Tag Archive for: WordPress

binary numbers in hacking scheme
binary numbers in hacking scheme

Marketers and content developers usually don’t get too involved with security conversations and hacker behavior. That’s usually left to website developers.

Furthermore, those who write for information-only sites (like this one) that don’t collect visitor payments often think these sites aren’t vulnerable to hackers. But that doesn’t mean these sites can’t, or won’t, become a hacking target.

Every Website is a Hacking Target

Obviously, e-commerce websites are the biggest targets for hackers. But the reality is that every site is a link to another one and to someone’s own computer. That’s enough for any site to be a hacking target.

IThemes wrote a very insightful post about why hackers hack and highlighted a few scenarios that I certainly could envision on a site like this that doesn’t sell products or collect payments.

  • Injecting sites with malware that redirect visitors to their own information-stealing sites
  • Installing ransomware and demanding an unlock fee
  • Just for the fun of it
Malware image of gun coming out of a screen
Malware. Tumiso/Pixabay

Even having good SEO is enough of a reason to be a potential target. After all, if your site is ranking well for keywords, it’s attracting more than potential customers and could be a reason to look for a back door to install spyware, redirects, and other mischief.

These are good enough reasons (for me, at least) to ensure my site has strong security.

How to Frustrate Hacker Behavior

Without question, good security practices offer enough protection to deter most hackers looking for an easy break-in.

Dana Baedke, founder of the marketing materials firm Runmark, shared a couple of security observations from an SEO Trends and Best Practices panel on the Slack channel run by the Arizona Word Press Group. The panel was sponsored by AZIMA, the Arizona Innovation Marketing Association.

  1. Don’t use the wp-admin prompt to login to a WordPress site
  2. Most panel participants were leery of security plugins

Those two recommendations prompted interesting and useful commentary from two guys who know a lot about WordPress security: George Lerner and Mark Rudder.

Don’t Stress Over a Login Page But Pay Attention to User Names

George Lerner is a well-known WordPress security expert who runs Lerner WebTech. In his opinion, the wp-admin login concern is overblown. The login names “administrator” or “admin,” however, should never be used. If it can’t be avoided, it should be changed in the Users section in the admin panel.

Another commenter rated the wp-admin issue a 2 out of 10 in terms for security concerns. Hackers already know that site owners often change the login portal name (“security by obscurity” in tech lingo) so it’s mostly a rote exercise so to speak.

Mark Rudder, co-owner of OnsiteWP, doesn’t disagree with these comments. Still, OnsiteWP uses a tool that hides login information with most clients. It’s not a perfect solution, he says, but it has enough benefits to be useful.

50% of usernames are “admin” or a variation of this. Be more creative.

Rudder echoed Lerner’s admonition about usernames: 50% of hacks begin with usernames that are easy to guess like “admin.” That’s half the battle lost right away.

Use Unique Passwords and 2FA

It’s worth repeating that using long, convoluted passwords is the best security for any user on any website. It’s also important to use unique passwords for every site you visit.

This isn’t easy and it’s tempting to use the same password for at least a few sites. If you struggle with coming up with creative passwords, consider using a password manager to create and save user names and unique passwords complete with numbers, symbols, and capital letters. They also prompt users to replace weak or old ones.

If you’re concerned about the security of password managers, take a look at Lerner’s guide to creating passwords. He’s also in the planning stage for a security course.

Rudder urged site owners to adopt two-factor authentication (2FA), a security Best Practice. Otherwise, he says the most comment element he sees in hacked sites (cleaning up sites is a major OnsiteWP service) is the lack of a security plugin. And that’s because…

Security Plugins Work to Frustrate Hacker Behavior!

Contrary to the AZIA panel, Lerner endorses the WordFence plugin mainly because it does a much better job than web hosts, and he’s evaluated a lot of them.

Even WordFence’s free version has a web application firewall Lerner says offers “amazing protection” against hacking. Lerner thinks a competitor, iThemes Security, is better in some ways than WordFence in some ways but WordFence does a better job educating users about security issues it finds.

(I use Sucuri for security. My site host, SiteGround, also provides security although as Lerner notes, it’s probably not the greatest. I used to use WordFence but it actually locked me out a number of times.)

OnSite uses WordFence for all sites they manage. “Without some security plugin, in our estimation, it won’t take very long before a site gets hacked,” Rudder says.

You’ll Get Used to Using Extra Security Measures

I know using 2FA and creating new passwords is a pain. Once you adopt them, though, these extra measures eventually become a habit.

The security experts try to stay ahead of hackers but as I noted earlier, they’re a clever bunch. They’d probably do just as well in legitimate businesses but I guess this isn’t as exciting. Let’s do our part and make their work a little harder.

WordPress lanyards with label Code is Poetry
WordPress lanyards with label Code is Poetry

I love my new website but working with it is stressing me out! Here’s how I’m dealing with this.

Hand reading braille page
Hand reading braille page

Accessibility is almost routine in public life. Handicapped parking, wheelchair ramps, curb cuts, accessible bathrooms, and Braille signage are in public places and many private ones, too, thanks to the Americans with Disabilities Act (ADA).

Wheelchair ramp along a wall

Photo: Andrzej Rembowski/Pixabay

Of course, there were no websites back then. It wasn’t until 2008 that new legislation was added to the ADA to instruct them to adopt accessibility tools.

But ADA compliance is far from a reality for most websites – even those owned by government agencies.

Many Websites are Required to be ADA-Compliant but…

Your website should be ADA-compliant do if it represents a government or receives funding from a government, according to AudioEye, a business with the goal of “eradicating every barrier to digital access.”

The reality, though, is that this hasn’t happened everywhere. A 2021 article in WP Tavern detailed how Colorado became the first state to require state and local websites to be ADA-compliant. Clearly, states haven’t been focused on this, which is a little surprising considering how many offices closed during the COVID-19 pandemic and still require people to go online to access services, including – ironically – disability support.

Each agency in Colorado was instructed to submit an accessibility plan by July 1, 2022, and be fully compliant with the ADA by July 1, 2024. Those agencies that don’t meet the latter goal can be sued by a person with a disability for a $3500 fine.

Does that sound disturbing? Sometimes it’s the only way to get compliance going.

President Biden had WhiteHouse.gov relaunched to be compatible with current ADA standards according to its accessibility statement. His predecessor declined to enforce ADA deadlines ad even withdrew guidance. That action has been reversed.

ADA-Compliant Websites are Better for Everyone

Why would I say this? It’s simple:  we all will eventually need some kind of support as we age.

We will all need some kind of support as we age. We can thank ADA for taking us there.

Let’s at least agree to make these steps a normal practice for websites:

  • Add tools that enlarge fonts or allow a black/white contrast
  • Add alt text to images that are read out loud on screen readers

low vision magnifier for reading text

Photo: bspence81 /Pixabay

These are pretty minimal steps, and it’s worth noting that search engines read alt text to understand images, which adds a little bit more SEO muscle to your website.

Many people with low vision use magnifiers to read newspapers and magazines. And guess what: taken as a whole, people with disabilities and their families and friends are potential customers. They work, buy stuff, go out to eat, and enjoy the same entertainment as the rest of us.

Why lose an opportunity for more sales?

These Tools Can Help You Get Your Website Moving Toward ADA Compliance

If you use WordPress, your site probably isn’t compliant, but a few hours of your time can bring it closer to the goal. It’s relatively easy to improve accessibility for people with visual disabilities if not actually meet ADA compliance goals.

A Google search for “ADA website tools” will identify articles, tools, and experts to help you understand what to do to make your site more accessible.

I’m a small business and do not run a place of public accommodation, so I don’t have to concern myself about ADA rules. But that doesn’t mean I can’t take a few steps to make my website a friendlier place for a person with limited vision to visit and think, hmm, I wonder if I should contact her for my blog or to freshen my stale site content? (Yes, please contact me.)

WordPress has a number of plugins that provide everything from testing your site to identifying ADA gaps to providing general and very specific fixes. You can search the WordPress theme repository for ADA-compliant themes. (Be sure to refresh if you use this link.) WordPress’s own accessibility team posts updates, news, and recommended tools. I use one myself.

ADA Website Compliance Tools

I’m not in a position to recommend tools, but I know these come from reliable sources.

Making websites fully compliant isn’t easy for those of us who aren’t techies. But making them easier for people with low vision to navigate is pretty easy.

I added the UserWay accessibility tool that makes reading this site a little easier for people with visual disabilities, as well as those with dyslexia. It allows users to adjust contrast, increase text size, and increase spacing. I hope people find it useful. And of course, I add alt content to every image and link on my website.

For my previous site, I installed the WordPress Accessibility Toolbar that allowed my visitors to create a black/white contrast or enlarge the font.

The toolbar also comes with a menu that lets you select additional features to fix potential accessibility issues, such as forcing underlining on links and preventing links from opening in new windows, which can make browsing difficult for people with low vision.

The ADA Changed America for the Better

The ADA, of course, literally opened American doors to persons with disabilities. And that’s a good thing.

  • Curb cuts and wider doors let people who use wheelchairs (and later, scooters) get around more easily.
  • Braille readouts on ATMs, elevators, and directories allow people with low or no vision to more fully participate in commerce.
  • The use of close-captioning tools brings more deaf people into worksites, cinemas, and theaters.

Curb cuts are helpful to parents pushing strollers and kids learning how to ride a bike. And many of us have used the larger accessible restroom stall not only for its purpose but also to keep a little one close by and change clothes and/or diapers.

ADA also made us work more intelligently.

Think about innovations like IM, texting, and other person-to-person communications that helped office communications and cut down on chatter which makes it hard to write. They also reduced the instances of the embarrassing or annoying “reply to all” on email.

I remember reading about a deaf colleague in New Orleans who was stranded during Hurricane Katrina. She worried about using up her cell phone battery as she tried to contact a sister outside the state via the TTY tool. Mobile communications were jammed, and calls couldn’t get through—but texting used minimal power. She eventually got through to her sibling as she walked (yes, walked) to the airport to catch a flight out. Guess who came for dinner?