Home Blog

WordPress Defender


Hello, my name is John Hoff and welcome to SecureMyBlog.com. Like you, I too am a WordPress blogger.

I mostly blog about topics WordPress bloggers might like to know about, like SEO, increasing targeted traffic, optimization, making money,  hosting, etc.–but let me tell you, if there’s one thing that really gets my blood boiling–it’s when I hear about how some hacker has selfishly taken someone’s blog away from them.

Well I got news for you. You’re not alone in this fight. We have options and I am here to help you secure your blog and learn:

  • How to be safe online and keep what’s yours, yours.
  • How to greatly increase your blog’s security even if you’re technically challenged.
  • How to prepare for an attack so you can bounce back quickly with little or no cost to repair.
  • How to quickly and easily be notified by your own blog that something is has changed.
  • All this given to you in my 156 page guide, 16 videos of 2 hours of footage of me showing you what you need to do, and a powerful newsletter to keep you up-to-date and safe.

So what’s my story?

…and how did I get into this whole business of WordPress security? Well, it started with my wife’s website getting hacked.

Imagine you wake up one day and head to your computer. You’re ready to start working, and you’re happy that your online business is doing so well. That site is your shot at some extra money, maybe paying off that credit card debt – a better life. That site brings an added feeling of security to your life.

“And suddenly that security is violated…

When you go to visit your site, it’s not there. Gone.

All you see is a heart-stopping warning telling you your site’s been shut down. You’ve been hacked.

I’ve been there. My wife Lindsey decided to take her jewelry business online two years ago and really put her all into it. She wanted it to succeed, and as a family with two kids, we really could have used the money that site was going to help bring in. We had car payments to make and money was getting tight.

So we worked hard to build a website for Lindsey’s products, and with a deep breath, we launched it.

It was great. In just a short time, Lindsey was bringing in $1,000 a month from her site – that was a big help towards our family’s finances – that car payment? Paid, every month, on time. And Lindsey was excited about her jewelry business. It was working – it looked like it could even get bigger, maybe pay one more bill if she kept it up. She wanted to grow it even more, and we were really eager to see what we could do with this.

“One day, hackers stopped us dead in our tracks…

They took that feeling of hope away from us. They took away our car payment. And our little website that was working so hard for us.

I’ll never forget the look on Lindsey’s face the morning she turned around and asked, “John, what happened to my site?” Her beautiful online store was gone. This was what she saw glaring on her screen instead: 

We found out that her WordPress site had been attacked by a hacker, and he’d left a vicious virus behind. That virus not only ruined my wife’s site, but we discovered the virus possibly infected every customer’s computer as well.

What Having Our Website Hacked Had Cost Us…

My wife’s site was ruined, her business reputation was damaged, and we lost a valuable source of income for our family finances because her web host had shut the site down.

I spent a whole week researching and investigating for a solution. It was hard work, and I followed a lot of dead ends. I finally found the problem, but here’s what it had cost my wife and I:

  • Time: That week I spent tracking down the problem is time I’ll never get back.

  • Trust: The security breach shook our customers’ trust, and some of them never returned – those are permanent lost sales.

  • PageRank: The site fell from a strong page rank of 5 to an absolute useless 1.

  • Heartache: We felt horrible that our customers might have damaged computers because of our site.

  • Money: My wife’s business went from earning $1,000 a month to zero – overnight. That was money we’d been using to make car payments, among other things, and now we had to juggle finances to figure out where it was going to come from.

  • More money: We lost sales and customers, and we had to pay more money to rebuild the site.

These hackers are malicious, heartless, and downright evil. They don’t care how hard you worked or how much that site may mean to you financially and personally. They just show up in your WordPress one day and ruin everything you’ve worked so hard to create – for months. If they take your site out long enough, it can be enough to destroy your business permanently.

I spent those weeks when Lindsey’s site was down worried I wasn’t going to be able to find a solution. That her business would be destroyed forever. That if I couldn’t fix it, she was going to have to start all over again, heartbroken and hurt.

I don’t want anyone else to have to feel that horrible combination of helplessness and fury. I set to work making sure it could never happen again to Lindsey.

Don’t Let It Happen To You Too!

I spent months upon months learning everything I can about hackers and how they break into WordPress blogs and sites. I learned what security leaks they looked for and the holes they used to slip through. I spent weeks tracking down every trick those hackers used, and I spent even more weeks investigating the best solutions to stop them dead in their tracks.

Now I have one of the best defense systems against WordPress hackers available. My wife uses it. I use it.

And if you want your site to stay safe, I really think you should use it too.

“A few weeks ago, John kindly gave me a review copy of WordPress Defender. At 150 pages of solid instructional content, plus 14 step-by-step videos, this thing is no joke. 

Most of us aren’t WordPress security experts, but that’s ok, because John explains everything so that even non-techie folks can lock down their blogs against attack.” 

Quote taken from Michael Martine’s article referencing WordPress Defender on remarkablogger.com.

“WordPress Defender is WordPress security for the masses. 

Seriously, I think that just about everyone using WordPress will benefit from this book. Plus, John’s easy-going, laid-back writing style makes you feel right at home as he walks you through the many different ways of protecting your site. 

If you use WordPress and need to know more about how to protect your site against villains, you need to check him out.” 

Jeff Starr of Digging Into WordPress

WordPress Defender is Simple To Follow…

WordPress Defender isn’t some technical guide full of jargon that you can’t understand. I got so frustrated with that kind of stuff during my investigations that I swore the guide I wrote would be easy for everyone to read and that the security tactics would be so simple to implement that anyone – even brand-new bloggers and beginners – could use this guide.

WordPress Defender is written in everyday language that’s easy to follow. It’ll literally show you exactly how to turn your WordPress site from a prime hacker target into a locked-down fortress that’s impenetrable by anyone but you.

Some of my clients are internationally renowned names, and they have WordPress blogs that have thousands of readers visiting every day. These heavies can’t afford for their site to go down, even for a day. They certainly can’t afford to lose their whole site to some hacker who doesn’t care that their fun and games could ruin someone’s career.You can’t afford it either.

Speaking of those hackers, one of the most common questions my clients ask me about defending their WordPress blogs is this one:

“Why would a hacker do this, knowing it destroys my site? Who could be that malicious to someone they don’t even know?”

Half the time, they ask this question skeptically, before they ever get hit. They think there’s no way a hacker would ever bother with them. Their site is too small for hackers to be interested in it. They haven’t angered anyone or done anything wrong. Who would hack them?

The first answer is simple: Most of the time, a hack job is just an automated bot making random strikes. A hacker set up the bot, but after that it’s on its own. The bot doesn’t care how small your site is, or who you are, or what you blog about. It’s just doing the job the hacker told it to do: find vulnerable sites.

Right Now Your WordPress Site is Vulnerable!

As for the hacker himself? Here’s why he does it:

  • Because he can.
  • Because it’s there.
  • Because it’s thrilling.
  • Because it’s a challenge.
  • Because he thinks it’s fun.
  • Because he can brag about it.
  • Because he’s training for bigger attacks.
  • Because he doesn’t like you or what you stand for.

Hackers don’t need a reason to want to crush your site and destroy files. They don’t care how much they hurt you and your family. They don’t care if they cost you time and money. They don’t care if you don’t have the money to start over and rebuild everything.

They’re in it for the game.

I don’t think it’s going too far to say these guys are evil. They’re out there destroying lives just for the thrill of it. That’s psychopathic behavior, and you need to be protected from it, because it can strike completely at random and without warning – and for no better reason than the hacker thought it would be a kick to ruin your business.

You need the safety, security and peace of mind that your WordPress blog or site isn’t on these hackers’ radar. You can go to sleep at night knowing you have strong security measures protecting your blog from these malicious joyriders.

With WordPress Defender, you’re putting knowledge and power on your side.

How safe is your WordPress site right now?

In November 2009, there were well over 18 million WordPress blogs out there. And unless the blog owners spent days – even months – learning how to secure their site from hack attacks that could destroy their files, those WordPress sites came installed with one security configuration:

The default. You can imagine how thorough the default is.

That means that probably over 90% of WordPress installations out there are all configured the same way. When hackers only have to figure out how to crack one configuration, then it’s a piece of cake for them to hack that configuration on every single one of those 90% of blogs.

Think this won’t happen to you even though you still have the default security mode? Here’s how many returned search results there are for the words “my blog was hacked”: 

More than four million search results. More than four million sites, hit and hacked. More than four million people wondering what to do now that a hacker’s attacked their site and damaged it.

Not you. Because with WordPress Defender on your side, you won’t be searching for help on how to prevent WordPress hacking. You’ll be sitting back thinking the Defender was the best business investment you ever made.

With WordPress Defender on your side, you won’t be searching for help on how to prevent WordPress hacking. You’ll be sitting back thinking the Defender was the best business investment you ever made.

And it was a less-than-$40 investment.

That’s right, I’m selling WordPress Defender for less than $40. Crazy? Yeah, it is, but you know what? Back when Lindsey and I had our online business destroyed, we didn’t have more than $40 to fix our problems. We had to go into debt to rebuild her jewelry site. I wished there was someone who could help us start over – someone I could actually afford.

That’s why I made WordPress Defender as affordable as I could.

Think about it this way: my wife’s happiness and safety is worth a lot more to me than $40. I’m sure your own happiness and safety are worth a lot to you, and the same goes for your loved ones.

This is about protecting your happiness and your security. Hackers can literally destroy everything you’ve worked so hard to build. $39 is a small price to pay for that. If I could go back in time, skip that movie, popcorn, and drinks we spent on, and spent that same money to keep my wife from all that heartbreak? I’d do it in an instant.

Don’t wind up in my shoes. Don’t catch yourself wishing you could have gone back in time and protected the things that your security depends on. Skip the movie. Get the Defender. Go to bed knowing you’ll never regret that decision.

Questions & Answers (F.A.Q.s) about WordPress Defender

I’m sure you have questions so let me see if I can answer a few of those for you. 

Q: What version(s) of WordPress does WordPress Defender work for? 
A: WordPress Defender is not software, so there’s no worries about compatibility with current and future versions of WordPress. 

Q: Does this work if I use a Mac? 
A: Absolutely. 

Q: What if I’m using a template? 
A: Not a problem. You can use everything I show you in the book no matter what Theme you’re using. 

Q: Will these things work with my host? 
A: Yes. If your host lets you install and run WordPress, you’re good to go. 

Q: If I have more than one site, do I need to buy WordPress Defender more than once? 
A: Nope. This is information you can carry with you and implement on any of your websites and/or WordPress blogs. 

Q: If I buy this do you guarantee that I won’t get hacked? 
A: I really wish I could, but nothing in life is 100% foolproof. But I can definitely make it much much harder to crack into, and if you follow my suggestions, you’ll be ready if it ever does come to that.

See An Example of a Blocked Hack Attack

Want to see how WordPress Defender can help you protect your blog or site? I can show you. Not long ago, someone tried to hack into one of my blogs. But I’d set up security features – the very features I show you exactly how to set up in WordPress Defender.

One security feature blocked the hacker from getting access to my blog while another feature emailed me immediately to show me what the hacker was trying to do. Here’s a snapshot of the email I received that day: 

That hacker tried to get into my blog, but he didn’t know I had several security features set up to thwart his attempts. I show you exactly how to set up these security features in WordPress Defender so that you can lock your site down too, and the step-by-step guide includes pictures, a tutorial and an easy-to-follow-along video.

Oh and that security measure I set up which blocked the attacker above and notified me that there was an attempt… it took me less than one minute to set up!

I’m not kidding, folks – I want to make protecting your blog as easy for you to do as I possibly can.

Here are some other ways hackers try to get inside your blog or site:

  • Brute force password discovery
  • Hacking other sites to learn how to get into your site
  • Downloading viruses to your computer
  • Pose as friends you have and set up fake social media profiles
  • Gain access to your WordPress Dashboard by registering themselves for your blog
  • Hacking your FTP connection
  • Intercepting your username and password during WordPress logins
  • Exploiting weak plugins and themes
  • Using Google Search to find outdated blogs – could that be yours?

It’s Time To Fight Back…

Get WordPress Defender today, and learn how to set up security for WordPress enhancements and features for your WordPress site that fight back against common hacking tactics.

When a hacker tries to get into your WordPress site, they’re thinking like a car thief trying to break into an old Toyota Camry. The thief knows how the lock works and how to hotwire this make of car, so he thinks it’ll be easy. The hacker thinks the same thing: he knows how the WordPress site works and just where the vulnerable spots are on every other WordPress blog.

What the hacker doesn’t know is that your WordPress blog has a top-of-the-line security system. It’s like the car thief finding out your beat-up ’89 Camry has a custom-made lock they can’t pop, is impossible to hotwire, and has a security system that’s already alerted the cops. They don’t expect it. They get frustrated. And they run off looking for easier bait.

Don’t make your WordPress site easy for hackers to break into. If it’s difficult, they’ll go off and find one of the other 4 million blogs that are still vulnerable. And yours will be safe.

So today you can get WordPress Defender for $39 – that’s a steal. It’s my way of helping as many people as I can. I want this decision to be easy for you: trade one night for two at the movies, with popcorn and sodas, for your security. It’s not a hard choice.

What do you get when you buy WordPress Defender? You get an info-packed 150-page book that explains – in clear language and step-by-step instructions – 30 security strategies to protect your WordPress blog plus 14 bonus videos, nearly two full hours of me showing you exactly how to set up your security steps in real time.

Oh, and you also get complete peace of mind, the certainty that you’re not playing Russian Roulette with your income, and the confidence that comes with knowing that even if hackers are out there, you can take ‘em.

If you’re still unsure whether WordPress Defender is worth while, I completely understand, because I’ve seen the skepticism before with my clients. Most bloggers think their site will never get hacked.

When one of my clients is skeptical about whether they need protection, I ask these simple questions:

  • How much time and money have you invested in your blog?
  • How would you feel if you went to your site right now – and realized your blog’s been hacked?
  • How much would you lose if your site was attacked and destroyed?
  • Are you prepared to lose your blog posts, your pages, your whole database, forever?
  • Can you say with 100% confidence there are absolutely no spam links on your site right now?
  • What would it cost to replace your site right now, today, if you had to rebuild it from scratch?

If you want to learn how to protect your site and spare yourself a ton of heartache, wasted time, and lost income, then WordPress Defender is the right choice for you. It’s 150 pages and 14 easy videos jam-packed with security advice and tactics to help you keep your blog safe.

Some people think hacking doesn’t happen that often, but it does. Every day, to millions of people. Think of it this way: Would you leave all the doors and windows to your house wide open so passers-by could see the TV and the computers and the furniture, and then go away on vacation for a week?

Naturally you answered, “Of course not!”, but please understand that this is exactly what you are doing if you don’t have security measures in place on your blog right now. Your blog is your home on the web, and your windows and doors are all wide open. It’s only a matter of time before a hacker realizes that they can just waltz in and have their way with your possessions.

With WordPress Defender, you’ve not only closed the windows and doors – you’ve locked them, closed the curtains, and put an alarm system in place so you know when someone has made an unsuccessful attempt to get in. Makes you feel a lot better going to sleep at night.

Get your copy of WordPress Defender now, for only $39. Pat yourself on the back, too, because you’ll have a hard time finding something that gives you more peace of mind for such a reasonable price.

“John clearly knows what he is talking about and is skilled at bridging the gap between his extensive knowledge and that of a newbie or someone of less technological expertise. 

His tutorials are written so anyone can understand how to secure their blog. Easy-to-follow steps, simple diagrams and how-to videos make this is a super resource for WordPress bloggers. The “it will never happen to me” fallacy is the only thing that is under attack here; don’t risk letting your blog be the other.” 

Davina Haisell
“I would recommend your eBook and free mini course to anyone who has a WordPress blog. The book and course are fantastic examples of how to make a highly technical subject understandable to those of us who have no coding skills, but can cut and paste.

I also enjoy reading it for the bits of humor. Can’t say that about many technical books.” 

Keith Davis

Also, Get 5 FREE Bonus eBooks When You Subscribe to the WordPress Defender Newsletter After Your Purchase

Free Bonus #1: Speeding Up WordPressIn this free bonus eBook, you’ll discover:How I decreased my blog’s load time by as much as 4.6 times!How you can test how fast your blog loadsHow it’s all done with one simple cut and paste
Free Bonus #2: How To Install Google Analytics Without a PluginIn this free bonus eBook, you’ll discover:Why a plugin is not needed to run Google Analytics on your blogHow getting it set up without a plugin is just as easy as installing it with a plugin
Free Bonus #3: How To Spark That Creative Genius Inside YouIn this free bonus eBook, you’ll discover:8+ specific methods you can use to train your mind to think creativelyHow to approach the way of thinking when you come to something you don’t think you can doTo be creative, you first need to think this…
Free Bonus #4: A Mystery eBook (because I like to keep some things a surprise)In this free bonus eBook, you’ll discover:A little something about marketing yourself and whatever it is you do

Secure Your Blog Now…

Backed by My 30-Day Money Back Guarantee 

Want to know something? In many cases, hackers don’t want to crash blogs – they want to use it for their own devious purposes. Imagine your blog being infiltrated and littered with embedded spam and porn links without you even knowing! Don’t let that happen to you. Get WordPress Defender fighting on your side. 

Hacking CAN happen to you. WordPress Defender is your way of fighting back.

Wishing you a safe, hack-free blogging future,

The Top 5 WordPress Security Vulnerabilities


In the event that you claim a WordPress site, you ought to know about potential WordPress security vulnerabilities. Much the same as locking the entryways of your home, putting resources into a caution framework and paying for protection, your site ought to have security and wellbeing measures set up.


In all actuality, most WordPress security issues can be anticipated if site proprietors basically pursue WordPress security best practices. In this post, we’ll cover the absolute most normal site vulnerabilities that can trade off your WordPress site and the means you can take to fortify the security of your site.


  • Poor facilitating Before purchasing a facilitating plan recall forget that not all web has are made equivalent, and picking one exclusively on value alone can wind up costing you path more over the long haul with the security issues. Most shared facilitating situations are secure, however some don’t legitimately isolate client records and this can lead a gigantic rupture of your security when utilizing WordPress.



  • Your WordPress login-When thinking about their security while utilizing WodPress, the WordPress login is generally neglected. In any case, your WordPress login is the most regularly assaulted WordPress helplessness since it gives a way to within your WordPress site. Beast constrain assaults are the most direct strategy for assault that will be utilized to abuse your WordPress login.


  • Outdated Software-Updates have new highlights, bug fixes, yet one ought to likewise recollect that refreshes are additionally to make your WordPress login more secure. When you WordPress site is running obsolete form of modules, subjects or WordPress, you risk having known adventures on your site. Updates aren’t only for new highlights or bug fixes-they can likewise incorporate essential security patches for known adventures.


  • PHP Exploits-Exploiting PHP code is a typical technique utilized by programmers to access your WordPress site, so it is urgent that you decrease the hazard by constraining abusing oppurtunities on your login from the programmers. Uninstall and totally erase any superfluous modules and topics on your WordPress webpage to constrain the quantity of passages and executable code on your site. Never utilize unconfirmed modules or modules that are not successful or modules that are not critical. Keep your site clean and erase all the abundance modules.


•             Installing programming from untrusted sources recall forget to just introduce programming that you get from WordPress.org, surely understood business stores or specifically from legitimate designers. Keep away from “nulled” forms of business modules since they can contain malignant code. This may cost somewhat more or get your WordPress login’s upkeep more costly however it is constantly less demanding to be protected than

WordPress Security Measures Every Site NEEDS To Have


WordPress is an inconceivably well known, amazingly adaptable stage. What’s more, however construct WordPress is genuinely secure with respect to paper, practically speaking it’s just as secure as you make it. WordPress is the most famous substance administration framework on the planet – so it shouldn’t shock that it’s the most much of the time focused by lawbreakers. From malware to botnets to spam, the assortment of ways your site can be focused on is unimaginable. You have to give it your best shot to ensure yourself – up to and including the stuff delineated here.


For one thing, investigate your username and secret word – and the accreditations for each essential record on your WordPress site. Secret key based assaults stay a standout amongst the most well-known means by which any site, WordPress or something else, may be ruptured. Keeping that in mind, you have to…

Abstain from utilizing the default username, and utilize one that is not quite the same as the name showed to clients.

Try not to utilize a similar secret key for your WordPress site that you use for different locales.

Make solid passwords

  1. Interruption DETECTION

The thought behind an animal power assault is extremely basic – a PC program acts like a human client, and attempts a huge amount of various secret phrase mixes in fast progression until the point when one of them works. Such assaults are on the ascent – however fortunately, they’re anything but difficult to protect against.

Introduce an interruption recognition module, for example, Wordfence. Something that consequently bolts a record after a specific number of fizzled logins, squares movement from suspicious IPs, and authorizes solid passwords.


Spam remarks run wild on WordPress. Notwithstanding obstructing your remarks sustains with undesirable trash, they can fill in as a conveyance medium for malware. Fortunately like animal power assaults, spam on WordPress is genuinely simple to oversee.



The more layers of security you apply to your site, the better. With two-factor verification, anybody endeavoring to login or get to administrator usefulness on your control board should experience an extra confirmation step, signing in through a code given by either an application or a SMS message.

  1. Standard UPDATES

Last however surely not slightest, recall that security refreshes exist on purpose. Each time another refresh is discharged, you have to apply it instantly – inability to do as such puts your whole site in danger. WordPress itself isn’t naturally unreliable, however that doesn’t mean it’s safe to assault – new vulnerabilities are found all the time, and on the off chance that you don’t fix them out, you’re basically welcoming a hack.

Top 5 WordPress Security Plugins to Secure Your Website

  1. All In One WP Security and Firewall is a standout amongst the most prevalent WordPress security modules. It’s anything but difficult to utilize and you can design this module pretty effectively, regardless of whether you don’t have any tech abilities. It’s outfitted with an interesting reviewing framework, so you can see which territories of your WordPress site are ensured, and what you have to enhance. Since it’s outwardly based it’s anything but difficult to see and right any territories of your site that may be powerless. The principle ways this module will enhance your security are by ensuring against blue power login endeavors, anchoring your client accounts, making a site firewall, securing your WordPress databases, and notwithstanding enabling you to boycott certain locales or IP addresses.
  1. iThemes security is an element pressed WordPress security module. It’s accessible as both a free and paid module for WordPress destinations. The paid adaptation will open more nitty gritty safety efforts. The free form has some not too bad highlights, yet in the event that you truly need to secure your site, you’ll need to think about the genius adaptation. It won’t just open some excellent security includes but at the same time it’s reasonable, at just $80 every year.

  1. WordFence Security is one of the best free WordPress security modules available. It exceeds expectations in shielding your site from beast constrain assaults, continuous security checking, login page insurance, and IP boycotting. Additionally, it adds a firewall to your site. WordFence likewise has a broad database of culpable sites and IP addresses, which are molecularly obstructed from getting to your site. The top notch rendition of the module is furnished with extra highlights to take your security higher than ever. That incorporates continuous risk security, an enhanced firewall, two-factor validation, geographic insurance, devoted help, enhanced spam assurance, and the sky is the limit from there.


  1. The Sucuri Security module is made by a group of WordPress security specialists. This module is sans altogether and will help both will standard site checking, and fortify your current levels of security. When you introduce the module it will naturally examine your site to search for any contaminated documents or known wellsprings of security shortcoming. You would then be able to reestablish or fix your site to guarantee it’s in great working condition. Past this underlying sweep and tidy up this module will furnish you with ordinary site observing and malware filtering. In addition, it will reinforce your current security conventions to guarantee that your website is ensured against the greatest dangers and vulnerabilities sneaking on the web.
  1. SecuPress is a generally new expansion to the WordPress security space. In any case, it’s seen exceptionally fast development. There are both free and premium renditions of this module accessible. One of the most grounded highlights of SecuPress is its natural UI, which makes it unfathomably simple to setup and utilize. Not just that it’s outfitted with a worked in security scanner, which will examine your site for six principle purposes of weakness.