Securing Your WordPress Blog

In the past few days we’ve seen a few high profile WordPress accounts getting hacked by SEO spammers. Most notably, Techmeme and The Next Web. The spammer was able to access the blogs by hacking one of their editor logins. He then proceeded to add anchor links and title tag links in order to get link juice and increased rankings.

Worst of all the spammer was trying to sell SEO! This is the kind of thing that gives us a bad name. We should rally together with our pitchforks and torches and go after him. But that’s another post for another day.

The good news is that there are some simple steps you can do to lock down your WordPress blogs and make sure this type of thing doesn’t happen to you. I’m going to run through a few of my favorites in this post, but if you have any other methods you use please post them in the comments below.

Login Lockdown

This plugin should be part of your initial WordPress install. It limits login attempts, allows you to set the number of retries, and let’s you select the the lockout length. I do wish it had better logging features, but potentially it will in future releases as it’s in active development.












Information | Download

Secure WordPress

This plugin is a bit more advanced, but includes dozens of security tweaking features. You can do things like add an index file to the plugin directory, and block queries from harmful sites.














Information | Download

As always, these plugins are something that come standard when we do a website build for a client or if they are an SEO Localize client on WordPress. If you need help setting these up or would like us to take a look at your site and see how vulnerable it is, contact us.

Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>