前言
資安問題是大哉問,國外此方面經驗豐富,我喜歡邊翻譯邊學習。因此,這篇文章是做翻譯:
原文載於 5 Essential Security Tips to Keep Your Blog Safe at All Times,2017-05-02,作者是 Christopher Jan Benitez。
原文多採用 ‘blog’,我也將其翻譯成「部落格」;建議網友閱讀時視其為泛指所有的 (WordPress) 網站。
Cybercrime is getting worse as years go by. According to this post at Business Insurance USA, there are 556 million victims of cybercrime with over $455 billion losses every year.
網路犯罪日益嚴重。根據 Business Insurance USA 的文章,每年有5億4千6百萬名資安受害者,及超過4兆5千5百萬美元的損失。
As a blogger, you may not be as worried compared to bigger businesses since your small online space is hardly worth the attention of hackers. However, what will you do if, by any chance, your blog does get hacked? Do you have a way to recover the lost files.
身為一名部落客,你可能認為相較於別人的大生意,你小小的網路空間實在不值得駭客來光臨,因此沒啥好擔心的。然而,萬一萬一你的部落格遭駭了,你有任何挽救檔案遺失的措施嗎?
Setting up preventive measures to lower, if not eliminate, the risk of a security breach on your blog is essential. By keeping your blog protected at all times, you can minimize the damages caused by the hack and continue to operate at optimum levels for the benefit of your audience.
設立防範措施,即使只是降低資安風險而不是全然避免安全漏洞,仍是經營部落格的最基本注意事項。經由時刻保護你的部落格,不僅能將駭客可能造成的傷害降到最低,且持續為你的讀者提供最佳的利益。
Below are some tips that you need to follow and observe to keep your blog safe and secure from cybercrime.
以下是一些提示,值得你遵循及關注以保護你部落格的安全、免遭網路犯罪。
Migrate your HTTP to HTTPS
移植 HTTP 至 HTTPS
If you have forms that your visitors need to fill out on your blog, then you should be aware that hackers can use the forms to get information from your audience so they can attack them. This is not good for business because you want your audience to feel safe when using your blog. By risking valuable information from visitors in the wrong hands, you might discourage them from visiting your site again.
如果你的部落格會要求訪客填寫表單,則必須留意駭客能利用表單擷取你的訪客資訊、之後可以攻擊他們。這對經營網站是不利的,因為你必須讓你的讀者在你的場所感到安全。冒風險把訪客的資料情報交到錯誤的人手上,你的訪客可能因而不再造訪你的網站。
To counter this issue, you need to consider moving your site from HTTP to HTTPS. This will help encrypt the activity taking place between visitors and blog, whether it’s filling out a form or bouncing from one page to another. Therefore, “eavesdroppers” won’t be able to steal information from your site.
反應這個問題,你必須考慮將網站由 HTTP 搬到 HTTPS。無論是填具一個表單時、或由一頁跳轉到另一頁時,此舉可以為發生的操作行為產生加密。“竊聽者” 將不再能自你的網站偷取情報。
The process of moving your blog to HTTPS involves a lot of moving parts such as your hosting and platform you’re using to run your blog. In any case, you need to contact your hosting provider for information on how to get this done with the least hassle. In the meantime, you can read this post on Search Engine Land about HTTPS for details.
將部落格搬移到 HTTPS 會牽動到許多部分,例如你放置部落格的主機或平台。無論如何,你都必須聯係你的主機商,尋求以最低障礙完成搬遷的做法。此外,請參考 Search Engine Land 裡的這篇文章以多了解 HTTPS 的細節。
Install a firewall
安裝防火牆
When blogging, you need to consider not only the protection on your blog but also your desktop computer or laptop that you usually use. When you log into your admin dashboard, you need to be wary of the security of the computer you are using. If it has been compromised or is infected with viruses, then you put your blog at risk as well.
寫部落格文章時,不僅需要考慮部落格主機的保護,還需要考慮到所使用本機或桌機的保護。一旦你進入了部落格管理員後台,一定要特別留意所使用本機的安全性。如果本機已遭到病毒入侵,你的部落格也將因而面臨風險。
To prevent this from happening, you need to install a firewall software on your computer. Freemium ones like Avast! and Comodo should be enough to provide you with enough protection to keep your CPU from getting infected. Also, prevent from using computers without a firewall when accessing your blog to keep it safe from malicious threats.
為了防止上述情況發生,務必在你的本機安裝防毒軟體或防火牆。免費軟體例如 Avast! 及 Comodo 應已能提供你足夠的保護,避免你的機器受到感染。此外,為避免在擷取你的部落格時遭到惡意軟體植入,你也應該避免使用沒有安裝防火牆的電腦。
Sucuri
When it comes to your blog, you can install Sucuri to protect your blog by continuously monitor your website from all its activities and provide a firewall to keep all your information safe. After, if your site does get infected, Sucuri also offers cleanup services to restore your site’s original state.
經營部落格時,可以安裝 Sucuri 這類外掛來保護你的部落格。Sucuri 可以持續監測你網站的所有行為,並提供防火牆以保護資訊。即便你的網站遭到侵入了,Sucuri 也可提供清除服務,將網站恢復成原先狀態。
For WordPress blog owners, you can choose from these reliable and free security plugins to keep your blog safe from exploits and threats that are prevalent in this blogging platform.
對 WordPress 部落格擁有者來說,你可以自外掛場所選擇可信賴且免費的插件以保護你的部落格,避免暴露給盛行於部落格環境的威脅。
Always save a backup
永遠記得備援
If your blog does fall into the hands on hackers and messes up your files, then there’s no way to recover from this unless you have a backup of your latest files saved somewhere. Therefore, you need to use a tool that allows you to automatically backup a copy of your files. When your blog does get hacked, you can simply download your latest backup and just upload them to you hosting like nothing happened!
一旦你的部落格落入了駭客的手裏,並將你的檔案攪得亂七八糟,等於無法修復了。唯一的機會是,你有近期的檔案備份放置在其他的地方。因此,最重要的是你有使用自動備援檔案的工具。當你的部落格被駭時,只需要下載你最近期的備份,上傳並安裝至你的主機,回復到一切未發生前的狀態。
CodeGuard
A cost-effective solution is CodeGuard. For as low as $5/month, you can enjoy daily backup and monitoring, so you don’t have to do it yourself. WordPress also has lots of plugins to help you create backups of your blog, one of them is UpdraftPlus. There’s a free version where you can create backups manually and save it on your local drive and a paid version where the plugin will schedule the creation of backups for you and store them in the cloud (good for two sites).
有個 CP 值很高的方案叫 CodeGuard。以最低每月美金五元的成本,你可以享有每日的備援及監控,而不需要親自操刀。WordPress 也有很多的外掛能夠為你的部落格建立備份,其中之一是 UpdraftPlus。免費版本可讓你手動備援並存放在你的主機上;付費版本則可以排程建立備份、並存放在雲端他處 (允許備援兩站)。
Protect site from scrapers
讓網站遠離剝屑者
There are blogs that steal existing content from other blogs and pass it as their own. These scrapers pose a threat to your online safety because they can damage your blog’s SEO. What they do is take your blog’s RSS feed and plug it on their site. Therefore, every time you publish a blog post, your feed also updates so that the scraper site will also publish your latest content.
有些部落格會偷取他人部落格的內容,然後轉貼當作自己的內容。這類山寨客會威脅到你的網路安全,因為他們傷害了你的 SEO。他們通常是抓取你文章的 RSS feed,然後灌入自己的網站裡。因此每當你發表一篇新文章時,因為你的 feed 會更新,這類的山寨網站也會同步抓取你最新的內容去更新。
When that happens, instead of your site ranking on search results for your target keywords, there’s a chance that their blogs will rank ahead of you. Also, some scraper sites have poor domain authority (DA). Since your feed items most likely link back to your blog posts, you acquire a backlink from a low-quality site, which could further affect your search rankings.
當發生此事時,他們的部落格可能替代了你鎖定的關鍵字詞,反而在搜尋結果的排名跑到你的前頭。此外,某些山寨網站可能有極差的網域授權 (DA)。你文章的內容裡很可能會有連結回到自己的網站,此將會產生來自爛站的 backlink 至你的網站,更加重傷害你網站的搜尋排名。
While you can simply ignore these scrapers (consider them as a form of flattery) since Google has caught up with them and their practices, you can still take a more proactive stand against them by reading this post by Hartley Brody and following the steps he provided.
然而你已經可以輕易擺脫這些剝屑者 (雖然他們還算蠻瞧得起你的) 的糾纏,因為 Google 已經可以掌握他們的行為模式了。如果想要更積極處理,請參考 Hartley Brody 的這篇文章,並依照他提供的步驟去執行。
Shutdown comment spam
關閉垃圾評論
Spammy comments are common among popular blogs. Comments that add little to no value to your blog posts can be considered as spam. Comment spam ranges from one-liners, i.e. “Great post!” to junk messages that link to a spammy site.
對熱門的部落格來說,垃圾評論是很普遍的現象。倘若他們帶給部落格文章的是幾近毫無意義的迴響,都可以視為垃圾評論。垃圾評論的範圍,可能從很簡單的一句話,例如“Great post!”,到完整的垃圾訊息並連結到外部的網站。
You can easily block spam by installing a spam filter like Akismet for WordPress so you can moderate only those that add value to your post.
對 WordPress 來說,你可以輕易藉安裝例如 Akismet 之類的垃圾篩選外掛來防堵垃圾評論,讓自己只周旋在對文章有加值意義的評論之間。
Disqus
However, for non-WordPress bloggers, you can simply revamp your commenting system if you cannot manage the amount of spam your blog is receiving. You can use Disqus which not only blocks spam effectively but also has a voting system that lets readers vote the best comments. This creates for a more dynamic discussion about your post and mobilizes your readers to think for themselves.
對非 WordPress 部落客而言,如果無力管理部落格所收到超大量的垃圾評論,可以簡單地更換至 WordPress 評論系統來解決。你可以考慮採用 Disqus,它不僅能有效地防堵垃圾評論,並且提供票選機制讓讀者票選所喜愛的迴響。此能為你的文章創造一個動態的討論環境,且鼓勵讀者為他們自己的利益多想想。
Wrapping it up
總結
Blog security is something that you should prioritize if you want your blog to succeed. You can never take a chance on your blog, now that cybercrime has gotten rampant throughout the years. By shoring up your blog’s defense system, you can focus on developing your blog to greatness while you can sleep safely at night knowing that your blog is protected.
如果你想要成功地經營部落格,資安是必須優先處理的問題。網路犯罪已猖獗了好幾年,切勿對你的部落格心存僥倖。唯有為部落格建立防護的支撐方能全力發展部落格,並且每天晚上能睡得安穩,因為心裡知道你的部落格是受到保護的。