Recently I had the opportunity to register myself as a user on someone else’s blog… and I was horrified by what happened (I very much like and respect this woman). I went through the registration process completely, and then logged into the site to make a comment on a blog post I thought was worthy of such.
I was shocked to find that not only could I make that comment, but I also could edit any other blog post on the site, and add new posts there. I convinced myself that surely the weblog’s owner had some kind of safety feature set that wouldn’t let me save any edits I tried to make, or something… Being the polite person that I am, I wasn’t about to try to edit any of her posts, after all, what if some big bells and whistles went off that pointed a big finger at me for trying once I hit Save?!
After I left the comment I was there to leave, I left her site a bit befuddled, but soon forgot about it, telling myself that I know she knows better.
Lo and behold, about a week later I saw on a social site we both frequent that she was shutting down her blog immediately, probably permanently, because it had been HACKED. I am seriously left to wonder if it had really been hacked at all. After all, now it was apparent she had given the “hacker” permission to go into her site and do whatever he or she wanted to. I immediately tried to view her site out of curiosity, but sadly it was already gone.
This got me to thinking. How many blogs out there have the wrong permissions set for their users? I think it was my social friend’s intention to allow her readers to be able to comment on posts on any of her pages, but she inadvertently gave them editor, author, or contributor permission to edit all her pages and posts instead. Permissions, to the unknowing eye can by extremely difficult to understand. They can also be devastating if you set them up wrong, as she has now learned.
Please, please, please do a test run of your blog as if you are a new user immediately after launching! Try it out to see how far you can go. New users should only be able to comment on your blog posts as Subscribers, nothing more. Never over give permissions to your blog’s users and assume they will be courteous about it. Hackers are NOT courteous!