All posts by Computers Made Simple

Lock Down WordPress – Part Two

Our last post was about WordPress usernames vs. names that are publicly displayed in various places on your site. Whatever you do, don’t reveal your username and, more importantly, don’t leave the username set to ‘admin’.

Today, we’re moving on to two plugins that really lock down your WordPress site. One, Wordfence, is something we’ve written about before. Check that out here:

Wordfence

Wordfence aims to lock out intruders, anyone who uses the wrong username and/or password. It can also lock  you out of your own site but that is easily corrected. This photo will give you an idea of how often WordFence steps into action on this site:

Photo of Wordfence report.
This photo shows the attempts to break into this site. Most are from Russia, is that a surprise to anyone?

This list of countries is not complete, Israel should be on the list but isn’t. We were surprised that hackers from Israel would be attacking this site but anything is possible, right?

The various options that Wordfence offers are too complex and detailed to explain here. Check out their site, read about the premium option (we don’t think it’s worth it) and install it from your WordPress dashboard. You’ll be glad you did.

The second plugin that we use on this site is Google Authenticator.  Again, this is a free plugin, one that locks your WordPress site down if the correct code isn’t entered. Install it on your WordPress site from your dashboard then install the app on your mobile device, it’s available for Android, iPhone and Blackberry. Once the plugin is activated, you’ll see a code like this on your phone:

Photo of Google Authenticator code
Enter the code within the time limit and you’re in.

There is a time limit on the app, not on your website. It the clock is close to the top, let it go past 12 and enter the new code.

With these two plugins, you can pretty much relax in the knowledge that your WordPress site is secure and safe from hacking. Good luck!

Comments and questions are welcome but  Likes on our Facebook page get immediate attention.  Here’s the link: Computers Made Simple on Facebook . Thanks for reading!

 

Lock Down WordPress – Part One

Believe it or not, this site averages 650 hacking attempts every day. There are so many attempts to get into it that we’ve stopped the email notices from the main plugin that we use to keep hackers out. Computers Made Simple is reasonably popular but it’s not remotely near the top of the list. Despite that, we get hundreds of hacking attempts every day. Here are some tips on how you can protect your WordPress site, big or small. Even if your site is brand new, hackers are trying to get into it.

We’ve written before about keeping your WordPress username separate from your posting name. Here is a link to that post: Username/Posting Name Should be Different 

While the two steps mentioned in our previous post are good, we’ve discovered a way that hackers can see your username, even if you have it set to something different than your posting name.

TIP: If you run a site with several contributors, make sure they read this post.

WordPress now allows you to have your author’s name displayed publicly as something different than your username. The importance of this can’t be ignored. If a hacker is able to discover your username, they are 50% of the way into getting access to your site. Don’t let them! If they don’t know your username, even if they somehow divine your password, they won’t be able to get into your WordPress installation.

Head to Users then edit your admin account, the one that has admin privileges, in other words. Hopefully you’re not still using admin as your username, right? If you are, it’s even more important to change it now.

Look for this section on the editing page:

Photo of WordPress page
Make your first name that does not resemble your username. Your nickname could be anything, or blank. Display name will be your first name.

 

The important thing here is to make sure your username is:

1. Not Admin

2. Not in the ‘Display name publicly as’ space.

Nickname is not required, so don’t worry about it. If your username is still admin, change it using these instructions:

Protect Your WordPress Site

At this point you’ve prevented hackers from discovering your username. As long as it’s not ‘admin’, they won’t be able to get in, even if they know the password.

In our next post we’ll detail another way to lock down your WordPress site.

Comments and questions are welcome but  Likes on our Facebook page get immediate attention.  Here’s the link: Computers Made Simple on Facebook . Thanks for reading!

 

 

FatCow Rating -D – Part Two

In our last post we described how FatCow hosting had shut down our sites because of a false positive on an automated malware scan. That false positive involved a perfectly safe file that is found in every WordPress installation.

Today’s post has to do with FatCow suspending our forum’s email account…without telling us that they had done so. Some of this involved fairly technical details so we’ll just give you the basics. This is, after all, Computers Made Simple.

Our forum, GTWorld.ca , has been around for almost two years. It’s a small forum, perhaps 500 members, and we only use email to notify members of their successful registration, forgotten passwords, etc. We have never done mass emailing and we do not publish a newsletter. That’s important in this saga.

The forum uses the phpBB platform. It’s not necessary to know that but if you’ve been having problems with a similar platform, we’d suggest you read farther to see what the problem might be. phpBB is a self-contained package that uses the PHP scripting language. It sounds more complicated than it is but, once you get the hang of it, it’s reasonable simple to use.

We’d noticed recently that we weren’t hearing back from prospective members when we reminded them by email that they’d been approved. We’d also head that some members who’d forgotten their passwords were not being prompted by email. We weren’t sure what the problem was but we set out to fix things up.

For the next week or so, we basically took apart our phpBB installation, piece by piece, to see if we could track down what was happening. We also enlisted the help of FatCow’s support department. After days of trying, they couldn’t find the problem either. Finally, frustrated and tired, we posted questions about the situation on the phpBB support forum.

It didn’t take long before one of the experts there figured out that FatCow themselves were preventing our emails from going through. At first, we couldn’t believe that this could happen. Our own hosting company suspending our site’s emails without even telling us? No way. Turns out, that was exactly what they were doing.

Somehow, most likely through an automated scanning program, our very tiny amount of email had triggered yet another false positive, this time for spam. Once we had an inkling of what the problem might be, we asked the FatCow support staff that had been helping us. Here’s our query:

Is FatCow marking these emails as SPAM? Is that why they do not go through? The board has no spam, the emails we are trying to send are activation emails, notices from admin, etc. Is FatCow blocking them?

FatCow responded:

We sincerely apologize for the inconvenience caused. I have tested the functionality and verified the logs. The emails sent are dropped as spam by our spam scanner. So, I will be handing this ticket over to one of our System Administrator to reset the spam score and fix the issue. I have also handed over all my findings to that specialist. You should be hearing from them within 12 – 24 hours.

What followed were several very heated messages that we won’t share here. Here’s one of our final messages to FatCow:

I will be polite and say thank you but I solved this problem myself, right? I discovered that FatCow had marked my totally safe emails as spam. Support tried to help but it was FatCow themselves who caused the problem.

FatCow responded:

Your email content were flushed by our spam scanner considering it as spam. The email might be flushed due to low reputation or email content might have including some links/spammish pattern. Yes, you have provided the information which helped us to resolve the issue.

 

Spammish? That’s a new word, isn’t it? At least they admitted that we had solved the problem ourselves. Apology? None received yet. Admitting the FatCow was at fault? Nope, nothing remotely resembling an apology has ever come my way in either instance. FatCow still maintains that the site was at fault, not their scanners.

Since our forum has only one administrator, we know full well that there was never any spam emanating from it. The only time we encountered spam, and that was less than five times, were emails sent from the main page of the site using the ‘Contact Us’ link that is standard on every installation of phpBB’s forum software. Those emails went directly to the gmail account of the administrator, nowhere else. We’ve removed that link from the main page of the site. The spam emails, by the way, were not sent by members but by strangers who happened upon the forum.

FatCow hosting is a good deal, we can’t ignore that, but if you want a responsible hosting company, one that understands your needs and offers you smart, intelligent support, look elsewhere. Once we find a reputable hosting company, we’ll post a link to their site.

Comments and questions are welcome but  Likes on our Facebook page get immediate attention.  Here’s the link: Computers Made Simple on Facebook . Thanks for reading!

FatCow Rating – D-

We’ve been with FatCow hosting for quite a while. Up to this year, they’ve been an inexpensive, reliable company. Two incidents in the last six months changed all that. They’ve lost our support. Here’s why.

WordPress Sites Shut Down  Because of a False Positive on a Default WordPress File

Every WordPress installation includes many default files, we’re talking thousands of little bits and pieces that make WordPress what it is, a reliable platform for bloggers.

Back in May, FatCow’s  scanners decided that the standard WordPress file, moxieplayer.swf, was malware. Here’s the email we received:

 

Hello,

A routine scan of your account has found the following malicious or infected files:

wp-includes/js/tinymce/plugins/media/moxieplayer.swf

As a result, we have suspended your website, to avoid problems for website visitors or other customers. Please remove the malicious code, through FTP or the File Manager. I would recommend deleting and republishing your entire website from a clean copy; this should then erase any other code which may have

been injected into your pages to allow back-door access by unauthorized people.

You should immediately change your password through the control panel for the account, and most importantly, you need to make sure any application in your account are completely up-to-date as far as versions, security patches, etc. are concerned. This applies not just to the core application, but also plugins,

themes, modules, etc. If this is not done, your account will remain vulnerable to future attacks of this kind.

In order to secure your web application,you can use SiteLock Fix product which scans your website daily and removes any infected files. To learn more about SiteLock, please go to: (url removed) /product/sitelock

Sounds serious, right? FatCow did more than warn us, they suspended our websites. That means that FatCow removed access to them, no one could view any of our eleven websites.

In this situation, we had to go through every installation, find the suspicious file and delete it. We’re quite surprised that our WordPress installations still worked after they were put back online.

Once the sites we up again, we began to do some detective work. That file, moxieplayer.swf, is a standard WordPress file. It comes with every WordPress installation. When we notified FatCow of that, here’s what they said:

Comment:
It is possible that a few lines of malicious code was found within the file as opposed to our scanner considering that the file as a whole was malicious. I’m going to try to have this looked into a little further, but with the files already gone we might be limited in what we can research. I’ll get back to you if I find out more information.

Guess what? FatCow never bothered to get back to us. You will note that in the first message, FatCow was pushing Sitelock, an extra-cost feature that they recommended. Fatcow flagged a perfectly safe WordPress file then tried to sell a premium product using scare tactics.

FatCow never admitted their mistake. Every other company that we’ve dealt with over the last twenty years has taken the blame for their own errors. Not FatCow. Despite having our sites shut down for absolutely no reason whatsoever, FatCow never offered compensation either. In their ads and on their site, FatCow pretends to be wholesome, efficient and friendly. Trust us, they’re not.

Stay tuned for Part Two of our rating on FatCow Web Hosting. Once we find a reputable hosting company, we’ll come back a post a link to their site.

Comments and questions are welcome but  Likes on our Facebook page get immediate attention.  Here’s the link: Computers Made Simple on Facebook . Thanks for reading!

SNAPCHAT (Part 2) – THE ULTIMATE SOCIAL MEDIA GUIDE – PART 6

Once you’ve got your Snapchat account, you’ll be able to pick up snaps from Snapchat’s Live account. You don’t have to subscribe or add this Live feed, it’s there automatically. Recent feeds have been from Dublin, Al Ahmadi, Boston, New York, Hong Kong, The Netherlands, etc. You also get snaps from various events; award shows, music concerts, sport feeds and so on. These snaps are not from pros, they’re from people like you.  That’s the cool part of this, the snaps aren’t staged or repetitive, they’re live and real.

Snapchat’s Screens

There are five Snapchat screens. The default screen shows your camera. The button at the bottom controls the camera, press it once and you take a photo; hold it and your snap becomes a video.

Scroll left and you’ll see any snaps that have been sent to you. Scroll once more left and you’ve got your chat screen. See the line at the bottom? That’s where you can type your message to one of your Snapchat friends. Tap it and a keyboard appears. Once you’ve typed your message you can either attach a photo or video snap or just send the text. Note that you can’t send a chat message to someone until they have sent you a snap.

Scroll three to the right and you’re at your main Snapchat window. This is where the most recent updates are, the ones at the top of the page are new snaps you’ve received since the last time you checked. Below that, your friends are listed in alphabetical order. If they have a recent snap, it will show below their name.

Photo of SnapChat screen
We only have to updates at this point. One is from Mark Kaye, a DJ who is very popular on Snapchat. The other is from Snapchat’s live feed, this time from Al Ahmadi in Kuwait.

 

Scroll once more to the right and you’re at the Find Friends screen. Press on the magnifying glass at the top and start typing. You’ll know that you’ve found someone who has a Snapchat account when there is a tiny square with a plus sign inside it to the right of the name. Press that and you’ve added that person to your Snapchat as a friend. Anyone you add has to approve your request but that’s common in most social media. You will see the word ‘pending’ just below their name once you’ve pressed the add icon.

Photo of Snapchat Friend Addition
We’ve added anna. We don’t know who she is but she has the option to refuse us. See the ‘pending’ below her name?

If you search Google for ‘snapchat users’, you will find quite a few sites that list Snapshat accounts. Be advised that while Snapchat doesn’t condone nudity, some of the profiles you encounter may not be suitable for all ages or for browsing at work. That’s where the term NSFW pops up. If something is Not Suitable for Work, you can bet there is probably partial nudity in the snaps.

Generally though, Snapchat isn’t crawling with adult-themed photos or videos. For the most part Snapchat is fun, wholesome, often silly and entertaining. It’s full of pranks, bad jokes and people being people. That’s why we like it.

Snapchat Tips:

1. Add MarkKaye if you’re into Snapchat stars, both current and upcoming. CyreneQ is a very popular Snapchat artist. Check out her site for more Snapchat users: the11thsecond.com 

2. If you’re searching for users on your own, make sure you use as many forms of the name as possible. Anna might be just Anna or she could be Anna_ or Anna_Anna plus many other variations.

That’s it for Snapchat. Have fun, share your adventures with us and, if you want followers, add your Snapchat in a comment below.

Comments and questions are welcome but  Likes on our Facebook page get immediate attention.  Here’s the link: Computers Made Simple on Facebook .  Thanks for reading!