Basics of Securing WordPress
We here at ionadas local LLC absolutely love WordPress. It puts the power of managing a company website within the company, rather than having every little change made by a website design firm.
But WordPress is not without its challenges.
Most notable, perhaps, is security. The growing popularity of WordPress means more and more hackers are targeting sites that use it. And in it’s default configuration, WordPress definitely has some security vulnerabilities.
With that in mind (and having had to work on some hacked sites recently), I’d like to walk you through some of the ways you can harden WordPress against hackers.
The biggest vulnerability is no fault of the WordPress system. Simple passwords will eventually be guessed.
No, your daughter’s nickname plus four random characters is not a secure password. You need a truly random password that includes uppercase and lowercase characters, numbers, and symbols. I like to use a site like Password Generator to create them.
You need secure passwords for all WordPress logins as well as any FTP or cPanel accounts.
Then use a password manager to keep track of the passwords and to handle logins. There are countless of these for both desktop and mobile devices.
Keep Things Up to Date
WordPress, all plugins, and your theme need to be kept on their most recent versions. Vulnerabilities are discovered and patched regularly, so the older your install are, the more likely they are to have a security flaw.
At least once per month, you should update everything on your site. If you read about a particular security vulnerability, you might want to update more often.
Sucuri is a free plugin that handles malware monitoring, security scanning, and incident detection. In other words, it lets you know what’s going on with your site and when hackers are attempting to do bad things to it.
Install the plugin, sign up for the free API, and set the alerts to be sent to an email account you watch closely. I use a specific Gmail account for this. Anything that comes to that account needs to be looked at quickly (and closely).
The last (for now) step you need to take is to install and configure WordFence, a WordPress firewall plugin. They offer a free version that hardens a site quite nicely.
If you need an even more secure site, their premium version is only $8.25 per month.
These steps above will do a great deal to harden your site. While no site on the internet can ever be called perfectly secure, following this advice will make you a much less attractive target, and will likely result in hackers looking for easier pickings elsewhere.
And, if you need help setting any of this us, please give us a call at (512) 501-1875.
Interesting Facebook Ads Connection
After finishing up my lunch, I decided to peruse Facebook for pictures of my friends’ children and pets. To my surprise, the following ad came up in my feed:
I’ve not visited the Royal Caribbean website in at least five years. I’ve got a daughter still in single digits, so I only ever look at Disney Cruises.
I haven’t even searched a meta-travel site that might spark something like this.
What has happened is that my wife is looking at going on a Royal Caribbean cruise with her sisters and mother next year. Very recently looking at it, in fact, such as within the last week.
But, she did that from her own computer. She never uses mine.
I sometimes access her computer to provide IT support, but I never log onto Facebook there.
We’re connected on Facebook, she was almost certainly logged into Facebook when accessing the Royal Caribbean site, and we regularly both access Facebook from the same IP address (e.g. home).
It seems that Royal Caribbean was able to connect my wife’s browsing history to my Facebook interests for remarketing purposes. As it happens, it wasn’t well targeted (I’m not going on a cruise), but I can see how it might be. Advertising doesn’t bother me at all, as long as it’s reasonably well targeted.
But there are real privacy concerns to this. Any site I go to might trigger a Facebook cookie without my even knowing.
What if I’m searching for a birthday present? I might come up with the greatest idea for a present, something she would never think of, and have an ad for it appear in her Facebook stream.
Certainly there are more bothersome things that might pop up on a significant other’s Facebook feed.
Facebook might want to think through this one a bit more, but then, privacy has never seemed to be high on their priority list.
Requesting Reviews for Podcasts
Anyone involved in podcasting knows that reviews drive new listeners. While it’s possible that downloads are a stronger signal for iTunes, there’s no question that reviews placed there play a large part.
Most podcasters are losing money on the venture, and do it because they enjoy it. Kudos coming in may be the only renumeration they receive. More listeners means more kudos, all else equal.
So, it’s perfectly understandable that podcasters will ask their listeners to review their podcast. I see no problem with that.
Where I do see a problem is that all too many podcasters ask for a “five star review”. This is highly problematic.
Endorsements must reflect the honest opinions or experiences of the endorser, and your plan could cause people to make up positive reviews…
Instead, they should ask for honest feedback via the review mechanism. If they are putting out a quality production, most of the reviews will be positive.
If they’re serious about their craft, they should want to hear about any areas in which they will improve
Unfortunately, at least among the podcasts I listen to (history and business podcasts, mostly), I almost never hear a request for an honest review.
Lastly, if you are a podcaster who gets a negative review, fix the problem if you can, and keep encouraging reviews. The negative review will be buried in positive ones soon enough.
If you’re unable to fix the problem, maybe you need to give more thought to what you’re putting out.
Where is Google Headed With Mobile?
Many have expected 2015 to be the year of mobile for Google. While Google has stated that there are now more searched on mobile than on desktop, the supposed Mobilepocalypse was something of a disappointment.
Some of this may have been because most websites were simply ready for the mobile algo changes. Alex Holmes of ThemeForest.net told me earlier this year that “pretty much every template now needs to be responsive or it won’t sell.”
On the other hand, before Mobilepocalypse, testing by Portent determined that 40% of websites were not mobile ready.
The fact that the reported impact has been minimal suggests that at the very least, Google oversold this algo change.
Now to blur the issue even further, Advent Communication has released the results of a study suggesting that Google really doesn’t know where you are located.
Advent asked respondents to compare where Google thought they were located with their actually location. They admit that their sample size was a bit limited, but found that the average error for desktop users was 117 miles, while it was 428 miles for mobile users.
I’m most surprised by mobile having a higher error. Granted, desktop users are by definition static, but I would think that between GPS data in smart phones and cell phone tower data, they should have a pretty good idea where mobile users are located.
While the average error numbers are probably biased by having some users thousands of miles away with a small sample set, the errors were still widespread. Only one-third of users were within 25 miles of where Google thought they were.
These errors have huge implications for AdWords advertisers who are attempting to control the geographic distribution of their ads. They both have people outside their target area seeing the ad (false positives) and people within the target area not seeing it (false negatives).
There are also impacts for searchers. Google is attempting to return local results for queries that don’t have a location (e.g. search on [coffee shops]). If Google has an incorrect location for you, the SERPs won’t be very useful.
I predict that Google will get better at handling this data, and over time we will see more localized results on non-geographic queries, but will see more and more hyper-local results as well.
Expect the radius of results to vary with the query. If I search for [coffee shops], I probably want something close to me. But if I search for [farm to table restaurant], I might be willing to drive a while.
The radius should vary by geography as well. If I search for [barbecue joint] in Philadelphia, I might expect to have to drive, but the same query here in Austin should show me things very close by.
It will be interesting to see what Google does with this over the next year or two.
Law School Reviews on Yelp?
This week, the attorney blog Above the Law paosted about Yelp’s new law school rankings.
While gaining an accurate understanding of the pros and cons of various law schools is a good idea before investing a six figure sum of money, I’m not sure relying on Yelp reviewers is the way I would go. Talking to alumni and current students is likely to be much more valuable.
Still, if you want to use Yelp reviews in your evaluation, there are some things to keep in mind:
1) Look for trends.
You should discount claims made in any single review, but rather consider the review corpus in its entirety. Do you see the same issues over and over again? Then those might well be real.
Of course, if a law school only has three reviews, it’s hard to do this. The numbers should improve over time.
2) Watch for competitors and self-reviews.
If it looks like it was written by a competitor or someone from the law school itself, it probably was. I don’t know if law school reps will spend much time reviewing other law schools, but I suspect self reviewing will be all to common.
3) Discount the lunatics.
You know the type. You read the review and think, I sure am glad I don’t have this person as a client/customer.
Some people can’t be pleased, and some are just looking for problems. Take what they say with a grain of salt.
4) Read the responses (if any).
Yelp allows companies to respond to reviews. I’m not of the opinion that every review must be responded to, but a response to negative reviews certainly shows that the company is monitoring their social profile, and might suggest a better customer service mentality than most.
Any law school is going to have students with bad experiences. Like all businesses, it’s how you handle these problems that matters.
Pro Tip: All of these recommendations apply to any Yelp listing.