Performancing Metrics

Blogging Pitfalls: Password Fail

Question: What is the most common door hackers use to enter your site?

Answer: The same one you use.

It is a little-known fact that much of what we think of as “hacking” and “cracking” is really just social engineering and guesswork. Though blogs can and often do get exploited because of some kind of security issue, your password is your first and best line of defense against attacks.

Yet, far too many bloggers are very relaxed about their passwords. It starts with picking poor ones, continues with reusing them on untrustworthy services and all-too-often ends with one’s site being defaced, deleted or, even worse, loaded up with malware that infects with visitors.

It’s a very dangerous blogging pitfall but, fortunately, one that can be very easily avoided.

The Pitfall

Setting up a new blog is, typically, a whirlwind of activity. From installing a blogging platform to setting up databases and building the layout, there’s a lot of things to do and, quite frankly, many times people forget to take care of the little things.

One of those “little things” is creating a good password and treating it with the proper respect. The first mistake is often picking a weak or easily-guessed password. Though most blogging systems have password gauges that estimate the strength, they aren’t perfect and can’t predict against passwords that appear strong but are easily cracked, such as those based on names, birthdays, etc.

However, even a strong password is vulnerable if it is shared widely. Many, to save time and energy, reuse passwords, meaning they use the same one to log in at many different sites. This raises the risk of someone getting phished, meaning tricked into entering their password onto a fake site, and that makes it very easy for a would-be hacker to enter your site and have fun.

Either way, once someone either has gained access to or has guessed your password, it opens a Pandora’s box on your site and can literally destroy years of hard work within just a few short moments.

The Danger

There are many ways a malicious person can use your password for evil. The most basic and least-harmful way is to simply deface your site. This can mean anything from adding a few sneaky lines of text into your HTML to completely replacing the front page with an ominous “This site has been hacked” page.

Stepping up the danger is that hackers often delete the site’s contents as well, purging the database and erasing all relevant data. If you have a good backup strategy in place, this might not be a complete catastrophe but it will still result in significant downtime and at least some data loss.

Finally, and perhaps worst of all, is that many hackers use blogs as a means to install malware on visitors’ computers or to collect information about them. This not only poises a very serious security risk for your visitors, but can cause your site to get blacklisted by Google, not only removing it from search results but also preventing users of Google Chrome and other browsers that use Google’s malware warning system from visiting your site.

In all of the above cases, the issues can linger long after you actually fix the site as you’re forced to rebuild the trust and repair damage for weeks, maybe months to come. If you don’t have proper backups and your host isn’t able to help, you may be complete knocked offline and forced to ether walk away or start over.

All in all, it is a very nasty pitfall that every blogger should work hard to avoid.

How to Avoid It

The first step when choosing a good password is to stop for a moment when you reach the screen where you are creating your user account. This is not a step to blow through or take lightly and, instead, requires a few moments of consideration:

Specifically, take the following steps:

  1. Pick a Good Username: Though I previously called your password your first line of defense, technically your username comes before even that. Picking a username that is hard to guess but easy for you to remember will go a long way to making your site more secure. Fortunately, WordPress 3.0 allows you to pick your admin username, eliminating the need to create a new account for yourself and delete the “admin” one.
  2. Pick a Good Password: There is something of an art to picking a good password but, ideally, it should include lower case letters, upper case letters, numbers and symbols all while staying in the 8-12 character range. This is no small feat and there are many different methods for simplifying the process.
  3. Consider a Password Generator: If creating a password yourself is proving challenging, you can always use a password generator. Most blogging systems have a reasonably good password generator built in that can make decent passwords on the fly though there are others online that work as well. Once you have a generated password, you can then focus on finding a way to make it memorable for you.
  4. Don’t Share Your Password: This one is fairly simple, once you’ve created a new password for your blog, don’t share it with anyone else or use it again for any other site. Though it is good to store your passwords in a safe place accessible to a loved one in the event of an emergency, giving it out broadly makes little sense, especially since you can usually just set up new accounts for friends and family.
  5. Change Passwords if Needed: Finally, if you suspect that your password has been compromised in any way, change it. Many times hackers won’t attack a site immediately after obtaining the password, instead they often wait for a better opportunity. You may be able to head off such an attack by changing your password if you suspect a problem, such as your home computer becoming infected.

All in all, it doesn’t take a great deal of time to generate a safe password and make your site more secure, but it does mean sacrificing some convenience for security. However, it is a trade off that is well worth making and it is one that your readers will thank you for.

Bottom Line

Creating a good password and keeping it safe is vital for the security of your blog. Failure to do so can lead to a disaster that can, at the very least, create a major headache and, at its worst, completely destroy your site.

However, it is important to remember that a solid password is only a fraction of your security plan. It is equally important to make sure that you keep your blogging software, including plugins, are up-to-date and, if appropriate, making sure your server is up-to-date. You should also make sure that your folder permissions and database settings are as secure as possible as well.

In the end though, all of the technical security precautions in the world will do you no good if an attacker is able to gain access to your username and password. So, when given the prompt to create a new password, take a moment and make sure that you do it right. Otherwise, you could wind up paying dearly.

Categories: Blogging Tips, General
Tags: , , , , ,

This post was written by . You can visit the for a short bio, more posts, and other information about the author.


Comment with Your Facebook Account

Comments

  1. Arijit Das says: 6/23/2010

    Once i faced such problem…
    “My Blog got Hacked!! And even i didn’t made any back up. It was like a night mare…”

    And from the time, i regularly back up my blog database daily and weekly download the files. I’m now too using an automated Free Back Up WP Plugin- “Backupify” (My Secondary Back Up).

    A Tips that i can give to keep your password secure is by noting down your password in a Dairy.

    Reply

  2. Lee says: 6/23/2010

    A few years ago I made the mistake of using the same password on a new photo sharing site and my blog. I’m not exactly sure what happened with the photo site, but there was some breach in which my password was exposed and used against me on my blog. Since then, I’ve learned my lesson and now use different, strong, unique passwords for all of my sites. For a while now I’ve been using an online password manager called Mitto – http://mitto.com – to manage all my logins. It’s great because it lets me access all of my information from any browser or computer without having to install anything or synchronize my passwords. It’s free, so you should check it out.

    -Lee

    Reply

  3. RevReese ) says: 6/24/2010

    Thanks for a very informative article!.
    I always panic about setting new passwords as I want to have different ones, but then always forget which password for which site!.
    I keep regular backups anyway, so I guess that’s better than some!.

    Reply

Content


Receive the top stories from BloggingPro and the Splashpress Media network every week, right in your Inbox. Relevant and timely content is yours for FREE!