It is every single website owner’s worst nightmare to realize that their website has been hacked. Infected sites can wreak havoc for everyone and cause a lot of damage in its wrath. It is a very serious matter that should be tackled as soon as the infiltration has been discovered. However, the first thing to do at this moment, is take a slow, deep breath, and know that your website will be up and running clean once again. Listed below is my step-by-step guide for anyone with an infected WordPress website who is wondering what to do next. [Read more…] about Oh no! My WordPress site got hacked!
Archives for May 2018
Pitching to Talk at Your First WordCamp
Pitching to talk at your first WordCamp can be a rollercoaster of emotions. It can be fun, nerve wrecking, frustrating, thrilling, and everything in between. Don’t let it discourage you, as speaking at WordCamps are a ton of fun! WordCamps choose all levels of speakers from the brand new to the seasoned veterans. I have heard some great talks from folks speaking at their very first WordCamp.
Why speak at a WordCamp?
The best reason to speak at a WordCamp is to share just how awesome you are. Everyone has a story to share in the WordPress Community, so you might as well share yours! WordCamps are one to two-day conferences showcasing all aspects of WordPress. WordCamp speakers are chosen based on their pitches and passion for the WordPress Community. All speakers are volunteers and are never paid for their time or their travel from the WordPress Foundation. They do however get great bragging rights and typically a great dinner out of it. Plus, sharing your love and knowledge back to the community is a great feeling.
How do I pitch to a WordCamp?
First of all, you have some leg work to do before you should actually pitch to a WordCamp. You have to go in with a plan of action.
- Come up with a topic (or four)! You have to know what you want to speak on before you can request to speak. The best thing is to talk about your passions in WordPress and what you know. The more love you have for a certain topic, the more it will show in your pitch, and then later in your talk.
If you need inspiration on topics, take a look at previous WordCamps to see what other people have talked on. There are so many options out there that no two talks will ever be alike. - Write an outline of your talk(s) once you have settled on a subject. The more precise the outline, the easier it will be to write your pitch.
- Now that the outline is done, write your pitch! Make sure your pitch is both informative and fun. Make sure it covers all the basics of what you will be talking about.
- It will need a snazzy title. A fun title can go a long way but you still want to make sure that it is relevant to the talk.
- Also, one of the hardest things for me to do is to write my bio. Bios need to always be written in the third person. They can be witty, informative, professional, or a mix of all the above.
- The last but the most important step, submit your pitch(es) to the WordCamp of your choice!
Now what do I do?
You sit back and relax. All of your hard work is done. Once submissions have been closed, you will receive an email from the WordCamp organizing team letting you know if you have been chosen or not. This can sometimes take a few weeks after the close. Do not worry though. They will always respond. If you are chosen, congratulations!!! If you are not, please do not take it personal and always try again. Even some of the most renowned speakers are turned down for some camps. That is the beauty of WordCamps, you will never have the same conference twice.
Resources
- Make.WordPress.org is a great place to look for encouragement on writing your pitch.
- WordCamp Central can show you all of the upcoming WordCamps around the world.
- Use Meetup.com to find your nearest WordPress Meetup.
- My friend Josh Pollock gave some great advice on Tourque
The Need For Maintenance
I get asked all the time “what is the big issue with maintenance? My site is online. Why should updating or backing up the site matter?”
First websites are not build them and forget them like many people think they are. Too often when a site is built by someone else, they forget to tell the site owner that there are certain things that need to happen once they turn the site over to the user. This can end in bad news for the site owner later down the road. Maintenance can take just a few minutes each month and can save you a lifetime of headache in the long run.
Backups are essential!
I tell clients and new users all the time “nothing is every permanent if you have a backup.” This should be learned back in the high school paper writing times and then carried with you for the rest of your life. Remember staying up late writing a paper and then closing down your machine without saving to find out the next morning the paper was gone? Imagine that happening when you are working on your website. Any time you are adding a new plugin, editing any of the files, or changing any functionality of the site, it is crucial to make a backup first. This is for when things break, you always have a backup to revert to. Plugins like BackWPUp, BlogVault, Jetpack, and Backup Buddy can help you to setup automatic updates of your site. Just remember to have them sent to a place other than your server for safe keeping. Most plugins have a cloud option or you can have them sent to a Dropbox account or AWS S3 storage canister.
Updates are crucial!
A major line of defense from hackers is updates. Security experts preach often about the necessity of updating a site. They are not wrong.
Updates are made for three reasons.
- The Release of New Features
- To Fix A Bug/Outdated code
- To Fix A Security Vulnerability.
Updating the core, plugin, and theme files when they come through will keep known vulnerabilities at bay. It is always best to update your site on a staging environment to test before making the live changes. If you do not have the option for a staging site, always run a backup before updating for if you need to revert the site back due to conflicts.
Remove any unused plugins and themes
It goes along with the old saying, “if you are not going to use it, get rid of it.” If there are plugins that are sitting in “deactivated” mode, it is best to delete them and then re-add them when you need to use them again. The WordPress Plugin Repository has a fantastic feature where you can save your most liked plugins as “favorites” in your profile. That way you never have to search for the ones you like to use.
As for themes, it is best practice to only keep the theme in use and the most recent WordPress default theme to use for conflict checks if needed. All the other plugins should be removed from your site.
Inspect your site regularly
You know your site better than anyone else. Take the time to look at the front end of your site to ensure that everything is working properly. Definitely do this after running updates on your site. Look for any console and visual errors on your site. Doing this regularly can close the gap from any issues on your site being noticed by your visitors before you know they are there.
Change Your Password
With all passwords, you should be changing them every 6 months to a year. Your password is your first defense at keeping unwanted people out of your site. You can see more of what Can’t Speak Geek thinks about passwords by reading Preaching About Passwords. Also, make sure your passwords are unique and not easily remembered. The harder to remember, the harder it is for password crackers to guess.
Keep up with the commenting
Spam comments can fill up a database very quickly these days. Using something like Akismet can keep unwanted comments off your site and out of your database. It is still good measure to check on your comments often and approve them to share the conversation on your blog posts.
Check your forms
Your forms are what can connect a first time visitor of your site into becoming a customer. If your forms are not working, then your leads from your forms will stop as well. We recommend making a test submission to your forms monthly to ensure they are working properly.
Test your e-Commerce portals
Every so often, we recommend monthly, run a test purchase through your site. The last thing you want is to find out you have lost sales due to your checkout not working. If you are testing your checkout on a regularly basis, you will know before your customers do if something is wrong and can fix it before you lose any sales.
Performance Testing
How is your site holding up? Make sure that it is not suddenly slowing down or performing horribly due to changes on your site. Google still looks at site speed as a very important piece of where you will be in their list. I suggest using Pingdom and GT Metrix for performance testing.
Put 404’s to rest along with Broken Links
If a user tries to go to a place on your site that does not exist, it will cause a 404 to happen. Now, 404 errors that happen because a reader accidentally mistyped an address are normal and nothing to be worried about, but when 404 errors happen due to a page that is no longer available can cause bad user experience and people to leave your site.
Broken links happen when you have links to outside sites that no longer work. We see this often when linking to other blog posts and/or YouTube videos.
It is a good measure to check on 404’s and broken links to ensure that all links work on your site. The plugin Broken Link Checker does. great job in taken care of both issues. If you need to make redirects for your site, I would recommend the plugin Redirection.
These basic maintenance steps are essential to keeping your site online and running properly. Site maintenance is key. In the event you would rather have someone else to take care of the maintenance of your site, there are companies that can help. Companies like WP Site Care, 13Core, and WP Buffs can help you with updates and backups so you don’t have to.
The 5 Star Customer Service Experience
Last year, I had the opportunity to speak at WordCamp Chicago about one of my favorite subjects, customer experience.
Your business should go beyond the sales and development. A customer who receives a five star customer service experience is one who will become a repeat customer and a free marketing tool for your company.
Take advantage of those experiences and learn the tips on how to make your customers feel like they are at the Ritz Carlton and driving a Ashton Martian. From your first response till after the close of the ticket. Every customer should feel like a one in a million.
Here is the full taping of my talk along with slides.
What I have found to handle GDPR Requirements
The EU’s GDPR (General Data Protection Regulation) is coming up pretty quick. May 25, 2018 will be here before you know it. This law was actually approved back in April 2016 however had a grace period of two years before it went into full effect. Trying to understand all of the information out there is about like trying to understand tax laws with its 11 chapters and 99 articles. Most of the time it leaves you cranky and your head throbbing.
The quick rundown of GDPR
- Identifiable data is protected. Any data that can be used as identifiable for a visitor falls under the GDPR. This includes and not limited to name, email address, sex, race, age, address, phone number, and birth date.
- It requires that consent is given. If you have the opt-in box checked by default, you need to change it so it is unmarked by default.
- Parental consent will be required to process any and all personal data of children under the age of 16, can vary per member state in the EU (country) but it will not be below the age of 13.
- It gives the visitor the right to know what information is being stored about them and why it is being stored.
- It gives visitors the right to have their information to be removed at their request.
- If any data is ever lost, stolen, accessed without permission, the authorities must be notified within 73 hours of the breach becoming known along with every single person whose data was accessed.
- Any new site must be made with privacy in mind. Data requests should be strictly controlled and only given when required.
- Data can only be used for the reason it was given at the time it was given. Then it must be securely deleted when the data is no longer needed.
- A visitor can request their information at any time, transfer that data, or have it removed.
- It also allows national authorities to impose fines on companies breaching the regulation.
While this is an EU law, it affects every single person on the web in one way or another. For all of us in the United States who feel that the DGPR does not apply to them, the first thing you need to know is that if your site has a form, e-commerce, blog subscription, comments, or even a contact me, you will need to have your site GDPR compliant. If your site can be reachable by someone in the EU and it is collecting any type of information, that means you! Also, please do not consider just blocking EU IP addresses as that does not really work either. With the help of VPN’s, your site can still be accessible to the EU and still falls in the realm of the GDPR regulations. If you fail to comply, the EU can still fine you up to €20 million per infringement or up to 4% of the annual worldwide turnover. That can put a small site/business out-of-order.
What you can do to become GDPR Compliant
First things first, please take a look at the information you are collecting. Inspect your forms, checkout pages, comments, Google Analytics, IP addresses, etc. Make sure you cover all the ways you collect information in your Privacy Policy.
Now, most of you already have a Privacy Policy on your site, or at least I hope you do. You can find my standard one here. I have adopted two now though as the other is the GDPR complaint Privacy Policy. Please make sure you review your Privacy Policy to ensure it is compliant.
If you have any opt-in boxes or forms with boxes, you must ensure that they are UNCHECKED by default.
Another item that all sites will need is a Data Viewing and Removal option for visitors. You can find mine on the GDPR Personal Data page. A visitor to your site will now be able to remove their data from your site at any given time.
If you have questions, talk to a lawyer. Find one that is well versed in GDPR. In the long run, it is always better to pay a lawyer a few hundred dollars than possibly millions in fines.
Tools to make compliance easier
In my research of how to handle the GDPR changes for my clients, I have found two options to assist in being GDPR compliant.
First, if you do not have a Privacy Policy on your site and you have no idea where to start, then I suggest this plugin: GDPR Framework. The first thing I noted with this plugin is you must be on at least PHP version 7.0 on your server. It is very easy to set up and gives you a compliant Privacy Policy. It is what I used to build the GDPR complaint Privacy Policy I have on Can’t Speak Geek. It also has the data removal form built-in as well. You will need to make both pages (Privacy Policy and the removal form page) but GDPR Framework will build the content for you. The data removal tool is auto built via a short code.
If you already have a rockstar of a Privacy Policy and just need the data request and tracker then I suggest using the plugin GDPR Compliance. It seems to be the most stable and is well supported. Their UI is very user-friendly and it will scan your site for any items on your site that needs attention to be GDPR Compliant. The plugin currently supports Contact From 7, Gravity Forms, WooCommerce, and WordPress Comments and claim on their site to support more at a future date.
Both plugins are free in the WordPress plugin repository and easy to configure. Please do your due diligence before choosing any option to become GDPR Compliant.
TL;DR: Get your website ready for GDPR. If you have questions, ask someone. Don’t just sit back and do nothing. It could become a very costly issue.
DISCLAIMER: Using my guide does not guarantee compliance to GDPR. This post gives you general information and ideas, but is NOT meant to serve as complete compliance package. Compliance to GDPR is a risk-based ongoing process that involves your whole business. Can’t Speak Geek is not eligible for any claim or action based on any information or functionality provided by this post or this website.