Marketing Your Creative And Business Ideas Since 1996
A Certified NYS Women's Business Enterprise
Twitter Security Issue – Time to Change that Password Again

Twitter Security Issue – Time to Change that Password Again

What’s with that popup we all got this morning? Due to a bug that has since been resolved, every Twitter account password was being stored in an internal log, unmasked. There is no evidence that the log was hacked, but out of an abundance of caution, Twitter representatives strongly encourage everyone change their password.

Twitter representatives also urge users who use the same password for multiple accounts across the internet (i.e. – users who used the same password for Twitter as they did for platforms such as Facebook, email, mobile banking, etc) change those as well. It is also suggested that users set up two-factor authentication on whatever platforms allow.

For more information, check out the official Twitter Blog article on the subject here, or the Mashable article with some additional commentary here.

22 Years

22 Years

22 years ago, I took a leap of faith.  I had just finished graduate school and looking for a job. After a few people told me they could use me as a consultant, I started a consulting company. The first project I got was for a website.  The rest, as they say, is history.  I focused on websites for a long time — I even had a local business leader tell me I was wasting my time because the internet was “just a fad.”  That fad is still here and definitely not going anywhere.

18 years ago, I added my first employees.

In the past 22 years, we have built close to 300 websites. We currently host 200 websites. We are most proud of the 20 non-profit organizations we have helped.

As times changed, so did we. IMC also offers print design, branding, email marketing, and social media consulting/management.

Here’s to seeing what the next 22 years will bring!

Beth

Customer Support & WordPress Specialist

Customer Support & WordPress Specialist

IMC is Hiring Again!

We are looking to fill an entry-level professional position dedicated to supporting our existing customer base and new customers from our Arts Spark project.

The successful candidate will be a technically-oriented person with stellar communication skills. Tasks begin with answering the phone and providing 5-Star customer support by:

  • Updating websites with new content using a variety of CMS platforms
  • Assisting customers as they setup email on new devices
  • Answering questions customers have as they update sites using WordPress
  • Troubleshooting email and website issues, handing off to a programmer if necessary
  • Performing security updates on CMS software and plugins/modules

The successful candidate will have the following minimum skills:

  • Excellent communication skills, both written and oral
  • Ability to multi-task and prioritize as well as think on your feet
  • Ability to work as part of a team
  • Ability to ask questions
  • Advanced knowledge of HTML, & CSS
  • Basic knowledge of WordPress systems
  • Working knowledge of Adobe Photoshop
  • Working knowledge of PC, Macintosh, mobile, and Gmail email systems
  • Ability to work in our office in Saratoga Springs – remote work is not an option
  • Attention to detail

IMC is a fast-paced environment tracking multiple projects in development concurrently, with a primary goal of delivering a quality product on time. The right candidate will receive a competitive salary, personal time, paid holidays, and contributions toward health insurance.

To be considered for this position, please send:

  • a letter of introduction
  • your resume
  • names and contact information for your references

to jobs@imediaconsult.com.

Please note, this is not a coding or design position. This is an HTML/CSS and customer support position.

5 Tips for Securing Your WordPress Website

5 Tips for Securing Your WordPress Website

How often are bots, spammers, and hackers trying to get into your site? It might be more often than you think.  One of our smaller, local clients has had over 18,000 attempts at getting into their WordPress site in the past year.  Fortunately, we have the security in place to prevent attacks like this from getting through. What can you do to secure your site?  These tips apply primarily to a self-hosted version of WordPress (not WordPress.com). Although many of these tips can be used with a WordPress.com website.

Use a Security Plugin

WordFence and All In One WordPress Security are two of the most popular plugins out there — because they work.  Plugins like this will help guide you through the changes you need to make to keep your WordPress website secure.  They work by modifying the .htaccess file on your server, helping you easily block bots and IP addresses attacking your site.  They also provide assistance in changing some common WordPress URLs and installation settings as well as securing WordPress common files (such as wp-config.php). Just be careful when using these, because it is possible to lock yourself out of your own site — trust us, we’ve seen it happen.

Change the Admin Username

Seriously, change the administrator username to something other than “admin”.  Since the WordPress default installation uses “admin” as the administrator user name, that is the first username bots and hackers try. Of the 18,000 failed login attempts above, more than half tried admin or some variation (i.e. adm or domainadmin). Do not use a significant part of your domain name either.  For example, if your domain is mycompany.com, do not use “mycompany” as your username.  That was the second most used user name in the failed login attempts.  Others to stay away from include the full domain name, “Webmaster”, “Webadmin” or other similar usernames.

While you are changing the admin username, make sure there is a “real” name attached to the user.  When a post or page is published, the author is often public.  If you do not set a first and/or last name for the user, WordPress defaults to the login username.   The bots then pick up that username and attempt to get in.  Secondly, be careful with the usernames. For example, when “Jane Smith” posts,  bots will try “Jane”, “JSmith”, “Smith” and other various combinations trying to login to her account.

Change the WordPress Database Table Prefix

When WordPress is installed, it puts “wp_” in front of all its database tables. This is to help you identify which tables belong to WordPress if you are using the database for more than one application.  Change “wp_” to something else. Ideally, you would like to use more characters and mix of letters and numbers.

While you are checking on your database, make sure the database name, username, and password are secure. cPanel accounts default database names to your account username followed by an underscore and then a name you choose. Pick something nonsensical for that name — make it a string of characters that would not appear in a dictionary.  The same is true for your usernames and passwords.  Passwords for databases should be at least 12 characters long with a mix of uppercase, lowercase, numbers, and special characters.

Keep WordPress and Plugins Updated

Always make sure you have the current version of WordPress and your plugins running.  Also make sure all your plugins come from reputable sources and are listed in the WordPress plugin repository. Do NOT download a “free” version of a premium plugin you find somewhere–there is no way to verify the veracity of that plugin and you are hurting the people who have put hundreds of hours into developing and supporting something that is making your life easier.

WordPress is excellent at releasing patches to fix bugs and secure vulnerabilities.  You can turn on automatic updates, which will automatically update your installation for the smaller releases (i.e. 4.7.1 to 4.7.2).  For the bigger releases, you will need to update WordPress yourself, which is as easy as clicking a button. ALWAYS make sure you have a backup of your site files and database before starting an update process.

Backup Your Site Regularly

Speaking of backups…your hosting provider should be able to provide backups for you – some will charge an extra fee. Your hosting provider should also be storing offsite backups – ask if they do. You can also use plugins such as JetPack and Updraft Plus. They provide backups right from your Dashboard. Premium versions will allow automatic scheduling and some offer automatic backups to the cloud.  Having a clean version of your database and files is important in case your site is compromised.

WordPress is a great and popular platform for building websites — because of that, hackers try to take advantage of the uninformed. Keeping your site secure is easy, but takes a little vigilance on your part to make it happen. If you have ANY questions about how to secure a WordPress website, find a reputable web development firm with WordPress experience. For a small fee, they will be happy to review your security settings and provide recommendations.

 

What People Are Saying

I will be eternally grateful to you for what you have done to create this beautiful, fun, interactive web site.  You are AMAZING!!!

Vicki Latham, P.A. -C Toxin Clear

We Can Help

Page 1 of 512345