Oct 23, 2009

Keeping Your Blog Secure

The following is paraphrased and condensed from an online article by Google....
Third Party Codes, and Gadgets (widgets).

Adding site counters, templates, and other third-party codes including gadgets to your blog can be a great way to add some flare to your content, but can also leave your blog vulnerable to malicious activity if you aren't familiar with its source.

Over the years Google has seen a number of third party scripts disguise themselves as helpful add-ons, when in fact they are performing a malicious operation behind the scenes. For example, a site counter widget may indeed be providing your blog with helpful tracking data, but at the same time may also be discreetly sending that information to advertisers for the purpose of collecting the online habits of your readers. A blog template you downloaded from a third party site might include pop-up ads or links to dangerous sites that install malware on visitor's computers.

The good news though is that most of the add-ons you will run across are perfectly legitimate. To protect yourself from the small minority of add-ons that are nefarious, Google has put together a few tips to keep in mind when adding third party code to your blog:

Take a moment to review the code and look for anything that seems out of place. For example, if you are adding a weather gadget to your blog and notice in the code that there are links pointing to unrelated sites, take that as a red flag and keep searching for another weather gadget. There is no reason that a weather gadget should include a snippet link to another unrelated site.

Before saving new template code, always PREVIEW it first. Malicious template designers may sometimes include pop-ups or other unexpected ads in the template code, which will usually be revealed with a quick preview. If anything unexpected shows up in the preview, go ahead and discard the new code by clicking Clear Edits.

Backup your template! Whenever making significant changes to your blog's template, it's always a good idea to backup your content beforehand just in case you need to reverse changes.

You can easily do this from the Layout; Edit HTML tab by clicking the Download Full Template link and saving the .XML file to your hard drive. You'll then be able to revert back to this downloaded version by clicking the Upload button, also right under the Layout; Edit HTML tab.

Look first to 'trusted' code repositories for a new template or widget. There are probably thousands of places across the web where you can find widget and template code, but it may be helpful to first check out some of the more widely known and trusted sources.


The Blog Guy's Input:
Important Note: The Blog Guy test items on his own blog before issuing a Blog or website tip to his readers. This is of course not 100 percent guaranteed but it's better than you taking an all out risk on some code you don't know. That's why I get a lot of emails asking me about different Blogging Issues and Gadgets.

No comments: