Best 3 ways to protect your blog from hackers and malware
Wrong email or password! Try one more time.

Forgot password?

An account with this email already exists.

An email with a confirmation link has been sent to you.

Did you forget your password? Don't panic. Enter your email address,
and we will email you a link where you may create a new password.

If this address exists, we will send you an email with further instructions.

Back to authentication

How to protect blog from hackers?

How to protect blog from hackers? - answered by Matt Cutts


That’s a common problem especially for popular blogs with a high PR. There are some advices which will help you to avoid most of hacker’s attacks. You should always make sure that you are running the latest version, usually the latest versions are more secure than the old ones. You can change HT access file from your wp-admin page to allow access to only a few IPs and you should always pick a strong password. That could help.


Matt's answer:

That’s a very good question. And the fact is that since WordPress is so popular, and so widespread, it is subject to a lot more attempts by hackers, especially people that have figured out that there are old versions of WordPress that are a little easier to exploit. So the very first thing that I do, is I try to make sure that I always have my server patched up-to-date.


You want to be running the latest version

I think as of this video it is 2.9.2, but already they’re out testing version 3.0. I’m sure that will have a lot more security as well. The other big thing that I do, is you can change your HT access file, .htaccess, which is in wp-admin, and you can basically say, you know what?…only a small number of IP addresses, the ones that I basically, what are called whitelisting, listing out explicitly, are allowed to access my wp-admin directory. So what that does, is it says, if you’re just coming from the general internet, you can’t log-in; you’ll get a 403, you’ll get a forbidden error. But, if you’re coming from, say my home IP address, or Google’s corporate IP address, or maybe a small number of IP addresses that I’ve very deliberately chosen, then you are allowed to log-in.


Try to pick a relatively long password

So that is the number one way that I protect myself. Besides being patched, try to make sure that you set something so that the hackers can’t get to your admin directory, unless they’re are coming from a specific small set of IP addresses. That might not be perfect, for example if you’re web host happens to get hacked, and people can read database passwords of other customers, or stuff like that, that’s not going to protect you very much. But I would at least do those two things, and that will help keep your WordPress, or any other piece of software, from potentially being hacked.

by Matt Cutts - Google's Head of Search Quality Team


Original video: