Don’t have an AdSense account yet? Check out my tutorial on how to apply for Google AdSense – and get approved.
Having an active AdSense account can be very important for webmasters. Often the AdSense earnings contribute a large percentage to the overall income of a website. However, a jealous person with some criminal energy could ruin everything for you by hacking your AdSense account or by getting it banned. Learn how to protect yourself!
Basically, there are two types of danger for your AdSense account:
- Someone gets direct access to your Google account
- Someone uses your ad code to get your AdSense account banned
Fortunately, it’s quite easy to increase the security of your AdSense account.
1. Choose a strong password
We all don’t want that strangers have access to our AdSense accounts. To make it hard for hackers trying to get access it’s necessary to choose a password that is hard to brute-force and only used for AdSense.
A strong password is:
- made of numbers, letters (capital and small) and special characters
- as long as possible (absolute minimum is 12 characters)
- not saved unencrypted on the computer
- not given to other people
- used for AdSense only
- changed regularly
Here is an example of how a strong password looks like:
Trick for remembering passwords
“Aaah, are you out of your mind? No chance that I can remember such a long password”. I thought the same, but it’s definitely possible with a small trick. Our brain is having problems with remembering this kind of dry information. Therefore, it can help to come up with a story or a sentence and then use the first letter of its words as password. It will stick even better if it is a bit crazy or funny. Check out this example:
ProfitArmy.com is a nice Website, however, the English of the Author sucks!
This sentence becomes a good password when writing nouns with capital letter and considering special characters:
A strong 18 characters password can be remembered with one single sentence!
Change the password of your Google account
Change the password of your Google account if it doesn’t meet the criteria mentioned above.
To do that, log into your Google account and click on your profile picture. Choose Account > Security > Change password. Type in your current and the new password. Hit “Change password”.
Warning! If you have a recovery email address from another provider in your Google account, you have to secure this email account in the same way. Otherwise a hacker can crack this email account and then use the “I forgot my password” option to get access to AdSense. He would still need to know the answer to your secret question, however, this might be possible to find out in another way.
2. Activate phone notification
You want to be notified whenever unusual activities occur in your account. The faster you can react in a case of someone trying to hijack your account, the smaller will the damage caused be. Google offers a phone notification whenever something unusual happens in your account.
Click on the Security tab in your Google account and choose “Add a phone number”.
Press “Add Phone” on the next screen. Choose your country and type in the number of your mobile phone. Press “Save” at the bottom of the page.
Go back to the Security tab and click “Edit”.
Click “Verify” next to your phone number. Click “Send verification code”. You will get a code sent via SMS that you have to put into the corresponding field.
After successful verification, make sure “On password change” and “For suspicious activity” are written next to “Send phone alerts”. If this is not the case, you have to press Edit again and activate the checkboxes for “Suspicious attempt to access account” and “Password change”.
That’s it. Every time a suspicious activity or a password change occurs in your account, Google will notify you via SMS.
3. Activate 2-step verification
With activating 2-step verification your password won’t be enough to log in. Even if a hacker finds out your password he won’t be able to cause any harm. Despite typing in your password, you’ll need to type in a verification code that you can get via SMS, a voice call or a mobile app. It would be a bit too stressful for me to follow this procedure every time. Therefore, I set it up to only require a code verification when someone logs into my AdSense account from another computer.
Go to the Security tab and click “Setup” next to 2-step verification.
Start the setup.
Choose whether you prefer text message or a voice call. Press “Send code”. You have to verify your phone number again.
Type in the code you received via text message or voice call.
You have to decide if you want to trust the computer you are currently using. With activating this feature you won’t have to type in the verification code every time when logging in. Google will remember your current computer as trustable. I activated it because I don’t want to get a SMS and type in a code every time before I log in. However, it’s dangerous to activate that feature if many people have access to your computer. Maybe you don’t have an own computer and you have to go to an Internet café instead, then you shouldn’t trust the computer.
Hit “Confirm” on the last page. Done! You have successfully set up 2-step verification.
You can now switch to the mobile app as method of verification if you prefer that.
Under Backup Options, you can set up another phone number. You could use the number of a family member. This will be helpful in case you lose your phone or it gets stolen. Backup codes are useful if you are travelling and want to access your AdSense account during the trip. Maybe your phone won’t be able to receive text messages in another country, then you can print out these backup codes and use them when you log in.
Be careful when you are travelling with the phone you used for verification and your computer you set up to be the only trusted device. If both get stolen, you will have trouble accessing the account.
To minimize the chances of this happening, you can print out the backup codes and leave them at home or you remember one code for the whole trip.
If you are using email clients such as Outlook and Thunderbird or you have Google apps installed on your smartphone (YouTube app, Play Store app etc.), you have to set up a so-called application-specific password. Google will require a special password that you have to type in when trying to log in these applications the next time.
You can generate an application-specific password in your Google Account > Security tab > App passwords. Type in this special password instead of your normal Google password and activate the options to remember the password in the program/mobile app. For more details, read this.
4. Use the site authorization feature
I will begin with what can happen when you don’t activate the site authorization feature in AdSense. A bad guy will check your site’s source code for your AdSense ad code. He will copy and paste it into one of his completely shitty websites that hurt one of the 15 reasons why AdSense accounts get banned. Your AdSense account might get banned for violating the policy soon. When this happens he has one competitor less…
The site authorization feature makes sure that only your websites are allowed to display your ad code. So a bad guy copying your ad code won’t be able to cause any harm.
Learn how to activate the site authorization feature in Google AdSense:
- Sign in your AdSense account
- Click on the Home tab
- Click on Account settings
- Scroll down to “Access and authorization”
- Tick the checkbox next to “Only allow certain sites to show ads for my account”
- Put in the websites on which you are using AdSense in the textbox. One per line.
- Press Save.
Done! This won’t even take longer than a minute but decreases the chances of someone getting your AdSense account banned dramatically.
You protected your AdSense account from hackers through the following measures:
- Choosing a good password
- Activating notifications for unusual activities
- Activating 2-step verification
- Authorizing the sites that are allowed to display your ad code
Do you plan to follow this tutorial or do you think all the work is unnecessary? Let me know what you think in the comments.