5 Ways Your Blog’s Design Is Making You Susceptible To A Hacker

Posted : Friday, May 17, 2013 | Post Author : Paul Crowe | 8 comments

Guest Post – Our host is Stephan Jukic, Stephan lists how to to keep your blog safe from hackers.See How To Become a guest author on Spice Up Your Blog.

Running a blog is often a work of love that takes a lot of work and creates something of enormous personal or even business value. This applies especially if you’re blog is old and loaded with thousands of posts that garner you thousands of visitors. Losing all this to hackers and intrusion programs over the course of a single day would be a serious disaster.

While no site or blog can be made completely and totally hack proof, you can limit the possibility for total damage by following the following crucial steps, and making sure that you do one other vital thing: Back up, back up and back up again! Do it regularly, never forget to do it.

1. Badly Chosen Webhost

Not all webhosts are created equal when it comes to site or blog security -some give you access to many more security features than others. Thus, when you’re picking out where to settle your blog’s databases, go for a well known host with a solid reputation for technical support, security features and regular updates.

As a minimum, your hosting provider should regularly be updating their server’s LAMP applications (Linux, Apache, MySQL and PHP) along with any additional third party software that they give you access to for your blog. Also, the host you pick should offer SSL (secure socket layer), SSH (secure shell), secure FTP options, DOS( denial of service) protection and anti-intrusion software protection.

2. Infrequently Updated CMS and Addons

Your CMS, or content management system, is the platform on which your blog is built. You might have designed your own blog from scratch, but most likely you’re running it from a CMS platform like WordPress, Joomla, Drupal or TypePad. Whichever of these you use, you should be keeping them regularly updated to their latest versions. The same goes for all your third party blog addons such as Flash, Adobe Acrobat, Java and any CMS plugins you’ve got installed. Finally, the update rule also applies to any blog themes you’re using; always maintain their latest versions.

Though this may seem like a pain in the ass at times, it’s a very necessary step for proper security, since all those new versions of everything are actually being designed with security bug fixing in mind, in addition to adding new functionality and aesthetic features.

Installing new versions of all of these features should be as easy as doing a few clicks inside your hosting cpanel or within your CMS dashboard, and it is important, since an estimated 45% of all site and blog breaches come through improperly updated software addons.

3. Downloading Plugins and Themes from Untrusted Sources

For many CMS platforms, especially WordPress, there are thousands of available site appearance themes and plugins available for download all over the internet. What these do is make your site appearance change according to your needs or give it additional user/admin features that the basic templates and CMS download don’t have.

The problem with them can emerge when you start downloading either from sources that aren’t trusted and reliable. For both themes and plugins, you should be getting your downloads either right from the CMS website itself (ie: www.WordPress.org) or from major distributers, such as ThemeForest.com, that everyone knows and regularly uses.

Old themes from a site that doesn’t get updated or themes built by people who haven’t been vetted by review can either be insecure or conceal deliberately injected malicious code.

4. Failing to Use Strong Access Passwords

Hosting a blog means using a lot of different password protected access points: for MySQL databases, your hosting cpanel CMS dashboard, FTP accounts etc. All of these passwords should be distinct from each other and hard to guess. Don’t rely on simple, easy to remember passwords and don’t ever use any generic passwords provided to you by the systems that run them as defaults. This is a bad idea and will eventually lead to some sort of leak down the line.

You should also make sure that you don’t go sharing your passwords around to easily with others, and change them all after any time you do share access for development and blog maintenance purposes.

5. Failing to Write Good Clean Code

If you’re doing some of your own coding, you need to make sure that its clean, neat and tightly written; the sloppier the code, the more holes for hack access. This applies especially to things such as website forms, dynamic pages and coding around added videos and other third party applications.

To avoid dirty code, run everything you write through the W3C validator at: http://jigsaw.w3.org/css-validator/. And for all third party CMS/Plugin addons you’ll be installing to your blog servers, review them with the code and blog forums on the internet to see if they’ve been vetted as secure. A great place to find information like this is at the forums on www.Stackoverflow.com

Bonus: Some Great Security Plugins

Since you’re going to be installing CMS plugins anyhow, here are some great security oriented ones to include with your blog:

-Stealth Login : http://wordpress.org/extend/plugins/stealth-login-page/

-User Locker available here: http://wordpress.org/extend/plugins/user-locker/

– Limit Login Attempts http://wordpress.org/extend/plugins/limit-login-attempts/

-Login Encryp: http://wordpress.org/extend/plugins/login-encryption/

Check these out and look for others; they’re a helpful security bonus.

AuthorBy Guest Author – Stephan Jukic is a freelance writer who generally covers a variety of subjects relating to the latest changes in SEO, mobile technology, marketing tech and digital forensics. He also loves to read and write about location-free business, portable business management and finance. When not busy writing or consulting on technology and digital security, he spends his days enjoying life’s adventures either in Canada or Mexico, where he spends part of the year. Connect with Stephan on LinkedIn.



  1. Akuneme ChristopherMay 17, 2013 at 3:34 PM

    WordPress blogs are hackers main target due to popularity. Though blogger blogs are hackable but not that easy. I agree with the regular updates of cms and plugin softwares. Nice post though


  2. I found #5 very interesting and something I will have to check out – thank you.


  3. Widget For BloggerMay 18, 2013 at 8:18 PM

    Recently we saw how botnet attack was launched on the wordpress sites having admin as a username and many accounts got hacked.the same thing applies to blogger also.we need to protect it.the above links are very valuable.Thanks for sharing this tips.


  4. Thanks for sharing such useful information…… Nice tips to protect the blog


  5. I just had several WP blogs hacked and have been in the un-hacking process for the last week as a result. The main culprit in mine, from what we can tell, is an evil theme writer. Lesson learned. I will only use known trusted theme sources from now on!


  6. As you said in #3, Downloading Plugin and themes from untrusted websites may totally collapse our website.


  7. I have read so many articles on the topic of the blogger lovers but this piece of writing is really a fastidious article, keep it up.


  8. Recently, I had faced similar problem which you discussed in your blog. Why I faced this? due to choose wrong hosting site for my site that’s why I faced this. Frankly say that, I don’t know about hosting websites which site is good.