Yes, I know this is the face you make when mean old hackers steal your blogging toys (passwords, logins, and such). This post comes as a reaction to many bloggers being attacked by a hack that creates a blog post names something like “Yaay! I’m Getting Money To Take Surveys” (or variations on that theme). I have seen a number of people affected by it today, and it isn’t pretty.
First of all, obviously, DO NOT CLICK ON ANY LINKS IN THE POST. I hope each of you are intelligent enough to figure that out if it is content posted by someone hacking your blog. On the other hand, there are some things you can do to to improve your security so it doesn’t happen again.
1. Change your password – This is elementary, my dear Watson, but it deserves reminding. Make it complicated. Alphanumeric (letters and numbers) with a spice of special characters and uppercase/lowercase variations is a good start.
2. Connect securely – In your Dashboard>Users>Personal Settings make sure the “Always use HTTPS when visiting administration pages” option is check (as shown below).
3. Disable “post by email” – In Dashboard>Settings>Writing to prevent the possibility that your email was hacked first, and that is how they posted to your WordPress.com blog. If you use “post by voice” it might be a good idea to disable that as well.
4. Change your email password – Even though this is not on your WordPress.com account, some hackers gain access to your blog through your email, so it is worth checking into changing that if you think it might have been compromised.
In addition, here are a few tips that I have learned the hard way or have been told by other who have learned the hard way:
- Subscribe to your own blog, or make sure you receive email notifications of some kind every time a post is published. This allows you to instantly be aware of activity on your blog which you didn’t authorize.
- Change your password periodically, whether you have been hacked or not. It just makes you a more difficult target.
- Clear your trash, and make sure spam posts and comments are completely deleted, rather than just sitting in your trash bin where the content is still available.
- Trust no one! Clicking on links is a no-no in the blogging world, even from close friends, unless you were expecting them. Hover your cursor over links you think are trustworthy just to make sure the URL points where you think it is going to point (it is usually indicated in the bottom left of your browser window when hovering).
I’m sure there is more to be said about these “I’m Making Money Taking Surveys” posts, but I wanted to get this info out quickly. If I hear more I will keep you updated!