How to Protect Your Blog From Hackers, Tech Gremlins and Things That Go Bump in the Night

You pull up your blog first thing in the morning, ready to create a new post. You’re feeling creatively inspired, and can’t wait to start writing.

But when you try to log in to your blogging tool, you can’t get in.

In fact, you can’t see your blog at all. It looks like the whole site is just….gone.

Imagine how you would feel if you feel if your blog simply vanished. All your carefully written posts, your hand-selected images, your comments — all of it disappears in a flash.

This isn’t a ridiculous, impossible idea. It’s completely possible – and it happens more often than you might think.

Bloggers can be the victim of hacking attempts, hosting problems, miscommunications with Google, and other technical issues – all of which have the potential to wipe out months (or years) of a blogger’s hard work.

But there is good news.

There’s one fairly simple step you can take to avoid losing your site. That step is backing up your blog on a regular basis.

How to Protect Your Blog from Hackers, Tech Gremlins and Things That Go Bump in the Night

All the major blogging platforms have simple ways to do regular backups of your work, and some platforms even offer ways to automate the process.

In this post, I’m going to explain how to run backups on the five biggest blogging platforms – WordPress.org, WordPress.com, Blogger, Typepad and Squarespace – so you’ll never need to wake up at night in a cold sweat, wondering if all your hard content-creating work might’ve just gone up in smoke.

Let’s start with the world’s most popular blogging platform: WordPress.org.

Why WordPress.org Sites Get Hacked – and Why It Matters

There are a lot of advantages to blogging with WordPress.org. It’s flexible, fast, and full of fantastic tools and themes you can use to grow your email list, check your visitor stats, and customize the look and feel of your site.

But WordPress.org has one major disadvantage, and that’s hackers.

WordPress.org sites get hacked all the time, because WordPress.org is a wildly popular, open-source platform.

Hackers can add all kinds of malicious code to your site, causing issues like:

  • Creating obnoxious pop-ups to come up on your blog, advertising stuff you wouldn’t want your mother to see
  • Adding malicious code to your site to get access to your email list, credit card information, or other data
  • Locking you out of your WordPress.org dashboard
  • Bringing your site down entirely

Sometimes, hackers do really weird things to your site. Last year, I got hacked, and the only thing the hackers did was transform my most recent post into an x-rated article full of links to porn sites. They kept the title and the image of the article the same, so actually it took me a couple of days to realize what they had done.

One of my developers, Michelle Panulla, couldn’t stop laughing when I called and asked her to try to fix it – she said it was one of the cleverest hacks she’d ever seen. I can laugh about it now – but I wasn’t laughing back then!

Thankfully, was easily able to restore my site, because we run regular backups of my entire blog.

And you should never assume that because your site is small (or about a topic that’s not controversial) that you won’t get hit. WordPress hackers don’t discriminate – they’ll hack your site if they get the chance, no matter how small your site is, or how much traffic you attract.

How to Back Up a WordPress.org Blog

Want to decrease the damage hackers can do to your blog? The best thing you can do is perform weekly backups of your entire site.

That includes your blog posts, pages, theme, comments – everything on your site.

When you back up your site regularly, you won’t necessarily prevent hackers from messing with your site, but you will make it easier to restore your blog once it’s been hacked.

My favorite tool for performing regularly backups for WordPress.org sites is Backup Buddy, a premium plugin that allows you to set up automated backups of your entire site. You will need to pay a yearly fee to use this plugin.

Here’s a tutorial that walks you through the steps of configuring Backup Buddy, running your very first backup, and setting up automated backups.

VaultPress and BlogVault are two other (paid) options for running automated backups of your WordPress.org blog.

An Important Security Issue for WordPress.org Bloggers

Doing regular backups is great, but what if you want to avoid getting hacked in the first place?

One of the best things you can do to avoid getting hacked is regularly update your site to the most recent versions of WordPress and all of your plugins.

As the WordPress team spots security problems in its code, it regularly fixes them by releasing new versions of the WordPress.org software.

In years past, you could often go for years without updating to the latest version of WordPress – but these days, not updating your blog (and continuing to use an ancient version of WordPress) leaves you highly susceptible to hackers.

Many hackers actually look for bloggers who haven’t updated their sites recently. Right now, running an a really old version of WordPress is like rolling out the red carpet for these malicious weenies.

If you’d like someone else to take care of backing up your site on a regular basis AND keep you running with the most recent version of WordPress and your plugins, it’s a great idea to sign up for an ongoing maintenance service with a qualified WordPress developer.

Having a developer handle monthly maintenance for you is actually cost effective, too. Consider these potential costs, for trying to manage WordPress security on your own:

  • Buying a license for Backup Buddy, which is your best option for backing up your WP site on your own ($90 a year)
  • Managing your own WordPress and plugin updates, which can take several hours each year and will pull you away from doing more important business tasks (around $300 a year)
  • If your WordPress update fails, you’ll need to pay a developer to help you sort out the problem ($250-$500 each time)
  • If your best security efforts fail, and you get hacked anyway, you’ll need to pay a qualified developer to help you restore your site and remove all malicious code (Usually $400+, depending how bad the hack is)

Since most developers charge between $35 and $50 a month for ongoing WordPress maintenance fees, it actually saves you money to let someone else manage your WordPress security efforts.

If you’re looking for a WordPress specialist who can keep your site safe by managing your updates and putting up barriers to getting hacked, I highly recommend Tim Falb.

Tim offers a monthly WordPress maintenance service called Eagle Eye Updates, and right now he’s offering a low price for my community members of just $30 a month, or $300 a year. Check out Tim’s site for details on his services.

Note: I am an affiliate for Tim’s services, so I do receive a small commission if you sign up with him. I have worked with Tim many times in the past, and he’s a highly reliable and ethical developer.

Now let’s move on to WordPress.org’s closest cousin: WordPress.com.

How to Back Up a WordPress.com Blog

Here’s what the WordPress.com support site says about running backups:

“If your blog is hosted here at WordPress.com, we handle all necessary backups. If a very large meteor were to hit all the WordPress.com servers and destroy them beyond repair, all of your data would still be safe and we could have your blog online within a couple of days (after the meteor situation died down, of course).”

This sounds awesome, right? And it probably is.

However, as someone who usually errs on the side of caution when it comes to technical stuff, I still recommend running your own manual backups. It will only take a couple of minutes a week, and it’s always better to have too MANY backups than to have too FEW.

Here’s how to export your site and create your own manual backup in WordPress.com:

  1. Go to WordPress.com and log in to your account.
  2. Click on “My Site” in the upper right corner of your screen.
  3. At the very bottom of your left navigation bar, click on “WP Admin.”
  4. Hover over the word “Tools” in left navigation bar of your WordPress Admin dashboard, until you see a dropdown menu appear.WPCom1
  5. Click on “Export” in that dropdown menu.WPCom2
  6. Click on “Start Export” under the “Export” section on the left side of your screen.WPCom3
  7. Choose “All Content,” then click on the blue “Download Export File” button.
  8. Save the file to your computer. It’s a good idea to start a folder for blog backups, because this is something you’ll be doing on a regular basis.

For more information on exporting your site to create a manual backup of your WordPress.com site, click here.

How to Back Up a Blogger (Blogspot) Blog

Because Blogger (Blogspot) is a totally free platform, their tech support can be really hit or miss. That means if you’ve got a problem and your blog disappears, you don’t have a reliable tech support team to call or email to help you sort out the problem.

That’s all the more reason to consistently create backups of your site if you’re blogging on the Blogger platform.

To create a backup in Blogger, you’ll need to export your blog to a file, then save that file on your computer to keep it safe. When you follow this process, you’ll get a .xml file that acts as your backup.

Here are the steps you should follow to export your Typepad blog:

  1. Sign in to Blogger.
  2. Select the blog you want to export.
  3. In the menu on the left side of your screen, click on “Settings,” which will open up some additional options under that word.Blogspot1
  4. Click on the word “Other” under “Settings.”Blogspot2
  5. Under the “Import and back up” section at the top of your screen, click on the “Back Up Content” button.Blogspot3
  6. When you click on that button, you’ll see a pop-up box appear. Click on “Save to Your Computer,” and your exported file will be downloaded automatically.Blogspot4
  7. Make sure you save the file somewhere where you’ll be able to get to it later if you need it. It’s not a bad idea to create a folder called “Blog Backups” somewhere on your computer, and always save your backup files to that folder.

How to Back Up a Typepad Blog

Typepad apparently does some periodic backing up of their sites, but it’s definitely a good idea to create your own manual backups, too. Don’t rely on their backup process to protect your content.

You can export your Typepad blog to create a manual backup. Here are the steps you should follow to export your Typepad blog:

  1. Log into your Typepad account.
  2. Click on “Settings.”
  3. Click on “Import/Export.”
  4. Scroll down to the “Export” section.
  5. Click the “Export” button to generate your export file.
  6. Once the export (backup) has run, you’ll see a link to download the file and save it on your computer.
  7. If you are a Windows computer, click on the link with the right mouse button and choose “Save Target As” or “Save Link As” to save the file.
  8. If you are on a Mac, hold down the “Option” key while clicking, and choose the “Save Link As” menu option to save the file.

Learn more about the Typepad export process by clicking here.

How to Back Up a Squarespace Blog

According to their support website, Squarespace reportedly performs extensive site backups on your behalf, so they say there’s no need for you to manually back up your site.

I still think it’s good idea to perform your own backups. Servers fail, and problems happen that are out of your control, and I’d always rather you be safe than sorry.

You can export your SquareSpace blog to create a manual backup. Here are instructions from Squarespace, for doing your own backups (including a nice tutorial video.

The Most Important Weekly Appointment on Your Calendar

We’ve talked about the unique security issues of WordPress.org, then walked through the process of backing up your blog with the five most popular blogging platforms.

The most important message of this entire article is to make sure you regularly perform backups of your blog content.

Weekly backups certainly won’t prevent every problem. Hackers will go on being jerks, and tech gremlins will still crop up. But if you’ve backed up your site, at least you can rest easy, knowing you always have a way to restore your site if something catastrophic happens.

And that’s a compelling reason to create a weekly appointment with yourself that’s called “Weekly Blog Backup.” Then make sure you always honor that appointment, and create a backup of your site every single week.

Otherwise, all your hard work on your blog can disappear like a puff of smoke.

And your backups can shield you from ever having that happen to you – so you never again need to sit down to write a blog post and have to say, “My blog is gone!”

Picture your weekly backups like the antidote to hackers, hosting problems and other catastrophic blogging problems. Perhaps they won’t prevent your blog from ever getting sick – but they certainly can prevent the illness from becoming a fatal one.

The Ultimate Guide to Creating a Warm Welcome Message

Make sure your first impression doesn't fall flat.

The Ultimate Guide to Creating a Warm Welcome Message

Make sure your first impression doesn't fall flat.

7 thoughts on “How to Protect Your Blog From Hackers, Tech Gremlins and Things That Go Bump in the Night”

  1. Great info. Thanks so much, Beth. I haven’t lost my blog info yet, but I have worked with computers for 30 years and have lost work numerous times–besides the irritation and frustration you have from having to redo everything you already did–almost always when you don’t have the time–there is the sick feeling in your gut because there are things you can’t redo and lose forever that make this article so very valuable to a new/rising/wannabe blogger. I appreciate your time researching and writing it and sharing it with us. Marianne

    1. You’re welcome, Marianne! I’m really glad it was useful. If I can save even one blogger from having that sick feeling in his/her gut, it will be worth it to me! 🙂 Thanks for dropping by.

  2. Thanks for this information, Beth. I’ve had the fear of losing my content. I just backed up my wordpress.com site by following your directions. I’ve seen Export in the Tools menu before but never paid attention. This is great!

    1. Agreed, Rahul – it’s easy to ignore this tech stuff, until something goes horribly wrong! That’s exactly why I wanted to publish this piece as a reminder.

  3. I think that tapping into the network of a competitors site is really important because you need to know healthy competition. However there is unethical hacking done all the time so It is good knowing what you can do to protect your site. I will make sure I apply the safeguards you have suggested so I can protect my own blog. Thanks for sharing.

Leave a Comment

Your email address will not be published. Required fields are marked *