WordPress Security

Bank vault doorI run a gaggle of WordPress blogs, both for personal reasons and for work reasons. My SupportPress site runs on WordPress.org and the host I’ve been using all along, iPage sent me an email informing me that they have detected a botnet-sourced cyberattack directed at the login pages of WordPress.org installations. They also informed all their customers that they have installed network limits on these attacks, but that even though the attacks have been greatly reduced, that it shouldn’t lead to a flagging of security vigilance.

No time like the present to get things installed on all my WordPress blogs. The first thing I can think of since all my passwords are 16 to 20 characters long, randomized, stored for me in 1Password, and stored in such a way that even I don’t know them – is to install a plugin called Limit Login Attempts to all the WordPress blogs I manage. This will prevent people from screwing up their login attempts and it will email me when they try. So far this blog is covered and I don’t really expect any problems here.

Thanks to social networking, especially Twitter and my good friend @wyrdsmyth, and my hosting provider iPage I have been protected all along. More security is usually a good thing and in this case, warranted with this extra plugin. Next stop are all the other blogs I manage.

photo by: walla2chick

WordPress Jetpack 2.2.1 Success

SparklerAt least JetPack for WordPress 2.2.1 upgraded without any fanfare. Everything still works too! For the blogs that I manage that had it, it’s updated. Wheee!

P.S. If anyone would like their own blog on our domain just let me know. I can set it up for you lickety-split and even manage it for you if you like. For free. Yes-suh. 🙂

photo by: letavua

Comment Spam Is Stupid

I just don’t get why there is comment spam on my blog. Thanks to Akismet it all gets sorted into the spam category automatically. I don’t even see the junk, so what’s the point of even sending it? If the spam is never seen, isn’t it just a monumental waste of time?

So, for this that like sending me comment spam, send away I guess. It’s a waste of time and electricity. It’s monumentally stupid. I’m not even seeing it. Just notice a number and click “Empty Spam” and that’s it!

Pretty As A Picture

While screwing around with my blog today I did notice something missing that I used to enjoy from the Plinky site that I used to use for blog prompts for interesting things to write about. WIthin Plinky you could put a word down and search Flickr for images you could use in your blog. That was a really cool feature and it made including pictures in my blog very easy. I didn’t have to worry about stealing photography from someone else as it only used pictures that were released under the Creative Commons licensing model. Since I don’t make any money from this blog, the Creative Commons has really helped out.

051 of 365 - Droste Effect [Explored]

So I went looking. I could still futz around with Google Image search which is annoying as you can’t define a default (only Creative Commons licensed) search that I could find – yes, you can go in afterwards and mark up an Advanced Search, but it’s annoying. In fact, I don’t want to ever leave the WordPress interface at all! So, thanks, perhaps, to PhotoDropper Plugin I won’t have to. I’ve seen some people complain about it but so far I haven’t seen any of the damage they have noticed on my blog. If the plugin behaves itself, I’ll enjoy it. Let’s see how it works with this post. 🙂

photo by: Yogesh Mhatre

Tent Flapping

Spam wall
Went back and forth just now on IntenseDebate plugin for WordPress.org. I thought it might be useful and add some features to my blog that would be nice to have, like After-The-Deadline plugin for comments and such. Everything was going well until I noticed that my Akismet Spam queue was at 74 comments. I tried to open the queue and couldn’t as IntenseDebate had replaced that part of my blog with its own controls. So, with no way to look at my Akismet Spam queue I decided that the pros for the IntenseDebate plugin couldn’t compensate for the way it broke my blog when it came to Akismet Spam queue access. So, there was for a brief time a new comment system, and then there wasn’t.

Which doesn’t mean a lot because people aren’t actually commenting on my blog, they are commenting on Facebook. I do get the one-off Twitter retweet or favorite, but that’s it.

Drafts Changes Workflow

The more I use the Drafts app for my iPad and iPhone the more I love it and the more I want to use it. It’s actually changed the workflow for my “Post-a-Day” WordPress blogging as well as my regular blogging in general. What I used to do was copy the Post-a-Day prompt emails over to my WordPress blog and set the post type to Drafts and let them sit there. I’ve never been a huge fan of the editor built-in to WordPress, but copying the emails to Drafts and storing them there, syncing them to Simperium which then synchronizes them across all my devices that have Drafts loaded on them, which is now just my iPhone.

The app itself has so many neat features, being able to store multiple drafts and have them swipe-accessible from the left makes switching files a breeze and then when the post is done and ready to be published I can swipe from the right and select as many services as I want to send my drafts off to. It’s the perfect promontory to launch Day One, Facebook, Twitter, Tumblr, and WordPress. Generally speaking, the drafts themselves almost always follow a certain path, first to Day One then to WordPress because then WordPress sends links to Twitter, Facebook, and Tumblr on my behalf with the publicize feature. But sometimes I write things that don’t go to my blog, in that case I can send to Day One and Facebook. I have configured the apps representation in Facebook to conform to my “Sharing” security group, so even if I tap the Facebook option I don’t have to worry about my private sharing thoughts leaking out where they don’t belong.

The only thing (yes, there is one of these for every user) that I would really love is a Drafts app for Mac OSX. That would let me hack away on Drafts entries on my iMac without having to clear off workplace desktop space to set up my iPad. I think it’ll just be a matter of time before we see those options start to become available. I would pay $15 for an app like that without even batting an eye.

Empty Nests

I’ve given up on Twitter. I won’t be removing my account as Twitter still has some use to for browsing the stream but there really isn’t any compelling interactions on that service for me any longer. The only things that will end up on Twitter really are links to blog posts and maybe the one-off comment.

Ever since Twitter enabled the data download feature on my account, I took advantage of it. I downloaded the entire archive and discovered to my pleasure that Twitter stored all my tweets as plain text in a CSV file. I spent the last months migrating my old Tweets into my Day One application. I will hand one thing to Twitter, it did keep me “logging” along for a long time. I’m switching that impulse over to Day One. It’s impressive just how much of my past I have recorded. It turns out to be about 2600 days, or about 7 years of my past – recorded and in some ways with a lot of resolution. For that I will always be thankful for Twitter. However…

The reason why I am leaving Twitter is because it is too exposed. I didn’t feel it was useful to have a private Twitter account, so I left it public and this decision was made with a devil-may-care attitude, that anything I tweeted wouldn’t matter. As it turns out, it does. Mostly this is because of my workplace, in that I do not trust them or anyone who works there. It’s not really anything meant to be hurtful or anything, but I can’t risk my job and I certainly feel that sharing on Twitter threatens my employment. For as far as I trust Western Michigan University, it starts and ends with the partitioned, compartmentalized version of me that works there professionally. Not the true honest authentic me. Being honest and sharing freely would just upset everyone and lead to needless drama at work, so I unfollowed a bunch of coworkers and people whose tweets would have gone to waste on an ignored account.

Another problem with Twitter is the loss of engagement and dimensionality. Everyone on Twitter is a three-dimensional person with all the complexities that come with being alive. Twitter’s relationships seem stuck in a one-sided mode of conversation. This very thing struck me most powerfully as I was migrating Tweets into my Day One app. I caught out of the corner of my eye tweets that I had made to people who were popular or famous. They were wasted messages. At first this concerned me, but then I realized that what was really going on was that the people who had thousands and thousands of followers were so far beyond their social horizon (that 150 limit I’ve written about before) that they simply cannot socially relate to anyone beyond their subset coterie of social contacts. It’s not that they are mean or being ignorant, but they just cannot process that level of interaction – it’s more about how our biology is colliding with our technology. So for the really famous, the really popular, that’s where the dimensionality comes in. A regular person is three-dimensional. The others are one-dimensional. They are human billboards. They stand there and output information and you stop thinking of them as individuals and start relating to them as “sources” instead. Robbing them of their inherent humanity. They don’t have feelings, as billboards don’t have feelings.

So, we’re all done with that. Twitter will still be a link-dump for my blog. Most of my actual sharing will start in Byword, then be copied to Day One, then from there shared to Facebook under my “Sharing” security model. If you don’t see lots of things on my Facebook wall, that’s because you aren’t in “Sharing”, and mostly that’s because I can’t allow my honest self to interfere with my work. — Gosh, writing that out felt wrong, but at least I’m honest.

If you follow me on Twitter and want to keep your lists tidy and unfollow me, I won’t even notice you leaving. So go in peace.

 

 

Blog Ads

I noticed this in the PAD stream that caught my attention. I regularly get a stream of spam comments and other social-network based debris from so-called SEO experts all angling to help me monetize my blog by adding advertisements.

Reading this got me to chuckling and thinking about what it means for me to try to do such a thing with my blog. Ads online are stupid, they don’t go anywhere or do anything. They are the visual noise that surrounds the content you are after and online there are so many great ways to avoid the entire thing. On blogs with ads, you can just pick up the RSS feed and then see the content headlines without the noise. You may be exposed to ads if you click further in, but at least you can control it. Beyond blogs, like when it comes to TV, the smart way is to DVR everything and then just use the fast forward button to skip past advertisements. Hour long TV programs turn out to be only a little longer than half an hour that way. You skip the noise and get right to the content.

If I use a DVR and skip ads on TV, then why would I put ads on my blog? Why would I add noise to what admittedly already is the mental noise of my blogging? So no, there won’t ever be ads here – and I don’t have to buy in to a ad-free add-on since I host my own blog. Something for which I should have done a very long time ago.

Blog Spam

I hate spam. I really hate it. I don’t want anything to do with Casinos, cheating lovers, or SEO bullshit. In fact, I’ve developed a very acute loathing for the phrase “SEO”. I’ve started to mentally connect “SEO Specalists” with “Used Car Salesmen”. If you are one, keep it to yourself. Don’t come and talk to me about SEO. It’s just gaming the system and it’s both corrupt and dishonest.

To that end, I went back to look at Askimet and realized that the API token that I thought was for-pay only turns out that it’s free for personal blogs. What a surprise! So I installed the Akismet plugin (I had earlier deleted it because I thought it was pay-only) and applied my API token and so far, although it’s only been a few moments, my blog is blessedly spam free.

The comments are the source of the spam. There was a post in the WordPress Community Pool regarding Twitter that got me thinking about how my readership engages with my blog. People don’t really engage in Twitter much anymore and they don’t engage in WordPress comments either. All the engagement seems to be focused on Facebook. I’m not against any of this, but I find it very fascinating. This leads me to the topic of this post, which is that blog spam in the comments on my WordPress.org system is even more damnable. Nobody uses the comment system but I’m loathe to disable it. So, Akismet, at least so far, is riding to the rescue.

With that, I have a great Monty Python skit to share with you all on YouTube. Enjoy!