Monday, 22 February 2016

Cyber Security tips for bloggers Users

There is not definite statistic for this, but estimations say that over 200 million blogs exist around the world. In fact, over 2 million blogposts have been published only today!

Blogging has definitely become a huge part of the online world, covering all subjects and aspects of life around the world. Blogs are used both to share personal opinions and as business tactics, and it’s become so natural to us to read them that we probably don’t even realize it anymore.

If you’re a blogger, like myself, you’re probably investing time, knowledge and energy into writing for others for two reasons:

    Out of passion
    For financial benefits.

Insider-Advice-12-Cyber-Security-Tips-for-Bloggers-2.jpg

Blogging is a serious business for many people around the world, because it generates the revenue that supports their livelihood, so we can certainly say that it’s a key asset for them.

If you blog is your main (or a secondary) source of income, let me ask you this:

Is it worth investing time and maybe some money into protecting it?

The answer is probably “yes” (I hope). But just in case you’re still doubtful about this and think that a cyber attack on your data is less than probable, let me make a case for information security as a necessity. After all:

To keep things from getting too general, I chose to use WordPress as an example, because it’s the most popular blogging platform in the world, seldom the target for cyber criminals.

There are two reasons for this:

    The sheer number of users that WordPress has (53.6 million new posts per month and over 409 million people who view more than 19.0 billion pages monthly)
    The fact that it’s open source.

But that doesn’t mean that platforms such as Squarespace, Posthaven, Ghost, Kirby, Medium or others are let off the hook by cyber criminals and their malicious tactics.



How your blog can become infected with malware


“But how can a blog get infected?” you may ask.

Cyber criminals do not lack in creativity, methods and sophistication. As proof, here is a selection of tactics they ca use, but beware: the list is much longer!

Your blog can be infected:


    Via your web hosting control panel (if the blog is self-hosted)
    Via infected banners delivered by advertising networks
    Via your administrator account (by breaking your password, of course)
    Via your back-up (but that doesn’t mean you shouldn’t have one – read below)
    Via code injections in your blog’s HTML
    Via plugins and other apps that integrate with your blogging platform of choice.

Insider-Advice-12-Cyber-Security-Tips-for-Bloggers-3.png

An infected blog can lead to various negative consequences, both on the blog owner and on the blog’s readers, which may also be customers:

    The infection could spread malware to all the users who visit the blog
    A successful cyber attack could decrease readership and trust in the blog
    A malware infection can also cost you dearly in terms of Search Engine Optimization, because Google does not look kindly on infected websites
    Decreased readership also means less sales, which can bring financial trouble if your blog is your most important source of income.

So while I hope you never experience a cyber attack on your blog, it’s important to take all precautions to keep your hard work safe and sound.

But just in case it does happen….


How can I tell if my blog is infected?

As a blog owner, it’s not enough to have writing and marketing skills. You should know how to protect your data and what measures to take if cyber criminals go after it.

Remember: sometimes there isn’t even a real person behind the attack, but rather an automated system that launched predefined commands to compromise your information and extract critical data.

Moreover, your blog can be used as a tool to spread malware in search of other victims. You will probably agree with me when I say that no one wants to be in that position!

So here are some symptoms that can tell you if your blog is infected:

    Your blog can become a victim of website defacement – whereby a cyber criminal will change the appearance of your blog and replace your content and graphics with a message of his choice.
    When visiting your blog, readers will be prompted to download and install a certain application or will be asked to upgrade software they already have installed, such as Java or Flash.
    Your blog cannot be accessed and delivers an error message.
    Spam content is posted on your website, such as banners about drugs, pornography, guns or more.
    When accessed, your blog redirects users to another website, where they become infected with malware (URL redirects).
    Your hosting providers warn you about an infection or a spam alert coming from your website.


Tips for Safe Your Blog

1. Control access to your blog


Generic admin accounts on WordPress are targeted all the time by cyber criminal tactics, which is why you shouldn’t use it.

Create a new administrator account instead and delete the old one, so you can fend of those type of attacks.

Additionally, careful who you give access to in your administrator panel and set clear limitations for other users than yourself. If an user becomes irrelevant on your blog, delete the account and make sure you provide all those who have access to your blog with strong passwords.


2. Set strong passwords

Your web hosting control panel, administrator account and any other apps that are connected to your blog and online services should be protected with strong passwords.

If you’re using the same passwords for multiple accounts, you’re really asking for trouble. So please, pretty please don’t do that (or stop doing it).

When possible, use 2 factor authentication and update your passwords regularly.

Since password security is an important subject, I’d recommend you take a few minutes to go through this Password Security Guide I created. It can will do wonders to keep your data safe!


3. Check the hosting provider’s security


If you have a self-hosted blog, don’t just go for the cheapest hosting option. This service is essential to keep your blog running well and to keep your data safe. The hosting provider can also provide technical support in case of a cyber attack or at least give you indications of where you can get help.

So before moving your blog’s database to a certain provider, make sure you research their security measures a bit and see if they’re adequate.


4. Keep your blogging platform updated to the latest version

When a new WordPress version is out – update immediately! The same goes for any other blogging platform.

New releases aren’t just meant to provide increased usability – their purpose is also to close security holes and patch vulnerabilities. So updates are essential, even if they might mess up a plugin or two. That can fixed, but a cyber attack is definitely more difficult to mitigate.

You can get news about WordPress security updates and vulnerabilities from their blog or from the WP Secure website.


5. Install dedicated security software on your blog

Your computer is not the only one that needs protection! Your blog should have its own security software installed, that is specifically designed to fend of cyber attacks directed at it.

You can use multiple tools to prevent malware infections and provide cleanup if an infection does occur, to block malicious login attempts, to scan your content for bad URLs, to provide a firewall, block brute-force attacks and many more.

Our recommendations include Sucuri, Wordfence, BulletProof Security, iThemes Security, 6Scan Security, All In One WP Security & Firewall and Acunetix WP Security.


6. Keep a regular back-up schedule

You’ll want to create and maintain a regular back-up schedule for your blog’s database. You can either do it on your own or you can get a web hosting package that includes automatic back-ups, which I strongly recommend.

Additionally, you can use dedicated plugins to store a copy of your data in your Dropbox, Google Drive or OneDrive account.

It’s essential to keep at least 2 copies or your blog’s database, because malware infections can happen even via backups.

If you know you can restore your data anytime, you’ll feel much more at ease.


7. Check and update your plugins

Plugins make WordPress so much better! The equivalent of “there’s an app for that” in the blogging world is “there’s a plugin for that” – whatever you might need, it can be done.

Most plugins are free, but that degree of convenience also brings responsibilities.

Some rules to follow when using plugins:

        Never install shady plugins from untrusted sources
        Always check plugins on WordPress.org to see what rating they have, the comments they received and when the last update was made

No comments:

Post a Comment