Blog security is an often-overlooked necessity for bloggers, even though blog hacking is a surprisingly common event and it is a problem that can affect just about anyone.
For example, shortly after Christmas, Swedish Foreign Minister Carl Bildt found that his blog had been hacked, hosting unauthorized ads, including those for mail order brides.
Though what caused the hack in that case is unknown, what is known is that the site was pulled offline for some time, cleaned up and restored, but only after much embarrassment and headache.
However, that is probably the least damaging kind of hack possible. Hackers, upon taking over a blog, have been known to do a variety of things from using a blog to install malware on visitor’s machines (which may also get you blocked in Google), turn your site into a spam blog by hiding unwanted content or, in many cases, just delete all of your hard work.
So how do these hacks happen? Most, sadly, are caused by careless bloggers who leave open security holes on their sites. With that in mind, here are some of the quicker ways to get your site hacked and virtually ensure that you have, at the very least, a long night ahead of you.
1. Use Poor Usernames and Passwords
Your username and password is your first line of defense as no security measure is going to protect you against a hacker who either knows or guesses your login information.
If you’re a WordPress user, your username should never be “admin” or any variation thereof. The original “admin” account WordPress installations used to install should be deleted for security reason.
Also, one’s password should never be based directly on a word and should contain a combination of character, capitals, numbers and symbols. The goal is to create a semi-random password that bears no resemblance to a word that can be found in a dictionary, common list of names or list that might be used in a dictionary attack.
If you need help creating a password, there are a variety of password generators available, including one within WordPress itself.
Bear in mind that it isn’t just enough to have a secure password for your blog’s login, you also need to make sure that your hosting account, FTP and other passwords related to your site are secure as well. One weak link is all that it takes.
Finally, don’t share your passwords or reuse them on other sites. The Gawker Media hack should show the danger of doing that.
2. Run Outdated or Insecure Code
WordPress, as well as other blogging platforms, are essentially software applications that run on your server. As with any software, it has bugs and security problems that the developers try to fix quickly. This prompts them to release patches regularly to address any issues that they find.
However, many bloggers don’t update their blogs in a timely fashion and, once hackers learn how to use the patched exploits, they find these blogs very easy targets. This is often the cause of the viral hacks that can impact thousands of blogs
But as Mike Witty, the Director of Security at the host Servint, pointed out in an interview I did with him for another site, bad software is also often to blame. You can get into just as much trouble by installing plugins and even themes that are out of date or insecure, making it important to only install up-to-date add ons from trusted sources.
All in all, you need to make sure that the software you put on your server is secure and stays that way, otherwise it could be an invitation for a hacker to their worst.
3. Be a Security Slacker
Having the right software and a good password is crucial, but none of it matters if you don’t take your responsibilities seriously as well.
Some of the most important security steps we take are the little things we do every day to make ourselves more or less safe. Consider the following:
- Logging Out: When you leave a public computer or even if you’re just using your machine in a public space and need to step away.
- Watching Your Belongings: The information on your laptop and/or phone can be used to do far more than hack into your blog. Remember that they aren’t just valuable because of the price you paid, but for what is inside.
- Trusting Sparingly: Finally, don’t give out your password or other relevant information over email, phone or other means unless you are 100% sure of the identity of the person you are talking to. Human engineering is an easy way for hackers to get a variety of valuable information, so it is best to be aware of who is around you and who you are talking with.
In short, doing the “big stuff” like patching your blog and picking a long password won’t mean anything if you fall for a scam email or leave yourself logged in while others can use your machine.
Don’t lock the doors tight and then give away the keys to the kingdom, it’s just foolish.
Will taking these steps make you hack-proof? Absolutely not. Blogs that do everything right sometimes get hacked too, just like athletes have heart attacks sometimes the same as the rest of us. However, you are reducing your risk of something bad happening to you and avoiding making yourself an easy target, that, for most, is more than enough.
Simply put, there are no absolutes in security and blog security is no different. There is no such thing as “completely secure” just “more secure” and “less secure”. You want “more secure” in everything you do, within reason, and the more you push your site to that end of the spectrum, the less likely it is you’ll have a problem.
If you’re smart about your passwords, run good software that you keep up to date and follow good practices day-to-day, you’ll be doing more than many and you’ll be taking yourself out of the crosshairs of most hackers.