Heartbleed Could Affect Your WordPress Site

A critical OpenSSL vulnerability nicknamed “Heartbleed” was discovered recently and you need to know whether your information could be impacted. What is Heartbleed anyway?

What is Heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). (source – Heartbleed.com)

Basic Things You Should Know About Heartbleed and OpenSSL

  • The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
  • OpenSSL is a library that provides cryptographic functionality to applications such as secure web servers. Be sure to read the documentation of the application you want to use. The INSTALL file explains how to install this library. OpenSSL is based on the SSLeay library developed by Eric A. Young and Tim J. Hudson and the OpenSSL toolkit is licensed under an Apache-style licence which basically means that you are free to get and use it for commercial and non-commercial purposes.
  • The Heartbleed bug compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.
  • The Heartbleed bug allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
  • The Heartbleed bug is not a design flaw in SSL/TLS protocol specification. It is an implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

Should You Be Concerned?

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption doesn’t prevent hacking but it reduces the likelihood that the hacker will be able to read the data that is encrypted. Encryption is used to protect secrets that may harm your privacy or security if they leak. This bug has compromised secrets in four categories:

  • The Heartbleed bug leaked primary key material – the crown jewels – the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will.
  • The Heartbleed bug leaked secondary key material – the user credentials (user names and passwords) used in the vulnerable services.
  • The Heartbleed bug leaked protected content – actual content like personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption handled by the vulnerable services
  • The Heartbleed bug leaked collateral – Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.

OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. You may be directly or indirectly affected if your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.

Users of OpenSSL versions 1.0.1 through 1.0.1f with the heartbeat extension enabled are affected. OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

OpenSSL version 1.0.1g addresses the vulnerability, as well as OpenSSL instances compiled without the heartbeat extension.

What You Can Do

  • If you are not using OpenSSL on your servers (or are not hosted on one of our Shared hosting plans), you are not affected.
  • If you do use OpenSSL, identify which servers are running OpenSSL (versions 1.0.1 through 1.0.1f are affected).
  • Update to the latest patched version of the software (1.0.1g), or recompile OpenSSL without the heartbeat extension, if applicable.
  • Reissue any SSL certificates on affected web servers after moving to a patched version of OpenSSL.
  • Test your SSL installations. You can also test your site here: http://filippo.io/Heartbleed/
  • Revoke any certificates that were replaced. Please revoke AFTER the reissue has been completed and you have successfully installed it on your web server.
  • Consider resetting end-user passwords that may have been visible in a compromised server memory.

Helpful Resources regarding Heartbleed

It is wise to take all the necessary precautions but without allowing panic to come in. Learn all you can and act accordingly.

How To Get Started Building Your Authority Site Using WordPress

WordPress is one of the most popular and most dynamic publishing platforms today. If you are planning to build your authority site from scratch, get the foundations right by building on solid ground. If you are wondering about the basic things you need to do to get started on your authority site check out the items listed below to help you out. This checklist can be a helpful guide for beginners and serve as a handy reminder to experienced WordPress users as well.

  • Secure your domain name. Choose your name wisely. Check how it will appear in the url as some words read differently without spacing in between. You don’t want to be stuck with a name you will regret. (eg. Top Ten Bands Hits.com might mean something else when the words are all squished together.)

  • Get a webhost like Bluehost.com to host your website’s content. Take note of features like unlimited domains, bandwidth, downtime, etc.

  • Install and configure WordPress as your publishing platform. Some web hosts include WordPress in their website packages and offer free installation. Take advantage of these features.

  • Choose a WordPress theme and install. There are tons of WordPress themes available, some free. Choose a premium theme over a free one as this is generally more stable and the developer/author usually offers and provides customer support for theme installation, issues and bugs.

  • Install basic plugins like Akismet, Google Analytics, WP SEO, etc. to beef up your site.

  • Set up pages for important standard information such as: About Us, Terms of Use or Terms of Service, Contact Us, and Privacy Policy. These add credibility to your website.

  • Add and integrate social networking links like Facebook (business page), Twitter, Pinterest, Instagram, Linkedin, etc. into your website. These networks help promote your content and will generate traffic for you if optimized properly.

  • Fill your site with fresh content based on the keyword research you’ve been working on (read more about this in our previous article: Building your Authority Site using the Google Keyword Planner Tool).

These are just some of the practical steps you can do as you start building your authority site using WordPress. If you have more tips and techniques, please share by leaving a comment. We’d love to hear from you.

45 Creative And Artistic Websites For Inspiration

Have you even thought how all the designers around the world are coming up with unique design ideas? Inspiration is the key behind it. Have a look at all the following creative web layouts and I am sure you’ll find some inspiration.

(more…)

Save the Date! May 27, 2013 – A WorldWide WordPress Party

WordPress fans rejoice! WordPress is throwing a party this May 27, 2013 in celebration of the 10th anniversary of the first WordPress release AND you are all invited. This 24-hr worldwide celebration is powered by Meetup Everywhere and currently lists participants from over 200+ WordPress communities all around the globe.

Interested groups can register with Meetup, pick a place to meet (any place is the perfect place as long as there’s food, drinks, and cake!), invite other interested parties (tech guys, newbies, oldies, and WordPress fanatics) to join the event, and simply hangout with the rest of the world wide WordPress web. If your group reaches 50 or more, you might even get to receive cool WordPress freebies like stickers, buttons, and collectible swag packages. Commemorative 10th anniversary t-shirts are also available for purchase in the swag store. Grab yours today.

Photos, tweets, shoutouts, videos, and posts from all the parties will also be collected and posted on a website specifically for this event. For those waxing nostalgic, maybe you can share old WordPress memorabilia or interesting trivia and experiences you’ve had using WordPress, or even start a blogging marathon till the big day. Will your group be the biggest? the most creative? the most fun? There’s still time to get it together before the party gets started on May 27.

Don’t forget the hashtag! #wp10

Note from WordPress: If you already run a group on meetup.com, making your party an event in your group is great, but you still need to post it and have people RSVP at the special party page, because regular groups and Meetup Everywhere groups aren’t connected yet.

Simple SEO Tips for Startups

Hello World! That’s the first thing that greets you see when you start a new website. You’ve successfully created your first post and you’re ready to fill it up with more content but you are probably wondering if anyone at all will get to read what you have written.

Here are some simple Google-approved SEO tips for Startups:

To WWW or not

  • use a 301 to consolidate indexing signals because it is a permanent redirect and signals to search engines to transfer all the indexed properties from your non-preferred (www) to your preferred version (non-www) or vice-versa

Verify ownership in Google’s Webmaster tools

  • enable email forwarding to receive critical messages from Google in case of hacking, malware, or crawling issues

Domain background check

  • check for previous ownership (spammers), unwanted keywords and index results – inform Google for any penalties or reconsideration requests

Use the Fetch as Googlebot Webmaster Tool

  • to tell Google to crawl and submit the url to index making it available to searchers even faster.

Include Analytics Code to gather data

  • see which pages are popular and which are not

Site Design Strategy and ideas

  • utility
  • navigation
  • focus

Define your conversion or call to action

  • what you want your visitors to do
  • newsletter signup
  • contact you for a business lead
  • buy
  • try
  • share

Smart copy

  • Include query terms normally or commonly used to find your products.

Every page should be unique

  • unique topic
  • unique title
  • unique meta description
  • for non-dynamic sites – keywords in the filename (lowercase and hyphen separated)
  • descriptive anchor text for every link

Page load time or speed

  • the longer the page loads the more likely the user will leave the site
  • customer acceptability for ecommerce sites = 2 seconds
  • Google = under half a second
  • Ranking – find your audiences and interact with them
  • provide an awesome product or service
  • natural links
  • +1s
  • likes
  • follows
  • shares

Social Media Marketing

For more information and tips, check out the GoogleWebmasterhelp video on YouTube. For those who want to know how to do this, WPMU.org has a quick and easy tutorial on how get started using Google Webmaster Tools for WordPress.

Useful WordPress Utilities to Start the Year Right


Give your WordPress site a tune up to keep it running smoothly with these helpful WordPress utilities. Remove forgotten spam comments, beef up your site’s functionalities, or simply improve the overall browsing experience of your audience, and give your website a little TLC. Check out these utilities to see which ones will work for you.

Smart Cleanup Tools

Smart Cleanup Tools is an easy to use, powerful plugin for database cleanup. With this plugin you can remove data that is no longer in use or not needed like trash, spam, or orphan posts and comments. It can help you restore database overhead and speed up database operations. This plugin supports WordPress multisites, and it has few tools designed for Network administration.

Easy Post Google Fonts

This plugin allows you to use over 600 Google fonts (even multiple fonts) in one post or page. You can specify every page element and tell it which Google font to use. No flash required.

The Countdown Pro

Add countdown functionality to your content or your sidebar area with The Countdown Pro powered by jQuery. Features and options include: date picker, expiry url, expiry text, date format, custom labels, custom callbacks, template styles, and so much more. It also comes with a shortcode generator and a multi-instances sidebar widget.

Interactive World Maps

Create as many interactive maps as you want (world, continents, countries, regions, states, metropolitan areas) with Interactive World Maps. Add and display colored regions and display them as regions or with colored markers. Useful for travel websites, multinational companies, NGOs, infographics and many other applications.

Ajax Translator Revolution Dropdown WP plugin

This user-friendly translator plugin is based on the highly rated AJAX Translator Revolution Lite jQuery plugin this time with an easy dropdown menu. Translate everything or select sections, show languages flags and names, remember visitor’s selected language.

Sugar Event Calendar for WordPress

This is a simple, lightweight event calendar plugin with just enough features you need for event management on your site. Neat way to keep visitors updated with scheduled weekly, monthly, yearly recurring, or new events and activities on your site.

30 Realistic and Inspirational 3D Artworks 2013

Some people believe that genius is something intrinsic, something inherent within a man and genius cannot be taught. You cannot be trained to become a genius. For e.g. you cannot be trained to paint like Da Vinci. Although this notion is true but some people take it far too seriously. Some students skip classes because they think that traditional education will tamper with their natural instincts. Others try to start a business without reading a single business book. Of course these people are flawed in their thinking. Albert Einstein once said – “You have to learn the rules of the game. And then you have to play better than anyone else.” So you see success has two parts. One is learning the rules of the game and the other one is playing better than others. This former aspect, learning the rules of your trade, can be trained and taught.

Below I have collected 30 artworks for those artists who want to learn the rules of art. These artworks are not genre specific. They vary from the children’s comic character The Incredible Hulk to the portrait of a simple innocent girl, from the picture of a super hero to Ibn Tulun Mosque. So scroll down and enjoy.

(more…)

40 Future City Art Illustrations for Inspiration

My physics teacher used to say – “Change is constant in nature. If change is not taking place then something is wrong.” We started from a Big Bang, life somehow evolved on earth, we learnt how to burn fire, we learnt the power of a wheel, we learned how to make machines, Franklin discovered electricity, Faraday discovered how to produce it in power houses, Bill Gates developed Windows and here we are in the twenty first century. But what if we try to go a little further? What if we try to envision the future? This is an interesting topic and the numerous popular science fiction movies and novels bear witness to this fact.

Stephen Hawking said on a Discovery Channel program that it may be possible to build a time machine with which we can go into the future but not back in history. Such a time machine has not yet been made and is only a subject of fiction. Science is too strict and limited by the laws of nature while art, in this respect, is limitless as it is free to imagine and inculcate anything and everything in its domain. Below I present you with 40 art illustrations which our artists have carefully crafted by imagining what the future of our world might look.

(more…)

Best Shopping Cart Plugins for WordPress in 2013

Online shopping has been steadily growing in the last few years. As more and more people engage in business transactions on the web, it is fitting for WordPress sites to be ready for this flurry of eCommerce activity. Here are some of what we consider the best eCommerce plugins for the upcoming year.

Cart66

The Cart66 WordPress ecommerce plugin makes selling easier than ever before. With Cart66 you can sell electronics, digital downloads, videos, music, web hosting, legal services, collect membership fees, and more. Online selling need not be so complicated. This plugin makes selling anything as simple and as easy as can be. Cart66 integrates major merchant tools such as Amazon S3, for delivering digital products, and popular payment gateways such as Paypal’s payment system for collecting payments from sales. There is also a Lite Version which can be downloaded for free from the WordPress repository.

Jigoshop

This eCommerce plugin is the basis for the popular WooCommerce solution. While the two plugins have diverged development wise, Jigoshop maintains the clean, well written code philosophy both plugins have. Jigoshop provides you with the features necessary to set up an eCommerce website in no time with the option to create a multitude of product types and apply detailed attributes customers can easily refine your catalog, ensuring they find what they’re looking for in just a couple of clicks. It is one of the fastest growing plugins and has an emerging ecosystem of extensions that go with it.

WooCommerce

WooCommerce is a free, open source eCommerce plugin that is easy to install, use and extend. This very popular plugin is built for flexibility. It has great built in functionalities such as reporting, tax and shipping capabilities, products and inventory, supports numerous payment gateways, and so much more. The basic functionality can also be beefed up with available extension upgrades to match your business requirements. WooCommerce is an eCommerce tool kit that you can tailor to your specific needs.

MarketPress

MarketPress is an easy to use and powerful ecommerce / shopping cart plugin available for WordPress. This plugin was developed from the ground up to make it simple to set up a stylish online shop, MarketPress has all the features you need, including: Multiple payment gateways (PayPal, Authorize.net, Google checkout, 2checkout, Moneybookers, eWay, Cubepoints and more), fully internationalized by the WPML crew, and includes provision for shipping, coupons, Google Analytics Ecommerce tracking, sale pricing, unlimited product variations. Not only that, it’s also free.

WP Marketplace

The WP Marketplace plugin is a full-featured WordPress Shopping Cart/e-commerce system that is extremely easy to install and even easier to maintain. It has everything you need to build a complete online shop – from front-end management to shipping to payment gateways to analytics to social marketing and SEO features. WP Marketplace is an eCommerce tool that can turn your website into a money making machine.