Security Fail: Three Ways Your Blog Can Get Hacked

Blog security is an often-overlooked necessity for bloggers, even though blog hacking is a surprisingly common event and it is a problem that can affect just about anyone.

For example, shortly after Christmas, Swedish Foreign Minister Carl Bildt found that his blog had been hacked, hosting unauthorized ads, including those for mail order brides.

Though what caused the hack in that case is unknown, what is known is that the site was pulled offline for some time, cleaned up and restored, but only after much embarrassment and headache.

However, that is probably the least damaging kind of hack possible. Hackers, upon taking over a blog, have been known to do a variety of things from using a blog to install malware on visitor’s machines (which may also get you blocked in Google), turn your site into a spam blog by hiding unwanted content or, in many cases, just delete all of your hard work.

So how do these hacks happen? Most, sadly, are caused by careless bloggers who leave open security holes on their sites. With that in mind, here are some of the quicker ways to get your site hacked and virtually ensure that you have, at the very least, a long night ahead of you.

1. Use Poor Usernames and Passwords

Your username and password is your first line of defense as no security measure is going to protect you against a hacker who either knows or guesses your login information.

If you’re a WordPress user, your username should never be “admin” or any variation thereof. The original “admin” account WordPress installations used to install should be deleted for security reason.

Also, one’s password should never be based directly on a word and should contain a combination of character, capitals, numbers and symbols. The goal is to create a semi-random password that bears no resemblance to a word that can be found in a dictionary, common list of names or list that might be used in a dictionary attack.

If you need help creating a password, there are a variety of password generators available, including one within WordPress itself.

Bear in mind that it isn’t just enough to have a secure password for your blog’s login, you also need to make sure that your hosting account, FTP and other passwords related to your site are secure as well. One weak link is all that it takes.

Finally, don’t share your passwords or reuse them on other sites. The Gawker Media hack should show the danger of doing that.

2. Run Outdated or Insecure Code

WordPress, as well as other blogging platforms, are essentially software applications that run on your server. As with any software, it has bugs and security problems that the developers try to fix quickly. This prompts them to release patches regularly to address any issues that they find.

However, many bloggers don’t update their blogs in a timely fashion and, once hackers learn how to use the patched exploits, they find these blogs very easy targets. This is often the cause of the viral hacks that can impact thousands of blogs

But as Mike Witty, the Director of Security at the host Servint, pointed out in an interview I did with him for another site, bad software is also often to blame. You can get into just as much trouble by installing plugins and even themes that are out of date or insecure, making it important to only install up-to-date add ons from trusted sources.

All in all, you need to make sure that the software you put on your server is secure and stays that way, otherwise it could be an invitation for a hacker to their worst.

3. Be a Security Slacker

Having the right software and a good password is crucial, but none of it matters if you don’t take your responsibilities seriously as well.

Some of the most important security steps we take are the little things we do every day to make ourselves more or less safe. Consider the following:

  1. Logging Out: When you leave a public computer or even if you’re just using your machine in a public space and need to step away.
  2. Watching Your Belongings: The information on your laptop and/or phone can be used to do far more than hack into your blog. Remember that they aren’t just valuable because of the price you paid, but for what is inside.
  3. Trusting Sparingly: Finally, don’t give out your password or other relevant information over email, phone or other means unless you are 100% sure of the identity of the person you are talking to. Human engineering is an easy way for hackers to get a variety of valuable information, so it is best to be aware of who is around you and who you are talking with.

In short, doing the “big stuff” like patching your blog and picking a long password won’t mean anything if you fall for a scam email or leave yourself logged in while others can use your machine.

Don’t lock the doors tight and then give away the keys to the kingdom, it’s just foolish.

Bottom Line

Will taking these steps make you hack-proof? Absolutely not. Blogs that do everything right sometimes get hacked too, just like athletes have heart attacks sometimes the same as the rest of us. However, you are reducing your risk of something bad happening to you and avoiding making yourself an easy target, that, for most, is more than enough.

Simply put, there are no absolutes in security and blog security is no different. There is no such thing as “completely secure” just “more secure” and “less secure”. You want “more secure” in everything you do, within reason, and the more you push your site to that end of the spectrum, the less likely it is you’ll have a problem.

If you’re smart about your passwords, run good software that you keep up to date and follow good practices day-to-day, you’ll be doing more than many and you’ll be taking yourself out of the crosshairs of most hackers.


Disclosure: In full disclosure, it is safe to assume that the site owner is benefiting financially or otherwise from everything you click on, read, or look at while on my website. This is not to say that is the case with all content, as all publications on the site are original and written to provide value and references to our audience.


  1. Dean Saliba January 20, 2011
  2. Allen Dresser January 20, 2011
  3. Andy January 21, 2011
  4. Mark January 21, 2011
  5. Attorney David January 22, 2011
  6. dotCOMreport January 22, 2011
  7. JK January 22, 2011
  8. mike February 18, 2011
  9. mike February 18, 2011
  10. mike February 18, 2011
  11. mike February 18, 2011
  12. mike February 18, 2011
  13. mike February 18, 2011
  14. Niairen June 9, 2011