The Pitfalls of Hacking and Spam: 7 Ways to Protect Your Blog

Blogs are a great way to build up a business, share your talent for crafting or cooking, or educate a common audience. But they are also vulnerable to attacks from spammers and hackers. So, just like you protect your computer and your email with software, passwords and spam flags, you should also protect your website from hackers and spam. Here are 7 ways you can protect yourself and your blog.

1. Content Theft

The content you write and the photos you take are protected by copyright, but that doesn’t ensure they won’t be stolen. In addition to stealing your work, people will publish your content and RSS feeds without giving you credit. You need to put safeguards in place to protect yourself. We already discussed image theft a few weeks ago. Continue to safeguard your photos with watermarking and keep searching for stolen images online.
Can you also protect your written content? Certainly! One great way I recently discovered uses a search engine optimization plugin, WordPress SEO by Yoast, which some of you may already have enabled. This is a great tool for SEO, but it will also, by default, set up a line of text for your content that you can search online. Once installed, go to the SEO menu in your blog and click the RSS link. Under Content, you will see this:

“The post %%POSTLINK%% appeared first on %%BLOGLINK%%.”

%%POSTLINK%% is code for the page name and %%BLOGLINK%% stands for the URL of your blog.

You can then Google “appeared first on Yourblogname.com” and it will show places your content or RSS feed appears. Some may be legitimate links, some will not.  I recently found someone using my RSS feed on a questionable. If you wish for someone to remove your data, the first step is to email them and politely ask them to remove it. Many will gladly comply.

However, you may get more pushback or no response.  Remember that your content refers back to you and therefore if it is published on a spammy site, you can pay the consequences. In that case, you’ll need to find the web host and write a letter of complaint to them.

copyrightYou can also do a page-by-page search using Copyscape.

There, you can enter the direct link of a URL you suspect may have stolen content or your general URL and you’ll come up with a list of sites that are pulling your content. Copyscape is a reliable tool that’s been around for years and is used by web professionals, so I highly recommend it if you are concerned about your content.

Finally, it’s very basic, but while you are protected legally, a copyright message on the bottom of your blog, with the current year, is a gentle reminder to not to steal content.  You can also set up a content policy to clearly lay out what people can and can’t do with your content.

2. Use Anti-Comment Spam Plugins

akismet

I covered this topic last week: you need to have plugins that protect you from spam.

Growmap Anti Spambot Plugin requires commenters to check a box thereby eliminating spambot attacks, and Akismet will sort through its spam database and flag suspicious comments as spam. If, like me, Akismet makes your site run slowly, another good one to try is the Stop Spammers Plugin, which functions similarly. This is a highly aggressive plugin, so if you do activate it, make sure you immediately go to set up and select “Check Your IP” address to ensure you are not flagged as a spammer. In addition, it integrates the API key you get from Akismet so if you are signed up with them, so are still employing their database.

3. Use Security Plugins

better wp security

Security plugins are a great way to not only safeguard your blog, but to have one tool that handles multiple functions. There are a host of these available, but one of the most popular ones is WordFence. This comprehensive plugin is free of charge and walks you through a tour on startup. WordFence is designed to help things like IP changes. Ever get spam comments that look the same, but the IP address keeps changing so that you can’t use your black list properly? WordFence helps with sinister security issues like this, plus it patrols your blog for invalid logins, enables firewalls, and scans for latest software versions.

Other security plugins that provide similar services are Bulletproof Security, Acunetix Secure WordPress and Better WP Security. Find the one that works best for your blog.

4. Protect Your Admin

stealth login

Having an unknown “admin” account appear on blog means you’ve been hacked and a faked admin account has been set up. To make this more difficult, you need to set up your administration properly. The first step is to stop using “admin” as your username.

Come up with a creative username that no one will guess. For new blogs, WordPress allows you to create an alternate name.

What do you do if your blog already has “admin” as its username? You can fix this issue yourself. First, create a new user by going to Users, Add New and put in your  new username. Select “Administrator” under role. Create a complex password with letters, numbers, and characters. Login with the new username and delete the old “admin”, remembering to re-assign all the former posts you have written to a new user (the name you just created). Finally, visit your profile and select an option for “Display name publicly as” other than the username you just created. This will give an added layer of protection against hackers logging in.

Another good idea is to protect your login URL. The plugin Stealth Login Page adds another layer of protection by assigning you a unique authorization code that you must enter when you login and will redirect those who do not enter.

5. Keep Up To Date

Plugins, themes and WordPress itself are regularly updated, much of the time to prevent vulnerabilities and security breaches from taking down your blog. WordPress gives you a reminder when anything needs an update right in your dashboard and its critical to keep on top of those updates. Do remember to have a backup before you do an update, in case things go “wonky.”

6. Set Safe Commenting Options

In WordPress, under Settings, Discussion, you’ll see a page where you can select your Discussion Settings.

This page contains basic options that you can set for your articles and comments, such as automatically closing comments on older articles, getting emailed whenever a comment is posted and how comment approval is handled. This section also contains comment moderation and blacklist queues. Simply add the words or IP address that will either put a comment into moderation or on the blacklist. A good example is “gold” or “ poker,” as these words typically come from spam commenters. Finally, check the settings of any plugins that deal with comments, such as CommentLuv.

7. Be a Smart Blogger

Last Pass

Smart and safe blogging means take simple steps to protect yourself from hackers. For example, don’t store your password and logins electronically or on paper without a secure system in place, or store it in your browser. You can use password protection software or services to generate complex, safer passwords and securely store a number of them. Keep in mind that while online services are more convenient so you can access wherever you are, they are also more vulnerable that software you can store on your desktop. 

For a competent online service, try LastPass, which comes free or in a Premium version for $12 per year. For desktop, KeePass is both open-source (free) and has received lots of awards. Designed for Windows, the website links 3rd party resources that have configured KeePass for Mac and mobile devices.

No blog is full proof and a determined hacker can break into anything.  However, as a new or up and coming blog, putting up these roadblocks will keep the average hacker away. A little bit of common sense security can go a long way toward protecting your blog.