Open in app

Sign in

Write

Sign in

Insider Advice: 12 Cyber Security Tips for Bloggers

Heimdal Security
Healthy paranoia
Published in
10 min readSep 18, 2015

--

There is not definite statistic for this, but estimations say that over 200 million blogs exist around the world. In fact, over 2 million blogposts have been published only today!

Blogging has definitely become a huge part of the online world, covering all subjects and aspects of life around the world. Blogs are used both to share personal opinions and as business tactics, and it’s become so natural to us to read them that we probably don’t even realize it anymore.

If you’re a blogger, like myself, you’re probably investing time, knowledge and energy into writing for others for two reasons:

  • Out of passion
  • For financial benefits.

Blogging is a serious business for many people around the world, because it generates the revenue that supports their livelihood, so we can certainly say that it’s a key asset for them.

If you blog is your main (or a secondary) source of income, let me ask you this:

Is it worth investing time and maybe some money into protecting it?

The answer is probably “yes” (I hope). But just in case you’re still doubtful about this and think that a cyber attack on your data is less than probable, let me make a case for information security as a necessity. After all:

Blogs are the 5th most trustworthy source for information on the Internet.

To keep things from getting too general, I chose to use WordPress as an example, because it’s the most popular blogging platform in the world, seldom the target for cyber criminals.

There are two reasons for this:

  • The sheer number of users that WordPress has (53.6 million new posts per month and over 409 million people who view more than 19.0 billion pages monthly)
  • The fact that it’s open source.

But that doesn’t mean that platforms such as Squarespace, Posthaven, Ghost, Kirby, Medium or others are let off the hook by cyber criminals and their malicious tactics.

How your blog can become infected with malware

But how can a blog get infected?” you may ask.

Cyber criminals do not lack in creativity, methods and sophistication. As proof, here is a selection of tactics they ca use, but beware: the list is much longer!

Your blog can be infected:

  • Via your web hosting control panel (if the blog is self-hosted)
  • Via infected banners delivered by advertising networks
  • Via your administrator account (by breaking your password, of course)
  • Via your back-up (but that doesn’t mean you shouldn’t have one — read below)
  • Via code injections in your blog’s HTML
  • Via plugins and other apps that integrate with your blogging platform of choice.

An infected blog can lead to various negative consequences, both on the blog owner and on the blog’s readers, which may also be customers:

  • The infection could spread malware to all the users who visit the blog
  • A successful cyber attack could decrease readership and trust in the blog
  • A malware infection can also cost you dearly in terms of Search Engine Optimization, because Google does not look kindly on infected websites
  • Decreased readership also means less sales, which can bring financial trouble if your blog is your most important source of income.

So while I hope you never experience a cyber attack on your blog, it’s important to take all precautions to keep your hard work safe and sound.

But just in case it does happen….

How can I tell if my blog is infected?

As a blog owner, it’s not enough to have writing and marketing skills. You should know how to protect your data and what measures to take if cyber criminals go after it.

Remember: sometimes there isn’t even a real person behind the attack, but rather an automated system that launched predefined commands to compromise your information and extract critical data.

Moreover, your blog can be used as a tool to spread malware in search of other victims. You will probably agree with me when I say that no one wants to be in that position!

So here are some symptoms that can tell you if your blog is infected:

  • Your blog can become a victim of website defacement — whereby a cyber criminal will change the appearance of your blog and replace your content and graphics with a message of his choice.
  • When visiting your blog, readers will be prompted to download and install a certain application or will be asked to upgrade software they already have installed, such as Java or Flash.
  • Your blog cannot be accessed and delivers an error message.
  • Spam content is posted on your website, such as banners about drugs, pornography, guns or more.
  • When accessed, your blog redirects users to another website, where they become infected with malware (URL redirects).
  • Your hosting providers warn you about an infection or a spam alert coming from your website.

What is there’s no sign of infection?

The attack can also be covert:

  • Cyber criminals could install hidden links on your blog so they can increase their SEO ranking on Google.
  • They can compromise the advertising network that’s delivering banner ads on your blog, which can infect your readers with malware and more.

The result, as mentioned before, is that Google would immediately remove your blog from their search engine results, causing a massive decrease in traffic and revenue.

What to do if your website is infectedadvice and recommendations from Google.

Not sure if your blog is infected with malware?

You can scan your blog for free with Sucuri’s Site Check or with Unmask Parasites.

But since prevention is always more effective, cheaper and takes less time to set up and maintain, here’s what you can do to protect your blog and all those blogposts you’ve worked so hard on.

12 cyber Security Tips for Bloggers — the Actionable Guide to Keep Your Blog Safe

1. Control access to your blog

Generic admin accounts on WordPress are targeted all the time by cyber criminal tactics, which is why you shouldn’t use it.

Create a new administrator account instead and delete the old one, so you can fend of those type of attacks.

Additionally, careful who you give access to in your administrator panel and set clear limitations for other users than yourself. If an user becomes irrelevant on your blog, delete the account and make sure you provide all those who have access to your blog with strong passwords.

2. Set strong passwords

Your web hosting control panel, administrator account and any other apps that are connected to your blog and online services should be protected with strong passwords.

If you’re using the same passwords for multiple accounts, you’re really asking for trouble. So please, pretty please don’t do that (or stop doing it).

When possible, use 2 factor authentication and update your passwords regularly.

Since password security is an important subject, I’d recommend you take a few minutes to go through this Password Security Guide I created. It can will do wonders to keep your data safe!

3. Check the hosting provider’s security

If you have a self-hosted blog, don’t just go for the cheapest hosting option. This service is essential to keep your blog running well and to keep your data safe. The hosting provider can also provide technical support in case of a cyber attack or at least give you indications of where you can get help.

So before moving your blog’s database to a certain provider, make sure you research their security measures a bit and see if they’re adequate.

4. Keep your blogging platform updated to the latest version

When a new WordPress version is out — update immediately! The same goes for any other blogging platform.

New releases aren’t just meant to provide increased usability — their purpose is also to close security holes and patch vulnerabilities. So updates are essential, even if they might mess up a plugin or two. That can fixed, but a cyber attack is definitely more difficult to mitigate.

You can get news about WordPress security updates and vulnerabilities from their blog or from the WP Secure website.

5. Install dedicated security software on your blog

Your computer is not the only one that needs protection! Your blog should have its own security software installed, that is specifically designed to fend of cyber attacks directed at it.

You can use multiple tools to prevent malware infections and provide cleanup if an infection does occur, to block malicious login attempts, to scan your content for bad URLs, to provide a firewall, block brute-force attacks and many more.

Our recommendations include Sucuri, Wordfence, BulletProof Security, iThemes Security, 6Scan Security, All In One WP Security & Firewall and Acunetix WP Security.

6. Keep a regular back-up schedule

You’ll want to create and maintain a regular back-up schedule for your blog’s database. You can either do it on your own or you can get a web hosting package that includes automatic back-ups, which I strongly recommend.

Additionally, you can use dedicated plugins to store a copy of your data in your Dropbox, Google Drive or OneDrive account.

It’s essential to keep at least 2 copies or your blog’s database, because malware infections can happen even via backups.

If you know you can restore your data anytime, you’ll feel much more at ease.

7. Check and update your plugins

Plugins make WordPress so much better! The equivalent of “there’s an app for that” in the blogging world is “there’s a plugin for that” — whatever you might need, it can be done.

Most plugins are free, but that degree of convenience also brings responsibilities.

Some rules to follow when using plugins:

  • Never install shady plugins from untrusted sources
  • Always check plugins on WordPress.org to see what rating they have, the comments they received and when the last update was made
  • Keep plugins updated at all times! Never ignore an update prompt, as vulnerabilities in plugins are seldom used as attack vectors by cyber criminals
  • Keep an eye on updates for plugins and replace those who don’t update as soon as a new WordPress/blogging platform version is released (or soon after it)
  • Delete old plugins that you don’t use anymore — they clutter your code and can become a gateway for malware infections.

Also, a good tip is to live by “less is more”. Use only the plugins you absolutely need and get rid of the other stuff.

8. Application security

Be mindful of which applications you link to your blog. Always review what type of access these applications request and unlink them when you stop using them.

Also, be careful about embeds, images and other media you use in your posts. Use only legitimate, trusted and verified sources to prevent publishing infected content.

Here’s an example of a captcha service that distributed malware via WordPress and other platforms. That’s definitely something you want to avoid!

9. Beware of malvertising

Malvertising has seen an abrupt increase in the past years, with cyber criminals infiltrating ad delivery networks to spread malware and infections of all types.

According to OTA (Online Trust Alliance) research, malvertising increased by over 200% in 2013 to over 209,000 incidents, generating over 12.4 billion malicious ad impressions. The threats are significant, warns the Seattle-based non-profit — with the majority of malicious ads infecting users’ computers via “drive by downloads,” which occur when a user innocently visits a web site, with no interaction or clicking required.

If you publish banners ad or other type of advertisements on your blog, you should be very aware of this cyber threat. A good idea is to verify ad networks before engaging in a deal with them, to see if they take the necessary security measures to protect themselves.

Also, never forget about old banners that you posted yourself. Take them down once the campaign is over to ensure that they don’t become a target for cyber attacks.

10. Don’t forget about the themes

It’s best to only use themes from trusted sources to prevent any malicious code to be installed on the website.

Also, delete any themes that you don’t use, because cyber criminals can also use them to infiltrate your blog and inject malware in your code.

11. Build secure code if you create your own website

If you decide to build your own theme or plugins, or to customize your code in various ways, always respect industry standards when it comes to cyber security.

Building a secure code will keep troubles away and ensure you have a productive blogging schedule.

12. Keep your computer safe from malware

Now that you’ve ensure your blog’s security, don’t forget about your computer.

Keeping things clean and safe is essential to ensure your data’s security. So always use a good antivirus solution and at least one tool that can protect you against advanced malware threats that AV can’t block.

Needless to say that your software should always be up to date as well, to prevent exploits!

And if you’re looking for a more detailed guide to securing your WordPress blog, this article is a great resource!

Conclusion

It may seem like anyone can start a blog nowadays, but it takes time, energy and resources to develop it into a valuable resource.

Ignoring security measures is not a good tactic, because it would be awful to see your hard work go to waste. That’s why it’s wise to plan ahead and integrate security measures right from the start.

Have you ever had any trouble with your blog?

Originally published at heimdalsecurity.com on July 7, 2015.

Cybersecurity
WordPress
Blogging Tips

--

--

Heimdal Security
Healthy paranoia

Written by Heimdal Security

331 Followers

Online criminals hate us. We protect you from attacks that antivirus can’t block.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams