Above Header

10 WordPress Security Holes You Must Close To Protect Yourself Online

 

donnamerrilltribe.comI was having so many problems not only with my blog, but more importantly with the membership site I had created for my product.

This had me in a tizzy… everything was done, but my hosting company wasn’t able to connect different sites properly for me, nor were they helping me when I asked for support.  Instead, they told me it was my fault.  This is an all too common problem with using a shared hosting site. 

I was lost for what to do, until… I got in touch with  Kumar Gauraw’s  Krishna World Wide Hosting. BOOM… Problem solved, and no more monkeying around with plugins or techie stuff I can’t even describe… not me!

 

Kumar’s hosting company impressed me so much with the quick customer service and meticulously managed care.  Everything was taken care of for me, and I was able to finally on with marketing again, instead of tinkering.

I decided to invite Kumar to my blog to explain some important things that I think my readers ought to know.

 

Here, Kumar will explain 10 WordPress Security Holes You Must Close To Protect Yourself Online.   So, take it away, Kumar…

 

When you are self-hosting your website, it is very exciting but you also assume the responsibility of protecting your home on the internet while you grow your business online.

 

Internet is a scary place as you know it. Often, we hear reports of brute force attacks or a major site being hacked in one or the other way. And that only tells us that our website security is a risk and we need to take and put our best efforts to protect ourselves against such things.

 

The Challenges With Self-Hosted Sites

Because of being in the Managed WordPress Hosting business, I get to review many websites (for our existing clients and prospective clients) and here are a few things we find which are not even known to them until I show it to them:

 

1. Using “admin” As Administrator

Every WordPress installation creates the default “admin” user automatically. Therefore, many new bloggers get used to using this account and keep using it forever.

 

It doesn’t hurt as long as you are a small site which isn’t getting any traffic or attention.

 

However, imagine that the whole world knows your administrator user ID if you are operating as the “admin”. So, half the work of hackers is already done with your help. It is that dangerous to keep this user as your administrator.

 

Solution: If you still have the “admin” user, it’s time to create another administrator user for yourself with a strong password and then downgrade the privilege of the “admin” user if you do not want to drop it.

 

2. Using Weak Passwords

I have seen live websites of some of the regular bloggers with password as “admin1234” or “testing123”, “password12” etc.  

 

How difficult is it for intruders to try these and get into your admin area if this is you?

 

It is very important to use tough passwords and passwords that are unique to your website. I prefer to keep my passwords at least 15 characters long and preferably 22 characters as much as possible.

 

Solution: If you still have easy to guess passwords on your site, you may want to visit this website and generate a strong password for your administrator account and reset your password.
 
This may be the one thing that can probably be a life saver for you the next moment because you never know who is trying to get into your website right now.

 

3. WordPress Installation Not Locked Down

This one is a big concern. This is in addition to the above and it is a much broader area. In fact, this encompasses many vulnerabilities within a WordPress installation such as:

People can go to a browser and say http://DomainName.com/wp-content/ and browse through their website’s directory structure.

  • People can go to a browser and say http://DomainName.com/wp-includes/ and browse through their directory structure.
  • Their .htaccess file itself isn’t protected.
  • Their wp-config.php is not protected exposing their database and probably database username and password as well.
  • Their install.php, upgrade.php in admin directories are still not deleted or at least, protected.

…and so on. All of these security vulnerabilities can make hacking your website easier for your intruders.
Solution: Your website security should be your primary concern for sure. Imagine going through the pain of fixing your website after a hack or infection and that should motivate you to take your WordPress security as your top priority.

 

What you need to do is, get professional help in setting this up for you in case you are not sure how to do this.

But, if you do have a good handle on technical aspects of your website maintenance, install a good security plugin like WordFence Security and start to tighten your security today.

 

4. Not Tracking Unauthorized Login Attempts

You may have heard about Brute Force Attacks and DDoS attacks in recent months a lot. These attacks are aimed at bombarding your website’s wp-login.php with login attempts (mostly using the default user “admin”) to make your web server give up and die.

 

Now, if you have a way to know that your website is being attacked, you can do something about blocking those IP addresses which are trying these attacks. That is a good place to begin the protection against such attacks.

 

However, most self-hosted WordPress users don’t even have any way to even know that they are being attacked. They have no idea if somebody is trying to log into your website in an unauthorized way, right now.

 

Solution: If you haven’t installed it yet, get an awesome WordPress plugin called “Limit Login Attempts” and set it up correctly to ensure you get notified as soon as a set of unsuccessful login attempts are made.

Not only that, the plugin also blocks the infiltrating IP address for a number of hours defined by you. It is a must have plugin for security of your WordPress installation.

 

5. Not Keeping Themes And Plugins Updated

WordPress updates are released from time to time to fix bugs, introduce new features and also to patch security vulnerabilities.

 

Whenever WordPress releases new patches, it is very important to implement them. The same is true for plugins and themes updates as well.

 

I know that many of you feel trepidation when it comes to updating WordPress, afraid that it might break your theme or disrupt a plugin’s functionality. My response to this is simple: if you’re afraid of it, then you need to re-evaluate your theme and plugin strategy. Your theme will certainly get disrupted when a hacker injects half a page of a nasty encrypted code into it.

 

If a plugin or a theme isn’t updated regularly, then you are putting your website at risk.

 

Solution: Always keep your WordPress updated. Always keep your plugins updated. Always keep your themes updated. Whether or not a plugin or a theme is active, keeping them active is your need.

 

However, REMEMBER to take a backup before doing an update so you can be able to restore your website in case an update breaks your website for any reason.

 

6. Too Many Inactive Plugins And Themes

WordPress Plugins are awesome and we have plugins for pretty much getting anything and everything done by just using a plugin or two.
 

But, it so happens that a lot of us keep adding plugins into our WordPress installation and then forget to delete them even if we are not using them. I have come across such situations a number of times. It’s sometimes amazing to see that some webmasters had more inactive plugins than active ones.

 

The problem is, inactive plugins are usually not updated and that means it creates a security risk in case the plugin has one. Therefore, my question is, why should I keep a plugin and let it occupy memory and resources on my server if I am not even using it?

 

The same applies in the case of themes too. Too many themes (when you can really have only one active at a time), is a waste of space and a security risk.

 

Solution: If you have a few plugins or themes that you are not using and don’t plan to use, remove them. If you ever need them again, you can always put them back. But, for now, remove them.

 

7. Disregarding Website Loading Speed

Your website’s loading speed (also known as page speed) has become one of the most important factors of your overall ranking in recent months. Everybody is talking about it because a better ranking on Google means better traffic, and having better traffic means a better business. It’s all interlinked.

 

Now, I have seen many awesome websites with great content which load very slow. I mean, why should you allow your website to load in 10 seconds when it could load in under 2 seconds?

 

But guess what?  A lot of WordPress sites are too slow, mostly because of ignorance about it from the website owner. It costs in terms of traffic and people don’t even know that they can test this and improve this.

 

Solution: Test your website’s loading speed using such tools as Pingdom Tools and WebPageTest.org. If those websites show that your website is loading slow, you should be concerned and talk to your web hosting service provider to explore your options to speed up your website.

 

Sometimes, you may have to do your database optimization, removal of unwanted plugins and themes and optimization of images etc.

 

For Krishna World Wide clients, we take this responsibility and we ensure that our clients get the optimal performance they can get. We test their sites and provide them our suggestions and solutions as we find applicable to each of our individual client.

8. Failure To Keep Regular Backups Taken

When you are hosted in a shared environment, you know you need to do it it and you should take it very seriously.

 

But I have seen that many webmasters do not have a process to take automatic and regular backups of their websites.

 

Sometimes, they don’t know because they assume that their web host must be doing it for them. Some others don’t feel like taking it regularly.

 

In both cases, if something goes wrong, your website is under high risk. If your web host’s backup copy (if they are taking one) is corrupt for any reason or the server crashes or the hard disk fails, all of your website content can be lost.

 

I think that is a great risk and no blogger should knowingly take this risk. After all this is your content, this is your legacy and you don’t want to keep it so unprotected.

 

Solution: Ensure you have a dependable backup strategy in place. You can schedule an automatic backup using cPanel if you feel comfortable.

 

Or, you can sign up for a tool such as managewp.com or VaultPress.com and schedule an automatic backup to be stored on cloud or any third party location (such as Dropbox) where you feel it’s safe to keep your backup.

 

9. Not Keeping Your ‘MySQL’ Database Optimized

This is a kind of repetition of point number 7, but it deserves a separate mention because of its importance.

 

A bloated MySQL database means a bloated WordPress website and that means a significant slowdown in your page  loading speed. The larger the size of the table, the more time it will take for WordPress to find the data needed to render your pages. So, you want to make sure your MySQL tables are optimized on a regular basis.

 

I recommend optimizing your MySQL tables once every 15 days if you are a blogger with a lot of comments (and spam comments) because comments consume a lot of disk space and spam comments are unnecessary anyway.

 

Solution: You can optimize your MySQL regularly using two/three methods. All of these options are very effective and depending upon your comfort level, you can choose any one:

  • Use cPanel method for optimizing your MySQL. Login and use myPhpAdmin to optimize your tables. I prefer this over the next one.
  • Install a WordPress plugin called WP Optimize and use it conveniently from your WordPress admin to perform the action.
  • Signup for a service like managewp.com and get it done along with backup. This option will cost you money. But it’s worth it.

 

10. Not Monitoring Malware

This is one thing is considered a premium feature and most bloggers and small business owners ignore this. When you are not monitoring your website for possible malware attacks, obviously you will not be able to protect yourself. It’s that simple.

 

However, people don’t implement this feature because they think it’s not worth the investment.

 

But they couldn’t be more wrong. Once a website is infected, the cleaning service costs way more money than paying for protection in addition to the downtime which hurts you anyway every time your site is down.

 

Solution: Sucuri is one such service I highly recommend for malware monitoring. They do a great job of server-side scanning of your websites every 4 to 6 hours without overloading your server and help you detect any suspicious activities.

 

That is why we’ve partnered with them for the server-side scanning that we add to all the websites of all our Krishna World Wide Hosting customers. If you are hosted with us, you have nothing to worry about because Sucuri is already monitoring your websites every single day.

 

If you are not hosted with us, it is a good idea to subscribe to Sucuri and benefit from their world-class service and have a good night’s sleep knowing that you are being protected by professionals.

 

We Do It All For You At Krishna World Wide Hosting

Imagine you have all of the above problems taken care of for you by your web host. This is what Managed WordPress Hosting is all about. This is what we offer at the Krishna World Wide Hosting.

 

I’ve already told you about the server-side scanning by Sucuri. But the internet is always evolving and we can’t be 100% sure that we cannot be hacked or our sites cannot be infected by any means, although we strive for it.

 

Because of this risk, we also provide a malware cleanup guarantee to all of our customers at no charge. And that’s far from the only reason why our Managed WordPress Hosting is a great choice for the security-conscious and bloggers who want optimal performance for their WordPress powered websites.

 

If You Are In A Shared Hosting Service

If you are on a shared hosting server, that itself is a great risk because your threat is simply multiplied by the number of WordPress websites on the server where you are hosted. If any of the websites get hacked, your chances of being hacked dramatically increases.

 

And on top of all that, think of the toll it takes on your overall loading speed and scalability.

 

If you are serious about all the issues I have discussed so far and you still want to go with a shared hosting company, find a web host that takes security seriously. It should be one of your most important criteria.

 

Even then, you will have to personally take care of all the above 10 risk factors yourself and maintain it. Yes, it may seem like a tedious task. But let me tell you, it’s worth the effort and I highly encourage you to take time to look after these issues.

 

Donna Merrill
Donna is a well known blogger and creator of "Blogging Magic" - an intensive guide to blogging. "Blogging Magic" is for beginners who are trying to figure out how to bring their blogs to life with tons of visits, comments and social media interaction. It's even for advanced bloggers looking to reach new levels of authority and engagement with their audience.

, , ,

100 Responses to 10 WordPress Security Holes You Must Close To Protect Yourself Online

  1. Kumar Gauraw
    Twitter:
    March 10, 2014 at 12:45 am #

    Hi Donna,

    Thank you for being such an awesome host and having me as a guest author today. I am truly honored to be here and share a few things with your community.

    Warm Regards,
    Kumar
    Kumar Gauraw recently posted..A Comprehensive Guide To Personal Branding For EntrepreneursMy Profile

    • Donna Merrill
      Twitter:
      March 10, 2014 at 12:50 am #

      Kumar,

      I am thrilled to have you here. Many people are asking me about the journey I went through with my production.

      You have helped David and I so much. We are in love with Krishna Worldwide Hosting.

      Also, your customer service is awesome!!!

      I’ll be connecting with you soon for more updates on my blog.

      Thanks for being here,

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  2. Harleena Singh
    Twitter:
    March 10, 2014 at 1:32 am #

    Hi Kumar, and welcome to Donna’s blog :)

    Trust you to come up with such an informative post! I think you’ve shared all the goodies in here with us.

    Honestly speaking, I’ve not had a major issue with my hosting, and whenever there is a little downtime, their customer support is very good, so it’s resolved within a few hours if not earlier. But I can imagine how tough it gets when things aren’t resolved, just as in Adrienne’s case, and perhaps Donna’s too as she mentioned, when you need better or other alternatives. It’s good that you are there :)

    Yes, I do most of the things you mentioned and with WordFence, the security is quite tight. I agree about the strong password, which we should keep changing often, just being on the careful side. Updating your theme and not adding too many plugins are so essential too.

    Thanks for sharing. Have a nice week ahead, both of you :)
    Harleena Singh recently posted..20 Inspiring Women Bloggers of Aha!NOWMy Profile

    • Kumar Gauraw
      Twitter:
      March 10, 2014 at 1:47 pm #

      Hi Harleena,

      Glad you found it valuable and even more so glad that you are already taking care of most of these security holes yourself. That is what a serious blogger would do.

      Thank you for sharing your experience. And yes, I am there in case you start to face some of the challenges Donna faced, sure! :-)

      Have a great week!

      Regards,
      Kumar
      Kumar Gauraw recently posted..How To Get Full Attention Of People Who Love Their PhoneMy Profile

      • Donna Merrill
        Twitter:
        March 10, 2014 at 8:44 pm #

        Hi Harleena,

        Kumar mentioned that our theme must be updated….Gosh I better get my act together quickly because my theme is 4 years old. Yikes!

        I just need to do one video for the new opt-in I have planned to turn over the information to Kumar.

        Krishna World Wide’s team is amazing when it comes to this. Easy peasy for me! All I have to do is tell them what I need.

        -Donna
        Donna Merrill recently posted..Getting My Product LiveMy Profile

  3. William Butler
    Twitter:
    March 10, 2014 at 4:01 am #

    Hi Donna! … Hi Kumar!

    Nice to see you here on Donna’s website, and great info for all, too!

    As to point one, Kumar, I think it’s worth removing it altogether too, but I also toss anyone trying to crack it into Cloudflare threat control. May as well convince them to keep knocking on a door that doesn’t exist 😉

    I, too, am an advocate of long and strong passwords. That in itself is a great help.

    Have a great day and week ahead. :)
    Bill
    William Butler recently posted..25 Life Observations From A ShoeMy Profile

  4. Amit Verma March 10, 2014 at 4:56 am #

    Hi Kumar,

    Nice to see you here on Dona’s blog and its awesome to get your useful tips on how to protect your wordpress site. Yep agree with you that we have to regularly backup our site because shared hosting can go down anytime and if anything happen we don’t have anything to backup our site although they provide backup services. I prefer Cloud Hosting because it’s best for your business or high traffic site you don’t face any downtime issue.

    Malware and virus or site security issue the best solution is SiteLock – SMART & SIMPLE WEBSITE SECURITY it keep tracking your website and if anything found unsafe it let’s you know before it’s too late.

    Thanks for your tips. Have a great day. ((Hugs))
    Amit Verma recently posted..Scanning Through The Past, Looking To The FutureMy Profile

    • Kumar Gauraw
      Twitter:
      March 10, 2014 at 1:52 pm #

      Hi Amit,

      You are right about Cloud Hosting. However, I would still prefer to have my own backup in my control because you never know when you may need it.

      Thanks for your feedback and hmmm… I need to check SiteLock because I have not looked into them so far. I largely depend on Sucuri because of their awesome support and also because I have them as a premium service on all websites hosted on my servers.

      But then, it’s worth checking and surely I will. Thank you for the recommendation.

      You have a great week as well my friend!

      Regards,
      Kumar
      Kumar Gauraw recently posted..How To Get Full Attention Of People Who Love Their PhoneMy Profile

  5. Susan Cooper
    Twitter:
    March 10, 2014 at 10:13 am #

    These are very good points and great tools to be aware of, Kumar. I’m pretty lucky in I have someone manage my site for me. He stays on top of all my website updates, security items and monitors much of what you’ve mentioned. Nevertheless, I’m forwarding this to him for review because, who knows, there may be some stuff he could find useful. :-)
    Susan Cooper recently posted..Letting Go: Story (Podcast)My Profile

    • Kumar Gauraw
      Twitter:
      March 10, 2014 at 1:54 pm #

      Hi Susan,

      Wow! Glad to know you have somebody who is taking care of your sites with care. I can imagine how much pleasure it is to know that somebody has my back so I can focus on what is important to me and my business.

      Thank you for your feedback and glad to know you liked the information :-)

      Regards,
      Kumar
      Kumar Gauraw recently posted..How To Get Full Attention Of People Who Love Their PhoneMy Profile

  6. Jennifer Kennedy March 10, 2014 at 11:46 am #

    You’ve definitely given me more to think about in terms of security!! I was really lazy about this up until recently!!

    I have downloaded WordFence and it has been a good tool to alert me to logins, plugins that need to be updated, and attempted malicious logins. Matter of fact, I had one recently which prompted me to change my username and password!!

    I’m realizing that I have more to do in terns of protecting myself. Next on my To Do is to check the plugins and keep them updated! Thank you so much for helping me keep this top of mind!
    Jennifer Kennedy recently posted..How to Make a Fillable PDF with PDFescapeMy Profile

    • Kumar Gauraw
      Twitter:
      March 10, 2014 at 1:58 pm #

      Hi Jennifer,

      WordFence is a great plugin to harden the security at the DNS level and we should all use them especially because it’s free.

      Since I use Sucuri, I don’t need it and neither do any of my clients. But, if you are on a shared environment, it is a great tool for peace of mind. Glad you are using it!

      Thank you for your words of appreciation and sharing your story!

      Regards,
      Kumar
      Kumar Gauraw recently posted..How To Get Full Attention Of People Who Love Their PhoneMy Profile

      • Donna Merrill
        Twitter:
        March 11, 2014 at 2:41 pm #

        Thank you Jennifer for your sharing.

        I just cannot keep up with all these plug-ins and how the work or do not work with others.

        That Is why I made the decision to go with Kumar’s hosting.

        No more headaches or wasting time figuring things out.

        -Donna
        Donna Merrill recently posted..Getting My Product LiveMy Profile

  7. Corina Ramos
    Twitter:
    March 10, 2014 at 12:33 pm #

    Hello Kumar,

    Thanks for such an informative post. These are very helpful reminders.

    I’ll admit I have to be more consistent in doing some of these steps. You’ve given me a great idea to update my to-do list and be more specific with what I have to do instead of just putting “blog maintenance”.

    Thank you for putting this together for us. Have a great week ahead you two :).

    ~ Cori
    Corina Ramos recently posted..I’m Every Woman Weekly Linky Blog Party 03-10-14My Profile

  8. David Merrill 101
    Twitter:
    March 10, 2014 at 12:35 pm #

    Thanks for this comprehensive guide to wordpress security, Kumar.

    Although you are managing my most important sites (thank goodness!)… I also have others that remain in a shared hosting environment.

    I’m glad to have this information so I can better secure them until I move them to managed hosting, which I will do as they gain in importance to me.

    I was interested to hear about theme updates because I use a theme that is no longer supported and NEVER has updates. I suppose it’s time to change that out.

    Thanks for having a great guest this week, Donna.
    David Merrill 101 recently posted..What Traffic and Conversion Strategies Do You Use?My Profile

    • Kumar Gauraw
      Twitter:
      March 10, 2014 at 2:05 pm #

      Hi David,

      A theme update is something that really depends on how vulnerable it is. If it is one of those free old themes, it’s a good idea to get rid of it.

      If it is a premium theme, it’s a good idea to check with it’s author to see if he/she can provide some update or if there is a security risk associated with it because it hasn’t updated in years…

      However, if you know it’s outdated and probably it needs to go, I will say go ahead and get rid of it :-)

      Thank you for the appreciation David and Donna. It has been a pleasure to serve you.

      Regards,
      Kumar
      Kumar Gauraw recently posted..How To Get Full Attention Of People Who Love Their PhoneMy Profile

      • Donna Merrill
        Twitter:
        March 10, 2014 at 8:52 pm #

        In reply to David’s comment,

        We both need to get new themes. The person who did ours 4 years ago has vanished :(

        Kumar, soon I will be in touch to get this whole darn blog redone by you and your team.

        Just need to make a list of things to do.

        I am so glad I found you!

        -Donna
        Donna Merrill recently posted..Getting My Product LiveMy Profile

  9. Janet Johnson March 10, 2014 at 2:55 pm #

    Great article Donna! Very useful information to have on hand to keep your site safe! Thanks.

    • Donna Merrill
      Twitter:
      March 10, 2014 at 8:53 pm #

      Hi Janet,

      Thanks for coming over! I am happy to know that you found this useful.

      There is so much stuff out there that can cause trouble on our blogs, it is amazing.

      If I had to do it myself, I would never get anything done!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  10. Debbie March 10, 2014 at 3:31 pm #

    I like they tips Donna. I am not the most technical person in the world, i do have a guy that take care of all that stuff for me. Thank heaven, or I would be in trouble.

    The password and the admin thing is one he taught me right away and fixed.
    Have a great day,
    Debbie
    Debbie recently posted..How Single Mom’s Are Sexy WarriorsMy Profile

    • Donna Merrill
      Twitter:
      March 10, 2014 at 10:03 pm #

      Hi Debbie,

      Thanks for stopping by. Good to know that you are in good hands. I am not a technical person at all. Well, I choose not to be because I rather create.

      Working with my husband, he does most of it. But when things get beyond us, it is time to go to “the big guy” Kumar! He has helped us so much, it’s incredible.

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  11. Kyle Nelson
    Twitter:
    March 10, 2014 at 4:56 pm #

    This article was filled with amazing tips and security holes i need to take a deep look into in several of my sites. Recently I have dealt with a few DOS attacks on a site of mine and it has been a pain in the rear end! I think the biggest thing i need to so is move my current blog a non-shared server. One of those things i just got to do and haven’t. It is amazing how many things can quickly become overlooked!
    Kyle Nelson recently posted..My Thoughts On The Success IndicatorMy Profile

    • Kumar Gauraw
      Twitter:
      March 10, 2014 at 7:15 pm #

      Hi Kyle,

      I am glad to know you found this useful in your blog management strategy. As far as I am concerned, if this helps you make improvements in your blog security, the purpose behind this article is well served.

      Shared hosting is a great place to start. But, as we get serious about our own blogs, we must make adjustments in the strategy, get serious about our blog’s hosting and treat it like a business.

      I am glad you are thinking about getting out of shared environment and thinking about getting serious. Please let me know if you need any help from me or my company.

      Regards,
      Kumar
      Kumar Gauraw recently posted..How To Get Full Attention Of People Who Love Their PhoneMy Profile

      • Donna Merrill
        Twitter:
        March 10, 2014 at 10:06 pm #

        Hi Kyle,

        Since I moved my blog over to a non-shared server – Krishna Worldwide Hosting – my life has been easier.

        Going forward with my business is so important to me. I cannot deal with all the trouble shared-hosts are having.

        -Donna
        Donna Merrill recently posted..Getting My Product LiveMy Profile

  12. Bruno Buergi March 10, 2014 at 5:18 pm #

    Great tips Donna. Security for your website is a really important topic. Great plugin tips.
    Bruno Buergi recently posted..Ways To Make Money From Home And Make An Impact In Your Home Business My Profile

    • Donna Merrill
      Twitter:
      March 10, 2014 at 11:41 pm #

      Hi Bruno,

      Thanks for coming by! Security for our websites/blogs are imperative. Now, I’m not great when it comes to plug ins and all that tech stuff.

      But I wanted to get this word out, so this is why I invited Kumar as a guest. He is on top of just about everything.

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  13. Mainak Halder March 10, 2014 at 6:32 pm #

    Hi Donna, this is a great post to keep safe one’s WordPress site from hackers and here I’m just sharing my little thought on the same topic.

    Install WordPress in a subdirectory with a funny, long name ( ie ‘ilovethesmellofnapalm’ ), move index.php from that folder to the root and change the line ‘require(‘./wp-blog-header.php’);’ to ‘require(‘./ilovethesmellofnapalm/wp-blog-header.php’);’. This way hackers might not even find the login page.

    And In settings -> general set ‘WordPress Address (URL)’ to your long path and ‘Site Address (URL)’ to your domain (without the funny dir).
    You’ll log in at my.domain.com/ilovethesmellofn…, but your visitors will go to my.domain.com.

    Have nice day! :)
    Mainak Halder recently posted..9 Important Settings to Configure Just After Installing WordPressMy Profile

  14. marquita herald
    Twitter:
    March 10, 2014 at 8:18 pm #

    Terrific advice Kumar! I’m sorry to say that I learned a few of these lessons the hard way last year in fact one of my biggest headaches was usage spikes. Anyway, I learned a lot in the process – enough so that I appreciate the value of the information your sharing here. Thanks, and thanks to Donna for inviting you here to share!
    marquita herald recently posted..How Can We Quickly Find Humor in This?My Profile

  15. Zach March 10, 2014 at 9:06 pm #

    Hey Kumar and Donna,

    I have to admit I’m guilty of a few of these – I won’t say which ones in order to preserve my security HAHA!

    I’m def going to be bookmarking this page so that I can upgrade my security in the next couple of weeks, with growth comes the need for more security!

    Great content as always,

    Zach
    Zach recently posted..Motivational Monday: Progress is PerfectionMy Profile

    • Donna Merrill
      Twitter:
      March 13, 2014 at 7:18 pm #

      Hi Zach,

      So happy that this post helped you so much so that you have bookmarked it.

      Kumar sure does know all about these plug in issues. He always has great content to share with us.

      Because I rather use his services than do it myself, I needed to keep people up to date about these plugins.

      If I wrote this post, he he he I would break my blog

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  16. Yorinda Wanner March 10, 2014 at 10:11 pm #

    Hi Donna,
    thank you so much for providing this informative post.
    I appreciate Kumar’ ten suggestions.

    I am so glad that I have learn some of these tips over the last few years of blogging.
    The WP optimize plugin sounds interesting!

    Great to have these valuable tips!
    Cheers,
    Yorinda
    Yorinda Wanner recently posted..Appreciation for Matt Mullenweg and WordPressMy Profile

    • Donna Merrill
      Twitter:
      March 13, 2014 at 7:21 pm #

      Hi Yorinda,

      There is always room to learn about plugins. Especially security ones these days. So many people I know have had so much trouble with their blogs.

      Thanks for stopping by,
      Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  17. Dr. Erica Goodstone
    Twitter:
    March 11, 2014 at 12:04 am #

    Donna,

    Thank you for providing Kumar’s valuable set of guidelines. A bit scary to think of these dangers. I have a lot of things in place and a few holes. I do upgrade my plugins often but I have a few sites that I don’t check all the times.I plan to use PingdomTools and WebPageTest.org to check my site’s upload speed.

    Warmly,

    Dr. Erica
    Dr. Erica Goodstone recently posted..A Loving Relationship is NOT an Olympic EventMy Profile

    • Donna Merrill
      Twitter:
      March 13, 2014 at 7:22 pm #

      Hi Erica,

      I couldn’t provide this myself so I asked Kumar to come on over to help my readers.

      I can cover lots of things, but when it comes to the tech of blogs, that’s where I step aside and give someone else the floor.

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  18. Philip Varghese Ariel
    Twitter:
    March 11, 2014 at 7:34 am #

    Hi Donna,
    Thanks a lot for the intimation about your page.
    This (Kumar’s Post) is indeed a great help to me
    since I am just started my journey with WP recently
    and I need to know more about such things, indeed all
    these points mentioned here is completely new to me
    since I was using my blogger space for my blogging.
    But now I migrated all my things to wp. and I am happy
    to be here with my stuff. one of my blog friend is helping me out
    in this process and my site is still under construction. This page
    will surely a great help to me in my future blogging.
    Thanks Donna for inviting Kumar to be a guest writer to this wonderful page. I express my thanks to Kumar too for this educative piece. Keep writing! Keep informed
    I am on my way to Kumar’s page
    Have a good day
    Phil
    Philip Varghese Ariel recently posted..What Is Women!!!My Profile

    • Donna Merrill
      Twitter:
      March 12, 2014 at 8:47 pm #

      Hi Philip,

      I think its great that you went from blogger to WordPress! It is good to know that Kumar was so helpful for you.

      Also, Following Kumar to his page…you will learn a lot!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  19. Emmanuel
    Twitter:
    March 11, 2014 at 8:00 am #

    Hello Mr. Kumar,

    It is really great to see you here on Madam Donna’s blog. People like us are following your trace and are learning something really great from you.

    This was a lovely masterpiece and we are grateful for it.
    Emmanuel recently posted..What Mahatma Gandhi can’t Force you to do in Blogging?My Profile

  20. Sylviane Nuccio
    Twitter:
    March 11, 2014 at 9:23 am #

    Hi Donna,

    I’m trying my best and get to reading blog posts again. What a great post you’ve given us here by inviting Kumar. I’ve learned a lot of what he’s talking about here from his own blog, but of course there are few things that are well above my head still.

    One thing I’d really would like to do, for a while now, is make my sites faster, but When I called my hosting about it they told me that my sites were pretty fast to them, so I’m a bit stuck with that for now.

    I’m so glad that your hosting troubles are over, and I think that in your case, with a membership site you really had to take the next step. Nicely done!

    ~Sylviane
    Sylviane Nuccio recently posted..My Writing Strategies for Creating Compelling ContentMy Profile

    • Kumar Gauraw
      Twitter:
      March 11, 2014 at 9:38 am #

      Hi Sylviane,

      Your site is not slow for a page size of 1.5 MB. I tested it on pingdom and from all their three servers, your site loaded under 3 seconds.

      There are always a scope of improvement and you can get it to perform better with little tweaks. But, for people in US and Europe, your site must be doing pretty good. I wouldn’t worry too much if it loads in this range.

      You can use WebPageTest.org for checking out specific details as to what you can do to improve and then start the work from there if you still want to improve it.

      I hope this helps. And let us know how that goes.

      Regards,
      Kumar
      Kumar Gauraw recently posted..How To Get Full Attention Of People Who Love Their PhoneMy Profile

      • Donna Merrill
        Twitter:
        March 12, 2014 at 8:57 pm #

        Hi Sylviane,

        I am so glad that you are “back in action” slowly but surely. Good to know that Kumar has given you a great answer to your problem.

        Let us know how it goes.

        -Donna
        Donna Merrill recently posted..Getting My Product LiveMy Profile

  21. Adrienne
    Twitter:
    March 11, 2014 at 2:49 pm #

    Hey Donna and Kumar,

    Good to see you here Kumar answering some very important questions about securing our blogs and how these issues, if not taken care of, can really hurt us down the road.

    As you know, I’ve learned about a lot of this throughout my blogging journey. It was back in December of 2012 that I learned more about my database and the issues that can happen when you don’t monetize if properly.

    I learned about the security vulnerabilities a couple years ago now when a friend of mine had issues with her blog so she created a product that walked us through how to secure our sites if they’re already installed. Now you can just install a plugin like WordFence but when she taught this it hasn’t been created.

    I had a friend write some code for me so I no longer have unauthorized log-in attempts so that’s been a huge relief off my shoulders and works like a charm.

    I’ve got someone working on my blog right now to hopefully clean some things up so that it will load quicker but I’ve got everything in place that you’ve mentioned here. I’ll knock on wood that I’ve never had serious issues with my blog beside hosting nightmares but you also know I’m not with a VPS service and I hope all will go well in the future.

    Great share you two and enjoy your week.

    ~Adrienne
    Adrienne recently posted..How To Use Images On Twitter And WhyMy Profile

    • Donna Merrill
      Twitter:
      March 12, 2014 at 9:01 pm #

      Hi Adrienne,

      I was following your journey with the nightmares of all the crazy stuff that was going on with your blog.

      I know you understand all these plugins. We often talk about this subject when we do Hangouts.

      Fingers crossed that your blog is now going well.

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  22. Sherman Smith March 11, 2014 at 3:01 pm #

    Hey Donna and Kumar,

    This was indeed a post that all of us bloggers need to pay attention to. After my fiasco with malware in October of 2013, I definitely recommend that everyone who has a blog to make sure they make it as secure as possible.

    I started using sucuri myself last year and I am very happy with their services. They got rid of the malware that was on my blog and on top of that keeps me posted on any thing they deem as a red flag.

    I going to definitely look into the plugin “limit login attempts” as well to add more security. You can’t have too much security when it comes to our blogs!

    Thanks for the awesome share!

    • Donna Merrill
      Twitter:
      March 13, 2014 at 7:25 pm #

      Hi Sherman,

      I found that many people lately were have so many issues with their blogs. Malware, hackers, and even worse, trying for days to get support.

      When something goes wacky I like to find the answer for my readers. Now you know me…I couldn’t do this if I tried.

      So happy Kumar wrote this guest post for all of you!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  23. Bren
    Twitter:
    March 11, 2014 at 6:43 pm #

    Wow! These are fabulous tips! I’m doing most of them but have slipped in a few other areas. Ever since moving to my new host, I have noticed less spammers and malicious login attempts. Can switching from one host to another do that? Apparently!

    Again, great tips and great to meet you Kumar!
    Bren recently posted..A Thank You to My SistersMy Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 11:23 am #

      Hi Bren,

      Glad you enjoyed these tips Kumar has given. As to your question….I think it all depends on the plugins you have installed.

      I made a switch and noticed less spammers and malicious login attempts. Its all about which plugin you have to prevent it.

      But that’s just my take girl, I’m not a techie! lol

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  24. Angela McCall
    Twitter:
    March 11, 2014 at 8:17 pm #

    Hi Donna and Kumar,

    Excellent post!!! A “mustie” for every newbies and professionals as well. I am doing all of THAT you have mentioned here. I’m so glad that people like you tells us things like this, it really gives us SECURITY from brute forced attacks. As far as backing up my WordPress is concerned, I have a paid account on UpdraftPlus-Backup/Restore and this does the job wonderfully for me. It also backups my comments.

    You know for SECURITY I used Wordfence. I believe WF is more advance than Limit Login Attempts. Coz there was a couple of commenters on my blog at one time and little did I know that when I click the link they left me on my CommentLuv Premium, their websites contained MALWARES and Wordfence was able to WARN ME before I went any further. I don’t think Limit Login Attempts do that, or don’t they?

    Anyway, great post and thank you for reiterating all these important pointers!! Happy Tuesday!!

    Angela
    Angela McCall recently posted..11 Elements On Crafting SEO ContentMy Profile

    • Donna Merrill
      Twitter:
      March 13, 2014 at 7:44 pm #

      Hi Angela,

      Thanks so much for adding so much flavor to this discussion with your comment.

      Security issues must be handled. So glad that you found out there was malware contained in that comment.

      We have to be careful out there!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  25. Enstine Muki
    Twitter:
    March 12, 2014 at 2:04 am #

    Magic post Donna and interesting points to note
    My blog has more of these points applied but sincerely, there is something I need to do right this moment.

    thanks for sharing such a great post
    Enstine Muki recently posted..Completely NEW way to monetize blog posts – Never seen elsewhereMy Profile

  26. Jeevan Jacob John
    Twitter:
    March 12, 2014 at 11:29 am #

    Good to see you here, Kumar :)

    I have implemented almost of all it (if not all, I think I have implemented all of them).

    I was sort of worried about #3, but I am glad to see that I took care of it some time ago (Thanks to many friends, like you, reminding me about all this stuff).

    Speed is something I am trying to improve. I need to do a few tweaks on that part (I am not using any cache plugins right now, since those plugins have messed up my site in the past…and it did do some damages to my current blog, took me some time and effort to get everything working).

    So, I am looking for ways to improve the site speed that doesn’t involve using cache plugins.

    Anyways, thank you for sharing this, Kumar :)
    Jeevan Jacob John recently posted..I am loving the ideas!My Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 11:32 am #

      Hi Jeevan,

      I remember when you first rolled out your blog. If there is one thing you do well is having the understanding of all those plugins!

      I’ve noticed from some of my friends that some plugins effect others and then we get into being the fix it guy!

      I could see how things got messed up on your site in the past.

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  27. Carolyn Nicander Mohr
    Twitter:
    March 12, 2014 at 11:45 am #

    Hi Kumar, Yes, last week I had hundreds of attempts to log into my website. I found out yesterday that there was an organized attack on WordPress sites last week. Luckily, I have WordFence that alerted me to the attempts so I was able to block the IP addresses of the hackers. Since then Ashvini has installed a brilliant work-around that prevents anyone from logging into my site without my permission. Bam!

    Your hosting sounds fabulous, Kumar. I know a lot of people who are looking for high quality hosting such as what you’re offering. Donna’s recommendation means a lot too so I will certainly suggest Krishna the next time I’m asked about this!
    Carolyn Nicander Mohr recently posted..Getty Images Go Free, Flipboard Buys Zite and Yahoo Buys Vizify!My Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 11:36 am #

      Hi Carolyn,

      Glad you liked Kumar’s guest post. Good thing you had WordFence to stop those crazy hackers that went around WordPress!

      Yes, I highly recommend Kumar’s hosting company. (That’s why I didn’t get hacked lol) Now, I am pleased to announce that my theme will be created soon.

      When I read about the themes he mentioned I got a panic attack, got in touch with him, and soon you will see a new Donna Merrill Tribe! I’m so excited I can do back flips!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  28. Sue Price
    Twitter:
    March 13, 2014 at 5:17 am #

    Hi Kumar and Donna

    Kumar welcome to Donna’s home.

    I admire people who can even write about these things as you do while I battle to understand.

    Having said that my site was hacked a couple of years ago so I have some of these things covered.

    I do use a tech guy to help me and he updates things and I trust most is covered.

    I guess when we see sites like Aweber and Get Response recently attacked we have to know it happens to big and small. That is the scary part.

    Thanks Kumar (although I would rather read about your Indian cricket greats) :-) I am so not a techie.

    Sue
    Sue Price recently posted..Surf Festival : Including Surfing DogsMy Profile

    • Donna Merrill
      Twitter:
      March 13, 2014 at 7:47 pm #

      Hi Sue,

      You and I are on the same page when it comes to this. GR gave me such a hard time, but I’m thankful for that.

      I would have never realized that I needed a better hosting company. Krishna Worldwide is Fabulous!

      They take care of me and I can just get down to my business.

      Cheers!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  29. Lisa
    Twitter:
    March 13, 2014 at 5:48 am #

    Thanks Donna for having Kumar do this very informative post. I have to look into #9. I’ve learned the hard way about keeping plugins up to date and almost lost my site once due to them not being updated. #8 is something I do regularly now too. Imagine if you lost your last post or several? All that work and they would be gone forever. Gread advice! Thanks to both of you and have a great day ahead.
    Lisa recently posted..Can Tweeting Make You Happy When You Are Feeling Down?My Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 11:43 am #

      Hi Lisa,

      Glad you found this to be informative. I couldn’t imagine loosing my posts. I would go a bit nuts if I did. And several…OMG

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  30. Shalu Sharma
    Twitter:
    March 13, 2014 at 5:23 pm #

    Excellent article on WordPress security. This comes at the right time since we are in the middle of a major attack by spammers and hackers. You can read about this on the Wordfence website. You have given lots of tips which I think is very useful and will certainly be looking into it.
    Shalu Sharma recently posted..Monkey show in IndiaMy Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 11:44 am #

      Hi Shalu,

      With all those spammers and hackers out there, we do need to protect ourselves.

      I am happy to learn that you liked these tips Kumar has given.

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  31. Nirmal Anandh
    Twitter:
    March 14, 2014 at 12:17 am #

    Excellent Post Kumar.

    Hosting is an important thing for every blogger. Till date, there is no problem with my hosting. After reading this, surely i will pay attention to the mentioned above points.

    For the long time, i used “admin” as username and same for password. I realized my mistake, it will lead to the destruction of blog.

    Thanks for sharing this informative post.
    Nirmal Anandh recently posted..Seven Ways to Use Instagram in Promoting Your BusinessMy Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 11:51 am #

      Hi Nirmal,

      Welcome to my blog. I am so glad Kumar has helped you to pay attention to the above.

      Oh boy…using “admin” is a dangerous way to get hacked. Glad you realized that one!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  32. Julieanne van Zyl March 15, 2014 at 12:33 am #

    Great idea for you to hire a professional Donna, otherwise you’re wasting your time, when you could be working on activites that you are good at! Kumar certainly knows what he’s doing, I’m glad I discovered the majority of those security tips a long time ago, so I could protect my blogs.
    Julieanne van Zyl recently posted..Ultimate Guide to Creating Lead Capture Pages with Genesis Themes in WordPressMy Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 11:57 am #

      Hi Julieanne,

      If I were to do all this myself, I wouldn’t be working on the “important stuff” I need to do.

      I am so grateful that I have connected with Kumar and I just love Krisha World Wide.

      Now that I have my ducks in a row, we are ready for him to make changes with my blog. Cannot wait for my new look!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  33. Sue Bride
    Twitter:
    March 15, 2014 at 2:05 pm #

    Thanks for your excellent tips, Kumar.

    I have always been very careful to take regular backups. I use BackWPUp which backs up files as well as databases and can be set to optimize tables on a regular basis. I am relying on reinstalling if there is a problem but I can see the advantage of using a malware scanning service.

    It wasn’t until I installed Limit Login Attempts that I realized how careful you have to be. I am amazed at the number of attempts made to login. I now make sure that as well as creating strong passwords, I use different passwords for each blog and for anything I join.

    Thanks for the warning about unused plugins. Although I update inactive plugins when an update is available, I now realize that some old ones may not be maintained so there are no upgrades. I am now going to delete them.
    Sue Bride recently posted..Multiple Uses for SubdomainsMy Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 10:05 pm #

      Hi Sue,

      I am so glad you enjoyed this post by Kumar. As for those unused plugins..I know many people who have had trouble with them. We do have to update things, but when that happens, sometimes one plugin doesn’t work well with another.

      This is why I personally don’t mess around with that. I know I would break my blog lol.

      Thanks for stopping by,

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  34. Ashi March 15, 2014 at 2:34 pm #

    Hey Donna

    Well When i was new to blogging there were many things to learn and I am still learning. My blog was hacked almost 5 times in a month. I don’t know why but i think they are finding it funny and there must be something I was doing wrong.

    You have mentioned all the important thing which could be vanurable for the blog. Currently I use password protected Wp-Admin folder and also I removed author page so user can’t know the username. Beside that I always keep my blog updated all the themes and plugins.

    Thanks & Regards

    • Donna Merrill
      Twitter:
      March 16, 2014 at 1:28 pm #

      Hi Ashi,

      My goodness Hacked 5 times? What a stressor! I think lots of us forget to change our Admin password.

      It’s a good idea to have a very long one with upper and lower cases and numbers. Plus change them Once a month.

      Thanks for stopping by,

      Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  35. Leslie Denning
    Twitter:
    March 15, 2014 at 2:58 pm #

    Hi Donna and Kumar. What an excellent post! This one is going in my swipe file. I was hacked once, and it was so traumatic. I’m going through this step by step to make sure I close vulnerabilities. I do have a number of them covered, but I want to get them all. I really appreciate this information.

    All the best,
    Leslie

    • Donna Merrill
      Twitter:
      March 15, 2014 at 10:07 pm #

      Hi Leslie,

      That’s a good idea. Just save this one as a good reference for your plug in status.

      Being hacked is no walk in the park…it is traumatic!

      Glad you found this of help.

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  36. William Earl Amis, Jr. III
    Twitter:
    March 15, 2014 at 5:42 pm #

    Donna,

    I never gave any thought to deleting those widgets I never use just setting around and those themes. It all makes sense now just you gave me more than my share of work now. I have to make contact with so many people yet the bottom line will be well worth it.

    Thank you Donna and looking forward to your next update.
    William Earl Amis, Jr. III recently posted..Mental Challenge of LeadershipMy Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 10:09 pm #

      Hi William,

      I have Kumar covering the hosting and back end of my blog. And I wanted a new theme, but after reading this…I realized my theme was 4 years old!

      You will see a new one in a week or two!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  37. nick catricala
    Twitter:
    March 15, 2014 at 6:09 pm #

    Kumar,

    this is a wonderful advice you shared here.. I had the pleasure to chat with you before in this regard but these advice is a lot more in depth.. THANKS so much for sharing and thanks Donna fro adding it here…

    As I mentioned to you earlier, I learned many of these lessons the hard way and appreciated your information shared here so I learn more.

    Thank YOU, and thanks to you as well, Donna for inviting Kumar here to share these golden nuggets!
    _nickc
    nick catricala recently posted..“How to create a sustainable and successful home based business…My Profile

    • Donna Merrill
      Twitter:
      March 15, 2014 at 10:21 pm #

      Hi Nick!

      There is always so much to learn with our blogs! Plugins, updates, etc.

      If you are the type of person that likes to do it yourself, this is a fantastic post from Kumar.

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

  38. Arleen
    Twitter:
    March 16, 2014 at 11:44 am #

    Hi Kumar- I just recently posted on Linkedin.
    Can anyone suggest what pluggin to us with WordPress to eliminate spam. Never had the problem before, but it is coming in like gang busters. Here is what I am getting.
    I use CommentLuv Premium the spam comments are not in the SPAM folder”but are being caught and entering in the moderation queue.
    Here is an example of spam
    black nike air max classic
    referenceline.com/icon/?p=93
    Submitted on 2014/03/10 at 3:47 am

    black nike air max classic

    a wide selection of pic, at stake alongside satellite tv. Mister. in addition Mrs. a little, This is how one can choose in addition talk about with wide diamonds cool gadgets to visit at your household. are able of material damages, The distributor wil…

    The trackbacks started after the recent update of WordPress. All comments are put in moderation before I push live.

    My blog is part of my main website and I have a dedicated server. Any thoughts?

    • Donna Merrill
      Twitter:
      March 17, 2014 at 11:02 pm #

      Wow Arleen,

      I’ll contact Kumar to answer this one. I don’t want to lead you in the wrong direction. Kumar knows this like the back of his hand.

      -Donna
      Donna Merrill recently posted..Is Your Blog A Graveyard?My Profile

    • Kumar Gauraw
      Twitter:
      March 17, 2014 at 11:50 pm #

      Hi Arleen,

      I had responded to your post on LinkedIn on the same day. But there is something about that group. My comments went into moderation queue twice (or may be spam, not sure).

      Anyways, your problem is two fold and you can handle it both ways but start with the first step:

      1. In addition to the CommentLuv, you need to install Akismet as well. There are many schools of though on this. But I am talking from experience. You need Akismet along with CommentLuv to fight spam. Install and activate Akismet and SPAM will start to end in SPAM folder. One less thing to worry about.

      2. Although the first step gives you a lot of relief already, it is not going to stop spambots from consuming your CPU cycles and bloating your database because those spam comments still will get into your database which will be good idea to counter, isn’t it?

      So, to handle that, there are some footprints on your website that need changing to confuse the bots. For example, the bots look for words like “Leave a reply”, along with “Name”, “Email” etc. standard field names on your comment form. That is how they detect your comment forms. So, as an advance WordPress user, you want to change those standard footprints to something else and that will stop them from even injecting junk into your database.

      With these modifications, you will be able to eliminate about 90% of your spam comments. However, 100% is never possible since people can still go to your website, fill the form with junk on submit and that.

      But, this will give you a good night sleep knowing that you are not being bombarded by spambots behind the scene.

      If you need help, please let me know. You know how to get in touch with me :-)

      Regards,
      Kumar
      Kumar Gauraw recently posted..Blazing Fast And Secure Website Using MaxCDN And CloudFlare [Updated]My Profile

  39. Monna Ellithorpe
    Twitter:
    March 16, 2014 at 12:01 pm #

    Hi Donna and Kumar,

    Thank you so much for the loads of information in this post. I will be going over my WP setup to check for things today.

    Have a great day. Monna
    Monna Ellithorpe recently posted..3 Creative Writing Tools Online Just For You…My Profile

  40. Atish Ranjan March 16, 2014 at 4:01 pm #

    Thanks Gauraw for explaining every point in details. Thank God I do use strong pwd, use something else as administrator and do a lot of things but I never run a scan for malware. I need to do that now with your suggested tool. Thanks for an eye opener post.
    Atish Ranjan recently posted..7 Kids Bloggers of the WorldMy Profile

  41. Rebekah Radice
    Twitter:
    March 16, 2014 at 4:48 pm #

    Hi Donna!

    I just reached out to Kumar last week, so it’s incredibly timely to see this post. I can attest to his responsiveness and enormous amount of knowledge. I’ve been incredibly impressed and have only just started the conversation about possibly migrating my sites over to his hosting company.

    Thank you Kumar for this fabulous list! I’ve been at fault for overlooking a few of these and my site definitely paid the price. Keeping a close eye is either something we have to do as bloggers or give away to someone like you. Our livelihood is at stake.
    Rebekah Radice recently posted..6 Phrases That’ll Make You a Better BloggerMy Profile

    • Donna Merrill
      Twitter:
      March 16, 2014 at 5:08 pm #

      Hi Rebekah,

      I migrated my site to Krisha World Wide Hosting and it is fabu! No more worries with shared hosting and the customer service is fantastic.

      Within a few weeks, he is also going to change my Theme…so happy about that!

      I am so happy that you like it!

      -Donna
      Donna Merrill recently posted..Getting My Product LiveMy Profile

    • Kumar Gauraw
      Twitter:
      March 17, 2014 at 11:56 pm #

      Hi Rebekah,

      Glad to know you found some of these issues informative. Thank you for dropping by and sharing your words of appreciation.

      I am thrilled to know that you are considering my proposition. and I look forward to hearing from you regarding our hosting discussion.

      Regards,
      Kumar
      Kumar Gauraw recently posted..Blazing Fast And Secure Website Using MaxCDN And CloudFlare [Updated]My Profile

  42. Shelley Alexander March 16, 2014 at 10:54 pm #

    Kumar, Thanks for all the fantastic info on how to protect our
    Wordpress sites from hackers. I am so glad Donna had you write this informative post! Security is so important and these tips will really help all of us to keep our sites safe.
    Shelley Alexander recently posted..3 Important Reasons Why You Need To Use Essential Oils for Vibrant HealthMy Profile

  43. Chery Schmidt
    Twitter:
    March 16, 2014 at 11:41 pm #

    Hello Donna, What a Great choice to have Kumar here on your blog sharing these tips with us today. Love It!! I had no idea that I should delete plug in or themes that I wasn’t using nor to keep everything updated for security reasons.

    I guess I have some work to do now LOL Thanks Kumar for the great advice and thank you Donna for having him here..
    Chery :))
    Chery Schmidt recently posted..Accept Responsibility and Take Control Of Your FutureMy Profile

    • Donna Merrill
      Twitter:
      March 17, 2014 at 11:00 pm #

      Hi Chery,

      This is such an important aspect of blogging. Now I could never take on this job, so I called in Kumar to give my followers some advice.

      -Donna
      Donna Merrill recently posted..Is Your Blog A Graveyard?My Profile

  44. Charmie
    Twitter:
    May 5, 2014 at 8:43 am #

    I know one very bad experience of mine where I forgot to update my plugins due to some other work and my blog was disturbed very badly. Thanks for bringing these points before us.
    Charmie recently posted..DigiHawker Review – The Right Strategy To Make Money OnlineMy Profile

Leave a Reply

CommentLuv badge

Terms and Conditions | Privacy Policy