I have set up Forums to personal and professional use. They are a great alternative to Facebook groups or Chat. They have excellent privacy so people can talk comfortably. To help you get started I created a little video on how the forums work. Click here to view the video!
Google Ads
Internet Privacy
To improve internet privacy, Google is on a mission to remove third-party cookies from its websites. Firefox and Safari no longer support them. This change will likely impact how your onsite ads and banner ads are displayed. Websites won’t be able to use tracking cookies to populate ads. Google and other platforms are working on replacement algorithms to place onsite ads while improving privacy. And cookies won’t officially be gone until 2023. You can adapt your digital ads by using keywords and advertising on sites that provide a logical context for your ads.
GoDaddy Security Breach
GoDaddy announced 11/23 that they had had a major security breach involving their Managed WordPress hosting. Their notice was followed by one from WordFence, the security software we put on all of the sites we do maintenance for. See the emails below.
To protect my clients and YCL, I have:
- Changed the password to log into the GoDaddy accounts themselves.
- Changed the YCL password to log into the WordPress website.
- Changed the client password to log into the WordPress site or sent a Reset Password email to each user.
Look for this email and change the passwords ASAP!
I started these changes yesterday. I will finish today.
You need to visit your site a few times over the next few weeks and check to see that the site is functioning properly and that there is no unusual activity on it. YCL will continue monitoring via WordFence.
If you used the same password for the WordPress login that you use on other accounts, YOU NEED TO CHANGE THE OTHER PASSWORDS IMMEDIATELY. The hackers will be trying to use the user names and passwords they got at banks, Facebook, Amazon, etc. to see if they can use your password to access these other accounts.
Each password at each site should be unique.
GoDaddy announcement
We are writing to inform you of a security incident impacting your GoDaddy Managed WordPress hosting service.
We recently identified suspicious activity in our WordPress hosting environment and immediately began an investigation with the help of a third-party IT forensics firm and have contacted law enforcement. Our investigation is ongoing, but we have determined that, on or about September 6, 2021, an unauthorized third party gained access to certain authentication information for administrative services, specifically, your customer number and email address associated with your account; your WordPress Admin login set at inception; and your sFTP and database usernames and passwords. What this means is the unauthorized party could have obtained the ability to access your Managed WordPress service and make changes to it, including to alter your website and the content stored on it. The exposure of your email address may also present a heightened risk of phishing attacks.
We are taking several steps to protect you and your data. First, we have blocked the unauthorized third party from our systems.
Second, we have reset your WordPress Admin login credentials, sFTP password and your database password. Your website is still up and running, but you won’t be able to edit content until you reset your passwords.
Here are the instructions on how to reset each password:
• WordPress Admin Login, please visit: https://www.godaddy.com/help/a-26916.
• sFTP or data password, please visit: https://www.godaddy.com/help/a-40804.
• WordPress database password, please visit: https://www.godaddy.com/help/a-24573.
If you use the same password for other accounts, we recommend you change your password to those accounts and adopt data security best practices, such as choosing a strong unique password, regularly changing it, and enabling multi-factor authentication where available. We also recommend that you remain vigilant for potentially fraudulent communications sent to your email address purporting to be from GoDaddy or other third parties.
Finally, because the private key of your existing Managed WordPress SSL certificate was exposed, the certificate will need to be revoked. We are in the process of installing a free DV SSL certificate on your website for one year to minimize potential site downtime.
If you would like to continue using your existing SSL certificate product, please follow the directions below to rekey a new certificate: https://www.godaddy.com/help/a-4976.
If you have any other questions, or you need further assistance, please call (480) 505-8870.
For residents living in California, Colorado, Delaware, Illinois, New York, New Jersey, Oregon, Vermont, Washington, and Wyoming, please visit https://www.godaddy.com/help/a-41004 for additional resources that describe additional steps you can take to help protect your information, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.
Thank you,
Demetrius Comes
Chief Information Security Officer
WordFence Notice
GoDaddy announced this morning that they have been breached. Our team took a deep dive into the breach and found that GoDaddy appears to have stored passwords in plaintext, or in a format that could be reversed back into plaintext, which is not an industry best practice.
We confirmed this by signing into a GoDaddy Managed WordPress Hosting Account and verifying that we were able to view our own sFTP password. That means the attacker didn’t need to crack the passwords and could likely retrieve them directly.
According to GoDaddy’s own SEC filing: “For active customers, sFTP and database usernames and passwords were exposed.“
The attacker had access to GoDaddy’s systems for over two months before they were discovered.
We have published a detailed post explaining how customers are affected, and what to do. Please pay special attention to our comments regarding your own customer notification obligations, if your site(s) are affected by this.
Click here to read our post about this breach on the official Wordfence blog…..
Pixel Tracking
Yesterday I went to a website to see what they offered in home meal deliveries. I didn’t set up an account. I didn’t request a quote. Just looked around the site.
15 minutes later there was an email from the company in my Inbox.
This was done with pixel tracking. While I was on the site, a piece of code gathered my information and added it to the company’s database.
Emails from Service Providers like Constant Contact and MailChimp use pixel tracking. That’s how they know who opened an email or clicked on a link in the email.
Facebook ads and Amazon.com use pixel tracking. Any search on Amazon will result in plenty of ads popping up on your browser offering the same or similar items.
So it isn’t necessarily a bad thing. It’s helpful. But you should have control over who is gathering information.
First line of defense – Turn off image downloading. (Instructions here.) The pixels are hidden in graphics. If you don’t download the graphics, you can’t get a pixel tracker. You can always choose to download graphics in an email from a safe source.
You can gain additional control by installing extensions in Gmail or other email softwares to block the tracking. I’ve installed PixelBlock in my Gmail. Another option is Ugly Mail. Each software is going to be a little different. Google “pixel trackers in Yahoo” or something similar to see how your provider handles them.
700 Power Words
I frequently talk with you about having a list of your Keywords at your fingertips while you are writing blog posts, social media posts, web page content. This helps ensure that you use the best words and a mix of words for Search Engine Optimization (SEO) and for reader searches on any platform. Here is a list for you of Power Words to make your content more compelling. These are great ideas! Print this article out and keep it with your Keyword list. You can write better copy to more your marketing efforts more effective! Print this out right now!
Just a Little Updating & Maintenance – Flying Crane Astrology
The Flying Crane Astrology site is visually pleasing and has good content. Dr. Castle just needed some help updating the site and keeping it in good working order. Visit the site!
A WordPress site requires regular maintenance. YCL has a plan! Monthly maintenance costs a whole lot less than an emergency site repair. Let’s not even talk about the cost from a total site crash! We provide off-site back ups. Should the site be hacked, we can re-install a back up and have your site up and running within a few hours generally. We install security plug-ins to monitor the site and notify us quickly of attacks or problems.
It is true. An ounce of prevention is worth a pound of cure!
Google Analytics
Each month YCL sends its website clients a set of Google Analytics reports showing the activity on their site. I recently added updated the Overview giving a glossary and report description. Here is a video from Chris Mercer, Google Analytics expert, explaining how to analyze the info to go in depth on what is happening on your site. In particular he talks about the Bounce Rate – how many visitors come to your site and leave after seeing only 1 page. This is crucial information! Your website should be a profit center for your business. How do you know if it is if you don’t know what your visitors are doing on the site? Call me if you would like to go over your reports!
PayPal
Website = Credibility
Recently I met a new person at a networking event. We exchanged cards. In the brief time we had to talk, it sounded like we could do business together. When I got back to my office, I went to her website to learn more about her. There was nothing there! Just a pretty picture. No detail on what she does. Why she does it. How she does it. Nothing. What a lost opportunity! Her site should have explained her business to me and made it easy for me to schedule a meeting with her to see if we could do business together.