JBCR Virtual Solutions Blog

Archive for the ‘knowledge is power’ Category

In our two pre­vi­ous posts I talked about being hacked,  what to do after if you site has be com­pro­mised and how to get cleared with Google if they have blocked vis­i­tors because of mal­ware found on your site.

This post talks about how to make your Word­Press as secure as possible.

Word­Press has good secu­rity built in. Their team of devoted and very tal­ented pro­gram­mers are con­stantly work­ing to stay ahead of the bad guys. Even so, being such a pop­u­lar soft­ware makes it a tar­get so it’s impor­tant to be proac­tive in keep­ing your Word­Press as safe as possible.

Be Vig­i­lant

You can’t phone up an alarm com­pany and have them put in motion detec­tors, door and win­dow strips, so what do you do? There are sev­eral things you can do and plug-ins you can install or have your web per­son help you with.

• check your site’s secu­rity for vulnerabilites
• lock down your site as best you can
• mon­i­tor changes to your site that you have not made
• scan your site for mali­cious files (dis­cussed in our last two posts)
• and also scan for viruses

A plug-in to check your site’s secu­rity for vulnerabilities

Ulti­mate Secu­rity Check

http://wordpress.org/extend/plugins/ultimate-security-check/

This plug-in scans you site and makes rec­om­men­da­tions then pro­vides set­tings you can tog­gle on or off.

There are oth­ers plug-ins you can find and most require ‘set­tings’ deci­sions you might need help with. They gen­er­ally have default set­tings you can safely apply with­out blow­ing up your site. But… There is never a guar­an­tee you won’t encounter a prob­lem because there are so many dif­fer­ent web server con­fig­u­ra­tions… So be care­ful! Always do a back-up first (another topic and another plug-in).

Lock down your site as best you can

Unless you are an advanced user, you will need help with this task and so I’m going to keep my expla­na­tion brief… Hack­ers often look for files and fold­ers on your site with per­mis­sion set to allow them to be edited. For exam­ple your footer file and other theme files. Remov­ing ‘write’ per­mis­sions on these files will make it harder for hack­ers to inject code into your site. Explain­ing how to do this is beyond is beyond the scope of this post and if you don’t know how, we rec­om­mend you get help.

Lock­ing down your theme files is a pain and not many folks go to this extreme but it does make your site more secure and you will have to judge your­self whether the extra work it causes is worth it.

This post is get­ting on the long side so I’ll stop here for now and dis­cuss the other list items (above) another night…

The bad guys have been busy this month!

Sev­eral of our clients had their Word­Press blogs hacked. A mal­ware Javascript was used to load bogus sites was injected into the page footers.

How can you tell if you have this prob­lem on your Word­Press site or blog?

This par­tic­u­lar script, is easy to spot from how your site reacts even though it is not vis­i­ble in the con­tent. When you visit your site [or blog], instead land­ing at the top of the page where you would expect to start, the script imme­di­ately takes you to the bot­tom of the page instead. If it does this, then there is a strong like­li­hood you have this mal­ware on your WordPress.

If you use Fire­fox for your web browser, you may get an ugly warn­ing page that your site has been reported as an attack site. Not fun. You will not be able to access your site at all… anywhere. This can make it harder get to rid of the prob­lem because you may not be able to access your site admin area. Internet Explorer did not block entry to the sites because of this particular malware.

What should you do if this has hap­pened to your WordPress?

If you can access your Word­Press admin area using your web browser, then it’s rel­a­tively easy to get rid of the mal­ware script. This par­tic­u­lar exploit only affects one file, named footer.php.

You can edit this by going to Appearance=>Themes=>Editor and open­ing this file in the edi­tor pane. The files are all listed to the right hand side of the pane.

Now you edit the footer.php file to remove the script. It will look like this screen­shot of the one we removed from sev­eral sites.

Screen­shot of mal­ware javascript

Select the entire script with your cur­sor being care­ful not to touch any­thing else. Delete it and save your changes. Your site is clean again.

WARNING: If you needed these instruc­tions, you are not some­one who should be doing this on your own and we so we wouldn’t nor­mally rec­om­mend you even attempt this your­self. But it’s sim­ple dele­tion so we thought we’d include it here. Even so, if there is any doubt in your mind about whether you should be doing this your­self, get help. If you don’t have a web per­son, con­tact us for help

If you are one of the unlucky ones who have been reported as an attack site, you will need to sub­mit your site to Google for it to be declared clean oth­er­wise vis­i­tors may not be able to access your site for some time.

It may be cleared with­out sub­mit­ting it but it will def­i­nitely take much longer. Post­ing right away and each day for a few days will alert the search engines to spi­der your site and find a clean, mal­ware free site.

Stay tuned for our next posts where we will dis­cuss how to sub­mit your site to Google Web­mas­ter tools for review and what you can do make your Word­Press more secure from this type of an attack.

While work­ing on a project today I was look­ing for moti­va­tional busi­ness quotes online and I found this quote from Oprah Win­frey:
 
“One of the biggest lessons I’ve learned recently is that when you don’t know what to do, you should do noth­ing until you fig­ure out what to do because a lot of times you feel like you are pressed against the wall, and you’ve got to make a deci­sion. You never have to do any­thing. Don’t know what to do? Do noth­ing.“
 
~ Oprah Win­frey
 
Now I admit I am not in any league to ques­tion Oprah’s state­ment but this one really touched some­thing very deep in me so I wanted to give my view.
If there is any­thing I have dis­cov­ered through my life, when it comes to per­sonal and busi­ness deci­sions, is that it is bet­ter to make a deci­sion — right or wrong — than no deci­sion at all. Two points.
 
1. When you are try­ing to make a deci­sion, whether per­sonal or busi­ness, if you find that every move you make is blocked then it means you are mov­ing in the wrong direc­tion.  It is bet­ter to rethink what you are doing. Put feel­ers out in dif­fer­ent direc­tions. If none work, just try a dif­fer­ent direc­tion.
 
2.  If you are not being blocked,  but still sit­ting on the fence and can’t move — par­a­lyzed -  it is bet­ter to jump off in some direc­tion.  If you make the right deci­sion — ter­rific.  If you make the wrong deci­sion  — you have learned some­thing.  But at least you did some­thing.
 
Doing noth­ing achieves noth­ing in my opinion.

While on Face­book I read that the Health Care Bill in the US passed.  I wanted to learn more about it so did a search through Google and could not find the lat­est news (this was last night).  I then went to Twit­ter and there were lots of post about this.

So a ques­tion, where are folks get­ting the infor­ma­tion that is posted on Twit­ter and Face­book before Google, Yahoo, Bling, etc. have it listed.  If it is on the TV, radio, then how does it hit in social media first before the news wires pick it up and have it posted — OR — is it all related to search?

So are we the reporters now, and if so, can we trust what is being reported?  I know / I know… but think about it.  It’s not just the top news sto­ries, it is also what is being reported for the lat­est issues with SEO, search engine updates, and so much more.

So my ques­tion, do we trust what is being reported in social media or do we trust what we even­tu­ally see in news reports through search engine searches?

Jan

For those of you ‘in the know’ Google Knol may not be new to you but I just came across it tonight.

Knol is “author­i­ta­tive arti­cles about spe­cific top­ics, writ­ten by peo­ple who know about those subjects.

As stated on the Google Blog:

~~~~~~~~~~~
The key prin­ci­ple behind Knol is author­ship. Every knol will have an author (or group of authors) who put their name behind their con­tent. It’s their knol, their voice, their opin­ion. We expect that there will be mul­ti­ple knols on the same sub­ject, and we think that is good.
With Knol, we are intro­duc­ing a new method for authors to work together that we call “mod­er­ated col­lab­o­ra­tion.” With this fea­ture, any reader can make sug­gested edits to a knol which the author may then choose to accept, reject, or mod­ify before these con­tri­bu­tions become vis­i­ble to the pub­lic. This allows authors to accept sug­ges­tions from every­one in the world while remain­ing in con­trol of their con­tent. After all, their name is asso­ci­ated with it!

Knols include strong com­mu­nity tools which allow for many modes of inter­ac­tion between read­ers and authors. Peo­ple can sub­mit com­ments, rate, or write a review of a knol. At the dis­cre­tion of the author, a knol may include ads from our AdSense pro­gram. If an author chooses to include ads, Google will pro­vide the author with a rev­enue share from the pro­ceeds of those ad place­ments.
~~~~~~~~~~~~

Looks like a great place to share your knowl­edge. I’m going to check it out, want to join me?

http://knol.google.com

Jan