What is Frictionless Sharing?

When you visit a blog or website, if you’ve enabled an app access, FB (Facebook) can automatically post their content to your wall. No more clicking the ‘Like’ button. No more copying and pasting links. Depending on the app and the settings available, you will no longer have the of choice to share or not. When you visit their site to read an article, or listen to a tune (for example) the article you are reading or tune you are listening to will be shared automatically.

Different apps have different settings available and I have read that some allow more control than others. Some allow you to turn automatic sharing off. Unless an app gives me this option, it will be deleted. Certainly from a marketing point of view there is enthusiasm for ‘Frictionless Sharing’ with no waiting for ‘Likes’ and ‘Shares’ so many apps (I suspect) will not add the ‘off switch’ initially.

Privacy Concerns

If you do a search on ‘Frictionless Sharing’ you will find many folks have privacy concerns with this new feature.  Their concern is this is a new even higher level of intrusion of constant surveillance of our every move on the Internet. I personally share this concern and do not like the feature even though as a business we could find ways to take advantage of it.

Let’s face it, we are being tracked around the Internet already with cookies unless we browse using stealth mode. Everyone wants to know our buying habits, tastes, Geo location so they can serve us targeted content. It’s like going to a mall where they know what you bought on your last visit, change the ‘On Sale’ item to attract you based on your buying history, greet you by name and ask you if you plan on having a Taco at the ‘Food Fair’ again this visit…

Mmmm… Cookies are Good!

Cookies are not inherently bad. They help us do many things more easily on the Internet. It’s more about what a particular cookie is being used for. Discussing cookies more fully is beyond the scope of this topic but if you want to understand how much we rely on them, try turning them off in your web browser preferences or selecting the option to be prompted to accept a cookie instead of accepting them automatically. Have fun trying to get many of your favorite sites to open! Disabling cookies will seriously diminish your browsing enjoyment.

As I have mentioned, there is a ton of Buzz about this if you search the term ‘Frictionless Sharing Facebook’. This one at PC world was at the top of my search and I found it easier to understand than many of the more technical ones:

http://www.pcworld.com/article/240592/facebooks_frictionless_sharing_a_privacy_guide.html

A few thoughts to finish with

Bottom line is the best advice one can follow is to use due diligence prior making a decision to  install an app or not.  Do you really need this app? What does it add to my life? Does it want to take control of my webcam and record me lip-syncing badly to Adele — Rolling in the Deep, then post to comedy site?

More time worn and cliched advice… Read the fine print.

Last but not least. Log out of Facebook when you are browsing other sites. Doing so is no guarantee FB is not watching your every move, but at least it may not hit your wall.

This post talks about how to make your WordPress as secure as possible.

WordPress has good security built in. Their team of devoted and very talented programmers are constantly working to stay ahead of the bad guys. Even so, being such a popular software makes it a target so it’s important to be proactive in keeping your WordPress as safe as possible.

Be Vigilant

You can’t phone up an alarm company and have them put in motion detectors, door and window strips, so what do you do? There are several things you can do and plug-ins you can install or have your web person help you with.

• check your site’s security for vulnerabilites
• lock down your site as best you can
• monitor changes to your site that you have not made
• scan your site for malicious files (discussed in our last two posts)
• and also scan for viruses

A plug-in to check your site’s security for vulnerabilities

Ultimate Security Check

http://wordpress.org/extend/plugins/ultimate-security-check/

This plug-in scans you site and makes recommendations then provides settings you can toggle on or off.

There are others plug-ins you can find and most require ‘settings’ decisions you might need help with. They generally have default settings you can safely apply without blowing up your site. But… There is never a guarantee you won’t encounter a problem because there are so many different web server configurations… So be careful! Always do a back-up first (another topic and another plug-in).

Lock down your site as best you can

Unless you are an advanced user, you will need help with this task and so I’m going to keep my explanation brief… Hackers often look for files and folders on your site with permission set to allow them to be edited. For example your footer file and other theme files. Removing ‘write’ permissions on these files will make it harder for hackers to inject code into your site. Explaining how to do this is beyond is beyond the scope of this post and if you don’t know how, we recommend you get help.

Locking down your theme files is a pain and not many folks go to this extreme but it does make your site more secure and you will have to judge yourself whether the extra work it causes is worth it.

This post is getting on the long side so I’ll stop here for now and discuss the other list items (above) another night…

If you find this quickly and deal with it, there is minimal impact to your site. But if you don’t discover it quickly, you could end up on Google’s ‘Attack Site’ list and they will block visitors from visiting your site.

Curious about your site’s health status? Google has a tool for checking to see if there are any problems with your site. Replace the last part of this link with your domain they will show you a report:

http://www.google.com/safebrowsing/diagnostic?site=yoursiteurl.com

Right now we’re going back to our topic for this post… How to submit your site to Google after you have cleaned up following a malware attack.

First thing you are going to need is an account at Google Webmaster Tools.

http://www.google.com/webmasters/tools/

Once you have an account set up, you will need to add a website. There’s a button for this prominently displayed on the index page. Click on it and you will be offered a field to enter your site url. I usually have this on my clip board ready to paste in.

Next they will require you verify ownership the site. There are several different methods offered. You can add a meta tag they provide or download an html file, which you then upload to your site. This fast and easy as long as you have an FTP program or web site authoring tool with file transfer set up. Explaining how to use these is beyond the scope of this post and if you don’t how to do this, you are someone who should have professional help.

Once you have uploaded the google html file or inserted the meta tag into your home page header, go back to the Google Webmaster tools page [still open I hope!] and hit the ‘verify site’ button.

There are various things you can look at in Webmaster Tools but we in there for a particular reason at the moment. We want to get our site pronounced healthy and open to visitors again. To do this, look for the ‘diagnostics’ link on the left side bar. Clicking will expand the menu. The ‘malware’ link take you to a page with an alert that your site is blocked. Here is where you will be able to submit your site and add a little message about what you have done to clean out the malware.

That’s all there is to it. It’s not hard but then we do this for a living. If you need help with this or something else on your site that is beyond your technical comfort level. Contact us!

Happy Trails,

Billy

PS -  Next post we’ll talk about a few plug-ins to help with security.

Several of our clients had their WordPress blogs hacked. A malware Javascript was used to load bogus sites was injected into the page footers.

How can you tell if you have this problem on your WordPress site or blog?

This particular script, is easy to spot from how your site reacts even though it is not visible in the content. When you visit your site [or blog], instead landing at the top of the page where you would expect to start, the script immediately takes you to the bottom of the page instead. If it does this, then there is a strong likelihood you have this malware on your WordPress.

If you use Firefox for your web browser, you may get an ugly warning page that your site has been reported as an attack site. Not fun. You will not be able to access your site at all… anywhere. This can make it harder get to rid of the problem because you may not be able to access your site admin area. Internet Explorer did not block entry to the sites because of this particular malware.

What should you do if this has happened to your WordPress?

If you can access your WordPress admin area using your web browser, then it’s relatively easy to get rid of the malware script. This particular exploit only affects one file, named footer.php.

You can edit this by going to Appearance=>Themes=>Editor and opening this file in the editor pane. The files are all listed to the right hand side of the pane.

Now you edit the footer.php file to remove the script. It will look like this screenshot of the one we removed from several sites.

Screenshot of malware javascript

Select the entire script with your cursor being careful not to touch anything else. Delete it and save your changes. Your site is clean again.

WARNING: If you needed these instructions, you are not someone who should be doing this on your own and we so we wouldn’t normally recommend you even attempt this yourself. But it’s simple deletion so we thought we’d include it here. Even so, if there is any doubt in your mind about whether you should be doing this yourself, get help. If you don’t have a web person, contact us for help

If you are one of the unlucky ones who have been reported as an attack site, you will need to submit your site to Google for it to be declared clean otherwise visitors may not be able to access your site for some time.

It may be cleared without submitting it but it will definitely take much longer. Posting right away and each day for a few days will alert the search engines to spider your site and find a clean, malware free site.

Stay tuned for our next posts where we will discuss how to submit your site to Google Webmaster tools for review and what you can do make your WordPress more secure from this type of an attack.

~Yes ~

However, I’ve noticed just about everything I read these days is using the phrase “2.0″ I have seen Copywriting 2.0, Voice 2.0, Mobile 2.0, eLearning 2.0, and in fact the other night I was watching “Family Jewels” and Gene Simmons (of KISS fame) stated, after removing his bandages from his face lift, “Gene Simmons — 2.0″.

It seems EVERYTHING is going 2.0!!

So what exactly is Web 2.0 and what does it mean to you? Read more here: http://www.jbcr-virtualsolutions.com/tips-and-articles.html#20