Hackers and Spammers and Spyware – Oh My!
Any blogger that has been a victim of hackers, spammers or spyware will tell you what a nightmare it was resolving the issues and getting the blog back in proper order. Some blogs are unrecoverable, and they end up having to be started anew. In addition, getting your blog hacked or overrun with spam and spyware will turn away many of your hard-earned followers, oftentimes permanently.
An Ounce of Prevention
In keeping your blog safe and secure, the old saying, an ounce of prevention is worth a pound of cure, should be more than just a bit of wisdom. It should be a motto, a law and part of a blogger’s lifestyle. Once your blog has been attacked, restoring it may take days, weeks or even months, and if you don’t have a lot of technical experience, it can be impossible.
Preventing attacks against your blog saves you time and effort, but more importantly, it saves you face by giving you maximum uptime at your usual quality. The following guidelines outline some of the measures you can take to keep your blog running smoothly and free from malicious attacks.
Choose a Platform
Your blogging platform can play a role in the security of your blog, but it does not play as big a role as most people like to think. The big-name blogging platforms all put forth a great deal of effort into platform security. These include WordPress, Blogger and Tumblr. Choosing any of these three platforms is your best bet. While security breaches come to light every now and again about one or another of these platforms, the attacks that occur could have happened with any of them.
The only real problem is when you use a little-known blogging platform put out by a no-name business that may have more to gain by cutting corners than by spending a lot of time and money on improving the security of the platform. When you stick with the top players, you benefit from their competitiveness and their resources.
Most blog software and operating system updates are released to block security issues as they come to light. If you do not keep your software up-to-date, you are leaving wide-open holes through which attackers may easily penetrate.
Many bloggers make the mistake in assuming that all they need to do is keep their blogging platform updated. While this is important, software updates do not end here. Your blogging platform must be installed on a system with an updated operating system. It said that any software on any computer is only as secure as the system itself. An OS that has not been updated presents a simple way for hackers to get into your blog.
The OS is not the only part of your system that requires regular updating. The system should also have updated antivirus protection and Internet security software installed. If your system does not have either of these, you can check with your ISP. Many ISPs now offer antivirus and Internet security software free with your subscription.
Even if your software is set to update automatically, it does not hurt to check it regularly to make sure the automatic updates are working.
Backups Are a Must
If you are not backing up your blog, you are only setting yourself up for a loss. Backups are an indispensible way to protect your blog because, even if it gets hacked, you can easily restore all of your data once the security breach is resolved.
The best way to perform a backup is with automated backup software. Several choices are available for automatic backups. Some of them are general backup utilities, while others are made specifically for backing up blogs.
Utilities made specifically for blogs include the WordPress WP-DB-Backup plug-in and VaultPress, a new service from the creators of WordPress.
Other great backup software options include Easeus Todo Backup, NovaBACKUP, Genie Backup Manager and Acronis Backup & Recovery.
Psst – What’s the Password?
Many hackers get into your blog right through the front door. If you have weak locks, it does not take much to break them. In this case, your locks are your passwords. The first password security tip for blogs is to use a unique username. If you are prompted to use “admin” for a username, be sure to change it.
When choosing a password, you should think of security before convenience. This means no birthdates, common words or other references about your life that could easily be guessed by any casual acquaintance. In fact, you should not use full words at all. Instead, use a confusing set of uppercase and lowercase letters, numbers and symbols. If you are creative, you can create a string at least 10 characters that is also easy to remember.
Plug It In, Plug It In
If you are running WordPress, you have the advantage of a platform with great plug-in support. Several of these WordPress plug-ins are made specifically to beef up your security. The following are some of the best security plug-ins available:
- Secure WordPress – This simple plug-in removes some of the meta-information from your WordPress install that could be used against you by a hacker.
- Limit Login Attempts – Some security breaches are made through what is known as brute force, meaning the hacker uses software to keep trying to guess your password over and over again. This software limits the number of bad passwords that can be input before locking out the user.
- WP Security Scan – This powerful plug-in scans your WordPress configuration and offers tips and suggestions on how to better protect your blog.
- BulletProof Security – BulletProof Security protects your blog from several different types of hacking attempts.
- myEASYbackup – This plug-in makes backups a breeze by providing several one-click features.
If you are worried about spam posts, you can take a look at two other third-party software solutions that can help to keep your blog spam-free. Akismet uses a sophisticated analysis engine to stop spam and boasts over 36 million spam posts blocked. Another WordPress plug-in called Bad Behavior gives you tools to block posts from specific IP addresses.
There Goes the Neighborhood
Everyone agrees that one key to personal safety is to live in a safe neighborhood. In the case of your blog, the neighborhood is your hosting service. Some hosts are very lax about security. Even if your blog is secure, it may be hosted on a server that is shared with other blogs that have not been updated in years and are easy targets for hackers. Experienced hackers can use these blogs to access a server and get into any other blogs or websites that are stored on it.
Respectable hosts have strict controls about what types of websites they host. They keep out the unsavory characters that may pose a risk, and they also keep their servers clean and updated with the latest security software.
Finally, some hosts offer security software for your blog free or at a reduced cost with your hosting subscription. This can make it easy to give your blog added security without having to spend a lot of money.
How about a Little Privacy in Here?
While it can be fun and interesting to open your blog to the public, it is not always necessary, and it does not always give you an advantage. It may seem counterintuitive to limit your blog's exposure but doing so also limits your security risk. Many spammers, hackers and spyware installers get onto your blog just like everyone else: by visiting the blog through a browser and creating an account. Following are a few privacy options worth considering:
- Total Privacy - In this option, you either hand-select who can view your blog, or you limit it to a subscription service to help weed out undesirables.
- Locked Comments - If you insist on keeping your blog public, as most bloggers do, you might want to think about disabling comments on your posts.
- Registration Requirements - If you absolutely must have comments, setup some registration requirements or use an invitation system to limit who can comment.
Privacy also has the added benefit of protecting you along with your blog. If you want to tell the world a little about yourself, that information can ultimately be used against you, making it a wise move to limit who sees such personal information.
A Final Word
Blogging can be very fun, and some people have turned their blogs into their primary business. However, like all online activity, blogging has its hazards. Some security hazards cannot be fixed or take a great deal of effort to correct, which means the best protection is prevention. Following the preventative techniques listed here will keep your blog running safely and securely.
Stephanie Freudenheim, 21 February, 2012
I have recently started a small business (special education consulting and training). I am confused about which blog host to use. The types of information that will be on my business website are -description of business, services, contact info, a blog page that I will update monthly and the capacity to run a videoclip. I am a Mac user, but want my website to be viewed by microsoft and mac users. It will need to meet accessibility requirements. Can you make a suggestion? Thanks!
Amanda, 1 December, 2011
Does it really matter what kind of platform one chooses today? As long as it's a big, well-known, platform you should be kind of safe, right?
Tim, 28 November, 2011
Ok, I'm no expert but surely WordPress must be the best platform, right? So many plugins to choose between.
Lisa, 25 November, 2011
Thank you for a great article Kimberly! I will most definatively take a look at the plugins!