Assessments, Networked Media

Blog security, spam and plugins

Security

Any responsible digital citizen needs to be aware of the threat posed by hacking, not just to them but to everyone in their contact list. Hacking can lead to two major issues: identity theft and loss of data, which depending on the victim and the severity of the hacking can lead to serious consequences for the company or individual hacked.

I’m lucky enough to have never fallen victim to hacking in any form yet – emphasis on yet. Ever since I read about Mat Honan’s digital life being destroyed by hackers – which they did for no other reason than they wanted to exploit his valuable three-letter Twitter handle for spam purposes – I’ve been meticulous about my security habits. I generate random passwords with high entropy, save them in a password manager so they don’t have to be easy enough for me to memorise, protect my password manager with a very strong master password, and never use the same password twice so that if I were ever hacked, the hacker wouldn’t be able to compromise my entire digital identity. I also lock down my phone – in a previous life I had the contact details of a number of prominent Australian film industry figures on my phone, and didn’t want to be the one responsible for losing control of them.

Based on all of the above, if this blog were to be hacked by someone all that would be lost is the content I’ve posted here. (And depending on your opinion of my work, that’s not much of a loss.)

The hacker wouldn’t be able to use my password from this blog to access my email, internet banking, or social media profiles. They couldn’t send phishing emails to my friends, send themselves money from my bank account, or post spam links on my Facebook profile. (Also, they wouldn’t be able to send themselves money from my bank account because I don’t have any.)

The last line of defence to data loss is back-ups, which restore a website to a previous state. In most cases regular back-ups are handled by the web hosting provider, in my case edublogs, but I can manually export my content through the WordPress control panel as well.

Spam

I’m old enough to remember the web before spam, and let me tell you: it was paradise. Now, spam is literally everywhere. It is embedded into the very fabric of the internet, and no website is launched without serious time being put into spam prevention. It poses serious threats for online publishers. Not only does it take a lot of moderators’ time to delete spam comments (or manually approve acceptable comments, depending on the comment system), when comments get through they can place some truly objectionable material on innocent websites. Spam can even get you struck off Google’s search results, which is a death sentence for a commercial website.

Ultimately, though, the arms race over spam is a losing battle. Botnets are too large and powerful, there is too much money to be made with shady medications and pornography online, too many people who will fall for extortion rackets. Spam has won, and all we can do is try to minimise its impact. I’ve chosen to disable comments on this blog, which was originally motivated by my belief that they actually add nothing to whatever discourse I’m engaged in, but it’s also a very effective spam prevention method. Spam bots can’t advertise on my blog if they can’t post comments. But for a lot of publishers, disabling comments is not an option for various reasons.

Plugins

One way to fight blog spam on a WordPress blog is to install the Akismet plugin. A plugin is a piece of code that modifies a piece of software so as to change how it works or add new capabilities not available in the default configuration. Today, most publishing software includes a formally supported plugin system that allows people who need specific or niche features to have them without requiring everyone who installs the software to have those features. The two primary sources of plugins are:

  • Officially released and supported plugins written by the first-party software developer (generally for niche features, e.g. Jetpack by the developers of WordPress)
  • Third-party plugins written by independent developers and made available in repositories or as internet downloads (e.g. Akismet)

Since this blog is hosted on RMIT’s Media Factory platform I can’t install Akismet, so I’ve taken a screenshot of another plugin I’ve installed just to show that I can do it:

Standard