How Pros Make Money Online

Income Diary

"Do Not Write Another Blog Post Until You Watch This Free Video..."

Traffic Domination

Watch this free video to learn...

  • How I got over 10,000,000 people to visit my websites.
  • The types of blog post that got me all that traffic.
  • How to get someone else to do it for you!

Where should I send your video?

How we get over 64.75% of new email subscribers

We first added a popup opt-in box to IncomeDiary back in 2010. Today, it gets us more subscribers than our homepage opt-in, footer opt-in, sidebar opt-in and squeeze pages combined. After seeing how well it worked for us, we decided to develop it into a plugin our readers could use. It's been so popular that over 60,000 websites now use it!
Click Here For More
  • Manuel

    Great list Michael, I recently tried to backup my database but I wasn’t too pleased with the result I got. Backup Buddy looks good. And I hope to see your posts more frequently. Peace!

  • Yo Mike, this is a wonderful list. Thanks for sharing!

  • Super post Michael. Thanks for reminding us that whether you’re running a small blog/website security is very crucial. Not only big site are hacked, also small one. I hope all who read this post will agree and take this matter serious. before I forget Michael, please check “Top 10 World Richest Blog / Website Ever – The Top dogs of the $1 trillion a year industry – Information publishing industry -2011 ” this list was inspired by lists.
    Links –

  • I love how comprehensive this list is. Definitely worth going through again to make sure I’m covered.

    By the way, are you heading to AwesomenessFest again this year?

  • Dustin Bentley

    Very useful! I think I know where I got wrong before because my wordpress was hacked and how I wish I was able to read your post before that happens so I can prevent it but the good thing I now know. Thanks for information. I so love this.

  • This has to be one of the best articles I’ve ever read on protecting your blog. I’ve used some backup programs with success and knew about those but there’s obviously a lot more you can do to avoid the problem in the first place. This one will be bookmarked for ongoing reference!

    Thanks for the great list Michael!

  • Samuel

    Awesome tips Mike! Hackers don’t rest, always looking for a way to satisfy their ego. In order to do that, they must hack! I will apply some of these tips on my blog. Thanks so much for sharing. Rock on!

  • WOH that was one solid post! The only issue I have been having and think I might have again in the future is updating wordpress itself. Since I have a custom theme I am always afraid its going to break something. Have you had any issues with that?

  • Facebook Fans Samurai

    Thanks a million Michael. This info is just what I need at the moment. I’m going to use several of these advice. I’m currently using a free Back-Up Plugin. I guess I’m going to have to change that.

    Btw, your earlier post on how to make WordPress site load faster was also beneficial. You seem to be posting everything I need these days regarding WordPress. Subscribing to your Newsletter has done me so much!

    Thank you,

  • Gabriel

    Thanks for these tips! It’s awesome that you don’t need to be an expert to easily apply these methods to secure your WordPress blog.

  • Melanie Rembrandt

    Excellent tips! Thanks very much for summarizing this important information!

  • Awesome Michael! I knew a lot of the 1st tips but when you started getting into the more advanced stuff I had some idea of what you were talking about but it is a huge eye opener and I will be implementing your tips right away! Don’t want to get hacked 😉 arggghh lol

  • Nic Penrake

    Amazing amount of content, Michael. It’ll probably take me till Christmas to apply all the tips on my blog. Here and there I could have done with a more detailed explanantion. What’s an htaccess file, for instance, and where would I find it? Great stuff. Nic

    PS. Is your own blog based on a template, such as Socrates, or custom? It’s possibly the best IM design I’ve seen.

  • Bart

    Hi Michael,

    Love your blog! Reading it for a month now.

    Missing two important things in your post.

    Login over SSL
    1) Use:
    define(‘FORCE_SSL_ADMIN’, true);
    instead of
    define(‘FORCE_SSL_LOGIN’, true);
    in wp-config.php. It does all the work. All admin trafic is forced through SSL and is fully encrypted. Login session cookies are only send over SSL.

    No need for plugins. As a matter of fact. “Admin SSL” didn’t work for me. It failed when I tried it a few weeks ago. It’s last update is: 10 july 2009 and that makes it abandon-ware

    After days of searching I encountered the above solution: It really works great and is embedded in the core of WP, which makes the solution very robust. Be aware add the define(‘FORCE_SSL_ADMIN’, true); in the begin of the file not at the end. Cost me a two whole days to figure that out…..

    Login over SSL is very important on unsecured WiFi and untrusted networks. I encourage everyone to use is, if there host allows the use of SSL.

    Brute force attacks.
    One of the best counter measures against a brute force attack is throttle the attack. There is a nice plugin “Limit Login Attempts” that just does this. It has a short and long lockout periode. Lockout behavior can be fully tweaked, but the standards are just fine to use. It’s a great just install and forget plugin, which gives a lot of added security to your blog.

    Cheers, Bart

  • Hi Michael/ rugged scar face:)

    Thanks for the great post, so many things for a non-techie.
    Keep up the great posts, I always look forward to receiving them;)

  • Duane

    Hi Micheal

    Fantastic post!, I have learnt things from this post that I
    didn’t even think about before.
    There is alway’s ton’s of useful information on this site.
    I look forward to your next post.

  • I tried WordPress firewall but don’t know how it works and is it worth installing. This extra plugins can slow down my website.

    Very useful post. Could have been a ebook itself. Thanks for sharing.

  • Louweezy

    Wow this is all really good stuff and I didn’t know Plugins can carry viruses thats nuts! Thanks again Sir

  • Hey Michael, as always a first class post, and just what I needed to get my very first WordPress site up to scratch. I got a ton of take-aways from this article, so thank you very much for this. Looking forward to your next post!

  • Great list of things to be aware of. I use EZ Backup that emails me daily with a backup of my WP site.

  • Very good list! I would add a few more:

    1-Change your password often!
    2-Do not login to the admin panel while on a public (unencrypted) wifi
    3-Scan your site for malware and other badness. Free scanner here:


  • My website has been hacked once by the kurdish hackers and they replaced the index file…. Since then I have been using a strong password. However, Michael has given some tips that are important, thanks Michael. Cheers.

    BTW, if anyone falls victim to index file replacement, just login to your server and replace the index file of your wordpress theme or reinstall the theme altogether.

  • harvestwages

    Man, i like this post. You’ve uncovered so many hidden technics. i need to make some updates on my blog. now

  • Wow, after reading this I suddenly feel naked. I had already done the robots.txt thing. But I never thought to do anything else!

  • I lost my wordpress blog and my hosting all in one go from hackers.
    Please take note of this blog and do what it says to the letter. It will make a difference.

  • Great stuff! I get lost and emotional if I get minor issues with my Blog! I can’t imagine what I’d do if something major happened! This information is very useful, I thank you for you time & effort, it’s clearly not one of these 5 minutes posts! Quality! Love it, regards Peter

  • Marty

    I’d always been concerned about the default “admin” issue. I’ve only been using wordpress for a short while. Thanks for these good tips. I’ll be working through them.