Ozdachs

About Ozdachs

San Francisco Internet Marketer and web designer gets you on the Internet in a cost-effective, responsible way.

Your Email Has Been Hacked… Just Yawn??

Another friend’s Yahoo email account was broken into this morning.

Link in the Email

My clue was that he sent me an email at 4:11 am. And, the only content of the message was a link to a page on the Internet that runs a PHP programming script.

The message was sent to me, his sister, his ex across the continent, and bunch of other people I don’t know. The email had a long TO: list that looked like a random group of emails from my friend’s address book.

So, another person’s email account was compromised. Probably hackers went through and guessed his password. Or, maybe his email address and password were stolen from another site that had been broken into. Do we, or he, care?

The recipients of the email shouldn’t worry, as long as they don’t click on the link and visit the site in Latvia (.lv). I am sure that waiting on the .php destination page there is a malicious script that will try to infect the computer of any visitor that goes there. Even so, you’d probably have to also click on a confirmation box to run a program before you got into trouble. If you receive an email like this, you’re okay so long as you delete it without clicking on any link.

My friend, however, has a few worries:

First, he needs to stop the damage. He should go to Yahoo and try to regain control of his account. If they bad guys are nice, they didn’t change the password. He can log into Yahoo and pick a different, stronger password. Some bad guys are not so nice. They will change the email password so that you’re locked out of your own email account. In that case, you’ll need to contact Yahoo (or whoever owns the hacked site) and ask them to help.
The bad guys controlled/control his email account for a while. If they are truly evil, their programs visited all of the major banks, credit card companies, online stores, investment houses, etc. They typed in my friend’s email address, saying that they had lost their password. Many stores and financial institutions responded with an email link to reset the password. The bad guys, who had access to the Yahoo email account, clicked on the reset password link, created a new password, and gained control of my friend’s financial resources.My friend should go to every place he used the Yahoo address and enter a different email address for the account. He should also look over recent transactions to make sure his account hadn’t been compromised.
The bad guys could go to every online store, and see if the combination of the email address and Yahoo password logged them in. If my friend reused that password anywhere where he also used the Yahoo email address, that account is vulnerable. My friend should change the password everywhere he used the same credentials he used for his Yahoo email account.
He should also look over recent transactions to make sure his account hadn’t been misused.

You should use unique passwords for every site, especially sites like banking or ordering sites which remember your credit card number. When you use unique passwords, if a site is broken into you have to change your password for that one site. If you share passwords among sites, you have to change that password on every site it’s used when it’s compromised on any of the sites. — from a post about Kickstarter being hacked

My earlier post recommends that you sign up for the free password management program, LastPass. I am going to suggest, really suggest strongly, that my friend do that today!

By Ozdachs|2014-03-13T13:52:57-07:00March 13th, 2014|Consumer Tips|0 Comments

The Tale of Two Websites

Websites are worse than ties. You can really tell when you’re looking at last year’s fashion.

It’s not just shifts in aesthetic whim. Technology allows looks and functions that were not possbile earlier. For example, when people were on dial-up or slow DSL, websites had to have small pictures to minimize download time. You still have to watch the speed of your website, but you can safely use pictures that are two or three or four times the size recommended back in 2004.

Then for a while sites had a boxed look with sidebars to get more information on the page. Now, navigation menus drop down from the top of the page, sliders rotate graphics featuring different topics, and there’s a more open feel. Within a single page you’ll have a mixture of one-column, two-column, three-column or more-column layouts. You’ll have tabs that when clicked will reveal paragraphs of descriptions, and you can incorporate bullet-points that expand when selected.

See what I mean. I just redid a website for employment attorney Brian Hawes. I used the same content in both sites, except for an updated picture of Brian and the addition of client testimonials.

Before

Home Page 2010

Visit the old website.

After

Homepage of employment attorney Brian Hawes in 2014

Home Page 2014

Visit the updated Employment Attorney Website.

The new site looks much cleaner, clearer, inviting, and 2014-ish! In addition, the new site is responsive, meaning the layout changes to better fit different screens such as smart phones, tablets, and traditional desktop computers.

Fortunately, updating a site using exising material doesn’t require that the business owner take new photos or dream up more content. The same material can be transferred to the new look.

However, for the web designer a new site can take as much effort as putting up the site originally. Putting content into tabs, diving text into columns, or using the graphic quotation marks for testamonials requires more than simple cutting and pasting.

The designer will have to stage the site at a test location and then move it to the live location when it’s done. Plus, we have make sure that incoming links to old pages are good. Either we have to use the same page names in the new site (e.g., “lawyercontact.php“) or else redirect visitors to the new version of the page (e.g., “http://www.haweslawfirm.com/contact/“).

But, updating your site is important and worth the investment. You want your business to look modern. You want to tell the visitors about your services in an attractive way.

Go ahead. Tell them you’re ready to serve them in 2014.

By Ozdachs|2014-03-08T17:51:36-08:00March 8th, 2014|Web Design|0 Comments

[NO] Speed Kills… Your Google Ranking

Search Engine Optimization gurus — the people that get your site to come up on the top of Google results — are saying that how quickly your web pages display is an increasingly important factor in determing where you show up in the list of relevant sites that Google returns to your potential customers.

If your site is slow, Google will drop it down low on the results because Google thinks that its users are impatient. So, if you have useful information that takes 10 seconds to display to a visitor, your site may be down the list of competing sites with inferior data if they show up in less than a second.

Google’s focus on speed impacts your choice of the technical platform of your site, its hosting service, and additional support.

To ensure a quick site, you may:

Use simple HTML for your pages instead of pages built with scripts such as those used by WordPress.
Purchase third-party services designed to improve the availablity of your site throughout the Internet.
Sign-up for a beefy hosting plan that is designed to serve up WordPress pages.

Third-party services that cache the site and deliver the pages from different servers around the contry/world by can greatly improve the responsiveness of static, HTML site. We use one called Cloudflare.

Check out two of our simple HTML websites that use Cloudflare:

San Francisco CPA’s site
and our own
San Francisco Internet Marketing and Web Design site.

Fast, huh?!

But, Cloudflare cannot improve the speed of dynamic sites so dramatically. If you have a site built on WordPress where some of the page content is created each time a visitor clicks to see it, Cloudflare won’t help. And, even WordPress pages without content that is obviously changing come back more slowly than sites using only HTML.

The two sites above are basic HTML sites. Their corresponding WordPress blogs are also on Cloudflare. But, they are not nearly as quick. See:

San Francisco CPA blog
This blog served by Cloudflare.

Pages on these WordPress sites — even sites using Cloudflare — take longer to show up on your screen than the HTML sites.

To improve the speed of WordPress sites, you can purchase high-powered hosting plans. But, those beefy services cost many times the typical $125/year charge most of our clients pay for hosting. (See Synthesis‘s pricing. They are a service that is focused on supporting the needs of WordPress sites, and their “starter” plan is $324/year.)

WordPress offers a lot of advantages for business owners and their designers. But, WordPress comes with a handicap. It’ll be slower unless you spend extra money on hosting and also use care in turning on add-on functionality that require CPU cycles to produce a page.

Let’s talk about your need to be high in Google rankings, your need to do updates to pages yourself, and your budget for hosting services!

By Ozdachs|2014-03-04T07:24:26-08:00February 18th, 2014|Search Engine Optimization, Wordpress|0 Comments

Kickstarter Email sent February 15, 2014

I just received email from Kickstarter warning us that bad guys had hacked their site and stolen user data.

Kickstarter is doing the responsible thing by notifying its users, and it’s reassuring that credit card data was not taken.

The one gotcha is that encrypted account passwords were stolen. Kickstartser says that with enough time, the bad guys could break the encryption, copy your password, and try signing on to other sites on the Internet using your email address and the de-crypted password stolen from Kickstarter.

Fortunately, if Kickstarter used reasonable encryption technology, it’s not likely that bad guys would be able to easily or quickly break the encryption and get your password in a readable form. But, Kickstarter’s message provides a concrete example of the security mumbo-jumbo we are given every day.

You should use unique passwords for every site, especially sites like banking or ordering sites which remember your credit card number. When you use unique passwords, if a site is broken into you have to change your password for that one site. If you share passwords among sites, you have to change that password on every site it’s used when it’s compromised on any of the sites.

Remembering and managing passwords can be a pain, I know. The solution is to use a password management tool that learns and remembers your passwords as you type them online.

I use LastPass, and recommend it highly. The basic service is free, and the premiem features are $1/month.

LastPass has browser plugins for Chrome, Internet Explorer, and Firefox… the browsers I use. They have plugins for other browsers, too. These plugins watch for me to enter usernames and passwords, and they they ask me if LastPass should remember the data. If I say yes, LastPass stores the information securely, and I can have LastPass enter the username and password for me next time I visit the site.

Moreover, the information LastPass captures in Chrome is available to me in Firefox and on other computers. I just sign on to LastPass when I start my browser and all of my usernames and passwords are available for retrieval.

As far as my Kickstarter password, it was a unique nonsense series of numbers, letters, and special characters which was itself generated by LastPass. I am feeling very smug. I logged on to Kickstarter, had LastPass generate a new password there, and was done.

So, if you are a Kickstarter user, go to their site and change your password. Maybe start using LastPass while you do it! And, if used the Kickstarter password at other sites, then definitely visit all those sites and replace the common password with the random bits that LastPass will generate.

By Ozdachs|2014-02-15T15:18:27-08:00February 15th, 2014|Tips and Resources|3 Comments

The Care and Feeding of Your WordPress Site

You can’t just publish your WordPress website and forget about it for weeks, months, or years as you could for HTML-based pages. (See more on how WordPress sites are different in our previous post.)

A WordPress site needs:

Updating of its modules to plug security holes that have been discovered.
Monitoring of visitor comments. You’ll want to respond to questions or complaints, and you will want to encourage people’s comments.
Watching for fake spam comments that are loaded with links to scammy sites.
Regular, intentional back-ups.

Dashboard Showing 1 Update Pending

Fortunately, regular maintenance is neither difficult nor time consuming.

Here’s what we suggest.

Sign on to your site administration account at least once a week. Pick Mondays at noon or another regular time
- Review the WordPress Dashboard. Any pressing tasks will be highlighted in red and also the number of tasks will be shown on the header line at the top. In the example at right, there is 1 Plug-In Update pending. If there were comments needing review or theme updates waiting, there would be a red number by those menu items.
- Click on the lines with red numbers showing, and follow the instructions. This process will bring your site up to the latest version of its software.
- Click on the “Comments” menu item and see the new comments have been posted site-wide. Click on ones you want to respond to.
If your site allows any comments, install the Akismet plug-in to block spam comments automatically. The service is free for personal sites and $5/month for commercial sites.
Set up an unattended backup so that you will have access to a copy of your live system in case something unexpected happens to your hosting service or software.
- We use Updraft for the sites we create. The full-featured version allows us to stage a site, show it to a client, and then migrate it to the client’s live URL. For your website, if you don’t need any special functionality, you maybe able to use Updraft’s free version. Or, buy your own license for $60/year.
- You, or your web developer, can install the backup program when your site goes live. Establish a regular schedule for the backups and test the procedures.

Because WordPress sites are dynamic and can be updated from different locations, your maintenance activity is critical, if not terribly time consuming. Besides, although this post is written saying that YOU, the website owner, have maintenance tasks waiting for you with a WordPress site, you can delegate your responsibility. Ozdachs will do regular or ad hoc maintenance on your WordPress site. Or, you can assign the routine work to a techy in your organization.

Want more information? Leave your questions here, or call us at 415.347.6479 for a private response.

By Ozdachs|2014-02-09T13:35:10-08:00February 9th, 2014|Blogging, Wordpress|0 Comments

Previous 456 Next