February 18, 2011
WordPress is a widely used content management system that is typically associated with Blogs but can power any kind of setup from a portfolio to an e-commerce site. Whether you’re a Blogger, novice developer or avid web designer, understanding WordPress can greatly benefit your work. Here’s 3 tools to get a grip on WordPress.
I was first turned on to Smashing Magazine by a teacher and have pored through every nook and cranny of the site and its network since. Smashing Magazine, its collection of Blogs and well-written books are a tremendous source of knowledge and inspiration. The tutorials, collection of WordPress themes and books on development and design will help you master WordPress.
Tags: guide, How to, Security, WordPress
January 26, 2011
Facebook has just announced two additional levels of security that should compliment their remote logout feature (which they launched in September of 2010).
Starting today we’ll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the “Account Security” section of the Account Settings page. (Official Facebook Blog)
While activating the HTTPS feature does have its advantages (especially for those of us who frequent WiFi hotspots), Facebook did mention that enabling encrypted pages will increase loading times, so you may have to be patient when logging in. read more
Tags: Facebook, Security
Despite rumors proclaiming the contrary, WordPress is actually a very secure CMS platform utilized by millions of users around the world.
Unfortunately its immense popularity makes the software a prime target for hackers, similar to how Facebook and Twitter are prime targets since “everyone” is using them.
While there are more advanced measures that users should take when securing your WordPress site, here are the 3 most common habits I see practiced by some WordPress users that may set ones blog up to be hacked. read more
Tags: BloggingPro, Security, WordPress
January 5, 2011
While it’s not surprising to hear about WordPress being insecure from users of rival platforms (as a few of my Movable Type friends will tell me), it’s odd to hear the statement from a company using it to power their blog.
Trend Micro (an anti-virus company) put out a list of risky software or sites which included Mac OS X, Facebook, Google and yes, even WordPress.
The riskiest software used by websites in 2010 was the popular blogging platform WordPress. Tens of thousands of unpatched WordPress blogs were used by cybercriminals for various schemes, primarily as part of redirection chains that led to various malware attacks or other blackhat search engine optimization (SEO)-related schemes. (Trend Micro Blog)
Note: Emphasis in bold is mine. read more
Tags: Security, WordPress
December 29, 2010
For those of you who choose to self host your WordPress blogs, you probably have been noticing security updates for your blog (or CMS site) asking you to update your blog to version 3.0.x over the past few weeks.
While many users usually ignore these warnings (for a variety of reasons), the WordPress founder (Matt Mullenweg) is asking users to update their blogs to version 3.0.4 in order to avoid your blog succumbing to the hands of hackers.
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well. (WordPress News)
For those of you blogging upon WordPress only hosting sites like Page.ly, PressHarbor and WPEngine, your sites should automatically be updated to the latest version (note: VaultPress Premium users should also be safe, but it’s always a good idea to update your blogs anyways).
However if you are unable to access your blog it might be a good idea to contact your host (or a trusted friend) to see if they will update your blog on your behalf.
Security guru’s can take a look at the changes over here, although all self hosting WordPress users should update their blogs as soon as possible, as the last thing you want to see in 2011 is your blog compromised by a nefarious hacker.
Image Credit: Norebbo
Tags: Security, WordPress
September 9, 2009
Last weekend was filled with controversy and the reason for this was a worm hitting many self-hosted WordPress blogs. We warned and urged everyone to upgrade, although the most recent version of WordPress, 2.8.4, was released almost 3 weeks earlier. WordPress 2.8.4 was the second security update for the 2.8 branch in less than 2 weeks. This update was released only 2 days after the vulnerability was discovered, proving how hard the WordPress community has worked to improve and secure the platform.
Ever since WordPress 2.3, which was released almost exactly 2 years ago, every WordPress blogger receives an update notification whenever a new version available is. The majority of new releases are bug fixes and security updates.
Personally, whenever I see that yellow new release notification I can not hit update now fast enough. If it weren’t for the security aspect then it is for the ugliness of the notification.
Nevertheless, in these days some people are given a megaphone online and can not resist the need to be vocal, even though they were the only ones who were to blame. One of these people last weekend was Robert Scoble. His post I don’t feel safe with WordPress, Hackers broke in and took things quickly went viral Robert received support but also bashing. Gruber even went as far to say that Movable Type safer is. read more
Tags: John Gruber, robert scoble, Security, WordPress
August 4, 2009
Internet security company F-Secure has announced the discovery that Twitter is now following its advice to filter all posted URLs, including shortened ones, for malicious content.
Their screenshot, copied below, shows what happens if you try to post a link to a site that Twitter considers leads to malware.
The message “Oops! Your tweet contained a URL to a known malware site!” pops up and the message cannot be posted. read more
Tags: API, f-secure, Google, malware, Security, Twitter, url
July 16, 2009
Twitter has published a blog post commenting on the internal documents that are running on TechCrunch. They were obtained through an email hack on an administrative employee’s account, which in turn gave access to Twitter’s Google Apps account. They are stressing the fact that it was personal security that faltered, not Google Apps, but it still points a finger to one of the dangers of data in the cloud. No user accounts are compromised either, and naturally there’s legal actions from Twitter’s side.
Meanwhile, TechCrunch and others are having a field day with the income prognosis report, security issues and the fact that these documents are out in the open in the first place. And naturally it all boils down to a Valleywag post on the twitterati’s response to the breach.
That poor administrative employee will probably stick to better passwords in the future, eh?
Tags: Security, TechCrunch, Twitter, Valleywag
June 22, 2009
Where 15 years ago, having a Web site was something of a badge of nerdiness, today having a site doesn’t require much technical knowledge at all. Someone with almost no technical expertise can set up an account on WordPress.com or Blogger and be blogging within minutes.
However, this doesn’t mean that a blogger can get away with being a technical dunce. Though getting words on the Internet is pretty simple, building and growing a blog does require one to know a bit more than how to flip on a PC. Social networking sites make it easy to get online, but blogging, especially over the long haul, takes something more.
So what are those things that every blogger should know? There are many, definitely more than what is on this list, but here are five things every would-be blogger should know before, or at least shortly after, getting started. read more
Tags: Blogging, DNS, hosting, html, PHP, Security, server, Technology
April 9, 2009
Over the past few months, I’ve been writing a lot about cyber crime and security vulnerabilities, especially as it impacts social media and blogs. The April 1, 2009, expansion of the Conficker/Downadup Worm Infection worried many as the 1 in 16 ratio of infected computers increased dramatically around the globe and attacks were aimed at social media services like MySpace, Facebook, and Twitter.
With the increase in cyber crime and security issues, and the growing profit found in cyber crimes, where do you go to report cyber crime if you find it or are a victim of it? read more
Tags: blog security, conficker, cyber-crime, cybercrime, downadup, featured, hacking, how to report cyber crime, how to report online crime, malicious, prevention, protection, report cyber crime, Security, security issues, security vulnerabilities, virus, worm