Join the web development community

Has Google any tips on how to protect blog websites from getting hacked?

I would like to know if there is any statement direct from Google which tells me what I can do to hack proof my blog website? Can anybody give some good tips on this?

AndreasOS's picture

Here are some tips how to make your website more secure

Vote the answer: 
5
Average: 5 (1 vote)

Hackers are a big problem especially for popular blogs with a high PageRank. There are a couple of things that you can do to avoid attacks from hackers. Always ensure that you have the latest version because modern software versions are more secure than older versions. It is also possible to alter HT access file from the wp-admin page to give access to only a couple of IPs. Also, always use a secure password.

 

 

 

Rafsan's picture

With the mentioned measures in the video try to follow these too

Vote the answer: 
5
Average: 5 (1 vote)

Blogs with high page rank are actually the main target for the hackers. Unlike the past, nowadays hackers realized that only taking down any site brings no benefits. They changed their strategy. Now they try to inject some codes to the host folders. This action may cause lowering your site's PageRank. In the video above Matt Cutts mentioned three measures you should ensure to protect your blog site from the hackers. The previous threads also discussed these two measures. I will mention them again and try to mention some other measures you may follow to ensure your site's security. At first, let's hear what Matt Cutts suggested-

  •  Run the latest version of CMS
  • Change your HT access file to limit the number of IP from where admin can login
  • Pick a relatively long and strong password

In Matt Cutts own voice-

And the fact is that since WordPress is so popular, and so widespread, it is subject to a lot more attempts by hackers, especially people that have figured out that there are old versions of WordPress that are a little easier to exploit. So the very first thing that I do, is I try to make sure that I always have my server patched up-to-date.

The other big thing that I do, is you can change your HT access file, .htaccess, which is in wp-admin, and you can basically say, you know what?…only a small number of IP addresses, the ones that I basically, what are called whitelisting, listing out explicitly, are allowed to access my wp-admin directory. So what that does, is it says, if you’re just coming from the general internet, you can’t log-in; you’ll get a 403, you’ll get a forbidden error. But, if you’re coming from, say my home IP address, or Google’s corporate IP address, or maybe a small number of IP addresses that I’ve very deliberately chosen, then you are allowed to log-in.

Besides being patched, try to make sure that you set something so that the hackers can’t get to your admin directory, unless they’re are coming from a specific small set of IP addresses. That might not be perfect, for example if you’re web host happens to get hacked, and people can read database passwords of other customers, or stuff like that, that’s not going to protect you very much.

Matt Cutts emphasized the first two measures. He talked only on WordPress because the question answered here indicated his own site with was made on WP. Actually, they are really good ways to increase security against hackers. I would like to mention some more measures here.

Secure Username for admin - default username of admin is given as admin. If you are keeping this username, you have made hacking halfway all by yourself. Because now hackers just have to find out the password. So, change the username for admin to something else.

 

Not only the admin username, you should rename the admin folder path to something else. It can be anything else than admin. Try to make it hard to predict as an admin path.

 

There are many security plugins and modules for major CMS like WordPress, Drupal. Like you can use WordPress Security Scan to find out weakness on your WP site. And use WordPress File Monitor to find out if any change is made to the user files. The above mentioned two are plugins used to ensure the security of WP sites. For Drupal sites Security Kit & Security Review are good examples of such modules.

 

Set proper folder Permissions on every folder. You can do this from the cpanel or by using FTP  software.

 

Lock down the number of attempts permitted to log in as admin to your site.

 

Hope this helps.