Skip to main content

Protect Your Blog - Install Third Party Code, Safely

Have any of you seen this sort of offer, when looking at third party accessories, and contemplating installation?
You don't do a thing! For Blogger blogs, we offer "EZ Install"! Just give us the blog URL, and an account name and password, sit back, and let us do the work!
and maybe later, you're posting in BHF: Something Is Broken
Somebody is posting spam posts on my blog!
Where did these ads come from? I didn't put them there!
or worse yet
Why is my blog deleted? I don't post malicious script!
All of these concerns have been noted, in real problem reports, and were caused by real mistakes.

Not everybody will note a connection between "EZ Install", and the malicious content.

With some, reputable, third party software, this won't be a problem - there's a lot of reliable third party code that only wants to provide their product, and make the install easy for you, just as claimed. But, it's always a possibility - and you would do well to consider the possibility.

Always install third party code with care. If you're going to have the third party code installed for you, do this with greater care.

If I was going to use an "EZ Install" process, here's how I would protect myself.
  1. Setup an "EZ Install" Blogger account, made a member of the blog in question.
  2. Make my "EZ Install" member an administrator.
  3. Run the "EZ Install" process, and check out the software carefully.
  4. When satisfied that the new accessory is working properly, revoke Administrative status of the "EZ Install" member.

If I was really paranoid (no, just a small bit paranoid), I would add a precaution:
  1. Setup an "EZ Install" Blogger account, made a member of the blog in question.
  2. Upgrade the "EZ Install" member to administrative status.
  3. Backup the template.
  4. Run the "EZ Install" process, and check out the software carefully.
  5. When satisfied that the new accessory is working properly, revoke Administrative status of the "EZ Install" member.
  6. Backup the template again.
  7. Compare the two backup copies, and consider carefully each change.

What the heck, you should backup the template, anyway! Comparing the two backups is just a small extra step.

It's your blog, and you are responsible for its content, both visual (what the readers see), and non visual (what only you see). It's your decision, too.


Dudel said…
Couldn't people export their blog (assuming template download already) before this and simply "try again" if things got "too wrong"?

Assuming they didn't listen to you, here, they should at least export their "normal/most active" blog often.

Another thing, my brain sends up HUGE RED FLAGS when people start asking about usernames, passwords and becoming admins on the blog.... or being able to "join it" all together.

Guess I'm saying don't trust anyone saying "I'll do it for you" unless you actually know the person... and then still not truest them. That's just me, maybe?
Chuck said…

Good thinking. Unfortunately, you can only export comments and posts - and template - separately. We're still waiting for Blogger to give us some ability to export gadgets, and until we have that ability, you're sort of out of luck there.

But such a script doesn't explicitly ask for becoming admin, it typically just asks you to input your current account information, and sit back. It doesn't point out that they are trapping the account name / password. And the sheep, who fall for this, don't think twice.
z-vet said…
Give us account name and password? Excuse me? How stupid one has to be to do such a thing?
Chuck said…

Hang around BHF: Something Is Broken, and see for yourself.
Dorothea said…
You are right. We can never be too careful. Better have one less widget than a lots of problems!

Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Help! I Can't See My Blog!

I just posted to my blog, so I know that it's there. I can tell others are looking at it. But I can't see it.

Well, the good news is you don't have a blog hijack or other calamity. Your blog is not gone.

Apparently, some ISPs are blocking *, or maybe have network configuration or infrastructure problems. You can access or you can access, but you can't access, or

You can't access them directly, that is. If you can access any free, anonymous proxy servers, though, you may be able to access your blog.

Note: You can use PKBlogs with the URL pre packaged. Here is the address of this post (with gratuitous line breaks to prevent the old post sidebar alignment problem):

And an additional URL, to provide to those suffering from this problem, would be the WordPress version of this post: