Win a Copy of WordPress 3 for Business Bloggers & WordPress 3 Cookbook

We have teamed up with Packt Publishing to do a giveaway here on the blog.  They have generously offered up 2 e-books for you to have a chance to win.  So we will be choosing two lucky winners!

Packt Publishing let us give away SIX e-books at NAMS so we are excited to be able to give all WPSecurityLock readers who didn't get the chance to win at NAMS to win something here.

Overview of WordPress 3 for Business Bloggers by Paul Thewlis

• Use WordPress to create a winning blog for your business
• Develop and transform your blog with strategic goals
• Market and measure the success of your blog

Overview of WordPress 3 Cookbook by Ric Shreves and Jean-Baptiste Jung

• Take your WordPress site to the next level with solutions to common WordPress problems that make your site better, smarter, faster, and more secure
• Enhance your SEO and make more money online by applying simple hacks
• Rich with screenshots and practical tasks that you will find quite useful

We are in the process of writing a full review of each book so you will see those posted here on the blog over the next week. 

Entering is easy... Take a look at the Rafflecopter entry form below and follow the steps.  Be sure to read the directions when you click on the +1 on the entry form, you must leave a blog comment for your entry to count. Contest ends 2/27/12. Winners will be contacted by email so be sure to use a current email address when you enter.

a Rafflecopter giveaway

Related Posts:

• WordPress 3.1.2 Update – Critical WordPress Security & Maintenance Release (11)
• WordPress 3.1.1 Update – Critical WordPress Security & Maintenance Release (13)
• WordPress 3.0.4 – Critical WordPress Security Update (9)

If you're serious about your business, NAMS 7 is a "not to be missed" event!

I attended NAMS4 in Atlanta, which helped me launch my business. And right before NAMS5, David Perdew, the founder of NAMS, took our training a giant step further by launching the MYNAMS membership. Inside we get a private support forum, accountability groups, member blogs, training modules, webinars, monthly Q&A calls, interviews from the experts, weekly blog posts, website reviews and much much more. Then I took what I learned from NAMS5 and my business grew even more.

Then I was honored when David asked me to speak at NAMS6. I gave two live security workshops and the attendee participation was amazing! I truly enjoyed showing the class how to protect themselves and their content online.

Now NAMS7 is just around the corner. I hope you can join me there!

I'll be teaching two live workshops at NAMS7 from February 10-12, 2012 in Atlanta, GA:

• Workshop #1 - Setting Up Your Business Right (with Chris Cobb and Dan R. Morris).
• Workshop #2 - Bullet Proofing Your Business

Discover How You Can Build A Profitable, Sustainable, Recession-Proof Business With Hands-On Training By Real-World, Proven Experts. Come hang out with me, learn from the instructors, network with the attendees, and GROW YOUR BUSINESS!

NAMS7 starts February 10, so hurry and grab your ticket!

*Go to: http://www.wpsecuritylock.com/nams7

 In addition to learning how to be successful in your business, you're going to make amazing friends, find JV opportunities, and get REAL help tailored to your business needs.

Here's some fun shots from NAMS6 I thought I would share:

In between workshops, one of my favorite things to do is have a meal with my NAMS friends.

The restaurant at the hotel has great food and friendly staff too.

Hope to have a meal with you too!

<< CLICK PHOTO TO ENLARGE

In the evenings, you can catch the NAMSters out by the firepit (next to the pool).

This is a great place to meet everyone, share ideas, make lifetime connections.

Be sure to bring a sweater and hang out by the firepit with me!

Okay, so this was supposed to be a serious pic.  The WP Security Lock team was "attempting" to look like serious "hacker attackers" so we could make some fun marketing materials with it. However, you can see how well that turned out.

Hey, did I tell ya that Kurt Scholle is doing pro-headshots at NAMS7?

LEAVE YOUR FEEDBACK

I'm arriving early Thursday, February 9 and leaving after the network breakfast on Monday, February 13. If you're going to be at NAMS7 let me know so we can have a meal together or hang out by the firepit. If you've been to NAMS before, encourage others to attend by leaving your feedback below. And if you have a specific question about NAMS or a security question you want me to answer at one of my live workshops, leave your comment below.

Securely yours,

Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan

* Denotes our Affiliate Link. If you a make a purchase through this link, we may receive a commission. See our Disclosure.

P.S. I'm bringing some really cool prizes for the giveaways at NAMS! Make sure you bring your business cards for the daily prize drawings.

Related Posts:

• Regina Smola speaks at Niche Affiliate Marketing System Workshop (NAMS6) (11)
• WordPress Security Dinner with Regina Smola & Allen Dresser – NAMS6 (0)
• Welcome David Perdew to the WPSecurityLock Team (10)
• Ask Regina Smola Your WordPress Security Question Dec. 7, 2011 (2)
• WordPress Plugins: Uncovering the Hidden Dangers of Shiny Plugin Syndrome (2)

Limited Offer! Hurry and Grab Your free copy of lol... OMG!

This educational offer is sponsored by Intel and the Associated Students of Stanford University. Parents, students, educators and libraries should take advantage of this opportunity.

Check out the National Cyber Security Alliance at Stay Safe Online to learn more about online safety.

Related Posts:

• Data Privacy Day – January 28, 2012 (2)

While chatting with a friend on Facebook, she received this information in her chat window:

WARNING: Your account is reported to have violated the policies that are considered annoying or insulting Facebook users.system will disable your account within 24 hours if you do not do the reconfirmation. Please confirm your facebook account below:

help-confirmation-accounts.de.vc

thanks,
Facebook Security

Notice the typos in the message and, more importantly, the link she was told to click on. This link is in no way associated with Facebook.

Be careful when seeing messages like this and do not click on the links that you know are not part of Facebook.

To read more and see a screenshot visit Carla's blog at http://butterflynetworking.com/4022/another-new-facebook-scam/.

A big thank you goes out to Carla McNeil for spreading awareness on this Facebook Scam!

Most Commented Posts

• Skype Scam Alert – Fake Virus Call from System Alert (325)
• Cechirecom.com.js.php – WordPress Hacked | Case Study (308)
• Breaking News! Dangerous Malware Alert – Self-Hosted Sites On Major Hosting Service Hacked Again! (165)
• Breaking News: WordPress Hacked with Zettapetta on DreamHost (164)
• Breaking News: WordPress Hacked with holasionweb on Go Daddy! (118)

As of January 22, 2012 when we tested it, DreamHost has removed and/or updated the timthumb scripts and closed that security hole. However, we have another concern, numerous WordPress themes and plugins pose security risks.

When we used their WordPress "One-Click Install" Deluxe from DreamHost, we were welcomed with 134 themes (5,536 files not including Twenty Ten and Twenty Eleven) and 9 plugins (624 files not including Akismet). Holy Crap that's alot of themes and files!!

When you put your mouse over the ? it says "Includes a glorious selection of themes from Automattic and standard plugins to help you get started. Great for beginners!" Are they serious??? 134 themes??? OMG!

I personally contacted DreamHost several times telling them about the vulnerability with the timthumb scripts and the crazy number of themes and plugins they install. And their answer was:

"We want to give our customers choices."

Choices? Are they kidding me? People need to have 134 themes to choose from for what they want their blog to look like?

At least they got rid of the outdated timthumb scripts. But back then they had about 34 themes and now they've added about another 100 "choices." This more than triples the footprint of your WordPress installation and causes a great risk for security. Think about it...

How can you possibly trust 134 themes on your site? If a malicious hacker finds a vulnerability and  breaks into your site through one of them (and they don't have to be active) you're site will get hacked. And what if you're hosting multiple websites on the same account, every one of your sites can get hacked with a virus that can spread to your visitors' computers. Yikes!

If you MUST use the DreamHost One-Click Installer, please "UNCHECK" the Deluxe Install! Our recommendation is to do a manual installation. You owe it to yourself to learn how to do it. It's super easy and you know what is being installed on your website.

And if you have already used the "Deluxe Install," please log-in to your WordPress blog or FTP client and delete any unused themes and plugins ASAP. Remember! Unused themes and plugins increase your security risks.

Note: Make sure that you keep either Twenty Eleven or Twenty Ten that comes with WordPress so you have a default theme to fall back on in case you ever need it.

Also, please install the Timthumb Vulnerability Scanner plugin and run it now to make sure you don't have a timthumb vulnerability on your WordPress site.

Leave Your Feedback

Have you used the WordPress Deluxe Install from DreamHost? How many unused themes did you have to delete from your blog? Did you find an outdated timthumb script that you had to update? Leave your comment below.

Related Posts:

• DreamHost Security Issue: Change Shell/FTP Passwords Now (4)
• Warning: TimThumb.php Vulnerability in WordPress Themes and Plugins (5)
• WordPress Security Risks Using Auto Installers Like Fantastico (31)
• BlueHost, GoDaddy, and Other Network Providers get Targeted with Bulk Injection Hack (14)
• Breaking News: WordPress Hacked with Zettapetta on DreamHost (164)

Why? Because logging in to your cPanel through https:// provides an encrypted communication and secure identification of your hosting provider.

When you first sign up for a hosting account, you receive a "Welcome eMail" from your hosting provider. If your hosting provider offers a cPanel, there will be a link to log-in.

Here's part of a sample "Welcome eMail" from HostGator:

Welcome to the hostgator family!

Your Domain: something.com
Your Username: somtin
Your Password: Pa33word
Your sites IP address:
74.52.128.210

Your name servers:
ns325.hostgator.com
ns326.hostgator.com
----------------------
Until your DNS has changed over to our nameservers, you can access your cPanel at: http://74.52.128.210/cpanel

~ Source: HostGator Support

Unfortunately, this link will redirect you to http://ipaddress:2082, which is a non-secured port.

I think the reason hosting providers give this link is because some people may have the secured port blocked by their firewall and might cause some confusion. Nonetheless, I wish they would give the secured link anyway!

After your domain name propagates to your hosting account, you can also log-in using http://yourdomainname.com/cpanel, which again will redirect you to the non-secured link of http://yourdomainname.com:2082.

Log-in to your cPanel Securely on Port 2083

Rather than using the link provided in your email,  I suggest changing the link to https://yourdomainname.com:2083, which is a secured port.

You will know this is a secured port, because you will see in your browser's address bar https:// instead of http://.

The first time you open the secured url, you should see a warning message appear on the web page. Here's a screenshot from Firefox:

Internet Explorer: Click on "Continue to this website (not recommended)" text.

Google Chrome: Click on the "Proceed anyway" button.

This warning is normal and wants to make sure you trust the source. Click the text "I understand the Risks" and a drop down message will appear. Here's a screenshot from Firefox:

Click the "Add Exception" button. A pop-up window will then appear to add the security exception. Screenshot from Firefox:

Click the "Confirm Security Exception" button and you will be taken to the cPanel log-in panel.

You can now log-in securely with your username and password to access your web hosting cPanel.

Leave Your Feedback

Submit your comment below and let me know if this article helped you or if you have any questions or concerns.

Related Posts:

• HostGator Changed My WordPress Blog IP Address (34)
• HostGator Coupon: Save 25% Off ANY Hosting (1)
• S.O.S. – Safe Online Shopping for the holiday season (4)

Last night we detected some unauthorized activity within one of our databases. While we don’t have evidence that customer passwords were taken at this time, we’re forcing a change out of caution. Please login to our web panel and change any passwords you may have with us. We’ll keep this post updated as we get more information.

When logging into the DreamHost Web Panel, the following warning appears at the top of the page:

Due to some unauthorized activity we detected within one of our databases, we have forced a reset of all FTP/SFTP and shell passwords as a precaution.

Please visit the "Users > Manage Users" tab immediately to change any passwords you may have with us.

You can keep up to date with this issue as it progresses on the DreamHost Status blog at:
http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/

There have been numerous updates through the day. Click here for the latest status on DreamHost servers.

Be sure to log-in immediately and change your passwords.

We also strongly suggest you make a complete backup of your website files and databases.

DREAMHOST STATUS UPDATES

Update Jan 21st, 11:00am PST: Password changes are still processing. albeit slowly. At this time we estimate that any password change will take approximately 1-2 hours to fully update in our system. We sincerely apologize for the delay in these changes taking effect. -Oscar

Related Posts:

• DreamHost One-Click WordPress Installed Timthumb Vulnerability and Security Risks (9)
• BlueHost, GoDaddy, and Other Network Providers get Targeted with Bulk Injection Hack (14)
• Breaking News: WordPress Hacked with Zettapetta on DreamHost (164)

It's time to come together as a community and join us in this historic moment!

What is the SOPA Strike?

On January 18, 2012, the Internet is going on strike to stop the Web Censorship Bills in Congress! Sites are striking in all different ways. Check out Strike Against SOPA!

Why Strike SOPA and PIPA?

On January 24th, Congress will vote to pass Internet censorship in the Senate, even though the vast majority of Americans are opposed. We need to kill the bill - PIPA in the Senate and SOPA in the House - to protect our rights to free speech, privacy, and prosperity.

SOPA is not dead, it is being rewritten and PIPA (equally as bad) is still alive in the Senate.
http://www.forbes.com/sites/insertcoin/2012/01/16/so-is-sopa-dead-not-exactly/

Can SOPA and PIPA Affect My Website or Blog?

The scariest part about these bills is that the government will be allowed to censor and shut down any website or blog that it sees fit. Imagine having your site taken down!

How Do I Join the Stop SOPA and PIPA Fight?

1. Join the SOPA Strike Here!
2. Add the Stop SOPA Ribbon Plugin to your WordPress blog. (We're using it in the top right corner of this website.)
3. Install and activate the SOPA Strike WordPress Plugin.
   (We're using this plugin to redirect all traffic to the SOPA Strike page all day on Wednesday, January 18, 2012. And this plugin will log your website name and URL to be included on a roll call for supporters, but collects no other information.)
4. Change your social profile pics in the #BlackoutSOPA movement!
5. WordPress.org asks that you to help stop SOPA/PIPA.
6. Join the Stop Internet Censorship by Protesting SOPA movement on Facebook and get the latest SOPA/PIPA updates.

WordPress Users, You Can Help Stop SOPA & PIPA

We are not a small group. More than 60 million people use WordPress — it’s said to power about 15% of the web. We can make an impact, and you can be an agent of change. Go to Stop American Censorship for more information and a bunch of ways you can take action quickly, easily, and painlessly. The Senate votes in two weeks, and we need to help at least 41 more senators see reason before then. Please. Make your voice heard.

Source: Help Stop SOPA/PIPA by Jane Wells, UX Lead for WordPress

Are You Joining the SOPA Strike?

Is your site going black on Wednesday, January 18? If passed, tell us how how you think the SOPA and PIPA bills could affect your WordPress site or Online business. Leave your comments below.

Related Posts:

• WordPress Users Please Help Stop SOPA/PIPA (1)

Privacy is our shared responsibility!

Do your part. Participate in Data Privacy Day by educating students or parents, training employees, hosting an event or sponsoring DPD.

In honor of Data Privacy Day, here are 5 tips on how you can keep your data safe:

• Have a reliable and updated antivirus program running
• Backup your data
• Keep your passwords safe, use strong passwords and change them often
• Be cautious with email (don't send passwords, bank account info, etc. via email and watch closely for phishing/scam emails)

Here's a list of Data Privacy Day Resources

• About Data Privacy Day
• DPD 2012 Events < click the links on the left for an event in your area or Online
• Education Resources
• Get involved with Data Privacy Day
• Government-Created Resources
• Consumer and Business Resources
• Data Privacy Day 2012: What Consumers Can Do - PDF
• Data Privacy Day 2012: What Businesses Can Do - PDF
• Data Privacy Day 2012: What Parents Can Do - PDF
• Data Privacy Day 2012: What Schools Can Do - PDF
• Data Privacy Day 2012: What College Administrators Can Do - PDF
• Data Privacy Day 2012: What Libraries Can Do - PDF
• Mobile Privacy Tips - PDF
• Online Privacy Tips for Young People - PDF
• Privacy Tips for Social Networking - PDF
• STOP. THINK. CONNECT. Posters, Tips and and Advice Sheet

Check out the National Cyber Security Alliance at Stay Safe Online to learn more about online safety.

Related Posts:

• In honor of Data Privacy Day, the full ebook of lol…OMG! (4)

Just check out this video from Fight for the Future,

WordPress has a great news article on it as well. And here's another article about SOPA from Bryan at Copyblogger.

Be sure to make your voice heard! Senate is scheduled to vote on this bill Tuesday, January 24, 2012.

Related Posts:

• WPSecurityLock Joins the SOPA Strike (8)