Security Friday

Written: March 30, 2018

I’m a big believer in keeping my office network secure by following all update instructions from Netgear, so today my WiFi router was updated to the latest firmware release

Netgear firmware

Netgear firmware

This update process took maybe 5 minutes of my time and provided a sense of relief that my vendor Netgear continues to take security seriously by providing these free updates.

Apple also prompted me to update my Operating System to High Sierra 10.13.4, so that process took about 45 minutes, half of which was in the background just downloading the file then the other half I had to wait for my MacBook Pro to finish. While waiting I simply swapped to using my iPad and Samsung Note 4 smart phones to make calls, look at the calendar and run my business. I typically wait until outside of business hours to upgrade my laptop Operating System.

High Sierra 10.13.4

High Sierra 10.13.4

WordPress is still the number one Content Management System (CMS) in the world, so that means that it is a target for hackers. My favorite security Plugin for WordPress is called Wordfence, and here’s what the install process looks like after you add the plugin and activate it.

email contact

Click Activate

Click the link to setup Wordfence and then fill in your email address to receive alerts of suspicious activity:

Wordfence email

Wordfence email

I then clicked the link to receive auto-updates:

Wordfence updates

Wordfence updates

Next is Firewall setup, a technique to only allow trusted content to be run on your website:

Wordfence firewall

Wordfence firewall

Using Wordfence will alter something called the .htaccess file, so click the link to download your existing file, just in case you ever want to go back and un-install Wordfence.

Save old .htaccess file

Save old .htaccess file

OK, that’s about it for setup of Wordfence, so just wait for an email message from Wordfence if your site is being targeted by hackers. One of my clients received an email from Wordfence this morning and it listed every malicious file that had been added since 2014, so I was able to quickly remove the added files and then examine a few infected files before removing the added PHP code.

Wordfence all setup

Wordfence all setup

As always, if you have questions about your WordPress website and security, then give me a call, I’d be happy to explain it to you and help keep your site running smoothly.


Tags: , , ,

Winners of Celebrate Tualatin for 2018

Written: March 27, 2018

Every year the Tualatin Chamber of Commerce hosts an awards ceremony which is a wonderful way to honor the businesses and employees in the area that contribute to our economic prosperity and are involved in the local community, giving back to their favorite charities and non-profits. Back in 2010 I won an award for Outstanding Community Service and it was an honor to be recognized. Here’s a photo of the award winners for 2018:

Celebrate Tualatin 2018

2018 Celebrate Tualatin winners

A complete list of the winners include:

In addition to the winners there are many who were nominated that deserve to also be recognized:

There you have it, if you do business in Tualatin then I invite you to consider joining the Tualatin Chamber of Commerce and get connected with business and community working together, it’s just a superb group of individuals. To read more details about the winners and nominees there’s a nice article at the Chamber site.


Deceptive Site Ahead, or Not

Written: March 20, 2018

Yesterday I received a rather alarming email from the Google Search Console Team telling me that one of my client web sites had “Social engineering content detected” on it.

Email warning

Email warning

I double-checked that the address was really from Google and that the links were really going to Google. Hmm, that didn’t sound safe so I immediately browsed the client site and then my browser window promptly smacked me with a big red warning message:

Deceptive site ahead

Deceptive site ahead

I clicked the link for Details and read it, then visited the page against all of the warnings. I even examined all of the source code, trying to find something malicious like injected Javascript code or something altered in the HTML, however it was all OK, nothing was wrong. The particular page did have a Form that requested an email and password, which was all legitimate and had been coded back in 2015, working flawlessly for three years now.

In the Google Search Console there’s a link to request a Review of your questioned page, then it asked me to explain why I though a Review was warranted. I explained to Google that the page was coded in 2015, worked perfectly, and that nothing had been injected or changed. Then I waited.

Fortunately, the next morning I received another email from the Google Search Console Team:

Review successful

Review successful

I’m all for having Google scan my client web sites then inform me when something looks wrong, infected or deceptive, however in this case their search produced a false positive. As a result it created some amount of fear and panic inside of me, then it took me time to research what Google was inferring, inspect the code, run some tests, and finally convince myself that nothing was wrong at all, and to communicate to Google that a review was warranted.

I’m hopeful that Google cleans up their efforts to detect infected or deceptive web pages, but also reducing the number of false positives that are trigged, because my time is valuable.

Adding a MailChimp PopUp Form to your WordPress Site

Written: March 9, 2018

I have a WordPress client that uses MailChimp for emailing updates to their customers, so they wanted an easy way to prompt web visitors to join their email list. We already had a MailChimp form on their WordPress site, but the client wanted to have a PopUp appear after 5 seconds on their Home page that would invite visitors to opt in. After spending a few minutes doing a Google search I found several methods that simply didn’t work, then finally hit the one that did work, so here’s what you need to make this happen:

  1. WordPress web site
  2. MailChimp account
  3. JetPack Plugin for your WordPress site

Let’s start off with what you need to do in MailChimp, login to your account the click Lists. Select and click your desired List, then click the link for Signup forms. Finally, click the icon: Subscriber pop-up

Subscriber pop-up

Subscriber pop-up

In MailChimp select the Format, I chose Modal which means that the pop-up appears in the middle of the web page. Under Display I selected 5 seconds. I added an Image to the pop-up, then changed my Text.

pop-up design in MailChimp

Pop-up Design in MailChimp

Everything looked OK, so I was ready to create the code for this pop-up form, click the button: View Code

copy mailchimp code

Copy MailChimp Code

Select this code, then Copy it to your clipboard, Control+C on Windows (Command+C on Mac).

We want to Paste this MailChimp code into a widget area in WordPress, so login to your WordPress site and click on: Appearance> Widgets

From the list of Available Widgets find and click on: MailChimp Subscriber Popup (Jetpack)

I added this widget to the Header area of my Theme, so your Theme would probably have different sidebar names, choose your theme-specific sidebar.

Header Sidebar

Header Sidebar

Here are the details of my sidebar after I pasted in my MailChimp code:

paste MailChimp code

Paste MailChimp code

Notice how WordPress will alter your pasted code from MailChimp after you Save the form. I setup a condition to Show the pop-up on the Home page only, remember that in MailChimp is where I defined that the pop-up appears after 5 seconds.

I then browsed the Home page and waited 5 seconds, sure enough there appeared my pop-up MailChimp form:

MailChimp test

MailChimp Test

To complete the test I entered my email address and clicked the Subscribe button.

Back in MailChimp I viewed my List and searched for my newly added email name:

new mailchimp email

New MailChimp email

There you have it, we just added a MailChimp pop-up to our WordPress site using the Jetpack Plugin with some Copy/Paste and logo customization. Now the client can attract even more web visitors to receive email updates which will save them both time and money, a win for everyone.


Blog Tags

Recent Posts

Blog Directory & Business Pages at