I’m a long-time WordPress developer / user and have been pleased overall with the product. But I ran into something today that caught me off guard and now has me doing some more digging on WordPress security utilizing several of the top security plugins on the market today. I typically use two:
- Securi Security
I’m not going to write about differences or pros & cons of either security plugin.
To be conservative, I’ve done 2,000+ WordPress installs over the years, but 2015 is a completely different animal. In the past hackers might deface a website, but they’ve gotten more clever; Now they don’t deface your website, they secretly install their malware or spam software to run quietly undetected unless you are paying attention to server logs or your data center / ISP sends you some sort of complaint.
Typically, WordPress has been one of the most secure CMS / Blog platforms available although there are constant updates required. With that said, it still has been a fairly stable and secure platform.
What I have seen more recently is that even with a clean up to date WordPress install on a web server that is also up to date is that hackers are still easily gaining access and installing their spam scripts or malware. One site I found this week was running both Wordfence and Securi Security and neither one of them during a scan detected anything abnormal, but my server logs said otherwise. When I FTP’d into the site, there are all types of PHP files that did not belong there..I manually cleaned up the site and ran the scan again..Upon the 2nd scan, Wordfence picked up one file I had missed.
Now I have to question the reliability of two of the top WordPress security plugins on the market.
Another thing I’ve noticed during installs is that if you do not change / hide the way your user profile displays vs. showing your actual login username, lurkers are quickly taking note of your default UN which should never be “admin”.
If you have seen anything similar with your WordPress installs please share below. I will continue to update and share any new information I come across.
We are unfortunately unable to make customization to a shared server’s php.ini file on behalf of a single account. However, the end result can be easily accomplished by using a user.ini file.
To set up a user.ini file, perform the following steps:
Log in to your cPanel account.
Navigate to the File Manager (Home >> Files >> File Manager) interface.
Click the Web Root.
Select the Show hidden files checkbox.
Click the target directory. (public_html)
Click New File.
In the Create a New Field text box, enter .user.ini
Note: Do not forget to include the period that precedes the file name.
Click Create New File.
Click .user.ini and click Edit.
Enter the PHP directives that you wish to adjust for the directory and click Save.
You will most likely be interested in the following directives:
For instance, if you wish to make this a maximum of 8MB, you would enter:
upload_max_filesize = 8M
post_max_size = 8M
I hope that this information is helpful.
VIRTBIZ Internet Services
You might be wondering what a Comcast Fusion / Xfinity Internet connection has to do with primary subject matter of this website. Since I work mainly from my laptop and remote locations for clients, having access to the Internet is CRITICAL!
I’ve experienced issues in Seattle and now Portsmouth, NH accessing the Internet from a Fusion hotspot / Xfinity connection powered by Comcast.
Here’s a basic overview of the issue:
I access the Internet for a period of time then I am unable to access any of the domains or websites that I’m working on from Xfinity / Fusion Hotspot. After calling Comcast / Xfinity directly in Seattle on two separate trips I was able to get this issue resolved. The websites are always on the same Class C block of IP’s as I’m accessing a dedicated web-hosting server.
Here in NH however, the issue had to be escalated…I’m waiting to hear back from someone on what the long-term solution to this issue is.
This is a major issue for hotels using Fusion Hotspot service from Comcast as the guest feels like the hotel is at fault. High availability Internet access is no longer a requirement just for technology workers, but also the general public.
I’m going off of the assumption that my use of Fusion hotspot service transferring files via FTP, multiple logins, etc. does something to trigger some sort of blockage. I did find a temporary work-around. Using a service that creates a VPN or blocks / changes my IP address allows me to gain access to web hosting server so I can continue to work on websites remotely.
If you work for Comcast / Xfinity / Fusion Hotspot please share this with business support to come up with a long-term solution for high-end web workers that might stay at one of your clients hotels.
Below will be a growing list of hotels that use Comcast Fusion Hotspot service:
- Holiday Inn
If you experience service issues at a hotel using Comcast Xfinity / Fusion Hotspot service please comment below so I can add the hotel to this list.
A note to hotels that want to attract business users / clientele; Not having 24hr. access to support is not acceptable. It is amazing that at fairly large hotels there can only be one person on staff that knows anything about IT related issues. My case here in NH the only person who knows anything about the Internet went home for the evening. Fortunately, the night person was able to get him to respond with the support number for the Fusion hotspot service.
Hotels need to have an Internet service escalation plan in place along with support numbers for the one-off issue(s) technology workers may experience when working and traveling.
Local Citation Sites Dallas
Citation sites are important to help validate your business and help your website to rank well locally. Citation sites typically fall into two categories. They are free or paid sites. It is possible to get your site to rank well locally using just free citation sites.
Check out the lists above. If you are having trouble getting your site to rank well locally, some citations might just be what your website needs.
While creating a fairly simple campaign for a client recently I encountered an error message from the Google Adwords platform that I have not seen or recall noticing in recent memory. “Users don’t search for this term very often on Google properties, so it is not eligible to trigger your ads”. That statement brings several thoughts to mind for me:
- Who cares if it is not a high-volume keyword. Google should deliver an ad for any relevant keyword / ad combination that an advertiser creates to promote their product / service
- Is Google now forcing advertisers to use less relevancy therefore increasing overall ad spend?
- Recent and documented changes to Adwords has all but eliminated exact match keywords again forcing advertisers to deal with irrelevant keyword phrases including misspellings and close match variants
- It is now more important than ever to include organic SEO and other forms of traffic generation for keywords that Google is claiming will not trigger an ad
This brings me to another question that I would love for some of my other Adwords colleagues to weigh in on..
Has Google Adwords reached critical mass? I can’t believe that Google is intentionally forcing Adwords customers to target less relevant terms / keyword phrases to just increase revenues…it seems to go against the very nature of Google trying to deliver the best and most relevant search results possible. Yet, for very local terms that Google supplies search numbers for they force advertisers to compete with broad national terms to get an ad to trigger.
This along with the fact that Adwords has eliminated essentially exact phrase match, misspellings and close variants indicates possibly that the Adwords platform has reached some sort of critical mass and can no longer deliver highly targeted exact match ads that advertisers once enjoyed.
So what does this mean in the long run for Adwords advertisers? If the ability to create highly targeted ads has been diminished advertisers will end up paying more to compete for the broader terms that Adwords is forcing them to bid on.
Again, I’d like to see some other Adwords professional weigh in on this.
Also noted that Adwords is changing URL entered into destination URL field by appending with “www” and display URL is now all lower case.
Note about the author: Currently manage $200,000+ monthly ad budget on Google Adwords, Bing / Yahoo generating 20,000+ leads each month for clients in multiple niches.
Review of Video Essence and Traffic Essence
Lately I’ve been trying to cut back on the number of WordPress plugins / themes that I purchase because I get way too busy to actually implement or use them on a a day to day basis. Yesterday while in a marketing forum I frequent there was some buzz and chatter about a video curation theme and plugin. I decided to purchase along with several other people in forum and see how fast we might be able to set up…I already had an active domain and thought I would simply install the theme and be off to the races as the promotional video for “Video Essence” demonstrates.
Like others in the video forum, excitement turned quickly into disappointment.
Here are some of the issues I have / had with Video Essence and Traffic Essence:
- The curation plugin never served any video results for anything trending (plugin default) or simple keyword phrases I entered that generate numerous results on Youtube
- No disclosure up front on server requirements…only after you purchase will you see what server requirements are to use Video Essence theme / plugin
- The claim of 120 channels with Traffic Essence is based on purchaser manually creating up to 40 accounts on 3 web 2.0 sites.
After talking with several users this morning in video forum other purchasers are requesting refunds as well. This is a a product where the sizzle definitely tasted better than the steak.
Only after purchasing Video Essence will you discover that you need to run at least PHP 5.4 and Mcrypt PHP extension.
When trying to curate videos with Video Essence I never got beyond this point or could get any results to display.
Traffic Essence relies on the purchaser creating up to 40 accounts on WordPress.com, Tumblr, and Blogger. This should be disclosed up front vs. making potential buyers think the 140 channels are built into the plugin.
Again, myself and several other competent video marketers were not able to get Video Essence working. If you have better results and some working examples please feel free to comment and share your results here. I hope you found this Video Essence and Traffic Essence review helpful.
If you recently did the Yosemite update on your Mac / Macbook, you might have experienced some issues with outbound / SMTP email. Here is a great starting point in Apple forums to help resolve your issue.
Unfortunately, I’m still experiencing outbound email issues and will update this post and additional links once everything is finally resolved. It also appears that the recent Yosemite update to Apple OSX is generating numerous issues for Mac users.