Protecting Your Company Blog from Hackers¹

Protecting Your Company Blog from Hackers

A small business blog can be an important communications and marketing platform, which is why protecting it from hackers is critical. Hackers are constantly shifting their attack targets, and a growing number consider company blogs an easy way to enter and exploit small business networks.

Because blogs rely on a variety of software modules, themes and plug-ins, they could offer a variety of access points for hackers intent on gaining access to a company’s servers.

In response, several security best practices and plug-ins have been developed to help counter the growing threats hackers and online criminals can pose to corporate blogs.

One of the most common security threats is the installation of malicious software that automatically installs itself on the computers of your blog’s visitors. Once downloaded, the software attempts to harvest personal information or to relay spam via the infected computers.

Malicious software installed on your blogging platform can attempt to conduct similar exploits on your network, or to spread to PCs that connect to the network.

Cleaning House

As with many security vulnerabilities, the best advice for protecting your blog involves updating your blogging platform and backing up your content:

  • Update your software - Blogging software providers such as WordPress and Movable Type routinely provide software updates that address security vulnerabilities or add new features. If an update is available, you should quickly back up your blog content and install the update to reduce your risk.
  • Back up consistently - If your blog is compromised by hackers, you’ll need a recent backup to restore any data that may have been lost during the attack, or to replace your content if you need to reinstall your blogging platform.
  • Check your permissions - You should restrict administrative permissions only to the people who need to have it. Preventing users from changing your site template or database settings can close many of the previously identified security vulnerabilities. Similarly, if your blog doesn’t have registered users, you can turn off the registration functions to reduce entry points into your blog’s content database.
  • Moderate blog comments - Comments offer a well-worn path for spammers trying to entice users to visit sites hosting malicious software. Comments add to the interaction your site is trying to foster, but can also provide a vector for spammers and hackers if you allow comments to appear on your site automatically. Blogging software platforms allow you to moderate post comments and only allow the legitimate ones to appear on your site.
  • Consider security plug-ins - Several plug-ins have been developed to hide or rename critical database files, making them harder for hackers to discover and exploit.
  • Check registered users - If you do allow site visitors to register and comment, check the database for users who don’t seem legitimate. They could be hackers. Similarly, if a registered user hasn’t been active on the site for a while, it’s usually a good idea to delete the account.

These measures and paying attention to your blog’s traffic patterns will be helping in identifying unusual activity and reducing the risk of your blog being victimized by hackers or online criminals.