Normally, your goal is to attract as many visitors as you can to see your photo blog. The more popular your site is, the more opportunities you have to show off your work. And for those photographers marketing their services, there are more chances to gain potential clients.
Unfortunately, there may also be times when you need to keep certain visitors away from your website. Once your WordPress photo blog is up and running for a while, you’re bound to encounter spam and unauthorized access attempts to the backend of your blog. The best protection against malicious attacks on your site is to keep your WordPress up to date—see WordPress security.
In addition to making sure you have the latest versions of WordPress (including themes and plugins), here are three ways you can protect your photo blog from spam and hackers:
1. IP Deny
If you have a small number of visitors you need to keep out, you can block their IP addresses. If you have cPanel web hosting, you can use the IP Deny Manager tool to list specific IP addresses and ranges of addresses to block from your website. If your web hosting company uses their own custom interface, you should be able to block IP addresses using a similar tool they provide. The only drawbacks to using IP Deny are that it can be a bit cumbersome if you have a lot of IPs to block; and if someone uses a proxy server they could still potentially access your site. Still, I’ve used it successfully to keep some annoying spammers out.
2. Edit Your .htaccess File
There are many good plugins you can install that will help protect your WordPress blog from hackers that try to use an automated script to repeatedly try to discover your password and login to your site. Unfortunately, plugins that limit the amount of login attempts can also cause your web hosting company to disable your WP login. One solution to prevent unauthorized login attempts is to edit your htaccess file to only allow logging in to your WP dashboard from your own domain. I’ve included detailed instructions in my previous post on htaccess security.
3. Install and Activate the Akismet Plugin
Finally, if you’re just getting tons of spam comments and trackbacks, the best solution according to the experts I’ve heard speak on the subject is to install the Akismet plugin and subscribe to the service. This should take care of your unwanted spam. The only downside to using Akismet is that you do have to pay for the service. But, if you just don’t have the time to go through and get rid of all your spam, Akismet can be well worth the price.