If you’re trying to boost search rankings and draw more traffic to your site, guest posting is an incredibly effective tactic. Guest posting is exactly what it sounds like: posting on another blog as a guest. This type of post can help you gain authority and build your portfolio as a freelancer or help build links if you run your own site. [Read more…] about 5 Tips for Effective Guest Posting
Geek Life Skills
The EU’s GDPR (General Data Protection Regulation) is coming up pretty quick. May 25, 2018 will be here before you know it. This law was actually approved back in April 2016 however had a grace period of two years before it went into full effect. Trying to understand all of the information out there is about like trying to understand tax laws with its 11 chapters and 99 articles. Most of the time it leaves you cranky and your head throbbing.
The quick rundown of GDPR
- Identifiable data is protected. Any data that can be used as identifiable for a visitor falls under the GDPR. This includes and not limited to name, email address, sex, race, age, address, phone number, and birth date.
- It requires that consent is given. If you have the opt-in box checked by default, you need to change it so it is unmarked by default.
- Parental consent will be required to process any and all personal data of children under the age of 16, can vary per member state in the EU (country) but it will not be below the age of 13.
- It gives the visitor the right to know what information is being stored about them and why it is being stored.
- It gives visitors the right to have their information to be removed at their request.
- If any data is ever lost, stolen, accessed without permission, the authorities must be notified within 73 hours of the breach becoming known along with every single person whose data was accessed.
- Any new site must be made with privacy in mind. Data requests should be strictly controlled and only given when required.
- Data can only be used for the reason it was given at the time it was given. Then it must be securely deleted when the data is no longer needed.
- A visitor can request their information at any time, transfer that data, or have it removed.
- It also allows national authorities to impose fines on companies breaching the regulation.
While this is an EU law, it affects every single person on the web in one way or another. For all of us in the United States who feel that the DGPR does not apply to them, the first thing you need to know is that if your site has a form, e-commerce, blog subscription, comments, or even a contact me, you will need to have your site GDPR compliant. If your site can be reachable by someone in the EU and it is collecting any type of information, that means you! Also, please do not consider just blocking EU IP addresses as that does not really work either. With the help of VPN’s, your site can still be accessible to the EU and still falls in the realm of the GDPR regulations. If you fail to comply, the EU can still fine you up to €20 million per infringement or up to 4% of the annual worldwide turnover. That can put a small site/business out-of-order.
What you can do to become GDPR Compliant
If you have any opt-in boxes or forms with boxes, you must ensure that they are UNCHECKED by default.
Another item that all sites will need is a Data Viewing and Removal option for visitors. You can find mine on the GDPR Personal Data page. A visitor to your site will now be able to remove their data from your site at any given time.
If you have questions, talk to a lawyer. Find one that is well versed in GDPR. In the long run, it is always better to pay a lawyer a few hundred dollars than possibly millions in fines.
Tools to make compliance easier
In my research of how to handle the GDPR changes for my clients, I have found two options to assist in being GDPR compliant.
Both plugins are free in the WordPress plugin repository and easy to configure. Please do your due diligence before choosing any option to become GDPR Compliant.
TL;DR: Get your website ready for GDPR. If you have questions, ask someone. Don’t just sit back and do nothing. It could become a very costly issue.
DISCLAIMER: Using my guide does not guarantee compliance to GDPR. This post gives you general information and ideas, but is NOT meant to serve as complete compliance package. Compliance to GDPR is a risk-based ongoing process that involves your whole business. Can’t Speak Geek is not eligible for any claim or action based on any information or functionality provided by this post or this website.
I had the great pleasure of speaking to the Southern Illinois University in Carbondale Tech Dawgs a while back. What a great bunch of college students! It was a great experience talking to college students about the importance of learning WordPress skills as a marketable career skill and what the WordPress community is all about. We talked about building plugins and themes and the estimate incomes of designers and developers. It was a very fun look into the world of WordPress. I am very humbled to be able to give back to my community what WordPress has given to me.
Here are my slides from SIUC’s Tech Dawgs WordPress night.
A strong password is the first line of defense for keeping people out of your information. If a person can not guess the password, then they can not get into your account. The more robots that are made to be key loggers and password guessers, the easier it is to guess a password and enter a site that the robot does not belong.
Strong passwords are at least eight characters with capital letters, lowercase letters, numbers, and special characters in them. A great one has a mix of all four characters and ten to twenty characters long. The less legible the better.
Password Best Practices
- Never ever never use “admin” or “user” for the username and “password” for the password. Never! Do not use pa55word or password123 either. Those are the first passwords to be cracked. Just do not even think of this as being an option. Ever.
- Capitalizing the first letter of a used word or name does not make it more secure either. JamesBrown is just as easy to crack as jamesbrown. Capital P is only important when spelling WordPress. It will not make your “Password” more secure. Again, the less legible the better.
- Do not use words. If it something that can be guessed easily, the hacker can guess it as well. Even the combining of words are easily guessable. Using “iloveyou” or “cheersfriends” is as easily hackable as using your name. Adding numbers or special characters that look like letters like making a password of “Jam$areJ3lly” will make it a bit less hackable but only a very little.
- Never use personal information as your password. Anyone’s name, birthdate, anniversary, dog’s name, address, etc. are never good ideas to use as passwords. If a friend or family member can guess it, the hackers can to.
- Use a different password for every login. If you have the same password for every account you log into, then if a hacker finds out your password to your email, then they can get into everything. This is important because if you use the same password and someone gets into your email, then they have access to everything. They can get into banking information, credit card login, and much more. Definitely keep a unique password for each and every financial institution and email accounts.
- Use a password keeper to store your passwords. Personally suggest LastPass, KeePass, or 1Password for Mac. You only need to remember the one to login for the application and they take care of remembering the rest. All have their own pros and cons. Try all three and see which one you like the best. With using a password keeper, you do not have to remember those passwords that are not words.
- Use a password generator to make up your passwords. Most of the password keepers have them built into them. You can specify length and what type of characters you want within the password. Once you chose the one you like, you can save them to the password keeper as well.
- One thing that is popular right now is “password therapy”. Password therapy is where you make a password that is more like a mantra that you repeat. For example, you want to quit smoking. You make your password for all of your logins “smoke free”. For security reasons, this is a bad idea! keep separate logins for everything.
- Do not email passwords. LastPass gives you an option to email a link to your password. Unless you have encryption set up, the email can be compromised.
- Do not share your passwords with anyone who does not have a direct need for them. Login information should always be a need to know thing. If you can set up the other person with a separate user credentials it is always better than giving them yours. Always take the minimalist approach and only give out what they need and as much access as they need.
These steps will help to keep your information more secure. Just remember, nothing is ever 100% secure but it always better to do something than to do nothing. Keep your information up to date and do not share it with anyone. There will always be new vulnerabilities coming out. Just remember the basic rules of passwords and that will help aid you to keep the bad guys out.
Information security means a lot to me on many different levels. Unfortunately, nothing is completely hack-proof. First and foremost, I like any other internet user do not want any of my private information to get in the hands of anyone it is not supposed to. I do all the normalcy of running an antivirus on my PC’s and my Mac, I have up a decent firewall, and watch what sites I visit. Also for personal internet security, I do not use any duplicate passwords. The best thing to do is use a password keeper apps like KeePass, LastPass or OnePassword.
With what I do in my professional life, privacy and security are big business. Internet security, more importantly WordPress site security is a very passionate subject for me. When there is a WordPress site that has been hacked, I come in and clean the site up. It is cheaper to take the necessary steps to keep your site secure than to have someone come in and clean it. Weather using WordPress to aid in the design of your website or building it straight from code, the developer must add security to their site or information can get out and the uglies can get in. Now adding too many security plugins can be an issue as well. Too many plugins will not play well with each other and then you will be locked out of your site.
Privacy and security need to be important and on the top of the list because no one wants to deal with the aftermath. In personal issues it involves changing all your financial information, login information, and anything else you put on the web. Professionally, it can be the biggest headache one has ever had. It can take hours and dollars to fix a broken site. One of the best things to do is have a backup. Backup your files, your information, your computer. Backup everything. I have my photos and music in 3 separate locations so I never have to worry about losing any of them. Here is where a cloud based service like Bitcasa or Dropbox work for you. Also, keep your information hidden. Use a service to keep your passwords. Writing them in a file is much more easier to retrieve. When using a public network be more aware of what sites you are visiting and what information you are putting out. Update your services, passwords, plugins, and everything else on a regular basis. It is good to change you password every 3 months.
What do you do if your desktop or laptop gets hacked?
This happens all the time. Viruses and worms find their way into your desktop or laptop. First and foremost, always keep some sort of antivirus up to date on your unit. If your box does get something on it, typical virus removal is not the cheapest service in the world, but it is easily done. Find a company you can trust, and get the viruses off your PC.
What do you do if your site gets hacked?
Finally if you are hacked, it is not the end of the world. While it does take time and sometimes money to get back to normal, you will get there. If ever in that situation, take a deep breath and tackle it. If you have a website that you feel has been hacked, come see me over at WP Security Lock and we can get you taken care of.