Author Archives: Rod Weston

WordPress Site Security Plugin – WordFence

WordFenceWe are now recommending the WordFence security plugin as the highest level of WordPress site security. With over a million installations and a very high (4.9 out of 5) rating, we just haven’t seen another security plugin that approaches the features, capabilities and reliability of this plugin.

Security Scans and Monitoring

The plugin scans your site for every imaginable issue, comparing your WordPress installation, theme and plugins against their own stored copies of them. Its firewall blocks hostile agents from your site – with configurable parameters – and presents a report of the blocked agents. It also monitors people who login or attempt to login for threats. It also scans for malware.

The features are almost too good to be true and yet the price is free – though there is a paid version which we will be investigating. We’ll post another review after we’ve experienced a few months of the paid version.

Check out this video for more information:

Yet Another Router Security Issue

router security issueA serious flaw in an estimated 1.2 million routers has been discovered that lets hackers into your home or office network – they can even take control of your network. The problem lies with a feature called NAT-PMP (Network Address Translation – Port Mapping Protocol) which allows you – or someone else – easily setup a connection to things like a security camera or file server.

Ideally, the only way to turn on and configure NAT-PMP is if you’re already connected to your wireless network. However, some routers have NAT-PMP turned on by default and will let anyone outside the network configure it which means that a hacker can snoop on and even control things within your network, or things that you’re monitoring from outside the network. This includes snooping on your Internet browsing, re-directing your browsing to malicious sites, peeking at your security camera video or seeing what Internet-enabled gadgets you have in your home.

Unfortunately, no one knows yet exactly what routers are affected. NAT-PMP is often a feature on Apple, ZyXEL, Linksys and Netgear routers, but the models that might have the wrong settings are unknown. Routers from other companies may be affected as well.

To check if you’re affected, you’ll need to log in to your router. Open your browser of choice and type in the router’s IP address. You can find this in your router manual. Look for the settings involving “NAT-PMP.” You’ll probably see “NAT” or “Network Address Translation” on its own as well. Don’t change those – they aren’t the problem.

Turn off any settings concerning NAT-PMP and “external” or “untrusted” interfaces then save the settings. If you don’t see these settings anywhere, you probably are safe. However, while you’re there, also look at your “port forwarding” settings to make sure there’s nothing on the list you haven’t set up yourself. Anything on that list is a potential weak spot in your security if you don’t know what it does.

Image Processing

Optimize ImagesImages are a critical element in your website, yet they can also slow down your website if your images and not optimized and properly sized. Image processing is critical – we have three recommendations for image sizing and optimization:

  1. Size your images to the exact size they will be displayed on your website. If your image size is going to be 300 pixels wide and 500 pixels high, make it exactly that size before you upload it. If you want the image to open up a larger image when it is clicked, we recommend that you make two images of the sizes you will use – the displayed size and the larger size that will load when the image is clicked. Yes, html can resize images for us, but it slows down the page and loading an image larger than necessary also slows down the page – especially if the images are very large. We use PhotoFiltre for resizing. It’s a free utility that is very powerful and easy to use. You can not only resize but also crop and edit your images. You will notice that clicking on the word Photofiltre will take you to a Snapfiles.com page. I recommend that you use Snapfiles.com and only Snapfiles.com to download freeware and shareware. All the downloads are certified virus-free, it warns you if the download is going to try to load extra programs as well, and the reviews are great.
  2. Optimize your images. Images contain a lot of extra stuff that just takes up space. Use RIOT (Radical Image Optimization Tool) to remove the junk. It will dramatically reduce the file sizes, especially with jpg files. RIOT is also a free program. Fantastic program.
  3. If you want your pages to load quickly, all your images and files such as pdf files should be stored on a Content Delivery Network (CDN). Using a CDN can be quite expensive, but Amazon provides an excellent CDN free, provided you don’t use more than 5GB of storage. The free guarantee is only for a year, but I have been using mine for over a year and haven’t had to pay anything yet. If they do start charging, the rates are exteremely low. The biggest challenge with using Cloudfront is that it is a bit tedious. First you create an Amazon Web Services account, then you create an Amazon S3 ‘bucket’ where you store your files. Your bucket should have sub-directories. You then establish an Amazon Cloudfront distribution from your files in Amazon S3. The Cloudfront distribution will have its own url which you use on your webpage. With WordPress, you use that full url including the file name instead of uploading the files to the WordPress account. But the pages load much faster – it’s definitely worth the tedium involved.

The image in this post was resized by PhotoFiltre – if you click on the image you will see the original size image. RIOT reduced the size of the larger image from nearly 60kb to 18kb. The smaller image was reduced by similar proportions. I uploaded them to my S3 bucket and then used them in the post. The link to the larger image had to be hand-coded.

Utilize these three recommendations and your web pages will load very quickly, as far as your image management is concerned. There are several other issues to address to optimize your web page loading speed, but those will be topics for other posts.

Content Delivery Networks (CDN)

content delivery networkA content delivery networks provide rapid content delivery across a large geographical area. Using a CDN for images and videos will significant improve page loading speed – regardless of where your site is viewed. We strongly recommend that you use a CDN for website performance. Our preferred CDN is Amazon Cloudfront. It is economical and provides excellent service. You must first setup an account on Amazon S3 where your content will actually be stored. Establish your ‘bucket’ on S3 then upload your content into the bucket. You then create a distribution on your Cloudfront account which will have an associated domain name. The domain name is used to load your images and videos on your web page. Once your Cloudfront distribution is ‘deployed’ it is available to the viewers of your website. Contact us for more information on how to use a Content Delivery Network and to discuss your options.

Critical Java Update

No JavaIf you are running Java (more on that in a moment), you must install the latest update:

Oracle informs us that at least four of the 37 security holes plugged in this release earned a Common Vulnerability Scoring System (CVSS) rating of 10.0 — the most severe possible. Vulnerabilities with a 10.0 CVSS score are those which can be easily exploited remotely and without authentication, and which result in the complete compromise of the host operating system.

But before you update your Java installation, first ask yourself if you really need Java. The safest way to use Java is to uninstall it altogether. It’s a security nightmare. So, why do you need Java? There are some programs that require Java. LibreOffice, for example, requires Java. Online chat, some games… the question is, can you live without it? We recommend that you uninstall Java from your computer and see what difference it makes. If something stops working, find an alternative program.

To uninstall Java, go to your control panel and select Add/Remove Programs. Find ALL occurrences of Java (Java didn’t uinstall previous versions until recently and those early Java installations are very dangerous) and uninstall them. If you are running a Mac, your Java has already been disabled or was not installed – unless you are on OSX version 10.6 or earlier in which case removing Java can actually damage your system. Consult your Apple Expert for assistance.

But if you decide that you must have Java, get your Java update now and install it… if you are running Java. Once you have installed the most recent update, you will want to disable Java in your browser(s). To do this first close any browsers that are open. Go to Start>>Computer and type “Javacpl.exe” in your search bar. If you find it, double-click on it to run it. Some computers, however, will not find it tis way. Instead you’ll need to find it manually. Go to Start>>Computer>>Local Disk (C:). If you have a 64-bit computer, go to Program Files (x86)>>Java>>jre7>>bin. On 32-bit computers, you’ll find it in Program Files>>Java>>jre7>>bin.

Double-click Javacpl.exe and find the Security tab. Uncheck the box that says “Enable Java content in the browser.” Now your browsers will not use Java which will render you much safer on the dangerous universe we call the internet.

Heartbleed – What to do and what not to do

OpenSSL-Heartbleed-vulnerability-CVE-2014-0160HeartBleed

What is it?

Heartbleed is the name that has been given to an extremely dangerous vulnerability in OpenSSL. OpenSSL is a protocol used on about two-thirds of the world’s websites including the FBI’s site, probably your bank’s website and your internet service providers servers. There has been vulnerability in this protocol for the last two years that allows hackers to access information being transferred to and from compromised websites and your computer. OpenSSL is also used in many routers – the devices that transfer data all over the internet. You probably have a router sitting on your desktop – it’s your connection to the internet.

What to do

Avoid secure internet transactions. Go to your brick-and-mortar bank location to do your banking. Do your shopping in person, not online. When your bank or other institutions notify you to change your password, change your password. If your internet service provider notifies you that you need to do something with your router, do it immediately. However, they will most likely be able to update your router without your involvement.

Last week the world was notified of this vulnerability. This means that all the hackers that were not aware of this vulnerability are now aware of it. You can be sure that they are now attempting to exploit this vulnerability. This is the absolute most dangerous time to engage in online commerce until this vulnerability has been removed. You can, however, test websites for this vulnerability at http://filippo.io/Heartbleed/. Be aware, however, that this is not an absolute guarantee of safety. If your router or other routers in the circuit are compromised, your data could still be at risk.

Because your data has been exposed for the last two years, you should contact Kathleen Hjort immediately or visit her website at www.kathleen76.legalshieldassociate.com and get identity theft protection. Legal Shield’s identity protection is the only service that will restore your identity for you in addition to providing alerts.

What not to do

DO NOT change your passwords online until you have been notified to change your password by the company or you have determined that the site is secure. This vulnerability does not give hackers access to data stored on servers – only data being transferred between your computer and the website. Hackers probably do not have your username and password now; if you go online and change it before the website has been updated, the hackers will be able to capture your username and password.

Prepare for Your Home Loan with Max Schneeberger!

Max SchneebergerMax Schneeberger of Guild Mortgage is a member of I Take the Lead. We sit and have breakfast together every Friday morning at IHOP on 164th Avenue in Vancouver. I have come to know and respect Max for his incredible wealth of knowledge about the home loan business.

He spoke this morning at our meeting and here are some thoughts I came away with.

  1.  Prepare for your home loan in advance. Max is the first person to see when you start thinking about purchasing a home – especially if you are self-employed or take large work-related deductions on your taxes. Max knows all the little things that will trip you up in the mortgage process and he will ensure that you have smooth sailing once you have identified the home you want to purchase. And he has some great strategies on getting the home in the bidding process. These days, with such a small housing inventory, buyers have to bid against other buyers. Max can help you win that bidding war – or decide whether it is worth winning that bidding war!
  2. There is a Washington State grant available that can pay your downpayment and part of your closing costs! But the loan officer – not the loan company but the loan officer himself/herself – must be licensed. Many are not licensed which will cost you up to $10,000 which you could otherwise take advantage of. See Max about this great opportunity.
  3. There is no such thing as a no-cost loan. If you are not paying it, it is being rolled into the loan which will cost you more in the long run. If you are able to pay the closing costs up front, do it and save yourself some money.
  4. There are a lot of rules about sourcing money, especially with federal loans (FHA, VA, USDA). Those rules can delay your purchase by a month or two. Max will explain those to you in advance so there are no surprises later.
  5. Spousal debts and credit challenges may or may not be part of the picture. It varies according to which state you live in and whether the loan is federal or conventional. Max will make sure this doesn’t trip you up.

In short, Max is the person to go to for your home mortgage – well in advance of contacting a realtor or even going to those open houses. Max will pre-qualify you and provide a letter for your realtor stating the loans for which you are eligible. He knows a lot of secrets of the trade that can get you into a home when other loan agents will just turn you down – and save you money in the process. Call Max now at 360-816-5110 or 360-931-1681. Or e-mail him at maxs@guildmortgage.net. Tell him Rod at Virtual Websource sent you.

For more information about Max and Guild Mortgage go to www.guildmortgage.com/officers/maxschneeberger.

Domain Registration Prices and Other Issues

Two common errors, in my opinion, that many people make are these:

1.  they register their domain with their webhost

2.  they use the e-mail service provided by their ISP

The reason that these are bad decisions are that webhosts and ISPs are frequently changed.

GoDaddy girlLet’s consider the domain registration first. If your domain is registered with your webhost, it makes the transfer that much more awkward and difficult. In addition, web hosts rarely offer the same level of service as a domain registrar as NameCheap does. Of course, no one else does either. Even GoDaddy. Just let me say this about GoDaddy. If you use them, you are paying too much – unless you are not going to renew your domain. GoDaddy offers deep discounts for your first year of domain registration, but they get it back when you renew. Currently it costs $14.99 to renew a ‘.com’ registration on GoDaddy as opposed to $10.87 to renew at NameCheap. I also hate GoDaddy‘s overwhelming upsell efforts – it’s difficult to find your way through all the pushy sales efforts to find your account maintenance functions. Finally, unless  you are willing to pay more to support GoDaddy‘s exploitation of gross sexual stereotypes, go with superior service and lower prices at NameCheap. If you are already with GoDaddy, transfer your domains to NameCheapwhen you are approaching your renewal date. Transferring domains can be a bit daunting to the uninitiated – contact us for assistance.

Second issue – using the e-mail address provided by your ISP. The primary reason I don’t use them is because I occasionally change Internet Service Providers (ISPs). In fact, I just did that on Friday. I dropped ComCast and went with CenturyLink. If I were using Comcast’s e-mail, I would have to notify everyone that my e-mail address has changed. And I’m not sure that ComCast would forward my mail from my old address to my new one. Another reason I don’t use the ISPs e-mail is that I have my own domain and have my e-mail associated with that domain. I actually have several domains and use one of them for my personal e-mails and virtualwebsource.com for my business e-mails. I intend to keep these two domains for the foreseeable future, so I won’t have to notify anyone that I’m changing my e-mail address for a very long time. Oh, and I do have  yahoo and gmail e-mail addresses as well. I use those when websites require me to signup for their mailing list but I don’t really want to.

If you are currently using your ISPs e-mail, i would recommend obtaining your own domain(s) and using the e-mail services associated with those domains. If you don’t want a website, you can purchase e-mail hosting for just $36/year from us. Contact us for assistance in either case.

If you are using yahoo, hotmail, gmail or any of those services for your e-mail, consider obtaining your own domain (as above) for privacy. These ‘free’ services sell your information to as many people as will buy it, not to mention the fact that Google (and probably the others as well) voluntarily hand all your e-mails and other information over to the NSA.

Do yourself a favor. Register your domains with NameCheap, obtain your webhosting from us, and use us for e-mail hosting. Or if not us, some other webhosting service. Just don’t register your domain with your webhost (we don’t even offer domain registration) and don’t user your ISPs e-mail service.

Use Video for Increased Effectiveness and Better SEO Scores!

Web Video  University

Web video dramatically increases website effectiveness. Consider these statistics:

Visitors are 144% more likely to purchase a product after seeing a video. A web page with video is 53 times more likely to achieve a page one listing on Google.

Videos in search results have a 41% higher click through rate than text results. And Google rewards web pages where visitors stay longer. On average, visitors stay 2 minutes longer on web pages with videos.

Can you really afford NOT to use web video (especially if your competitors are)?

Video training is available at Web Video University. Visit their website at Web Video University to find out how you can learn to produce and develop your own high quality web videos for only $99/month.

Malicious E-mail Alert!

I received one of these this morning. It’s particularly effective because the return e-mail address appears to be authentic and the topic is heart-stopping.

BBB is issuing an urgent SCAM alert cautioning businesses and consumers about an email that looks like it is from BBB, with the subject line “Complaint from your customers.” This e-mail is fraudulent; ignore its contents and delete it immediately. If you have already clicked on a link in the e-mail, run a full virus scan of your computer.

Click here to read the full story.