4 Hidden Costs of WordPress Sites

April 15, 2008

I’ve written before about WordPress and similar “baby CMS” products being great alternatives for small business web sites.

They can be configured to have the same look and feel as the typical “static” small business site, with the following added advantages:

  • Old pages can be updated and new pages can be added without having to have in-house web design skills, or hire a developer to make minor changes.
  • The “blogging” side of the system can be configured as a press release section, article library or other form of regularly added content, encouraging visitor retention, re-visitation and added search engine traffic.
  • Proper theme development and plug-in use can offer substantial search engine optimization with little or no manual intervention.

As a result, many small business owners have turned to having sites developed (or redeveloped) either partially or completely within WordPress. Unfortunately, they often overlook some of the hidden on-going costs of such sites:
Read more

Official WMF Vulnerability Patch

January 6, 2006

Microsoft has released an official patch for the Windows WMF vulnerability — a little ahead of their official schedule, and a little behind when it probably should have came out.

The patch and details are available here.

The SANS Internet Storm Center has recommendations on how to apply this update, including how to uninstall the previous unofficial patch and re-register the DLL that had the problem in the first place. Details are here.

The SANS instructions are a little complicated, since they are written for both individual users and administrators of multiple systems.

If it’s just your own machine, and you followed the instructions in the previous post, here is a simplified set of instructions for replacing the unofficial patch with the official one, and re-registering the DLL that you unregistered.

  • Reboot
  • Download the patch for your version of Windows from here and install it.
  • Go to Control Panel | Add Remove Programs and remove the unofficial hotfix. It’s titled “Windows WMF Metafile Vulnerability HotFix” (there will probably also be a version number). You’ll probably be prompted to reboot afterwards; you can, or you can go on and reboot after the next step.
  • Click on Start | Run and enter
    “regsvr32 %windir%\\system32\\shimgvw.dll” (without the quotes)
    You’ll get a little dialog telling you that registering the DLL succeeded.
  • Reboot your machine (particularly if you did not do so after uninstalling the unofficial patch.)

After this, you should be good to go until the next ordeal!

Windows WMF Vulnerability — Heads up!

January 2, 2006

Update — Microsoft has released an official patch; you can go here to read more details, including how to uninstall the unofficial patch and re-register the DLL the instructions below had you unregister.

There has been a lot of talk in the last week about the new WMF vulnerability in Windows. Unfortunately, if you’ve been living on a desert island — or just taking a little time away from the computer celebrating the holidays — chances are that you may not have heard of it.

In brief, there is a newly discovered and un-patched vulnerability (what is called a “zero day” vulnerability) in Windows that can allow a seemingly innocent image to execute code on your computer.

Let me put this in a bit more blunt terms — imagine loading a web page (even a perfectly innocuous-looking web page that you visit often) and an image — perhaps even a single-pixel white dot on a white background — causes your computer to load up lots of spyware, spawn ads all over the place, capture your information when you type in passwords or credit card information, send out spam without you knowing it, damage your data, and infect other computers in your local network.

Now imagine that you’re not imagining.
Read more

IE Security hole worse than feared

November 29, 2005

Just to put a cherry on top of the whole “Firefox 1.5 has been released” thing, if you’re still using Internet Explorer, you should go read this:

IE Flaw Is Worse Than Expected.

There’s a lot of geek-talk on that page, but the upshot of it is, if you’re a Windows user using Internet Explorer, any website you visit could be used by a malicious user to execute anything on your computer. Like reformat your drive. Or mail your Quicken account data to someone.

There is no fix for this yet.

Scary Stuff.

Trust No.1

April 2, 2005

Seth Godin has up a great post on the elaborate April Fool’s gag he prepared (a whole bit about Homeland Security registering and taxing bloggers, and how he’d come out in support of it), and why he ultimately decided not to post the thing after all.

“But I’m not going to post it. In fact, this is my last post until Saturday. Why? Because everything is being taken so seriously, especially when individuals feel deceived, mistreated or foolish.”

That’s the sad truth.  I thought about doing an April Fool gag myself here, and then decided not to bother; I didn’t pull one prank or even dumb joke the whole day.

It seems like most everybody suspects (or is even reasonably sure) that they’re being lied to and manipulated by the people they’re supposed to be trusting these days.  You don’t need April Fools gags when we feel like we’re living in the endless April 1st…

What is SSL (the “little padlock”)?

December 25, 2004

SSL (“Secured Socket Layer”) is a protocol used to encrypt the communication between the user’s browser and the web server. When SSL is active, a “little padlock” appears on the user’s browser, usually in the status line at the bottom (at the top for Mac/Safari users.)

This assures the user that sensitive data (such as credit card numbers) can’t be viewed by anyone “sniffing” the network connection (which is an increasing risk as more people use wireless networking).

Common web site owner questions about SSL:

Read more

E-Mail Addresses & Web Pages

December 13, 2004

It used to be a common sight to find e-mail addresses on small business web pages. Unfortunately, putting an unprotected e-mail address on a web page anymore is tantamount to erecting a giant billboard reading “Please Spam Me!”. Address harvesting robots trawl the ‘net relentlessly, looking for anything that resembles an e-mail address. When they find an address, it is added to spam mailing lists and sold to all of those people who like to send you e-mail about your mortgage and your sex life.

But you still need to have a way to have visitors to your site contact you.

Fortunately, there are a couple of good alternatives.

Read more

The Basics of E-Commerce

November 1, 2004

The Basics of E-CommerceVirtually everyone is familiar with the experience of making purchases online, but most small business web site owners (and even many web developers) have no idea of what is really involved. From accounting and banking considerations to the technology to make it happen, this teleclass series will teach you what you need to know, including such things as:

  • What is involved in getting a merchant bank account that will accept online purchases, and how to avoid the scams.
  • Building a relationship with a reputable payment processor.
  • Important considerations regarding fees, holding times, chargebacks and refunds.
  • Security risks and implications.
  • Getting a shopping cart installed, and how to deliver content online.

Read more

Firefox Security Upgrades

August 4, 2004

The Mozilla Firefox team has released version 0.93, for all platforms.  This upgrade fixes a handful of possible security exploits that have recently been discovered.

Get yours here.

I’m glad to see that they’re staying on top of it. 

Running Windows Securely

July 19, 2004

Over the past few weeks, I’ve written quite a bit on various Windows issues—Spyware, Viruses, and going to a more secure browser.  Even though those articles have scrolled off the front page, a lot of people are still looking for them, so this article will be a “living document” with links to all articles I write on the topic, and there will be a link to this on the right sidebar if you should need to refer back to it in the future.

Windows Security Articles

No. More. Excuses. – The very basics of securing a Windows computer, and why it’s important (to all of us) that you do so.

Spyware and You. – The details of how and why you should scan for spyware on your computer.

Welcome to Day Zero – Explains what a Zero Day Exploit is, how your computer can be infected by one even if you’re “doing everything right”, and additional things you can do to protect yourself.

Making the Switch from IE to Firefox – The previous article explains why you’ll be a lot safer if you don’t run Internet Explorer (IE); this article gives you simple step by step instructions on how to replace IE with Firefox—a safer browser with lots of great new features.

Related Articles

More IE Vulnerabilities Found – If you think the recent Microsoft patches made IE safe, think again.

What’s on YOUR Firefox? – Some of the great extensions that can add new features to your FireFox.

A Real Solution to Spam? – A review of Mailblocks Challenge/Response system that really DOES stop spam.

It can’t be that bad… – How many clicks does it take to get to the center of an unprotected copy of Windows?

Read more

Next Page »