Effective Internet Presence: Now required for success in business and life
What No One Ever Tells You About Blogging and Podcasting, Real-Life Advice from 101 People Who Successfully Leverage the Power of the Blogosphere
3 Tips to Hack Proof and Hijack Proof your Blog
My friend Reg's blog got hacked -- fortunately he didn't lose any data, although he lost a lot of sleep and probably hair I'll guess.
Did you know their is more money in cybercrime than the illegal drug trade? And many cybercriminals would love to hack any established blog or Website?
Here are three things you NEED to do to protect your blog!
1) Choose a good password and CHANGE it regularly.
What's a good password? No dictionary words, certainly no words or phrases remotely connected to you like your favorite sports team, your daughter's name, or your blog's name either!
Ideally, suggest a combination of letters, numbers, and at least one non alpha-numeric character. Preferably something you can remember easily but that no one can guess easily.
Be creative! For example, Ba!dP0pe was something I used once that I could remember easily (note not just letters and numbers and non-alpha numerics, but capitals and lowercase too -- a good thing).
Despite what most "security gurus" tell you, you CAN write down your password if needed as long as you keep it safe and treat it like a credit card. For example keep it in in your wallet or purse, and if it gets lost change it immediately.
2) Back up your content regularly.
Just in case! Backing up your 'stuff' is critical, because you never know what may happen.
One entire blog network disappeared because they didn't have good backups . . .
Check out your blog platform's help for backing up your content -- most have pretty simple steps documented.
3) Update your Blogging Software regularly.
if you have your own Web server with blog software installed on it, for example WordPress.com, MoveableType or ExpressionEngine, update it regularly.
Updates typically fix bugs and known security flaws the bad guys know about.
Note that If you are using a hosted solution like TypePad (recommended), Blogger (OK), or WordPress.com (good), they update the software themselves.
Will this actually hack proof your blog? No, but it will make it much less likely that you'll get hacked, just like if you're a safe driver it's much less likely you'll have an accident.
I could go one forever since I'm a security guy, but these three tips will make you MUCH less likely to get hacked.
Hey Ted,
Great stuff.
I've followed your example and moved to a dot com. I'm running it with wordpress.
Got any time to help me customize it a bit? I love your input.
Posted by: Reg Adkins | 10 August 2007 at 07:00 AM
Thanks for the advice, I suppose I'll have to force myself to change that password of mine. I've been using it for far too long now, and for far too many things... Woops.
Posted by: Michael from Pro Blog Design | 10 August 2007 at 08:19 AM
Hi Reg,
Happy to help, although WordPress is not my forte.
Michael -- promise not to go and try to guess your password :)
Posted by: Ted Demopoulos, Blogging for Business | 11 August 2007 at 09:07 AM
Anyone have real world experience with Expression Engine? Or know someone who has experience using it?
Posted by: Greg Balanko-Dickson | 13 August 2007 at 12:26 AM
Greg,
Shel Holtz, http://blog.holtz.com/
is a big Expression Engine advocate.
Posted by: Ted Demopoulos, Blogging for Business | 13 August 2007 at 12:32 AM
The latest version of the Wordpress Backup plugin (which comes with Wordpress) has the option to automatically back up your blog's database at given intervals. I'd recommend setting it to back up at least weekly, daily if you have an active blog. I've also written a post on using Mac OSX automator actions for web design and blogging (http://www.oakinnovations.co.uk/blog/2007/08/05/5-osx-automator-actions-for-bloggers-developers/), one of the tips is easily backing up your blog using automator.
One other quick thing, it's not just your blog password but also your ftp password and SSH password (if you have ssh access) that you need to secure and change regularly.
Posted by: Simon | 13 August 2007 at 02:34 PM
Hi Simon,
Thanks for the comment and info!
It's especially important that any ftp password be changed frequently and NOT the same as any other passwords. Ftp is a clear text protocol, meaning your password and ftp login can be seen by anyone using a simple network sniffer, and there are lots of free and easy to use ones around.
Posted by: Ted Demopoulos, Blogging for Business | 13 August 2007 at 08:06 PM