Maybe they think it is fun, or they could want to use your blog to give themselves plenty of links in, or maybe they want to use your blog to install viruses on your readers’ computers. The list of what they could do if they gained access just goes on and on.
But there is one thing in common with all of these attacks and that is that they need access to the admin side of your blog. Whether that is through your FTP or your admin screens does not matter. Once in they are there and can do almost what they like.
Protecting your FTP details should be relatively easy. Pick a secure password, change it often and don’t tell anyone what the password is. Don’t use your FTP from unsecured machines and you should be safe.
However, most hacking attempts are likely to take place via your admin screens. The first line of attack might be “injecting” sql into your queries. This is where using a platform such as WordPress is essential, rather than writing your own tool. With the experience behind the team of writers involved, SQL injection should not be a problem.
This leaves hackers trying to guess your admin userid and password. Trying to guess both is quite difficult, especially if the password is tough to break. However, sometimes the userid is far too easy to guess and you might even be giving it to hackers on a plate. Look at your blog posts and do you say who wrote them? If so, does that match your user id? This is very easy to fix – just give yourself a nickname and display that on the site on posts and comments.
Another easy to fall for trick is to use the username ‘admin’. So difficult to guess that one! Easy enough to change this by altering the data in the tables if you are happy doing that, else sign on, create a new administrator level user id and then logoff and back on as the new administrator. Give it a totally different nickname and then go to the users screen and set admin to not be an administrator any more. Just give them the lowest level of permissions. That way, if someone does get on using that user there is nothing they can do.
With these steps in place a determined hacker has only two methods of accessing your blog. The first is getting the information off you – either through phishing or a key logger on your machine. So make sure you are always on safe connections when you sign on. After that it is a brute force attempt of trying loads of combinations. A plugin such as Login Lockdown will stop them in their tracks here and is well worth using.
If you want to know more about blogging, call over to our website – http://www.howtostartmyblog.com. There you will find loads more help, and you can get yourself a free copy of our how to start a blog ebook.
Written by Keith Lunt
Article from articlesbase.com
