If you are not technically inclined… would you pay a small monthly fee ($10 per month or less) to be able to view tech training videos AND ask tech questions to have a specific training video made to show you how to do it?

(Tech = anything to do with web sites, blogs, autoresponders, hosting, domain names, plugins, etc….)

Just last week I spoke at Kelly McCausey’s Hot Seminar Series about WordPress security and the need to keep your sites up to date, remove unused plugins, themes, etc…  I shared lots of great tips on how to protect your WordPress sites from being hacked.

Then, just two days after I spoke, my husband mentioned that my old web design site had some ‘issues’.  There were odd looking characters in the page titles; and remembering back, a client had contacted me end of last year telling me the same thing. I just upgraded the site, so assumed it was an incompatibility within either the theme or the plugins.  Since I do not actively do business via that site (and I was really busy), I didn’t stop to go have a look.

My mistake.

When I logged in the dashboard to see where those odd characters were coming from, I deleted those and then thought to have a look at the html coding within the page; WOW! hidden backlinks had been inserted to porn sites and all sorts of things.

Ugh! Had I only discovered this before my talk, I could have done a video on what I found and shared it. Learn from my mistakes, so you don’t have to go through the pain of dealing with it.

Ultimately, because this site is not actively used; I chose to first, change my password; then to delete all the posts and pages, and put up a minimal notice on the site for those older clients of mine who still contact me. Most know to email me, and don’ t go through the site, but still…. needed to address this issue.

So how did I get hacked?

I’m not sure I’ll ever know for sure, but my site was running WordPress version 2.8 – so not the latest version; but not horribly out of date. I did update the site periodically.

But this is a perfect example of why you need to keep up with what’s going on with your sites. If you’re like me, you have many, many sites, and it can be time consuming to go to everyone to up date them; but it’s necessary.

So if you have a niche website that you’ve setup and it’s either bringing in money and in ‘auto mode’; or you are letting it sit and age or for whatever reason – and you are not regularly logging into your WordPress dashboard, then take heed and go right now and make sure all your web sites are up to date and nothing funky is going on.

My active sites that I have, are always kept up to date, as I’m in there a lot; but I do have a few that I have setup, but for a variety of reasons, haven’t been to in awhile… they too will be getting checked.

This was a stealth hack – there wasn’t any obvious issues, other than the weird characters in the titles. My home page wasn’t hijacked redirecting site visitors to another site or anything like that. They inserted their code for hidden backlinks directly within posts and pages.

So learn from my experience; go right now today, and do these things to protect your web sites from being hacked.

Hack Prevention Action Steps

1. Change your password.  This is critically important! I started using Roboform a few months ago. I absolutely love it, as I can use really long, difficult passwords and it stores those securely for me.
2. Remove any themes and plugins that you are not actively using. If you want to log into your site via FTP and download those to save them to your computer for future use – that’s fine; but then delete every single one that you do not have activated and are not using.
3. Update your WordPress installation to the latest version. I highly recommend using the WP Automatic Upgrade Plugin to make this process complete. It will do all the required steps for you (i.e. backing up your files and database, downloading the latest WordPress version, deactivating plugins, puts the site in maintenance mode, installs/upgrades, reactivates plugins and removes site from maintenance mode). The built-in upgrade function within WordPress will upgrade your installation to the latest version, but even it fails to do all the steps that WordPress themselves recommends when upgrading your site.  I have no clue why they would offer a built-in function that doesn’t do everything it should – so get the WP Automatic Upgrade plugin and problems solved.
4. Upgrade any plugins and your WordPress theme, if an update is available. After you’ve upgraded your WordPress install to version 3+, you’ll find the Updates area under the Dashboard tab in the left column. Click that to see if you have any plugins and/or themes that need upgrading. Yep, the 3+ version of WordPress will upgrade your plugins and your themes! Sa-weet!
5. One final bit of advice:  check the Users that are registered for your site to make sure that there are no questionable users registered. I personally have the registration feature turned off on my blogs, so no one can register. I do know that on my hacked blog, at one time, I did have that feature turned on and I saw several user accounts listed and that could have been one possibly way they gained access to my site. (I deleted all user accounts except for my own). So if you do not have need of folks registering on your site, then turn off that function within your settings and thoroughly check any registered user accounts for your blog, paying particular attention to what their permission/user level settings are.

That’s it. Again, I’m clearly not perfect and let one of my sites slip into dormant status and the result was I left it open and vulnerable and a hacker got in. So when I talk about WordPress security, and the steps needed to protect your blog, you know that I have first-hand experience.

To YOUR Success,

Traci

P.S.Have you ever had your blog hacked? What did you have to do to fix it?

Update: Facebook relented and restored the custom landing tab option for pages. Hopefully it will remain.

Facebook changes their policies more often then most folks change their socks! Apparently, earlier this week, Facebook removed the ability to easily select a custom landing tab for new visitors to your Facebook page; unless you have at least 10 thousand fans/likes for your page! Then if you’re a super Facebook fan page connector with at least 10 thousand fans, you then will have ability to select a custom landing tab.

This is huge! Why?

Because many who use Facebook for business, have setup custom FBML landing tabs (aka: Welcome tabs) for new site visitors to land on, asking them to become  fan, errr…. ‘like’ their page. It’s a way of an initial welcoming introduction to someone who hasn’t visited your page before, or who is not yet ‘liked’ your page.

While keeping up with Facebook and their policy changes could easily be a full-time job… and re-designing landing tabs for every wording change, page width change, etc… is definitely a full-time job (at least for me); the good news is that not all is lost.

Link to the Tab

Each tab you create in Facebook has it’s own unique URL that you can link to. [mouse-over this text to see the URL to my Genesis Blogging Welcome tab] So my suggestion is to link any social media icons on your blog or web site to the specific custom landing tab you may have setup.

Here’s how to find this direct URL:

1. Visit your Facebook page
2. Click the tab you want to link to
3. Copy the URL from the web browser
4. Paste in the copied URL for any Facebook social media icons you have linking to this page
5. (optional) You can shorten this URL and make it ‘pretty’ by using bit.ly, budurl.com or a similar URL shortening service; OR, by setting up a 301 redirect using .htaccess (for the advanced techy folks)

Hopefully this helped you find a solution to this new Facebook custom landing tab policy.

To YOUR Success,

Traci Knoppe

P.S. Do you use Facebook pages for your business? Do you have 10,000 fans/likes on your page and see the ability to select the custom tab? Someone in a Facebook chat last nite did have way more than 10,000 fans/likes and still could not see this option.