Quite a few people have asked me questions about ProBlogger being hacked last week. Questions have ranged from ‘do you know who did it?’ to ‘have you found out how they did it?’ to ‘how can we protect ourselves from being hacked?’
By the way – my blogging buddy Andy Wibbels has had his blog hacked in the last couple of days also and his blog is currently down. This is unfortunately becoming more common.
I’m not going to go into great detail of what happened, how or who it was (I’m not sure how wise it is to get into those details for a variety of reasons) but I will make a few general comments and give a few pieces of advice when it comes to blog security and protection.
Disclaimer – I am not (and never will be) an expert in web security. Don’t take my advice as gospel for all systems/set ups and seek professional advice if in doubt.
1. Update your Blog Software – blog platforms periodically update their versions for a variety of reasons one of which is security. Old versions of some platforms expose your blog and server to being hacked.
2. Keep an Eye on Dead Blogs – I suspect that of the 50 million or so blogs that technorati are tracking that many of them are non active blogs on old blogging platforms. One of the dangers of retiring a blog and not updating it is that you can have old and un-updated blogging platforms sitting on your server which could prove to be a vulnerability in your set up. Even if you’re not actively updating a ‘dead blog’ you should consider updating it’s version.
3. Backup your Blog – being hacked does happen, even to the smartest bloggers from time to time. When it does happen you need to have some way of getting your blog back up and running and a backup is an essential part of this.
4. Protect Your Passwords – this goes without saying but I’m constantly surprised by the stories I hear of people using obvious passwords or giving them out. Basic password protection strategies and common sense should prevail.
5. Choose Your Host Carefully – I am in the fortunate position of having a quality host who offers me personal and comprehensive help in those times when things go wrong. Without this I don’t know what I’d have done.
As I say above, I’m no blog security expert and I would invite those that have expertise and experience in this area to comment below for the benefit of the wider blogging community.
If you’ve written or know of posts on this topic with good solid advice please feel free to give us links to them below as it’d be helpful to have a bit of a collection of advice on the topic.