When I started blogging over a year ago, I didn’t know much about WordPress but every now and then I’d get a notice about a registered user. I felt good about it, but my professional deviation of a network engineer/manager made me double-check the default type of access for registered users.
WordPress kept everything in good shape there, but I started wondering whether I really needed my visitors’ email addresses in my system. Most of the marketing and online income gurus regard user registration an indispensable tool for profit building. You notify your registered users about new articles, often providing additional free goodies by email and only sometimes you offer them a trustworthy sale, which is how you make money. However, I am reluctant to use email to lure anybody into any spending for reasons listed below.
So when I reinstalled WordPress to introduce more secure settings on my database and put my name behind my articles I wiped all the registered users and although I drafted an email message to them with an apology and explanation, asking them to re-register, but I never sent it because I never re-enabled user registration. Why?
Whenever possible, I will try to avoid keeping any sensitive information in my possession. When I managed an infrastructure part of an IT shop with 5,000 employees and hundreds of thousands of registered users, I always advised my users against sharing their credentials with anybody to keep them safer from identity theft. Most dangerous attacks I’ve seen didn’t come from hacking, but through phishing and social engineering, after some people in a naive attempt to make things very convenient posted every employee’s email address on our website and never listened to my recommendations to remove them. Need I say all the addresses were harvested and probably sold to who knows how many hackers and spammers. Soon enough everybody started receiving occasional “password expiration” emails that looked like official internal communication, politely asking users to reply with their user name and password. I had to reiterate our policy prohibiting sharing of passwords and to explain how we don’t need anybody’s password to do anything with their accounts, but still, some people fell for it.
Email addresses are sensitive information because they can be sold to spammers who make money on junk mail and to hackers who are hunting for account credentials through phishing or social engineering. Individual email addresses are cheap, but when you have thousands or hundreds of thousands of them, the price can be attractive. With a growing subscriber user base, the constantly growing number of email addresses in your possession makes you a growing target for hacking. There’s a possibility for every site to get hacked due to unknown vulnerabilities, so why should I host this extra risk for my visitors and make my site a more likely target of cyber criminals?
Therefore, I’ve chosen to sacrifice the target and just opted out of keeping any registered visitor emails here. It’s easy to find out when I have a new post – either visit this site every now and then, or if you follow me on Twitter, each time I have a new post, I also send out a tweet with a link to it.
No risk for me, no risk for you.