Obvious login name? Be careful!

Is your user name or parts of your domain name being used to attempt hacks to your site?

password123Maybe it’s not just a good password that matters

You’ve certainly been hearing everywhere about the need for strong passwords.

According to RandomPassword.com, “password” is most common password. Their list of the top 10,000 most common passwords is pretty interesting reading. “Dragon” is number 7 above “baseball” and “football” at numbers 9 and 10! (Go figure THAT!?)

I like using four random words — that I could speak — substituting some other characters and capitals. But some sites remind us that you have to use a different password on each site.

There are strong password generators included with password manager services like lastpass.com, which helps you keep track of all those dots and dashes and numbers etc. (It’s a great service. I pay the $12 a year to help make sure that it doesn’t just go away!)

But  my new worry is highlighted by this fact: The WordPress plugin Wordfence just alerted me to several locked-out users trying to gain access to a website that I manage.

The attempted user names were NOT “admin” which is a common choice. The default login for the first user of a WordPress site used to be “admin.”  It might still be, but DON’T USE IT!

The new threat here was pieces of the words included in the domain name.

If the website domain name were, for example, dotsanddashes.com, some baddie might be looking for “dots” or “dashes” as a login name.

It also gives pause to using your first name as a login when you also show that as the author’s name on pages or posts.

So if you must use your name, be doubly sure that your passwords are unique!

WordCamp Lancaster 2016

Such a lot to learn at this great event!

If you’ve  never been, start looking for a WordCamp near you now.
Here are the slides from my jam packed session for new WordPress users in Lancaster, March 6

We covered:

  1. How to Evaluate Plugins and Themes
  2. A Little About SEO
  3. How To Manage All Kinds of Media: Audio and Image Galleries
  4. Getting help

Thou shalt have no ADMIN user on a WordPress site

NO ADMINI have been noticing a LOT of people named “admin” have been locked out of a few of my client websites.

That means somebody tried to log in and then used the wrong password or maybe just the wrong user name/password combination.

It happens.

You don’t remember if your user name is a short name or an email address. You try a couple combinations and finally get it right.

If you mess up too many times, you get a message that you’ll be locked out for a certain amount of time or until you call in someplace to have it fixed. (Banks are really big on that one and I’m glad!)

So why am I (website contact person) getting all these “locked out user” notifications?

I’m seeing these attempts since I recently installed the quite wonderful iThemes Security plugin.
It evaluates and protects a WordPress website from more than 30 vulnerabilities.

IF you install it AND set it up!

Notice of Rant starting
BTW, you know you have to do more than install this (or any) useful plugin?
You have to step through the suggestions for making your site secure and then DO WHAT IT SAYS!  Imagine it?

Recently I had a request from a client, named Gene, to fix a slow site. Gene thought it might be the host’s fault.

Nope!  Too many plugins, too many not updated, and WordPress too far behind.

But the worst was the plugins installed and activated that were not even set up to actually do the stuff they are supposed to do.

It’s kind of like buying a book and figuring that once you own it, so you know what’s in it.

And you know that’s not true, right?  RIGHT??!!

But I digress..

end of rant

 

 

Because I know that my sites do not have any of these user names, I know it’s some baddie trying to get in using brute force (big computers) to guess your password.

Pretty soon the baddies will find your actual name, “Gene,” so you probably have a user named “gene” and they’ll start working to guess that password..

and if they succeed, we got trouble…

right here in River City.
That starts with an S and that stands for you know what and it STINKS!

SO
Please log into your WordPress site. Change your password .. and I’m not saying change it from “password” to “123456”

I’m saying CHANGE IT FOR REAL!

Don’t use a word from the dictionary. Don’t use your birthday or your address. Don’t use your kids’ names.

Here’s a story about a guy who used his passwords to change his life.   It’s creative and affirming and that’s the way to really use a password!

 

 

How hard is it to tweak a WordPress website?

Let’s say you’re new in business
and you know you need a web site.
Good for you to know that!
Let’s say you also think it should be simple.

Let’s say your brother/cousin/neighbor says, “Oh, that’s easy. I can set up a WordPress site for you in a couple of minutes. Just pick out a theme, and I’ll tweak it for you.”

You say, “Great, thanks! Let’s go.”

Then your ask your “webguy” (who may also be a gal) to  make some  tweaks: change the colors here and there, add  some functionality,  change the header, add some stuff to the footer, see what it would look like with a red line across the top.

The upgrade process
will probably
take more time and
cost more money.

If your webguy isn’t really top flight, while he may be able to make those changes, if he doesn’t make appropriate comments in the code which neither you nor your visitors will see, when you decide to change things you could be in for a big surprise—heck, he could be in for a big surprise when he can’t remember what he changed and where.

After a year or so (or maybe less) goes by, you decide you’re ready to upgrade.  You may think, “Hey, I already have a WordPress site, so this should be an easy-peasy job to make the changes I want.”

Only it’s not so easy-peasy.  And that process will probably take more time (read: more money) than building the site did in the first place—especially if your  brother/cousin/neighbor  did it the first time for free or almost free!

Each different theme author  could, for example, name different parts of the design with differently. So your new “guy” will first have to decipher what the old “guy” did before any changes can be made.  If the theme you chose was not well written in the first place, it could be even harder to figure out.

How can you minimize the headache of adjusting to your second website?

You do need a website, to prove you’re a real business. It doesn’t have to be fancy.

So here’s my recommendation:

  1. Let your guy set up a WordPress site using one of the popular themes (which is, therefore, most likely to be bug free)
  2. Make as few changes to that theme as possible.
  3. Add as few plugins as possible:
    1. Akismet for spam protection in your comments,
    2. A form generator for your contact page (I love GravityForms!) and, of course, your content.
  4. Then leave your site that simple for a while. Work with it. Add content. Think about what things you wish it did.  Explore the sites of other people in  your business.  Make a WRITTEN list of what you want to change and what you want to stay the same. And then, ONLY THEN, find a REAL WordPress Person to adjust your site as necessary.
  5. Finally, ask if it would be cheaper to start from scratch or fix what you have.
  6. Ask for a written proposal including language about what happens if the “guy” finds that the process is more complicated than originally planned.

We specialize in fixing broken websites. So if you want what you have (or almost) but you want it to do more, then contact us for a complimentary strategy session. I’ll be able to tell you, in probably less than a half hour, about the process and what you should do to be ready for it.

Why can’t I just copy and paste my article from Word into my WordPress website?

When a word document is directly imported into a WordPress site, all the formatting that is applied to your article—the italics, font size changes, bullets and numbers that make it look the way you like—come along with the content in little bits of code.

Your website has its own system of consistent formatting in place—called a cascading style sheet because it sets the style for the whole site.  That style sheet makes the headings on all the pages the same color and font, makes the bullets and numbers on every page where you use them have consistent styles, keeps the columns consistent, etc. This is a big piece of what makes your site look cohesive and professional.

When your computer displays any page on the internet, it uses the code that is closest to the content to control that formatting. The code that came over with Word is attached directly to your content—much closer than the style sheet of the site. Therefore, Word controls the look of that page.

Here’s why that’s a problem.

Pretend you decide to change the color of all the headings on your site, say from black to blue.

If you let the website style sheet control the look of your site, then that change to the color of ALL your headings, is literally a change to one number on one page.

If however, you have copied your content from Word, then that one number has to be changed on every single page and at every single place on the page where the original color was designated.

THAT takes a lot more time. And will cost you a lot more money!

You are most probably NOT doing your web designer any favors by supplying long MSWord articles with lots of formatting because before the content can be posted, the code must be cleaned up before the new styles can be implemented.

What to do?

Supply your articles in plain text. Save as a .txt file using Notepad, for example.

If you’re going to make your own posts,

  • open your text editor (probably Notepad)
  • copy the Word document into the text file,
  • It’s also a good idea to turn off the Word wrap function found on the Format tab. (You’ll wind up with a couple of very long sentences. Don’t try to read them.
  • Just copy that text file and paste into WordPress.
  • THEN put your formatting in place using the buttons that are very similar to the buttons on Word’s formatting tool bar.

PS. If you know WordPress you may argue that there is a button that appropriately  imports an MSWord document or that SOME people don’t have this problem. HOWEVER, even using that function, often a great deal of cleanup is required. So I say, “Don’t use it!”