While I was enjoying a much-needed vacation earlier this summer, hackers broke into my WordPress-based sites, including this site and ADRblogs.com. They left no immediately detectable trace that alerted me like the first attack this blog sustained in April 2008. Instead, they buried spam injection link code deep in files on my site, which created links out to spam sites.
Unlike that first attack, these digital vandals did considerable damage. I only discovered their footprints by chance this past Friday, long after they’d broken in. I spent Labor Day weekend cleaning up after them and had to do a complete reinstall of WordPress and my site’s content. It was a wretched way to spend a long holiday weekend. (In fact, if you click here, you can see the special message I’d like to deliver to the scumbags who hacked my sites.)
I’m sharing my woes with you, readers, to remind you that nothing on the web is entirely secure. It doesn’t matter how well prepared you may be, what precautions you take, how careful you try to be. It doesn’t matter whether you blog or use Gmail, Twitter or Facebook. Nothing online is 100% safe. When even the New York Times, technology-savvy conflict resolution proponents, or well-known bloggers like Robert Scoble can get hacked, it’s only a matter of time before it happens to you.
I’m not going to repeat the already excellent advice that people like Lorelle on WordPress have offered. If you have a WordPress blog yourself, you should also read Matt Mullenweg’s tips on securing your WordPress installation. And Google Webmaster Central Blog recommends to site owners some best practices against hacking – advice which I urge everyone to heed.
But I’m going to emphasize two key points for those of you who lead part of your lives online. It boils down to two things: prevention and preparation.
First, do what you can to prevent an attack. If you’re using WordPress, upgrade as soon as a new release of WordPress is available, since these new releases address vulnerabilities that hackers can exploit. If you’re using widgets or plugins to add functionality to a blog, obtain them from trusted sources only and update them as soon as new releases are available. Use strong, unguessable passwords for all accounts, control panels, FTP, and email, and change those passwords regularly. (Here’s a link to ideas for choosing secure passwords.)
Log in regularly to blogs or social media accounts you’ve set up to make sure that no one has hacked into them. Avoid if you can simply abandoning your online accounts; failure to monitor them means that you’ll be the last to know if any of them gets hacked. For example, if you try Twitter and decide it’s not for you, delete your account or change your account settings to protect your updates from public view.
Monitor news about technology and social media by following some of the many excellent blogs out there so that you hear about security issues quickly. I’ve already mentioned Lorelle on WordPress for WordPress users, but also consider Mashable, which covers news about social media, Web Worker Daily, the New York Times Bits Blog, Ars Technica, or Lifehacker, which regularly discusses strategies for security online.
When it comes to online disasters, be as well prepared as you would be for real-world ones. You must prepare because no prevention measures are 100% foolproof. It doesn’t always matter how strong your passwords are, how conscientious you are about updating software, or how strong the security measures are that you take. Prepare as if disaster will certainly strike.
Prepare a list of all the online accounts and sites you have. Then go through that list and ensure that you have back-ups of everything you care about. (In the case of WordPress, back up your database and download copies of your files by FTP. Also download an XML backup of your posts from your WordPress admin panel.) It’s what kept my own recent brush with hackers from being the unmitigated disaster it might have been. Have a plan in place and everything that you need organized and at hand so that if the unthinkable happens, you’ll be ready.
Back-ups aren’t just for blogs by the way. You can back up your contacts and profile information on LinkedIn, or information on social media accounts like Twitter and Facebook. And definitely back up the contents of your hard drives – don’t forget about them.
* * * * * * * *
This is the dark side of social media. Be safe out there, friends. And be ready.