How to Protect Your Blog From Fraud

Ashlee A. Dixon - November 01, 2017

Creating a blog from scratch is time-consuming, and if you lack a strong foundation in HTML coding and CSS, it can be frustrating, too.

Blogging platforms offer a solid alternative for bloggers who want to simply blog. Many platforms are ‘drag-and-drop.’ Your only responsibility is to organize all the pieces so they’re user-friendly and appealing to your readers. It’s no wonder they’re a hit with bloggers.

But with simplicity comes the risk of minimal protection, which makes these types of blogs appealing to fraudsters. Here are some ways they’re using blogging platforms for their own nefarious means.  

jQuery Exploit

Fake jQuery injections are nothing new, and prominent blogging platform WordPress was the victim of a jQuery malicious exploit dubbed MosQUito.

Fraudsters took the JavaScript file, ‘jQuery.min.js’ and changed it to ‘jQuery.min.php’. This small change in code was used to steal visitors and redirect them to other websites without the user’s permission. The malware affected thousands of WordPress sites whose users had no idea there was even an issue.

Related Post: 4 Tips to Project Your Agency and Clients From Click Fraud

How to Protect Your Blog: WordPress offers a plugin called Anti-Malware Security and Brute-Force Firewall. It runs a scan through your site removing known security threats and backdoor scripts (MosQUito). However, feel free to explore other plugins to see which ones provide the best protection.

Domain Hijacking

Wix is another popular hosting platform for blogs. No coding is necessary from you, but that doesn’t stop hackers from messing with the website code.

Related Post: How to Stop Sneaky Online Advertising Fraudsters

In 2016, multiple Wix sites were found to be vulnerable to a DOM-based cross-site scripting attack. The hacker could have their JavaScript loaded and run as part of the targets website. From there they could gain full control of the site.  

How to Protect Your Blog: Now when you sign up for a Wix account, you’re encouraged to sign up for private registration. Private registration claims to protect your identity as well as prevent domain-related spam and domain hijacking.

Wix.jpg

Although this doesn’t prevent all kinds of fraudulent activity, it’s a step in the right direction for Wix.

Data Breach

In 2016, 43 million customers were affected by a data breach on Weebly’s platform. The unauthorized party obtained email addresses, IP addresses, and encrypted passwords. Thankfully, the site doesn’t store any credit card numbers, otherwise those probably would have been snatched, too.

How to Protect Your Blog: All of the passwords stolen were stored with Bcrypt hashing. Since the passwords were encrypted, it was extremely difficult for cybercriminals to crack them. Make sure your blog uses a strong password encryption, too.

Weebly.png

Source: AVGThreatLabs

Although the breach wasn’t as devastating as it could’ve been, don’t make Weebly’s mistake. You need to implement protection.

Last Words

Blog hosting platforms don’t give the user enough protection. You need to be looking for other safety solutions.

If you’re only planning on using widgets and plugins, make sure you’re updating them regularly for the best protection. Remember malicious fraudsters are lurking around every corner. Don’t fall victim.

New Call-to-action

Ashlee A. Dixon

Ashlee is the former Content Writer and Digital Specialist for eZanga and its ad fraud management platform, Anura. She is a graduate of the University of Delaware, where she earned a bachelor’s degree in English. On weekends, you can usually find her curled up next to her cat and watching Netflix with a glass of wine in hand.