This month’s Safety First post concerns protecting the information on your blog/website to ensure that you don’t get “hacked.”
There’s a saying in the Information Technology (IT) world that goes something like this:
The only secure computer is one that is never turned on, has no access to the internet, and can’t be reached by people.
There are a thousand variations on that statement. Personally I prefer something to the lines of “the only secure computer is a rock.” However it’s phrased, the general guideline is that computers can’t truly be secure if people can have access to them.
With that said, this article will not truly make your site “hackerproof,” (unless you’ve already unplugged your computer and dropped it in the bottom of the Mariana Trench); however, if you follow the instructions within it, it will clearly discourage all but the most determined of hackers from even attempting to gain access to your site.
The three areas of protection we’ll cover in this post are:
- Protect Your Password
- Protect Your Computer
- Protect Your Data
Each we’ll cover in more detail as the article progress, starting first with password protection.
Protect Your Password
Passwords are the gateways to all information on your website. With that information, people can gain access to manipulate it, steal it, or destroy any of your data. Naturally, this is something we’d like to prevent. We do this by using strong passwords.
All strong passwords include the following various characteristics:
- Sufficient length as to be difficult to break (at least 7 characters should be used, but more is better)
- A combination of upper and lowercase letters.
- A combination of numbers and letters and/or special characters (such as @$&*!)
- Omission of commonly used themes (no birthdays, pet names, phone numbers, etc.)
- Omission of real words (anything you could find in a dictionary)
In addition, passwords must be easy to remember. If you make a password too complex for you to remember, and need to write it down, you’ve just eliminated the reason for having a password in the first place. There are some simple ways to create complex passwords without having to write them down. Examples of these include a suggestion on Microsoft’s website, as well as a rather well written (if long) article on Symantec’s website.
So, you may have thought that this password thing only applied to your blog/website. Not so! It’s important that you create different passwords for each application/device. Granted, most people already have trouble remembering a single strong password–so how can we expect them to remember 20?!
The reason you’ll want different passwords for each site is to ensure that if one password is compromised, for any reason, the hackers only gain access to that resource, and not to anything else. Can you imagine if you used a single password to get into your computer, your blog, and your banking information? Loss of that password would allow a hacker into all of your most sensitive information!
You’ll also want to ensure that only you know your passwords. Sharing passwords is akin to writing them down. If you tell someone their password, you have to assume they have complete control over whatever the password allows access to. That person can, in turn, share that password with whomever they want or, worse yet, write it down. For this reason, you should not share your passwords with anyone!
With most blogging software, if you want to create multiple guest posters, you can do so without having to share an account (or a password). This has an added advantage of allowing each person to take credit for their own work. An example of how to do so in a WordPress blog can be found here.
Whatever you do, remember that passwords are the first line of defense for almost everything in the computer world, including your blog. Protect them as you would the keys to your house. Likewise, know that gaining access to a password is far easier than gaining access to a computer or a website through other means. For this reason, clever hackers will not try to get into your website as hard as they’ll try to discover your password–which is why it’s so crucial to protect them.
The next section we’ll discuss is the idea of protecting your computer.
Protect Your Computer
If the goal if this article is to get you to protect your blog, why does it even talk about protecting your computer? Virtually no one hosts their blog on their computer, so what gives?
Typically, blogs are located on massive servers on the internet, who can afford high priced security measures. Since most home users can’t afford fancy countermeasures, the weakest link to your own blog is therefore, to compromise your computer.
Fortunately, protecting your computer is relatively simple. You can do so by following a few simple steps:
- Have a Router. No, not the tool used for engraving wood. In the computer world, a router is a device you purchase from companies like Linksys and D-Link that protects your home computer from invasive hackers. It’s not foolproof, but it’s an amazing start. Sometimes, your internet provider will give you a router to install at your house, but not always. If you’re not sure, it’s best to go purchase one for yourself. You can get one at any local computer hardware store (like Bestbuy), or even a department store like Walmart or Target. Follow the instructions on the router, and make sure you change your password to something complex!
- Have Anti-Virus Software. And keep it up to date. There are many good antivirus vendors out there, including McAfee and Symantec that sell reputable anti-virus software. Alternately, if you cant’ afford such precautions, companies like Kapersky offer free trials. Better yet, Grisoft offers a product called AVG thats completely free for personal use! Whichever software you go with, make sure that it’s configured to get regular updates.
- Make Sure Your Software is Up To Date: All software is innately buggy, so you’ll need to apply patches. Most patches are created as an attempt to block malicious users from gaining access to your machine. The problem with that is that once companies release a patch, hackers then know what they need to exploit to get into unpatched systems. Ideally, you should update all of your software on your computer on a regular basis. If that’s too difficult for you, at least make sure that you’re getting the latest updates for your operating system and for your browser. If you use Microsoft products, you can get those updates from their online update site.
- Use Anti-Spyware: Spyware, Malware, Bloatware: that’s the software that makes your computer run slow, and gives you pop-ups. It can also do much more sinister things to your computer. The best way to avoid getting this is not to run anything as an administrator, but since most people do, it’s important to get software like Malware Bytes or Spybot to keep your computer running smoothly.
You may also want to create a dummy email address that you use to sign up for websites. This will prevent you from getting spam to your normal email address, and may decrease your likelihood of a virus or spyware infection.
Lastly, you’ll want to limit access to your computer to only people you know and trust. If you access your blog from public computers (such as those at school, work, or in a library), know that you can’t control the options described above. Because of this, using such public computers increases your odds of being hacked, and should be avoided if at all possible.
Protect Your Data
The last section we’ll go over is that of data protection. Since your data will most likely be stored online, your first line of protection in this category will be with the company that provides your blog. For this reason, it’s imperative that you use a company you know and trust.
Setting your blog up with Blogger (by Google) or WordPress, are both reputable companies. Setting it up through StartYourBlogNow.com, is probably not a good idea. Stick with companies that you’ve heard of, and even then, you’ll want to familiarize yourself with their terms and conditions. Read through them thoroughly before you decide to post any information. Look for things like: who owns the data once it’s posted and what kind of security they have in place.
For those bloggers who have decided to host their own blog, you’ll want to also consider the security and terms/conditions of any other parties that might have access to your blog, including (but not necessarily limited to): Hosting Providers, Domain Name Registrars, DNS hosts, etc.
The last step for security comes into place once you’ve chosen your hosting provider. At that point, it’s a good idea to implement some sort of backup scheme, to ensure that even if the data was altered, or deleted on the blog, you could still recover this information. Now, this step isn’t strictly necessary. Ask yourself, what would happen if I lost all of this information. If you can shrug your shoulders and start over, then don’t worry much. If, however, you’d be devastated from such a blow, backups are important.
For wordpress users, there are complex methods to backup your database using PHP or SQL, but those are too cumbersome for most users. You might want to consider getting a nice backup plugin like WP-DB Backup, some of which can be used to automatically run these backups and send the data to you via email.
So there you have it. These are really the keys to preventing compromise of your blog or website. Granted, even if you follow these steps to the letter, it’s possible for you to be hacked, but it’s highly unlikely. This tiered mentality is the same strategy that the biggest I.T. firms in the world use to protect their data, and with only a little bit of effort, you too can rest easy that your blog is secure.