A few thoughts on blog security & domain stealing

You know the old adage “you learn something new every day?” Well, today it’s certainly true. Today I learned that it’s possible for someone to steal a domain out from under someone.

Insane, right?

Read the story here on Mashable (and she’s also posted it on her site): Blogger Pulls Off $30,000 Sting To Get Her Stolen Site Back

While exactly how this happened isn’t made clear, doubtless because it’s still an ongoing investigation, a few things stand out:

  • The more popular your site, the more of a target you’ll be. The blogger in the linked article had a site that was attractive to this hack because she had very good page rank and traffic, and that is what the thief was using to entice buyers. If your blog generates a decent income & gets good traffic, you’ll be a more attractive target and it’s that much more important to take more security measures.
  • Long, VERY long, passwords are very important. Hacks often involve programs that run through every combination of letters & numbers & symbols, and the longer the password, the exponentially longer it takes for such a hack to work.
  • Hacks are often achieved via passwords stolen by malware; keep your computer checked regularly for malware & never click on suspicious links.
  • Use 2-step authentication everywhere you can, especially on email, bank accounts, and social networks.
  • If you’re able to choose security questions & answers, make your answers something only you would know, something that would not be findable via anything about you online. Something like, “What was the name of my first pet?” and then make up a name/put a name that was never the name of any pet you had. If you have to choose from the ubiquitous questions, like mother’s maiden name or first school, lie. Put a name you’ll remember but no one else would ever associate with you.
  • Install security plugins for WordPress, such as Limit Login Attempts.
  • Keep a notebook of your various passwords & security measures that only you know about — and I mean “notebook” as in a paper one. You know, kick it old school. 😉 DON’T write down what the password is for, or even that it’s a password…create your own shorthand. Maybe write the passwords backwards. Keep this little book in a safe place so that you’ve got the info if/when you need it. Also, you could use it to keep track of when you change your passwords, which leads me to the next point…
  • Change your passwords often (and probably your security questions & answers, too).

All of this might seem like overkill, and if you’re just starting off online with a new site, you might think you don’t need to bother with any of this yet. But to quote another old saying: “An ounce of prevention is worth a pound of cure.” Better to load up on security now (and get into the habit of using long passwords, changing passwords regularly, dealing with security programs, etc) than to one day say, “I wish I’d…”

Happy (and secure!) blogging!
Cheers,
Sara