security for bloggers

Security Tips For Bloggers: How To Protect Yourself [And Your Audience]

Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more

Sharing is caring!

Last Updated on August 14, 2019

Nearly every day you hear about some new security breach on the web. Sensitive information is leaked, millions of dollars are lost, and websites go down. As a blogger, how worried should you be about security?

You might think you don’t have much to worry about, but an unpatched vulnerability on your computer, your hosting company’s server, your WordPress install or even a rogue advertisement could severely damage your business and your reputation.

Fortunately, an ounce of prevention is worth more than a metric ton of cure.

Here is how to protect yourself and your audience from security issues.

security for bloggers

Back Up Your Blog

Backups are like insurance: annoying to set up but you’ll be glad you did when disaster strikes.

Backups don’t just defend against hacking. You might accidentally delete a post or other content. It can be a lifesaver in these situations.

Backing Up WordPress – Try one of these backup plugins or services — there are many free, great options available.

Wix bloggers don’t need backups — at least, according to Wix. They keep historic copies of your site. But, Wix does offer a handy way to duplicate your entire site to use like a backup.

Is Your Password Safe?

If an attacker gets your password, they can lock you out of your blog, delete it, redirect it, and all kinds of other nasty things. This is the key to the kingdom.

You should pick a password that’s hard to guess. Treat it like a toothbrush. Change it every three months and don’t share it with anybody.

If nothing else, pick a password that you don’t use with any other accounts. Certainly not your bank account. The reason is that if one password is cracked, hackers know that people often use the same password for everything.

lock and chain
An easy to guess password is kinda like leaving your car unlocked in a bad part of town. Don’t be that person!

When that happens, it’s (security) game over.

You should create a new password and username for your blog that isn’t a default user account for your blogging software.

It can be hard to remember your passwords, so try using a password manager like 1Password to keep up with them all. Update all passwords at least yearly (but every 3 months is better).

If you have a blog with multiple authors, you should encourage them to take similar precautions. The user that’s least knowledgeable about security is the weakest link.

More on passwords:’s guide to selecting a strong password – great tips that apply to everyone, not just WordPress users or bloggers.

Change your Wix password – quick link & instructions for bloggers using Wix.

Google on strong passwords – solid info from google on creating a strong password.

Notes on WordPress Security

WordPress installs have automatic updates enabled for minor core releases, which includes security updates. However, this doesn’t cover plugin and theme vulnerabilities.

Plugins and themes are a major cause of hacks. You should choose plug-ins that have a good user base and receive frequent updates. Check the reviews. Only download plugins from reputable sites like WordPress’s own repository.

That reduces the risk of introducing malware to your blog. Remove any plugins you don’t actually use. That’s just a way to introduce more possible holes.

Furthermore, DDoS protection is another factor to pay attention to. There are hosting providers who specialize in DDoS protection, such as InMotion and LiquidWeb.

WordPress Theme and Plugin Security Info: tracks WordPress theme and plugin vulnerabilities.

Theme Authenticity Checker (TAC) – well-trusted plugin that scans all your theme files for malicious code

All Hosts are Not Equal

Hosting companies vary in their commitment to security.

How can you tell a good host from a poor one?

Do they update their software frequently? What is their policy if you do fall victim to a security breach?

Be aware that larger hosting providers have more resources to devote to security than smaller providers do. That means they tend to have more time and money to spend on security hardware and software like firewalls and intrusion detection.

Look for a provider who has been around for a while and has good reviews. Even better, look for a host that is built for the blogging software of your choice.

More on hosting security:

WordPress hosting reviews – our suggestions for best web hosts for bloggers.

Hardening WordPress – nerdy bits on how to make your WordPress installs harder to hack

Blogs and Malware?

If you’re monetizing your blog, you should pay attention to the advertising networks you choose to work with.

It’s possible to send malicious advertisements, or “malvertisements” to users through disreputable networks. You’re better off with one of the larger ad network providers like Google Adsense and Commission Junction.

Personal Hygiene

While most of the advice in this article concerns the server side, there are a few things you can do on your end to keep your blog — and digital life — safe.

Beware of Phishing

You’ve probably heard that no legitimate company will ask you for your password or credit card information, but people keep falling for these schemes time and time again.

Most of the time, phishing attempts are scattershot, but if your blog is popular enough, you may be the subject of a spear phishing campaign, a phishing attempt that is specifically targeted toward you.

One defense is to use an email address that’s devoted to responses to your blog. You’ll know any suspect emails telling you to reset your accounts are bogus.

Beware of Wi-Fi

Wi-Fi seems ubiquitous, in homes, offices, coffee shops, and hotels, but do you really know who’s behind the networks? That convenient public Wi-Fi network might be run by a hacker sniffing your passwords.

You should be careful about which networks you choose to connect to. That Wi-Fi network that appears to belong to the coffee shop you’re in might actually belong to an attacker.

beware of wifi
I love the internet, it’s the wifi never had.

One defense is to use encryption. HTTPs is becoming more common, with sites like Let’s Encrypt providing free certificates.  If you don’t have it enabled on your blog, talk to your host or get an SSL certificate yourself.

You might consider signing up for a VPN service if you blog away from home a lot.

If you use your own Wi-Fi network, you should turn WPA2 encryption on.

Under no circumstances should you use the old WEP encryption because it’s long been broken.

You don’t need to go overboard if you’re using a simple home or small office Wi-Fi. With small networks, you’ll most likely use WPA2-Personal. Be sure to pick a good password and disable the admin account in your Wi-Fi settings.

Check If You’ve Been Hacked

Most breaches are crimes of opportunity. They’re usually automated, like a burglar who checks every house in the neighborhood for unlocked doors or open windows.

Securi SiteCheck is a good option for scanning for vulnerabilities

Google Search Console –  You can set up email alerts to automatically notify you when Google detects hacking attempts.

Have I been Pwned ? – a wonderful and scary tool provided by Troy Hunt to check if your email address has been compromised in large data breaches.

So, What If You Do Get Hacked?

If the unthinkable happens and your site does get hacked, all is not lost. Probably. You have backups right? ;)

First: Read the WordPress FAQ on getting hacked. It’s a solid guide that starts with the advice “stay calm”. Also see Securi’s guide to cleaning a hacked WordPress site.

Commercial Solutions

Securi specializes in removing and protecting sites from hacks — including for popular blogging software like WordPress. If you are hacked, you can sign up for their monthly plan protection plan which includes cleaning up your hacked site at sign-up.

WordFence cleans Joomla & WordPress hacks, and like Securi — you get the cleanup + subscription in one package.


Bloggers should keep up with what’s going down in the security world. You might follow blogs like Krebs on SecuritySecuri’s Blog, or other resources like the Security Now podcast to get wind of the latest breaches and protect yourself.

Keeping your blog secure shouldn’t keep you awake at night. As long as stay on top of your updates, stay smart and informed — you should be fairly secure.

A secure site will let you do what you do best: write awesome blog posts.

Image Sources – Lock and chain:|Life of Pix , Laptop: | Pixabay