Here's are 3 reasons why should never use a free URL shortener or link cloaking service:

1) A lot of ISPs block them because they often collect your data and share it with other sites. ISPs don't like that! And what happens if they get hacked and/or blacklisted? Don't take a chance in letting your links get blocked.

2) You don't control the service, so if they go out of business all your links quit working. Think about it. Do you keep a record of all your short links you use by a 3rd party?

3) Those URLs you shorten are impossible to remember and/or edit later. One of my pet peeves is I can't go back and edit where it goes on some of the services out there.

So what's the solution? Use an affiliate cloaking/redirect script on your own domain that protects you from all these things and more.

My friend Christine Cobb recommended a tool to me and I've been using it for about a month now. I love it! It's super easy to use, only takes seconds to create a shorturl, tracks clicks, and even makes QR Codes!

I set mine up on a separate domain (reginahelp.me) and use that domain only for my shorturls.

Check out Easy Redirect Script at http://reginahelp.me/easyredirectscript/ <--that's my affiliate link

Since I am using WordPress for my website, I am trying to decide if I want to convert my Pretty Link Pro links or continue to use the plugin. I love the way Pretty Links works, tracks, and it's right inside my Dashboard.

Leave Your Feedback

What are your thoughts? Should I convert my links and stop using a plugin? Have you tried the Easy Redirect Script? What do you use for cloaking your affiliate links or shorturl redirects? What are your fears of using redirect scripts? Looking forward to reading your comments below.

WordPress security doesn't stop with just using a strong password, keeping your site up to date, and using a good hosting provider. Your blog comments are part of WordPress security too.

Unwanted comments have the potential of making you lose readers, ruin your site's reputation, get your blog attacked by a malicious hacker, or harm your site visitors computers (a rogue link can inject computer viruses).

Here's 3 mistakes I see blog owners make with comments:

1) Approve spam comments

It's amazing how many blogs out there have approved spam comments. I'm not sure if it's just pure laziness, comments are un-moderated,  they have no clue what comment spam looks like, they like promoting Ugg Boots, or they just don't care.

If you're going to have a blog you need to pay attention to what you're feeding your readers and search engines! Check for links in comments/replies, look at the Author Name, checkout the comment author's website, check the IP address, look for bogus email addresses, and READ what the comment says. I can't tell you how many times I've clicked on the author's URL and it was blocked by Google for malware or my Kaspersky stopped me from opening the page.

Two things I do to reduce WordPress comment spam is use the security built-in the CommentLuv Premium plugin and check the comments that get through at Stop Forum Spam.

2. Approve non-relevant comments by backlink seekers

I remember when I first starting blogging and got my first comment, "Nice blog. Thanks. I'm going to bookmark it." I thought, Woohoo, someone likes my blog and approved it. But I failed to think, is this comment relevant or someone that's just trying to get a backlink to their own site. Sometimes these may just be trackback comments in the hopes that I allow trackbacks. (I've even seen trackback comments linked to a porn site.) And sometimes they try to make the comment "look" relevant, but upon further examination you can just tell they're not sincere.

Here's a couple screen shots I just took today off a site today:

Be sure to moderate your comments for backlink seekers and don't give your readers an option to "click" on a link to a rogue or unwanted site. You never know when one of those links could contain a virus or your reader vows never to visit your site again.

3. Lack of comment security settings

When was the last time you checked your "Discussion Settings" inside your WordPress dashboard? At the very least you should enable "Comment author must have a previously approved comment." I always change the default of "2" to "1" for "Hold a comment in the queue if it contains..."

Please be sure to go through your comment settings and protect your site and your readers.

WordPress Security Tip: 

Use the WordFence plugin to scan your comments for suspicious URLs. 

Leave Your Feedback

 If you're approving spam comments please tell me why? Do you moderate your comment spam? How does it feel when you see comment spam on someone's site? Please leave your comment below.

Not much shocks me anymore, but my friend Christine Cobb gave me a link to a video on YouTube where a Godaddy user shares his screen.  His "new" Godaddy account is either hacked, merged, glitch-y or I have no clue what happened!

Warning: Video has some vulgar text. And the video may make you a bit dizzy, but watch it in it's entirety to see how messed up his account is:

Be sure to read the  author's (Noun Verber) description on YouTube for more details here.

Think about what this user could have done to the other websites or account information. And what about his account information? Where is it? Who has it? Yikes! In my opinion, this is a major security breach.

WordPress Security Tip:

Never host your website at the same place you register your domain. Think about it. If your account gets compromised they can mess with your domain, emails AND your website files and database!

Right now I have my domain registered at Godaddy and my WordPress site hosted at HostGator.

Leave Your Feedback

I would love to know what happened to this account or what GoDaddy had to say. What do you think about hosting your website at the same place you register it? Post your comment below.

On February 1, 2013 Twitter announced to the public that they suffered a security breach and your account may be affected.

This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.

Source: Keeping our users secure

Even if you did not receive an email from Twitter that your account may have been compromised, they advised that you log-in and change your password.

I have logged in and changed all my passwords to good strong ones and hope you do too.

WordPress Security Tip: If you have your Twitter feed/stream in your sidebar widget be sure your tweets are your own or replies in good taste. You never know when someone may say something negative or spammy that shows up on your site.

Do Your Part to Help Protect Other Twitter Users

Be sure to tell your friends, family and colleagues. You can also share this article using the social icons below.

Stay safe out there!

A guest post submitted by Robert Nelson

Recently Homeland Security announced that JAVA had a weakness in Java Security that would allow installation of malicious software or malware. The mere fact that any US government agency would do so is rare.

This Java exploit problem affects all PCs, so it doesn't matter if you are using Linux, have a Mac, or a Windows machine. There has been a patch issued by Oracle, which doesn't completely solve the problem.

So for now you should disable JAVA, the procedure to do so depends on your OS (operating system). The following link will walk you through the steps needed. http://www.zdnet.com/how-to-disable-java-in-your-browser-on-windows-mac-7000009732/.

Please do take action as there are kits circulating on the Internet which allow Black Hat Hackers to utilize this exploit.

Special Thanks

We would like to send a special shout out to Robert Nelson for submitting this article to help all of us in protecting our WordPress sites and keeping our computers a safer.

Leave Your Feedback

We hope that Oracle gets the Java vulnerability fixed soon. Do you have questions on how to disable Java or issues with the Java exploit? Please leave your comment below.

WordPress 3.5.1 was released to the public on January 24, 2013. Within WordPress 3.5.1 there are several maintenance upgrades wrapped in a minor security release for all previous versions.

This release addresses issues with the post text editor, the media manager, network rewrite rules upon new network creation, scheduled post glitches, problems with the wp-admin area's scripts, some plugin error messages, and more. Be sure to check out the list at Codex Version 3.5.1.

Upgrading to WordPress version 3.5.1

A word of caution before you update! As with any WordPress upgrade, certain plugins or themes could break your WordPress site. Before you push the "Please update now" link, be sure you have a full backup of all your site files and database.

One of my favorite tools for backing up WordPress is the *BackupBuddy plugin.

The link above is my affiliate link. Save 25% off your order with coupon code WPSECURITYLOCKS.

People ask me all the time, "Is it safe to upgrade WordPress now?" The answer is simple. If you are not using a plugin or theme that will conflict with WordPress 3.5.1 then you should be fine. Check your plugins and theme to see if they are compatible. Copy your site over to a test environment and try the upgrade there first. You certainly don't want to break your "live" site. (If you need help, contact me.)

Very Helpful Links:

• WordPress News: WordPress 3.5.1 < Official Press Release
• WordPress Codex: Version 3.5.1 < Summary of highlights and features
• WordPress Codex: Using Your Browser to Diagnose JavaScript Errors
• WordPress Trac: Milestone 3.5.1 < Tickets active and closed
• WordPress Codex: Changelog/3.5.1 < This should be updated soon
• Download WordPress 3.5.1
• WordPress Codex: Upgrading WordPress Extended < Our preferred upgrade method

Please share your experience with upgrading to WordPress 3.5.1. Did everything go okay? If you find a plugin or theme with issues, let us know. Got questions about the WordPress security fixes? Leave your comment below.

Content creation is a great way to bring in more prospects and profits. And you do want more prospects and profits, right?

The struggle for many content marketers, both new and experienced, is consistently coming up with ideas for creating content. I've noticed that many go through a few stages in their struggle to come up with content ideas.

Let's take a closer look at those three stages and more importantly, what to do about each one.

3 Stages

Stage 1 - Ideas are not flowing - When you sit down to create content you have to repeatedly stop and think about what to write about. The flow has not stopped, it's just not as easy as it normally is for you.

What to Do - Step back and brainstorm. Make a list of content ideas. Don't edit - just brainstorm. This is something you need to be doing anyway, so you always have a list of content ideas from which to pull.

Stage 2 - Ideas are a struggle - Even when you look at a list of your ideas, nothing pops out for you. It feels like you are seeing the ideas on a list, but they are not making sense in your head, and not making the trip from your head to your fingers.

What to Do - Take a trip to your supermarket and check out the titles on the covers of the magazines in the checkout line. Thousands of dollars have been spent deciding how to title these articles. Find titles that you can use in your niche and get busy creating great content.

Stage 3 - You are beginning to believe in writer's block, even though it does not exist. Ideas are not only not flowing, ideas are just plain stuck. Your frustration level is high, and you're honestly getting a little bit frightened by your lack of ideas.

What to Do - Go to your topic in EzineArticles and look at some of the top articles in your niche. See which ones are getting lots of traffic. Choose an idea that you know will appeal to your community and simply do a better job with it.This is not plagiarism. This is research because you are simply looking for ideas. You are not copying what someone else has said, you are just going to do a better treatment of it because of your skills.

The Next Step - Your next success step is to grab your spot in the upcoming webinar on Wednesday January 30 at 8 pm EST - "How to Create Prospect & Profit Pulling Content in 20 Minutes or Less with Jeff Herring" Reserve your spot here => http://JeffHerring.com/regina

UPDATE - If you missed this live event, you can still catch the replay at http://jeffherring.com/regina.

A WordPress pingback vulnerability has been reported that could put your site's security at risk for a distributed denial-of-service attack (DDoS) attack.

Many WordPress bloggers use pingbacks and trackbacks to get notifications when someone links to their posts. I am one that likes to use them as well. But unfortunately, this new pingback vulnerability puts all our WordPress sites at risk.

A big thanks goes out to Bogdan Calin at Acunetix for his article "WordPress Pingback Vulnerability" to alert the public. He stated somebody posted on Redit about a WordPress scanner that is taking advantage of this new WordPress vulnerability. And even if you disable trackbacks, the threat still exists.

Which version of WordPress is affected?

While reading through comments on Bogdan's article, it seems that even WordPress 3.5 is at risk. So it looks like all versions.

guly
actually in my overnight tests i found that a blog post where trackbacks are disabled isn’t vulnerable. disabling it worked as a fix for my test installation, of course YMMV.

Bogdan Calin
That’s not my experience. In my case it worked even if trackbacks were disabled. I’ve tested on WordPress 3.5.

Source: http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/#comment-33097

How do you protect your WordPress blog from this pingback vulnerability?

According to Bogdan, there is no current fix but it has been reported to WordPress and will probably be fixed soon. In the meantime, you can disable your pingbacks and trackbacks from your WordPress Dashboard as follows:

UPDATE: 12/29/2012

Thanks to Kimberly Castleberry for letting us know about a the new "Prevent XMLRPC" plugin by Nathan Briggs.

The plugin makes it easy for users so you don't have to rename the file (see below). Once the vulnerability is fixed or to turn Pingbacks and trackbacks back on, just deactivate and delete the plugin.

If you would like to still disable trackbacks manually, following the steps below:

1. Settings > Discussion
2. Uncheck "Allow link notifications from other blogs (pingbacks and trackbacks)." Note: This will only disable trackbacks and pingbacks for future posts (not existing posts).
3. Scroll down the bottom of the page and click the "Save Changes" button.

Important! Then as a safety precaution, Acunetix suggests renaming your xmlrpc.php file to something else.

How to rename WordPress xmlrpc.php file

1. Log-in to your hosting server via SFTP through Filezilla or your favorite FTP program. Or through your cPanel > File Manager.
2. Open your home directory (usually public_html) or where your WordPress is installed. (Tip: This is where your wp-activate.php file exists.)
3. Find the xmlrpc.php file and Right-click then rename the file.

Until there is a WordPress security patch, I strongly suggest you follow the steps above to protect all your WordPress sites from this pingback vulnerability.

Leave Your Feedback

Have questions or concerns? Please leave your comment below.

Be sure to share this article with friends and colleagues so we can all help keep our sites safe.

WordPress 3.5 was released to the public on December 11, 2012.

They've named this one “Elvin” in honor of drummer Elvin Jones, who played with John Coltrane in addition to many others.

This major release is like an early Christmas present for bloggers and developers full of new features and improvements.

Check out this quick video to see some of the highlights of WordPress 3.5:

Although there are no noted security fixes in WordPress 3.5, there are several bug fixes and feature changes to improve the quality of WordPress.

Highlights include a new media manager, new default theme with responsive design (Twenty Twelve), Admin enhancements, changes to the Javascript Library, and more. Be sure to check out the list at Codex Version 3.5.

Upgrading to WordPress version 3.5

A word of caution before you update! This is a major WordPress upgrade. Certain plugins or themes could break your WordPress site. Before you push the "Please update now" link, be sure you have a full backup of all your site files and database.

One of my favorite tools for backing up WordPress is the *BackupBuddy plugin.

The link above is my affiliate link. Save 25% off your order with coupon code WPSECURITYLOCKS.

Some plugins are already being reported to us that have issues with WordPress 3.5, including the scan function of the Wordfence Security plugin. I am sure that plugin developers are working feverishly to get them ready for version 3.5.

People ask me all the time, "Is it safe to upgrade WordPress now?" The answer is simple. If you are not using a plugin or theme that will conflict with WordPress 3.5 then you should be fine. Check your plugins and theme to see if they are compatible. Copy your site over to a test environment and try the upgrade there first. You certainly don't want to break your "live" site. (If you need help, contact me.)

Very Helpful Links:

• WordPress News: WordPress 3.5 "Elvin" < Official Press Release
• WordPress Codex: Version 3.5 < Summary of highlights and features
• Troubleshooting WordPress 3.5 Master List < A MUST READ OF KNOWN 3.5 ISSUES!
• WordPress Codex: Using Your Browser to Diagnose JavaScript Errors
• WordPress Trac: Milestone 3.5 < Tickets active and closed
• WordPress Codex: Changelog/3.5 < This should be updated soon
• Download WordPress 3.5
• WordPress Codex: Upgrading WordPress Extended < Our preferred upgrade method

UPDATE 12/12/2012 at 12:50pm CST:

A big thank you goes out to Mark Maunder, the developer of Wordfence Security, for notifying us via email, in which he points out a new security enhancement in WordPress 3.5. Nice!!

If you're wondering why many of your plugins are emitting the warning:

"PHP Warning: Missing argument 2 for wpdb::prepare()"

WordPress changed a policy in their code. They started requiring a second parameter when plugin authors call the wpdb::prepare function. They made this change as a security feature to help prevent SQL injection attacks.

WordPress plugin core developer Andrew Nacin has a nice writeup that gives some detail on why the change was made.

Please share your experience with upgrading to WordPress 3.5. Did everything go ok? If you find a plugin or theme with issues, let us know. What's your favorite new feature? Leave your comment below.

Warning to All Customers of BlueLayerGroup, Inc., www.bluelayermedia.com!

On October 19, 2012, the BlueLayerMedia Staff issued a public statement on their website that their servers, domain registrar, and even payment processors were maliciously hacked and that they have closed their doors. They have left their customers to fend for themselves.

To BlueLayerMedia Customers,

On the evening of October 17th, hackers exploited our systems and decrypted important security passwords. With access to our servers, domain registrar, and even payment processors they began to wreak havoc on our systems. As soon as the infiliatration was detected we started to take measures to restore our own blocked access, but we regret that we were not quick enough in these efforts. The hackers who exploited our system were able to completely wipe the hard drives of our servers and even those our backup drives.

It is due to these actions that we no longer have any client data on our servers, no contact information, no website files, no emails, nothing. We regret to inform you all that we will not be re-launching services and are truly sorry for any loss you may have incurred. We are currently working to get all of the facts together, filing police reports and contacting proper authorities. Unfortunately the hackers were from outside the country and we have very little information to ever be able to get to them.

Again, we can't say how sorry we are for this system breach and wish that this unfortunate event could have been stopped. We appreciate your former business.

Sincerely,

The BlueLayerMedia Staff
10/19/2012

Unfortunately for their customers, unless they check www.bluelayermedia.com they have no clue if their pertinent information has been exposed and many may have lost their websites. A whois search revealed that the domain was registered in June 2, 2009.

According to the WayBack Machine, the last archive available was July 4, 2011 and was on a WordPress platform. It lists a phone number and email.

BlueLayerGroup, Inc.
Telephone: 1-866-837-0521
Email: work@bluelayermedia.com

It is unknown at this time if the email or phone number above is still working. I checked their Twitter account (http://twitter.com/BlueLayerMedia) and has been cancelled.

According to a Google archive, they did offer web design, custom WordPress, programming, web hosting, e-commerce solutions. Also a Google cache states, "We don't just build blogs, we write them too," as well as search engine submission, designing themes, making WordPress plugins, and more.

This is a tragedy for their company as well as all their customers who may have had their information exploited. It is also a perfect example of why you need to take your WordPress Security seriously and do off-site backups.

We recommend BackupBuddy with storage at AmazonS3 (over Dropbox) for better security. Feel free to check out BackupBuddy through our affiliate link at http://www.wpsecuritylock.com/backupbuddy and save 25% off with coupon code: WPSECURITYLOCKS.

It is unknown how long the company will keep the warning statement on their home page. So,please help spread awareness. If you know anyone that was a customer of BlueLayerMedia.com, please be sure to let them know. And use the social media buttons below to help others warn their customers.

LEAVE YOUR FEEDBACK

How do you think the company handled this situation? I personally think a phone number or email address should be listed so that their customers could get in touch with them. Be sure to submit your comment below.