With the progress in AI-based facial forgery (i.e., deepfake), people are concerned about its abuse. Albeit effort has been made for training models to recognize such forgeries, existing models suffer from poor generalization to unseen forgery technologies and high sensitivity to changes in image/video quality. In this paper, we advocate robust training for improving the generalization ability. We believe training with samples that are adversarially crafted to attack the classification models improves the generalization ability considerably. Considering that AI-based face manipulation often leads to high-frequency artifacts that can be easily spotted (by models) yet difficult to generalize, we further propose a new adversarial training method that attempts to blur out these artifacts, by introducing pixel-wise Gaussian blurring. Plenty of empirical evidence show that, with adversarial training, models are forced to learn more discriminative and generalizable features. Our code: https://github.com/ah651/deepfake_adv.