Subscribe to Entrepreneur for $5

Tumblr Hacked: 4 Tips for Keeping Your Sites Safe


If you have a Tumblr page for your business you might have noticed some issues with the site today. The popular blogging and social media tool was hit by a hacker group that reportedly spammed 8,600 accounts with a crude message criticizing bloggers, calling them "self-insisting, self-deprecating, self-indulgent empty husks of human beings."

The apparent worm seemed to infect any account that either viewed or shared ("reblogged") the post. Tumblr took to its Twitter account to acknowledge the viral post and to say it was working "swiftly" to resolve the issue. A subsequent update about two hours later said Tumblr's engineers had resolved the issue.

While you may think your own site isn't in the crosshairs of hackers, they're increasingly targeting small-business sites, infecting visitors with malware or cracking databases to access sensitive customer information. You might not always be able to stay a step ahead of hackers, but there are steps you can take to avoid experiencing a security breach.

1. Always update software and plugins.
Software updates often fix bugs that hackers can exploit and do damage to your site. Download those updates when they become available. Content management systems and blogging programs, such as WordPress, generally notify users when an update or a new version of the software is available.

Related: 3 Tips for Beefing Up Password Security (Infographic)

2. Use complicated passwords.
ABCD. 1234. These are not the passwords you should be using to protect the content of your site. Yes, you need to be able to remember your passwords, but they shouldn't be so simple that anyone can guess what they are.

Security experts generally recommend that passwords be at least 14 characters long, have upper and lower case letters and contain letters as well as numbers. If you need some help created a strong password, tools such as can generate random passwords for you.

3. Avoid using free themes.
If you're tempted to download a free theme for your content management system, think twice. These free files can contain undetectable spam links or malware files that infect a site upon installation. Paid versions -- especially those from sources you know and trust -- usually present a lower security risk. If you go for a free theme, use a tool such as VirusTotal to scan files for malware before uploading them to your site.

4. Use Google's Webmaster Tools.
Register with Google's free website analytics suite and the search giant can notify you if it detects any malware infections on your site. It also provides a detailed report about the problem it has found on your site.

Not only can this alert you to a problem when it occurs, it gives you an opportunity to remedy the problem quickly, perhaps before any information is taken or your site is "blacklisted" for having malware, which can reduce the amount of traffic you receive from search engines.

Related: A Quick Guide to Using Tumblr for Business

Entrepreneur Editors' Picks