John Hoff is a guy who knows way more about WordPress security than most people could ever hope to. He offers a security upgrade service that I’ve recommended before, but now he has an option for people who want to save money by doing the work themselves.

His new ebook is called WordPress Defender: 30 Ways to Secure Your Blog From Attack Anyone Can Do. Do you see the double meaning in that title? John meant:

(30 Ways to Secure Your Blog From Attack) Anyone Can Do

That is, you don’t need to be a techie to implement these steps. You just need some basic skills, such as installing plugins, editing files, etc., and he spells out what you need to do to secure your blog.

But the title could also mean:

30 Ways to Secure Your Blog From (Attack Anyone Can Do)

You see, hacking a blog isn’t all that difficult. The problem is that almost all WordPress installations have the same out-of-the-box security configuration. So when a new vulnerability is discovered in WordPress, a hacker knows that he can exploit it on most blogs. He can even set up a bot to automatically carry out attacks on huge numbers of blogs while he sleeps.

Don’t think that you’re not a target because your blog is too small, or it’s not making that much money, or you’re too nice. It’s almost inevitable that you will be targeted at some point. I’ve been hacked at least once, maybe twice, and every now and then someone else will try. Fortunately, John’s system has made me much safer, and I get notifications when someone is trying to hack me.

I get a little more paranoid about hackers each year. Last week, the head security guy where I work gave a presentation about how big the threat is. He thinks that antivirus software is basically useless, because it only protects you from the hackers who aren’t trying very hard.

He told us about companies that sell viruses to people who want to hijack other computers. Many of them offer live support – if you buy a virus from them that gets caught by antivirus software, just call their toll-free number and they guarantee they’ll fix the virus to put the bad guys back in business.

He told us about how the hackers we catch in the U.S. are at the very lowest levels of their organizations. The big guys operate from certain countries in eastern Europe, where they’re safe from prosecution, and free to recruit people to carry out their evil deeds.

In other words, hackers are a very big threat, and one you can’t afford to ignore. John found that out the hard way when his wife’s online jewelry business was completely shut down by a hacker. And millions of other people have learned this lesson after it was too late.

WordPress Defender is 150 pages of solid information about how hackers think and how you can thwart them. It also comes with 14 videos (nearly 2 hours worth) to make things crystal clear and easy to follow along.

Unfortunately, people often make the mistake of waiting to get hacked before they start thinking about security. It’s far better to get prepared now, so you can relax knowing that you’re not an easy target. While nothing is completely secure, the system in this ebook will make your blog far more secure than it is now.

I had some technical difficulties with my blog recently. Some files got corrupted, and I wasn’t able to log in. I don’t know if I was hacked, but it made me wonder.

Since then, I’ve been a lot more interested in WordPress security. That’s how it goes, right? We’re not concerned about what could go wrong until something happens. But if you have a blog, there’s a good chance that someone will try to hack it someday. When that happens, you don’t want them to succeed.

John Hoff from WpBlogHost offers a WordPress security upgrade, normally priced at $49.95. From now until Thursday 5/7/2009, use the promo code “Hunter” to get it for just $24.95.

Here are some of the things included in the security upgrade:

• Rename your database tables so they don’t start with “wp_,” making them harder for hackers to find.
• Protect your login page from brute force password attacks.
• Prevent other people from accessing pages and directories you don’t want them in, such as your login page.
• Block people who attempt common hacker attacks, such as SQL injection.
• Hide your WordPress version number, so you won’t be seen as a target if your version isn’t up to date.

Of course, nothing is 100% secure. But just like a bank is far more secure than a hot dog stand, a blog with these security upgrades is far more secure than a blog using the default installation. I highly recommend a one-time investment in this security upgrade to all WordPress bloggers. I feel way more secure now than I did before.

Whether you have a blog or not, take a minute to consider all the passwords you use online. Just because your password is a little harder to guess than “password1″ doesn’t mean it’s secure. Make sure you’re not using dictionary words, or names, or sequential numbers. Use a mix of lowercase letters, uppercase letters, numbers, and symbols. Don’t use the same password for every site, and change them periodically.