How To Protect Your Blog From Getting Hacked
Believe it or not, there's someone out there right now trying to hack into your blog. Yes, from the top bloggers with thousands of subscribers to that Cooking with Coconut project you started in college, someone is trying to break in.
You might be saying, "That's ridiculous, what are they going to do? Steal my Halloween recipe for Co-Co-Crunch chips?" Maybe. But most likely not.
No, these hackers have much bigger fish to fry. After all, your blog has access to not just your personal information, but also any collaborators you've worked with (making all parties susceptible to phishing schemes, amongst other risks). There's also the potential of stealing any information from your subscriber's lists as well. And finally, let's not forget that some hackers can steal power off your host.
While there's a fair amount of information to possibly take, there are also people working every day to prevent it from happening. But make no mistake…you have to do your part too. Below we've listed a few helpful tips on how to keep your blog from being hacked:
Change Your Passwords (but not too regularly)
We've all heard before that it's important to change your passwords regularly. In fact, some employers make their employees automatically change them in 30/60/90 day increments. However, this isn’t necessarily always the best practice.
As Steve Ranger notes in Changing Your Password Regularly is a Terrible Idea, and here's why
"If users are forced to change passwords they will mostly choose something that is a slight variation on the original one, or one that they have used elsewhere, or a weaker one. These behaviors can be exploited," CESG said: "attackers can often work out the new password, if they have the old one."
I can say with a safe bet that most of us are guilty of this. It's just too hard to come up with a new password that's entirely different from our initial one but is still memorable. More so, this practice could potentially leave your passwords more vulnerable than you initially thought by writing it down or saving it to a 3rd party app, both of which are susceptible to theft.
With all this being said, it's important to note that it's still critical to change your passwords and have them vary between personal, financial, communication, and business accounts. Even still, take a portion of time to hash out combinations you can genuinely remember.
Finally, seek out services that monitor login information. This can be one of the best practices to prevent hacking as these services send a notification with any unfamiliar login attempts.
However, while major services like Google have tirelessly made their cloud collaboration efforts ironclad tight, teams that are using private/local servers are still considerably at a huge risk. To combat this trend, companies like Fire Eye are creating protection for shared content systems that you can check out here.
Attacks in this manner have in the past been able to use malicious software that's signed and distributed through a network by acting as the extension you initially intended on installing. While this doesn't necessarily mean we shouldn't be using extensions at all, be mindful to check and see if what the source is, as well as the terms of their user agreement. Some extensions have a pretty open-ended policy that allows over time for more malicious attempts when the user-base expands.
As Steve Ranger notes in Changing Your Password Regularly is a Terrible Idea, and here's why
"If users are forced to change passwords they will mostly choose something that is a slight variation on the original one, or one that they have used elsewhere, or a weaker one. These behaviors can be exploited," CESG said: "attackers can often work out the new password, if they have the old one."
I can say with a safe bet that most of us are guilty of this. It's just too hard to come up with a new password that's entirely different from our initial one but is still memorable. More so, this practice could potentially leave your passwords more vulnerable than you initially thought by writing it down or saving it to a 3rd party app, both of which are susceptible to theft.
With all this being said, it's important to note that it's still critical to change your passwords and have them vary between personal, financial, communication, and business accounts. Even still, take a portion of time to hash out combinations you can genuinely remember.
Finally, seek out services that monitor login information. This can be one of the best practices to prevent hacking as these services send a notification with any unfamiliar login attempts.
If you're sharing content with a team, lock it up
As cyber security firm Carbon Black notes, hackers are getting more sophisticated with their attacks. By utilizing common file formats shared on collaborative clouds, phishing schemes are on the rise to get after entire teams of collaborators.However, while major services like Google have tirelessly made their cloud collaboration efforts ironclad tight, teams that are using private/local servers are still considerably at a huge risk. To combat this trend, companies like Fire Eye are creating protection for shared content systems that you can check out here.
Beware of Extensions
Extensions from different services can help us when we need to check sources or our grammar, as well as serve other utilities for our blog. However, sometimes we overlook if these extensions are legit and if they are, how vulnerable they are cyber threats.Attacks in this manner have in the past been able to use malicious software that's signed and distributed through a network by acting as the extension you initially intended on installing. While this doesn't necessarily mean we shouldn't be using extensions at all, be mindful to check and see if what the source is, as well as the terms of their user agreement. Some extensions have a pretty open-ended policy that allows over time for more malicious attempts when the user-base expands.
Final Thoughts
No matter the audience of your blog, it's important to remember that the size is irrelevant in comparison to the impact an attack on it could hold. Your blog is linked to an entire network of others, filled most likely the same personal information you have too. More, your readers trust you to keep their information safe, which is a big responsibility.
Your blog is home to your personal ideas, opinions, and thoughts…and that should be the only thing 'personal' that gets out.
Your blog is home to your personal ideas, opinions, and thoughts…and that should be the only thing 'personal' that gets out.
No comments