Does Your Blog Pass This Safety Test?

90% of companies say they’ve been hacked in the past 12 months (Source: Ponemon Research, 2011).

Almost 60% have been hacked twice. And more than half doubt they can stop it from happening again.

These aren’t bloggers… they’re multi-million dollar companies with enterprise level security.

They’re not a one-man operation - some employ over 75,000 people - and despite their best efforts, hackers tear through security holes each and every day.

What’s to stop them from taking down your site? WordPress? Unfortunately, WordPress is notorious for security issues (out of the box, at least) which makes them WIDE open for anti-social cyber-weasels to chew through.

Fortunately, there are ways to protect yourself.

 Step #1. Delete your admin account

Hackers only need two things to break into your site: your admin username and password. Unfortunately, most bloggers keep “admin” as their username… which makes it twice as easy to hack into your site.

Here’s what you do: create a new admin account with a different username. Then, delete the existing “admin” profile.

To do this, go to Users, hover over the “admin” user and click delete.

You should see a page like this:


If you’ve been writing under this username, be sure to select “Attribute all posts and links to:” and move it to your new username. This way nothing gets deleted.

Step #2. Backup your database

If you’ve followed these lessons to the letter (and you have, haven’t you?) you’ve already installed WP-DBManager. This handy plugin automatically backs up your database each day and emails it to you.

If you haven’t installed this plugin, do so now. Seriously.

Step #3. Update WordPress and plugins regularly

WordPress updates usually have security patches. Plugins usually do… but strange things can happen when you update. Be sure to update your files before you do this.

Of course, if you did step #2 this happens automatically. You did do step #2, right?

Step #4. Change your database username and password

If a hacker gets through your database, they have free reign to terrorize the rest of your site… IF it’s the same user/password. By changing it, you contain them in your database only.

Then, you can simply upload a saved database from the day before. You did do step #2, right?

That’s it. These four steps will keep most hackers at bay. But it happens. Gary Arndt got hacked. It could happen to you. So please, please, please go do these four steps right now!

To your successful travel blog,

Adam Costa

Editor in Chief, Travel Blogger Academy

P.S. This is part of a 24 part course on travel blogging. If you haven’t already, sign up for it now.

About adamcosta

Adam Costa is co-founder and Editor in Chief of both and TravelBloggerAcademy. He currently lives... um... somewhere.

Fill out this simple form and gain INSTANT access to Travelblogging 101: The Ultimate Guide to Building & Running a Profitable Travel Blog!


  1. There’s no delete button associated with admin. Only with the other users.