Online forums have been swamped with stories of blogs being broken into and then blocked by Google for spreading badware. You should always adhere to these WordPress security tips to avoid your blog being hacked and having to face that kind of situation.

Stay current with the latest secure version

No software is free from bugs and security holes. Make sure that you are running the latest secure version. For WordPress - as of this writing - that means versions 2.3.3.

Wordpress gives plugins and themes full access to your blog. Plug-ins need to be kept up-to-date. The latest 2.3 series of WordPress notifies you in the Admin Screen when the plugins that you currently have installed have released newer versions.

Disable and remove any themes and plugins that you’re not using

If you are like the majority of bloggers, you have tried several different themes for your blog. More than likely, you now have a few different unused plugins that are installed.

Each one of these installed themes and plugins, is a potential security hole. Constantly keeping the unused ones up-to-date is a waste of your time. Deactivate all plugins that you don’t need or use. And then remove the files for unused plugins and themes from the server.

The final step is among the most significant. Eliminate unnecessary installations. Remember that everything you’ve installed lands in standard locations. A hacker can simply search your site, and take advantage of known holes. It is irrelevant that you are not using the package.

Only download and install trusted code

Just like you shouldn’t click on email attachments coming from people you don’t trust, you shouldn’t install software on your blog from untrusted sources. Only download code from the authors’ web site.

Wordpress, themes, and plugins are released as Open Source. Open Source allows anyone to modify the code, even if they have malicious intent. Any person with malicious intent can put up badware for downloading to unsuspecting web surfers.

There is a penalty for being an early adopter! Allow other people to work through the holes and security issues before you attempt to use the package.

Avoid any JavaScript includes

Web analysis services and ad networks require the addition of JavaScript to blog pages. JavaScript code is allowed to do almost anything with your web page without your permission. In Essence, you are trusting the security of your website to this unknown, third-party service

With regard to Google AdSense, Google Analytics, or other respected advertising networks and web analytics services, you shouldn’t be concerned. However, if a relatively new firm asks to put JavaScript on your web site, you should quickly run the other way.

An added drawback to advertising nets is the lack of controls as to which outfits can put ads on your net. With Google, there is an implied guiltiness here. In the event that you have unsavory ads on your website, you run the risk of being on the same blacklist.

WordPress security is an ongoing effort. Stay up to date with tips from Nick Dalton at TipsTricksToolsTechniques.com. You should also read his acclaimed report: The Digital Security Report for in depth advice on protecting your digital products.

- Nick Dalton