you a degree of security, but never 100%. So stay secure.

  5. Barb

    Thank you for a very useful and informative post Keith, and thank you Janice for sharing it.
    I am going through all my settings now, making sure I am better protected.

    • Keith Lunt

      Thanks Barb,

      I notice that you also use the self hosted version of WordPress. Make sure you are using plenty of security plugins. I recently watched as a hacker spent a day trying to guess my password. They were using the wrong userid, so never any possibility they would get it right, then I activated the other plugins and locked them out!

    • Janice Wald

      Hi Barb,
      Nice to see you (and the cute dogs in your avatar) again. I am glad you enjoyed Keith’s post. Thanks for the visit and the comments.

  6. DGKaye

    Wow, this is a great post, chock full of information. And I don’t mind saying I’m confused lol. My blog is self-hosted. I originally hired a web designer to make and manage my site. I eventually had to let go of his services and learn the techy dashboard by myself. He initially filled in all the user info, it was tricky just getting him off as an admin. But I think all the no, no’s you’ve mentioned here are happening on my blog. My user id , display, and nickname are the same name, and they are my public name. It says I can’t change my user name? I am listed as administrator too. I have a managed hosting now with Godaddy and I have sitelock. I’m so confused where to begin.

    • Keith Lunt

      Hi DGKaye,

      I have heard such stories many times of designers using WordPress and not fully finishing / understanding the basic security steps. You are certainly not alone. You can’t directly change the username, you need to create a new user and delete the old one. It’s not as hard as it sounds but to help you I’ve just published a post to my blog with screen prints to show the steps needed.

      Hope you can follow them, let me know how you get on!

      • Janice Wald

        Hi Keith,
        That is so kind of you. You are still getting traffic from my site. One can see why. You are so supportive of other bloggers. We all really appreciated your help this week.

  7. Pingback: My Article Read (12-8-2015)
  8. Michelle Malone

    HI Janice,

    I’d love it if you could add my link to this page. It’s My niche is spiritual growth.

    • Janice Wald

      Hi Michelle,
      I don’t have a Spiritual Growth niche. I can start one, but you’d be the only link with no one to swap with. Should I do that or add you to personal growth? I don’t see anything else close.
      Once again here is the link, so you can review the categories:
      Thanks for your interest!

      • Janice Wald

        Please let me know. Thank you for subscribing to my MailChimp Email list. I sent you an invitation to pin to our blog Community board.

Would you like to share your thoughts?

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.