Vital Security Measures

Any site can be hacked. Yes, you read that right.



Recent reports of big box stores and other well-known chains having their systems hacked speaks directly to this fact. The ratio of likelihood that your site will be a target for hacking is directly related to the benefits gained by the hackers. Obviously, those who hacked into the systems of Target, Home Depot, et all, were trying to gain credit card information for fraudulent purposes. But another reason for hacking is to gain access to a site and WORK from there, sending spam and engaging in other deviant practices for less obvious gains with no track-back to them. For efficiency, many attacks are carried out with software that will time out. So, the more you can do to lock down a site, the safer it will be from malicious attacks.

When it comes to available Content Management Systems (CMSs), some of the most common ones are Joomla, Drupal, and WordPress. WordPress is by far the toughest to hack, but it is hacked the most because it is so widely used now. Because of this, it is important to implement some safeguards with a WordPress site.

I can tell you from experience that having a blog hacked, fixing it, and making it safer, was a learning curve in and of itself. At the time, I just didn’t know what needed to be done to make my sites as safe as possible. In my early WordPress days, I had a site hacked and the perpetrator was sending spam emails through my site. I didn’t even have any emails configured for that domain! Eventually, I learned how that was done and then learned how to fix it and prevent it. It was a very upsetting ordeal though.

I have had the idea for Blogs By Design for a while now but held off until some measures could be tested. The testing took place over a period of two years. We take various precautions for every site we build. Here’s a list of what is included:

  • The WP-Shielded* Premium plugin is installed and configured. This plugin limits the number of false log-in tries. It also hides public information that is essential to hackers. If your preferences change, these options can be controlled through the plugin’s settings.
  • Most blogs are compromised through the built-in theme and plugin editors. We lock that down.
  • Your public name can be whatever you like, but we use non-dictionary strings for your admin and a 40-character non-dictionary password for your login credentials.
  • Reconfiguration of the unique KEYS and SALTS. Huh? These are multiple strings that make it harder for hackers to get in. It boils down to more stuff for the hacker to crack.
  • Reconfiguration of the database password and table prefixes are changed. Too long to explain, but even MORE for the hacker to crack.

We also strongly recommend keeping WordPress and all plugins up to date. This is done easily (click-click) through your admin area. Your Web host will expect this as well. We’ll also give you some more tips to keep your blog safe from ill-intentioned intruders; things to watch out for.

All of the above information is not presented here to scare you. Quite the contrary, it is revealed here to point out the safeguards we use for every site we build. Think of it this way, if it takes too long to break into your blog, the hacker will move on to easier prey, because there is plenty of it out there.

Again, there is no guarantee against hacking for any site, but these measures go a long way to keep your blog safe.

*WP-Shielded installation carries a single site license. To use this plugin on other websites, you must upgrade to a multi-site license.

About the Author

Linda Carruth is an illustrator and designer who enjoys creating new art, amateur photography, and riding her motorcycle. Her professional work can be seen at her company site, Her motorcycle, humorous, and motivational designs are available at,, and at Home decor and fine art items can be purchased at Carruth Creative Art & Gifts and on Fine Art America.