October 09, 2009
While October is to many a month of candy and costumes, it also happens to be National Cyber Security Awareness Month in the U.S. In that spirit, we thought we'd take a minute to look at a few different things you can do to make sure both your content and account are secure on Blogger.
Third Party Code
Adding site counters, templates, and other third-party code to your blog can be a great way to add some flare to your content, but can also leave your blog vulnerable to malicious activity if you aren't familiar with its source.
Over the years we've seen a number of third party scripts disguise themselves as helpful add-ons, when in fact they are performing a malicious operation behind the scenes. For example, a site counter widget may indeed be providing your blog with helpful tracking data, but at the same time may also be discreetly sending that information to advertisers for the purpose of collecting the online habits of your readers. A blog template you downloaded from a third party site might include pop-up ads or links to dangerous sites that install malware on visitor's computers.
The good news though is that most of the add-ons you will run across are perfectly legitimate. To protect yourself from the small minority of add-ons that are nefarious, we've put together a few tips to keep in mind when adding third party code to your blog:
Take a moment to review the code and look for anything that seems out of place. For example, if you are adding a weather gadget to your blog and notice in the code that there are links pointing to unrelated sites, take that as a red flag and keep searching for another weather gadget. There is no reason that a weather gadget should include a snippet like <a href="http://completelyfreemoney.com">Make Money Online!</a>
Before saving new template code, always preview first. Malicious template designers may sometimes include pop-ups or other unexpected ads in the template code, which will usually be revealed with a quick preview. If anything unexpected shows up in the preview, go ahead and discard the new code by clicking Clear Edits.
Backup your template! Whenever making significant changes to your blog's template, it's always a good idea to backup your content beforehand just in case you need to reverse changes.
You can easily do this from the Layout | Edit HTML tab by clicking the Download Full Template link and saving the .XML file to your hard drive. You'll then be able to revert back to this downloaded version by clicking the Upload button, also right under the Layout | Edit HTML tab.
Look first to 'trusted' code repositories for a new template or widget. There are probably thousands of places across the web where you can find widget and template code, but it may be helpful to first check out some of the more widely known and trusted sources.
For templates, we've actually done a bit of scouting work already and collected a handful of great resources laid out in this Buzz post from earlier in the year. That collection comes from a number of well-established designers, and should provide plenty of secure template options to dig though.
For widgets and other scripts, there are a handful of places worth your time. Mashable's 50 Great Widgets for Your Blog is a very nice compilation that covers a broad range of categories. Widgetbox is another great portal to countless widget creations, all organized into easily browseable categories. Finally, Blogger's own Gadget Directory has hundreds of gadgets to look through. Simply click the Add a Gadget link under the Layout | Page Elements tab to access them all.
Finally we thought it's worth touching on another security area which has proven problematic for some bloggers in the past, and that is your blog's Permissions settings.
Almost every day our support team receives reports from users who've been locked out of their own blog, the result of giving admin privileges to an unfamiliar blogger. Remember, you can always add more authors to your blog, but only extend admin privileges if you absolutely trust the person.