Hidden dangers in third party content

If you’re a regular reader of this blog, by now you’re probably familiar with the idea of hackers who inject code – often invisible iframes or javascript – onto otherwise innocent but poorly secured sites.

Another way that sites can be compromised is equally important but often harder to recognize: third party content. When we think about third party content, we often think about ad networks, which place outside links, text, and often graphics on participating websites. Ads aren’t the only way third party content is used on today’s websites, however. Many sites use hit counters that are hosted independently, as well as website “toys” and decorations such as remotely hosted images.

In many cases, third party content is perfectly fine. There are safe ads, safe counters, and safe remote image hosts. If you’re a webmaster, choosing to use third party content on your site means taking responsibility to be sure that content is safe, and remains safe. Carefully screen the ad networks you choose to partner with, and ask how they prevent badware from compromising their network. Do a quick internet search and see what other users are saying about the security of that new counter you’re thinking about installing. And once you’re using third party content on your site, regularly check to be sure that it’s still safe.

Choosing to use third party content means inviting someone else to have control over part of your website. Choose carefully, and stay vigilant, to help keep your website’s visitors safe and your site secure.