How To Secure WordPress – Common Mistakse

I’ve been seeing tons of posts recently covering the (important) subject of securing your WordPress blog. There are many blogs that are currently sharing their top 5, 10 or 20 security tips.

Why am I writing about this? Because I don’t like the fact that most of these blog posts ignore the elephant in the room, rendering their advice into…rubbish.

Garbage can in Melbourne australia with the label 'Rubbish'

 

Here’s the last one I encountered, on Copyblogger

Last week, in preparation for an interview about my work at Copyblogger’s managed WordPress hosting division, I chicken-scratched a top 10 list of tips for keeping your WordPress website(s) secure.

10 Steps to a Secure WordPress Website

Now, in that link you will find a checklist of ten (mostly valid and important) actions to take to secure your blog (and up-sell some services). So why am I not satisfied?

The Elephant In The Room

Everybody’s talking about security and importance of having “good” passwords. You’ll see tons of debating on how to choose a hard-to-hack password, but zero discussion on who can read your password???

Here’s the elephant: If you have a self-hosted WordPress blog, there’s a VERY good chance that you don’t have a secure way to log in to it . What does this mean?

If you don’t use a secure connection when you log in to your WordPress blog (and in a second I’ll show you exactly how to check if you are using one), then anyone on your local network can see your password when you click that Log In button.

Let me emphasize this again

Anyone can see your password when you log in to your WordPress blog using a non-secure connection.

This means that it doesn’t matter what-so-ever how complicated your password is. If you update your blog, approve comments or even just log in to check stats while you’re at a caffe, shopping mall or airport – congratulations, you’ve just given your password to all the other people that are using the same network like you.

How do you know if you’re using a secure connection?

When you log in to your admin panel, check if the URL (the address at the top) starts with HTTP:// (insecure) or HTTPS:// (secure). If it’s an HTTPS, this is a secure connection, and your password will not be up for grabs by your surrounding. If it says HTTP, you’re in trouble for two reasons:

  1. When you log in, you send your admin password as plain text over to the server, and any other computer on your network can read it
  2. Even if you log in at home, and select “remember me” and then access the blog from a public location, anyone can hack your account. The reason for this is that although you have logged in from your home, the server saves a special mark on your device that will allow it to be remembered. This marked is called cookie, and when you access your blog again in a public network, everyone can steal your cookie, and that will make your blog crumble!!

How To Fix This

Unfortunately, showing how to set up SSL certificates (this is what it takes to have a secure connection to your WordPress) is a subject for an entire blog, not just a post, and is definitely out of the scope for this blog.

Being a complicated setup that it is, it also completely negates the point of easy actions to improve security, like all the blog posts I mentioned advocate for.

What you should do, is contact your hosting provider and ask them to help you set up SSL connection for your blog. Notice that a shared-SSL certificate, like Hostgator (for instance) offers for free, will only allow you partial management of the blog (for instance, will allow to edit posts in HTML mode, but not in the WYSIWYG editor – which is what most people would prefer). Also take into consideration that a private SSL will cost money (few tens of dollars per year on average). If you host more than one blog on your account, take into account that you might end up being able to install SSL only on one of your blogs.

How To Fix This – The Quick & Easy Way

Don’t choose a simple & cheap shared-hosting package. Choose a Managed WordPress Hosting provider. Syntesis [this is NOT an affiliate link] is one that I heared some good stuff about, but haven’t checked them out myself. Make sure to pick a package that DOES includes SSL (their basic one doesn’t).

If you have any recommendations for managed WordPress hosting or at least one that makes it dead easy to enable SSL for WordPress on it, write me a comment!

To fit, or not to fit?

I want to put you in a category

http://sethgodin.typepad.com/seths_blog/2012/09/i-want-to-put-you-in-a-category.html

When I meet you or your company or your product or your restaurant or your website, I desperately need to put it into an existing category, because the mental cost of inventing a new category for every new thing I see is too high.

(via Instapaper)

 

No one wants to be categorized. No one wants to be considered “like anyone else”, and rightly so. We’re all different. But as Seth puts it, people can’t afford the mental cost of not categorizing people.

 

This is something I struggled through badly in most of my years. Ever since I was 10, I was never a good fit for any common category. You might think it’s good, but it has a hidden cost. For I was not left alone in a category bearing my own name. Instead, I was constantly placed in the wrong category, the wrong checkbox and the wrong line.

 

You can refuse to be categorized. You can insist that it’s unfair that people judge you like this, that the categories available to you are too constricting and that your organization and your offering are too unique to be categorized.

If you make this choice, the odds are you will be categorized anyway. But since you didn’t participate, you will be miscategorized, which is far worse than being categorized.

Now that I know myself better, I also know which categories I fit. There are many of them, but I learned to cater the most relevant one for me on each encounter I have. The effect? People understand me better, and can relate to me better. And I’m not fighting so hard anymore.

Sent from my iPad

What Can A Smart Phone Do? Apparently, Predict Your Next Move!

This is seriously scary. Remember the movie ‘Minority Report’? I still remember watching the movie at the cinema. I was blown away by the gadgets it offered.

At the time, those gadgets looked like such a giant leap forward. It looked, well, like fiction. Those touch screens where our dreams much like a robot butler was the dream of my father’s generation.
Fast forward only a decade later. Touch screens are obvious. A prototype of hologram has been demonstrated in MIT two years ago (or more). Sure, we don’t have flying cars yet, and no one tapped (to my knowledge) any “oracle kids” to a computer and tried to predict the future based on their hallucinations, yet. But according to this British research, there might just be a better way:

“A team of British researchers has developed an algorithm that uses tracking data on people’s phones to predict where they’ll be in 24 hours. The average error: just 20 meters.”

 

Cellphone tracking: What happens when our smartphones can predict our every move?

Sure, it’s based on access to data that’s (allegedly) protected and not made available without a warrant. And yes, it predicts where you’ll be, not what you’ll be doing. Nonetheless, I find it amazing and disturbing at once. We really are creatures of habit after all.

what can a smart phone do

Create Your Own Life: Entrepreneurship Lessons From Mysocialcloud’s Co-founder Stacey Ferreira

Last month I had the pleasure of interviewing Stacey Ferreira, co-founder of MySocialCloud. The story of how Stacey and her brother Scott brought their company to existence is truly exceptional.

The Girl Who Made $1M From A Single Tweet

Photo of Stacey Ferreira
Stacey Ferreira, co-founder of MySocialCloud

Many people, myself included, referred to Stacey recently as “the 19-year-old girl who got $1M from Sir Richard Branson by sending a single tweet“.

Although that is, in general terms, true – it’s only half of the story.

Yes, she responded to a tweet by Sir Branson and met him in person. Yes, Sir Branson did invest money in Stacey & Scott’s company.

But at least for me, the two siblings’ mindset is what made it happen – and that’s the crucial part of the story.

HOW did Stacey and Scott do it? With an amazing entrepreneur mindset and attitude. With courage. With characteristics that cannot be learned in school and actually defy most educational systems.

And so, I wasn’t at all surprised to see this blog post written by Stacey:

“At 18 years old, and after countless hours of thinking about life and the seemingly long checklist of things I must accomplish in life – I began seriously questioning it. Weren’t we meant to create our own life rather than live the life that everyone else has already lived to some extent?”

Stacey Ferreira, Co-Founder – MySocialCloud.com | Featured on MO.com

I know exactly how Stacey feels. I went through a similar phase myself. I was only 15 years-old when I began my undergrad studies. I started at such an early age because I was already defying highschool education.

For me, highschool was merely a task on the checklist of requirements for college. Besides being this preliminary requirement, I see highschool as an advanced baby-sitting service.

So I left highschool and went to college, and I was having the time of my life.

I started dreaming about graduating and pursuing an academic career. I was approached by a Stanford University professor, who wanted me to come and spend the summer at their labs. I already had the M.I.T. sign-up kit for a master’s degree filled in. I was so far ahead of the game, being able to accomplish all of this before the age of 18.

Or so I thought.

Then a car accident changed my life for ever

It was almost midnight, and the last rain of the season was falling. I was standing in a traffic light less than 5 minutes away from home. As I was waiting for the light to change, I was suddenly blinded by headlights that appeared out of nowhere. I don’t even remember the crash. My next memory is the complete silence.

I later learned that a speeding driver approaching the traffic light has lost control due to the poor weather conditions, and smashed his car directly into the front of mine.

I ended up laying down for months over months. I was unable to return to class. In bed, my entrepreneur gene raised its head. I decided to start my own business from bed, while I was recovering.

When it was time to return to school, I came to a staggering realization: I didn’t care anymore. I didn’t care about school and its education anymore. I realized that none of the obstacles that I was struggling with in my new business will be solved by anything I was taught in school.

Actually, the opposite was true. The mindset that students were supposed to develop in (most) undergrad-schools, of hard-working, self-learning, task-completion, working-solo, grade-centric way of thinking, actually guarantees you will be an excellent employee, no more and no less.

I couldn’t help but wonder – What if I’m not prepared to spend my life working for someone else?

“What if I’m not prepared to spend my life working for someone else?”

Stacey & Scott were working on MySocialCloud as a summer project. When Stacey’s holiday ended, she was supposed to go back to school. Still, wanting to keep her new business running, clash was inevitable:

“My heart was no longer set on education in the way I had been receiving it in the classroom; instead it became more set on learning through doing – at this point in the form of building a business.

And when I noticed college was forcing me to give up the life I truly wanted to live, I became extremely frustrated with school, it’s cookie cutter requirements and its hindrance of my learning (the learning I actually wanted to do rather than the school requirements). “

Stacey took a brave choice, and it changed her life for good. Now she’s co-running MySocialCloud, and getting more experience under her belt than any undergrad student can even dream of.

It seems that the best answer for you, more often than not, is being yourself, and doing what you want, not what society’s norm expects you to do! It’s impossible to be extraordinary if you only take ordinary actions. (Click here to tweet this)

Get My Interview With Stacey + Free 3 Months Subscription To IN Mag

If you want to get my full video interview with Stacey – where she tells her whole story, including one little secret that made it all happen – it will be coming up on the September issue of Inspiring Innovation magazine. Click here now to get the Inspiring Innovation Magazine and claim your free 3 months subscription.

If you have an aspiring entrepreneur friend, please share this page with him now. It might just change his life.

Inspiring Innovation Digital Magazine

digital magazine
Inspiring Innovation Issue #3

Here’s the deal: We have a fantastic digital magazine – and we’re giving out a free subscription to it.

We help entrepreneurs from all around the world go from idea to reality.

And we’re giving you the opportunity to try the mag out, no strings attached, with a free 3-months subscription. After the three months, it’s your call. You can judge if we can help you become a better and more successful entrepreneur. Your subscription will NEVER be converted to a paid one UNLESS you opt for it.

We’ve already featured Pat Flynn, Yaro Starak, Chris Ducker, Benny Hsu, Ralph Quintero, Farnoosh Brock, Cahil Puil and more. We’re all about providing you with tips, tricks and lessons of the world leading entrepreneurs, and we don’t compromise for anything mediocre.

free entrepreneur magazine
Inspiring Innovation Issue #1

In order to receive your free subscription, we ask for only one thing in return: A tweet.

Pay us back by help spreading the word, so even more entrepreneurs will be able to enjoy this amazing offer. That’s all we ask for.

Click Here For Your Free Subscription, or: