When friends ask me what they need to do to protect their content online, they’re usually looking for advice on licensing content, tracking it and removing infringements.
While all of that is important (and I’ve spent the past 10+ years talking about them here), it’s easy to forget that content security really does start at home. While you can’t do too much to prevent your work from being copied, it’s probable that the biggest threat to your work is not that it will be copied, but that it will be deleted or destroyed altogether.
This problem is coming into focus recently as a new malware campaign appears to be targeting WordPress sites, infecting millions of sites per day. Even though how it is getting in isn’t known (and other types of sites are impacted as well), it may be connected with a sharp rise in brute force attacks on WordPress sites.
So, with so much craziness going on, it’s worth taking a moment to look inward and see what we can do to make our sites more safe and our content better protection. After all, every fear that comes with content theft can happen just as easily if your site is hacked or broken into.
The Reasons We Fear Content Theft
The reasons creators work against content theft are either personal or business related. Whether being plagiarized or pirated is a personal affront or you’re worried solely about the business-related consequences, there’s a lot of good reason to shut down copyright infringements.
On the personal front, creators tend to have a strong attachment to their work. Whether it’s an imaginative work or something more mundane, creators tend to put a lot of work into their creations and, as such, develop a strong personal attachment to it.
On the business side, that time and energy used to create a new work has to be justified somehow. Whether it is being sold directly, used as promotion for a service or used to attract visitors to sell advertising, the work and the time it took has to pay for itself.
But whether your interests are personal, business or a hybrid of the two, site hacking is still very damaging. From a personal standpoint, site hacking can result in your site and your work literally being destroyed. Many hacks result in sites being wiped out, either accidentally or intentionally, and other times sites can’t be restored safely due to large amounts of malicious code.
From the business standpoint, a hacked website means lost revenue. If you’re selling work directly, it’s likely that the site will have to come down for an extended period of time, costing you sales. If you’re using it for promotion or ad revenue, the picture isn’t any better. Google and other search engines blacklist hacked sites, meaning you will see a drastic drop in traffic until you’re able to get your site cleaned up.
In short, almost everything one fears about having their content plagiarized or pirated can happen just as easily from a site hack. Yet, so many creators ignore site security, even as they watch their content like a hawk elsewhere online.
Basic Security Tips
First off, to be completely clear, there is no such thing as a site that can’t be hacked. Any site is vulnerable to someone with enough skill and determination.
However, the biggest threat for most sites isn’t targeted attacks. Instead, the biggest threat is automated attacks that probe websites for known vulnerabilities, weak passwords and other easy access points. If you can protect against those, you can likely stop nearly all of the attacks against you.
With that in mind, here are a few things you can do today to better protect your site.
- Update Everything: Keep your site’s software up to date including all themes, plugins and the platform it runs on. Many hacks thrive on exploits found in earlier versions, making it important to keep up to date on your software, especially with security releases.
- Use Strong Passwords: Make sure that the passwords you use are strong, but still easy-to-remember. Definitely make sure your password isn’t on any of the top passwords lists.
- Use Two-Factor Authentication: If you can, enable two-factor authentication on your site and your hosting account. Doing so ensures that an attacker needs both your password and another device, such as your phone, to access your site. WordPress users can use this plugin.
- Don’t Use Default Usernames: Your username is your first line of defense. If it’s “Admin” or whatever the default for your website is, you’ll likely want to change it to make sure it can’t be trivially guessed.
- Backup, Backup, Backup: Keep backups of your site at all times. This includes local backups on your computers, remote backups on cloud services such as VaultPress and also backups on your server. These are useful not just if your site is wiped or damaged, but they are also the easiest way to ensure a “clean” site if it is compromised.
- Consider Outside Help: Service such as Distil Networks or Incapsulacan help protect your site by providing a barrier between your server and your visitors, making it difficult for bots and/or automated attacks to get through.
Though this won’t make your site impervious, it will reduce the likelihood that an automated attacker will get lucky and find his or her way inside. Defending against those automated attacks, for most users, eliminates biggest part of the security issue.
Protecting your content is a noble goal. However, it’s easy to get fixated on external threats, such as piracy, plagiarism, spam, etc. without focusing on dangers within one’s own home.
If you manage to stop all misuse of your content, it doesn’t do any good if your site is shuttered or blacklisted from the search engines. If you want to share your work with the world, earn credit for your creations or build a business based upon them, you need to also focus on your site’s security.
With security, some simple policies and just a few minutes per week of your time can go a long way to ensuring that your site is around for a long time and that your content is safe.
Given how much we invest in making our content, it makes sense to take the extra effort to keep it safe, both in its home and where it travels.