How to Protect your Blog from being Hacked

There are  many different ways that your blog, or CMS (Content Management System) based website can be hacked. A  variety of techniques are used, from simply guessing a password to an administrative part of website or shoulder surfing to more technologically advanced method such as SQL injection, rainbow tables and more. Although there is a variety of techniques available to hackers if the hacker is experienced and really wants access to your site, they’ll most likely gain it sooner or later, most people make it easy for beginner hackers, or “password guessers” to get access to your blog or website. Here is the list of most common mistakes people make that makes their site susceptible to hackers:

  1. Most people use default backend access page.Most people don’t even think about it as a security bridge and simply choose default administrative login page such as wp-admin for wordpress and admin for most other CMS systems. By leaving the default page, you make it easy for hackers since now they don’t even have to guess where to begin hacking. The admin login page is one of the best places to try to gain access to entire site.Solution: This is a very easy fix. Most content management systems have this covered for you in installation process. You can simply choose different login page. It will give you much greater security by choosing something other than admin. For ultimate security it is recommended to choose random string of numbers, letters and dashes.
  2. Don’t use Admin as your admin name.About 60% of people use admin as their admin login name. It is also offered by default in majority of content management system, therefore many people just choose it. By leaving your backend access and admin as your admin name you almost complete the hacking job yourself! All thats left for hackers to do is to guess or hack your password.Solution: It is also as simple as choosing different admin(user) name for you login during installation, and if your blog or CMS already installed it, it’s as simple as logging in  and requesting a different login name. It is recommended to choose something other than Admin, your personal name and your known nicknames (such as twitter handle or other social network nickname). For ultimate security, choose a random string of characters, numbers and letters. Also, if your CMS is case sensitive, mix some upper scale letters in.
  3. Choose a strong password.On top of the first two security issues mentioned, most people choose very simple passwords, such as a sequence of numbers from one to six or all letters from bottom of keyboard. This makes a “guess job” very easy a easy for hacker, but even more complex phrases can be hacked. There are large databases of the most common passwords readily available for hackers. They can copy it and try them out on your backend.Solution: Choose complex password with minimum of 10 characters which contain numbers, letter (upper and lower scale) as well as numbers. Be sure not to use passwords that could be associated with your name, nick name or famous characters or people.

With these few simple tricks you can drastically increase the security of your blog or content management system. Many people ask “How would we memorize all those long strings of characters that don’t make any sense?” Well, the solution for that is pretty simple – use a password manager tool. They vary from some simple and free solutions to more complex USB based solutions .These will give you the ultimate protection of your passwords and logins.

Mars Cureg

Web designer by profession, photography hobbyist, T-shirt lover, design blog founder, gamer. Socially and physically awkward, lack of social skills, struggles to communicate with anyone who doesn't have a keyboard. Willing to walk to get to the promised land. Photo and video freelancer, SEO. Check out more on my Google+

You may also like...

  • ask upline

    My tribute site and forum site has been hacked. I know it when my hosting provider suspend my account. I agree about admin user name, the hacker will only guest the password to get access. Now I am using different user name for admin access. I hope this awareness let be known to the newbies.

    • i have been hacked twice and i learned the lesson, it cost me more than 1000

      • dlysen

        I’m sorry to hear that, but you and I we’re not alone. It happen to me more than twice. I am just thankful to my hosting provider that they are monitoring my activity.

        • Good thing that your hosting do that, but mine, I was the one who is informing them 🙁

  • kyrul

    for wordpress, we should setting up the permission of each files in the file manager correctly .this is to prevent from hacker steal our data .

  • Pingback: How to protect your Wordpress blog against hackers - Webmaster Forum()

  • I am really impressed with your writing talents and also with the structure on your weblog. Is that this a paid topic or did you modify it your self? Anyway keep up the excellent quality writing, it’s rare to look a nice weblog like this one nowadays..