Skip to main content

Protect Your Blog - Install Third Party Code, Safely

Have any of you seen this sort of offer, when looking at third party accessories, and contemplating installation?
You don't do a thing! For Blogger blogs, we offer "EZ Install"! Just give us the blog URL, and an account name and password, sit back, and let us do the work!
and maybe later, you're posting in BHF: Something Is Broken
Somebody is posting spam posts on my blog!
Where did these ads come from? I didn't put them there!
or worse yet
Why is my blog deleted? I don't post malicious script!
All of these concerns have been noted, in real problem reports, and were caused by real mistakes.

Not everybody will note a connection between "EZ Install", and the malicious content.

With some, reputable, third party software, this won't be a problem - there's a lot of reliable third party code that only wants to provide their product, and make the install easy for you, just as claimed. But, it's always a possibility - and you would do well to consider the possibility.

Always install third party code with care. If you're going to have the third party code installed for you, do this with greater care.

If I was going to use an "EZ Install" process, here's how I would protect myself.
  1. Setup an "EZ Install" Blogger account, made a member of the blog in question.
  2. Make my "EZ Install" member an administrator.
  3. Run the "EZ Install" process, and check out the software carefully.
  4. When satisfied that the new accessory is working properly, revoke Administrative status of the "EZ Install" member.

If I was really paranoid (no, just a small bit paranoid), I would add a precaution:
  1. Setup an "EZ Install" Blogger account, made a member of the blog in question.
  2. Upgrade the "EZ Install" member to administrative status.
  3. Backup the template.
  4. Run the "EZ Install" process, and check out the software carefully.
  5. When satisfied that the new accessory is working properly, revoke Administrative status of the "EZ Install" member.
  6. Backup the template again.
  7. Compare the two backup copies, and consider carefully each change.

What the heck, you should backup the template, anyway! Comparing the two backups is just a small extra step.

It's your blog, and you are responsible for its content, both visual (what the readers see), and non visual (what only you see). It's your decision, too.


Dudel said…
Couldn't people export their blog (assuming template download already) before this and simply "try again" if things got "too wrong"?

Assuming they didn't listen to you, here, they should at least export their "normal/most active" blog often.

Another thing, my brain sends up HUGE RED FLAGS when people start asking about usernames, passwords and becoming admins on the blog.... or being able to "join it" all together.

Guess I'm saying don't trust anyone saying "I'll do it for you" unless you actually know the person... and then still not truest them. That's just me, maybe?
Nitecruzr said…

Good thinking. Unfortunately, you can only export comments and posts - and template - separately. We're still waiting for Blogger to give us some ability to export gadgets, and until we have that ability, you're sort of out of luck there.

But such a script doesn't explicitly ask for becoming admin, it typically just asks you to input your current account information, and sit back. It doesn't point out that they are trapping the account name / password. And the sheep, who fall for this, don't think twice.
z-vet said…
Give us account name and password? Excuse me? How stupid one has to be to do such a thing?
Nitecruzr said…

Hang around BHF: Something Is Broken, and see for yourself.
DaisyCrazy said…
You are right. We can never be too careful. Better have one less widget than a lots of problems!

Popular posts from this blog

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".

Leave Comments Here

Like any blogger, I appreciate polite comments, when they are relevant to the blog, and posted to the relevant article in the right blog . If you want to ask me a question thats relevant to blogging, but you can't find the right post to start with (I haven't written about everything blogger related, yet, nor the way things are going I don't expect to either), ask your questions here, or leave an entry in my guestbook . As noted above, please note my commenting policy . If you post a comment to this post , I will probably treat it as a "Contact Me" post . If you have an issue that's relevant to any technical issue in the blog, please leave a comment on the specific post , not here. This post is for general comments, and for non posted contact to me. If the form below does not work for you, check your third party cookies setting! For actual technical issues, note that peer support in Blogger Help Forum: Something Is Broken , or Nitecruzr Dot Net - Blog

What Is "" vs. ""?

With Google Domains registered custom domains becoming more normal, we are seeing one odd attention to detail, expressed as confusion in Blogger Help Forum: Learn More About Blogger . My website uses "" - am I supposed to use "", instead? It's good to be attentive to detail, particularly with custom domain publishing . This is one detail that may not require immediate attention, however.