All posts tagged “Prevent”

How To Prevent ‘Sudden Client Designer Syndrome’

We’ve all been there: a client really, really wants to make a change to your design that, as a designer, you can immediately tell will result in disaster.

It happens to every designer, and, as far as I can tell, there’s no real way to avoid it. However, there is a method you can use to mitigate the problems caused by what I like to call “Sudden Client Designer Syndrome.” It has to do with User Experience (UX). Contrary to popular belief, UX is useful not only to web developers, but to any designer who designs any kind of product, information, or experience with a “user,” “consumer,” or “customer” in mind.

Create Objectivity

The reason why clients develop Designer Syndrome in the first place is that design is almost universally seen as a subjective discipline. In many ways, that’s completely true. Designers are called upon to navigate the fine line between marketing and art to develop creative solutions to problems.

It’s all very romantic, and clients can get to caught up in that mythology that they lose track of the fact that there is actual knowledge, experience, and quite often training that lies behind those decisions their designers make with seemingly no effort at all. People forget that it only looks easy. That’s okay; they’re only human. But if you’re the designer caught in the middle of this tangle, it can make your work quite frustrating and emotionally draining.

Businessman interactions by social media with business partners - vector illustrations

However, if you play to your clients’ true desires, you can often get them to understand the inherent objectivity that lies at the heart of what you do. What are your clients’ true desires, you ask? Well, if they’re anything like my clients, their true desires probably have something to do with generating maximum profits for their businesses.

This is an objective goal that you can use to your advantage. Your client may secretly wish he or she were an art director or a designer themselves, but the reason they’ve hired you is because they want to generate the most lucrative product, service, or information possible.

Your primary task when dealing with a ‘wannabe designer client’ is to remind them of this fact as often (and as politely) as possible. The easiest way to do this is to make sure you always talk about your design decisions in terms of the user, rather than isolating the visuals or the mechanics and selling the client purely on your design’s technical merit.

Whether your client is selling shoes, a personal philosophy, or organic dog food, he or she can always be persuaded to put their users first. (If they can’t, it’s probably time to find a new client.)

Do Your Research

Here’s a trick you can use to automatically boost your desirability to clients, getting them not only to trust you for every project they give you, but which will also make you a sought-after expert to other prospective clients in the same industry: figure out the target audience your client is targeting, and focus your effort on getting into the head of the ideal example of that audience.

When you zero in on serving a particular market through your clients, you automatically raise your desirability as a designer, and you make your career less about your individual clients, and more about the industry that needs your services.

Vector illustration of web analytics information and development website statistic

You can spend a lot of time being a “generalist” and go after any kind of design job you can find, or you can narrow down your services to a few key markets and spend some time getting to know exactly what goes on in the psychology of those types of consumers.

For example, if you’re a freelance branding designer who does work for start ups, take some time and think about exactly what kind of start ups you’re targeting. What do they sell? Who buys their products or services. Those are the people you want to please – not your client.

And, phrased just the right way, this will become evident to your client as well. Of course, you should never be rude or condescending to a client, but if you make it clear that you are an expert on your client’s target market, they will trust you that much more, and they will also recommend you to their colleagues in the same industry that much more frequently.

Be the Client

Creating user personas is an excellent technique that business owners use to gain insight into the psychology of their target market. Designers use it as well when they are developing content or products on their client’s behalf. However, you can also use this technique on your clients themselves.

As I said before, your career will be much more streamlined if you focus in and get to know the target demographics you serve most often with your designs. But it’s also a good idea to spend time getting to know the clients you serve most often. Clients are your target market; as such, they can be dissected and studied using business savvy and marketing psychology.

It might sound cold and mechanical, but believe me, it’s much simpler than going into a design meeting completely blind, attempting to figure out each client individually. Doing several hours of research in your spare time will eliminate the guesswork from your freelance business, and your clients will be immensely grateful that you can seemingly “read their minds.”

Flat illustration of communication by social media - vector illustration

So, how do you go about doing this research? By finding the types of people you’d most like to work for, and contacting them about their wants and needs in a designer. Email them, call them up, invite them out for a chat over coffee.

Gather enough of this data and you’ll start to see patterns emerge. These patterns are the basis for your client persona – they are what you can use to generate a bulletproof knowledge of nearly every client you serve. There will always be exceptions, but by gathering research, you can dramatically reduce the likelihood of getting a client that you absolutely can’t deal with. And if you do get one of those clients, well, you know what to do by now (hint: it involves running).


It’s important to actually do these things, rather than just think about them. The reason is that what you think your clients and target users want is often very different than what they actually want. This is why so many business ideas fail before they even get off the ground. People don’t do their research; they don’t communicate directly with their market, and so they fail to realize what others are really looking for.

To position yourself ahead of all the other lazy, mediocre designers out there, it’s important that you actually take the time to get into the heads of your market, whether it’s clients or users.

What Do You Think?

Do you spend time getting to know what your clients or end users really want? How has it helped your design process?

All images from Max Griboedov’s potfolio on Shutterstock.

The post How To Prevent ‘Sudden Client Designer Syndrome’ appeared first on Speckyboy Web Design Magazine.

Speckyboy Web Design Magazine

Freelancers: 7 Ways To Prevent Chargebacks From Clients

We all know the financial hardships freelancers face when finding new clients, preserving existing income sources, maintaining cash flow during slow times, figuring out income taxes and more. Unfortunately, there is another financial hurdle you could face as a freelancer: chargebacks.

via Fotolia

A chargeback is a forced credit card refund. Chargebacks are a form of consumer protection, originally created to protect people from fraud and unauthorized transactions. The merchant bears the burden of proof. All the cardholder (freelance client) has to do is contact the bank and ask for their money back.

If you accept credit card as a form of payment, even if you are in freelancing, credit card companies will deem you a merchant, which means that a freelance client can dispute a payment they’ve made to you. The money will be removed from the your bank account, without warning or your consent, and you will be left with an extra chargeback fee you’ll have to pay.

As you can see, chargebacks open the door for fraudsters which may include clients of questionable character looking to cheat the system.

Accepting Credit Cards As Payment

The first solution off the top of your head would probably be to just do away with the idea of accepting credit card as payment. But know that other forms of payment come with dangers too: check fraud, counterfeit and bouncing checks are a few unpleasant side effects of accepting checks as payment.

Bitcoin and other virtual currencies aren’t widely accepted yet, and wiring money or providing direct deposits are a risk many clients aren’t usually willing to take. In the end, credit card payments are usually the lesser evil. Chargebacks are unpleasant but with proper management, they are preventable. Taking manageable risks is the only way to ensure growth and success.

Best Ways To Prevent Chargebacks

A determined fraudster or a lazy client is bound to slip through the cracks on occasion but there are plenty of ways to reduce the risk of these unnecessary profit losses.

1. Consider Using A Moderator

Technically, you can find freelances jobs anywhere. It should also be noted that anyone can post these jobs. Unless there is a screening process of some sort, you could end up working with some real sketchy characters. Consider using freelance job coordinators like oDesk, Elance, or Guru.

In addition to facilitating work opportunities through the job board, these companies act as a payment moderator between the client and freelancer. There are checks and balances in place to help make the payment process as safe as possible. Some even go so far as to guarantee payment. Chargebacks are much less likely to occur in these "safe" environments.

2. Meticulously Research The Potential Client

Even if you do use one of these freelancing agencies – and especially if you don’t – it is important to do your own research. An honest client who has every intention of paying for quality work will have a better online reputation than a scammer who is determined to get something for free.

Go online and learn everything you can about a new or potential client.

  • Check out their website (the design can tell you a lot about the company’s legitimacy).
  • See if there are any reviews on the client’s Google+ account.
  • Be sure to check out scam websites like Ripoff Report.
  • If the company has brick-and-mortar presences, you can see how they stand with the Better Business Bureau.
  • In addition to your online research, conduct a phone or Skype interview.
  • Also, if the client does business in the "real world," stop in during business hours (if they are local).

3. Take Extra Precautions

Many chargebacks are filed because of unauthorized transactions. A fraudster could get a hold of credit card information and buy a design on someone else’s dollar. Make sure you really are working for the person who will be footing the bill.

If possible, ask for a photocopy (or scan) of both the face of the credit card and the client’s photo ID. Make sure the names match. A thief probably wouldn’t have access to both the credit card and ID. In fact, if the credit card account number has been hacked from somewhere, they might not even have access to the actual card. You can also compare the signature on the ID to the signature on the contract.

4. Address Payment Details In Writing

Your contract might be your best chargeback prevention tool. Disputing a chargeback is difficult – and rarely successful. The only way to prove your case (and get your money back) is to have written documentation supporting your claims.

Since a contract would act as this dispute proof, it also acts as a deterrent for anyone who might be looking for ways to cheat the system. So make sure you plug any holes from the get-go. This article on freelance contract clauses can help you draft a fail-proof contract; pay careful attention to the tips regarding rates, invoicing, kill fee, and deadlines. These will be most helpful in preventingt chargebacks.

5. Clearly Outline Copyright Ownership

Another important tip to note is copyright issues. Copyright laws are another valuable chargeback prevention tool. Imagine the following situation. You design a killer website for a client. He accepts the design. He pays you via credit card. Life goes on.

Later, you receive notice of a chargeback but your design is still on the client’s site. If you worded your contract right, you can go after the thieving client. How? Put the following phrase in your contract: copyright transfers to the client only upon payment in full. If the client filed a chargeback, he hasn’t paid you, and therefore is in violation of copyright laws by continuing to use your design.

If you threaten the client with a DMCA takedown, he is likely to cancel the chargeback real quick. If he doesn’t pay, follow through with the takedown. This action won’t get you your money back, but it will give you a little satisfaction!

6. Comply With All Deadlines

Not all chargebacks come from scammers. There is a real possibility the chargeback filed against you is valid and brought about by your own actions. There are tons of acceptable reasons why a cardholder would file a chargeback. For example, one chargeback reason code that could influence your freelance income is "services not provided."

If you don’t adhere to deadlines, it is understandable that a client might consider a chargeback. The client shouldn’t have to pay for something he didn’t receive. If there is a chance you’ll miss a deadline, let the client know as soon as possible and offer an alternate submission schedule.

Additionally, make sure you provide excellent customer service. Answer your client’s phone calls and emails promptly and professionally. If there is a lag in communication, the client might think you went MIA and pull the plug on payments that have already been rendered.

7. Do The Work, And Do It Well!

Chargebacks filed when services are "not as described or defective" is also a legitimate grievance. If your client hired you to do X and you delivered Y, isn’t it understandable that a chargeback could be in your near future?

One way to ensure the quality of your work is to limit the amount of projects you accept at a given time. If you are stretched too thin, it will show in the quality of your work. Take pride in your work. Deliver completed projects that represent your very best effort.

And there you have it. There is nothing to fear about chargebacks once you understand how to prevent or at least minimize the possibility of it happening on your watch. Don’t threaten the success of your design career by failing to take a few preventative steps before work begins.

Have you experienced a chargeback? Were you able to successfully dispute it? Did you change the way you interact with clients as a result?

Editor’s note: This post is written by Jessica Velasco for Jessica loves unearthing the strangest, most outrageous tech ideas. You can follow her on Twitter.

Demo Day: 5 Tips To Prevent Bugs And Blunders

Software is sensitive. Let’s face it, one ">" could be the difference between looking like an expert, or wanting to immediately disappear from the face of the Earth. After years of developing and years of doing it professionally (for a living) with my face and name behind everything we produce, I’ve come to understand the theory of "when, not if, it breaks".

via Brian Jackson

Let me begin by saying this: there’s no easy way to handle a catastrophic bug, or even a small-detail bug, on demo day. That piece of software you have been working on, will at some point, embarrass you. What matters is how you mitigate the chances of things blowing up in your face when you least need it.

Based on our humble and insignificant experience, these are the steps we’ve taken throughout our processes than can help lower the chances of a complete bug-triggered meltdown on demo day.

To Start Off

If you will be the one doing the demo of the "final" software product to clients, potential investors or prospective users, you have to pay more attention than anyone else. At the end of the day, you’ll be the one holding your hands to your face and sweating profusely when something goes wrong.

The mindset should be, "No one cares as much as me." Even if your team is a bunch of rockstars, everyone should still be thinking that no one cares as much as they do.

1. Manage your deliverable schedule to your advantage

So, to the point, if your schedule says the client presentation is on Monday, write it down for the Wednesday before that and have everything mocked up like if it were the actual Monday. Do not think of this mock date as a practice run – it’s not. We should think of it as THE date and act like it is.

Go through every step like you were in the actual presentation, and you will uncover the right bugs (meaning the ones with a higher propensity of showing up in the actual demo). If you fail to accurately portray this date as the actual presentation date, it won’t be very beneficial.

2. Narrow down the scope of your Demo

If you know the exact functionality you will be showing off, don’t focus on debugging everything. Focus on debugging your demo-specific functionality. A few weeks ago we were delivering a medium-sized, consumer-facing, social influence portal for a Latin American company. They wanted to demo the registration process so that they could start signing up potential users.

We knew exactly what they wanted. We debugged that along with the rest of the platform – big mistake!

The night before the demo (out of pure luck), we found a ginormous bug at the exact moment when the user would hit "Register" in a specific, nightmare-inducing, browser which will remain nameless (but we all know which one I am referring to). Keep your debugging efforts focused.

3. Focus on Plan B, And A (And don’t forget Plan C)…

When things go wrong, and you are caught off guard, take a second to feel like a fool… and then swiftly transition into Plan B mode. Have several different backup plans that will allow you to continue with your demo.

Have an offline version. Have a version that isn’t hooked up to the back-end, and is just a front-end version. Keep a prototype on your phone. Mockups. Videos. Something. Don’t put all your eggs in one proverbial basket.

4. … And Give yourself ample time to prepare

During this step, you might just find that your piece of software has a problem. You might uncover a huge bug that will at some point blow up during your demo, and this is a great opportunity to decide which materials you will utilize: Plan A + Plan B, or maybe just Plan B, or Plan C, etc.

There are so many factors that can play against your software demo, not just the lines of code. Think about the Internet, the computer you will be demoing on, the projection, etc. Give yourself time to find out if the version of the software you will be running will be okay. And if that’s not the case, you’ll have time to react.

5. Hand it off, and hand it off a lot

Every developer can understand where I’m coming from when I say, "let it see the light." As developers, and creatives in general, we tend to overprotect our creations until they are the brightest-shining gems, ever. In reality though, you’ll turn that gem around and find a big chip on it, when you least expect it.

"Deliver" or show the product as much as you can to people that can pilot the application in different environments, browsers, resolutions, operating systems, user accounts, etc. Get the back-and-forth process started on your product early and keep it constant. Development-oriented users couldn’t be more different than end-users.

Wrap Up

The demo-bug-apocalypse can happen to anyone. Just think of the most recent headlines where some of the biggest companies in tech were implicated of the most amateur errors. The point is: let’s not be caught off-guard when important things are on the line.

Editor’s note: This post is written by Gino Ferrand for Gino is a self-taught iOS and web developer, and founder of Tecla Labs. He works in and you can find him on Twitter.

The NoFollow Tag – When and How to Use it to Prevent Google from Penalizing You

There are some website owners that use black hat techniques in their SEO practices. These include, but are not limited to techniques such as cloaking, keyword stuffing and other dubious SEO practices. Such techniques give the offending websites value in SEO which they do not deserve since they are not offering anything of value to anyone.

The NoFollow Tag – When and How to Use it to Prevent Google from Penalizing You

In other words, search engines consider links to be votes that pass credit onto other web pages. Needless to say, such antics are frowned upon by most search engines, to say the least.

But what is a website owner to do if their online articles had informative content but also include a sizeable number of backlinks that point visitors to different websites? You don’t want Google to think that your website is selling links. And this is where NoFollow links can come in handy.

What, Why& How?

What are NoFollow Links?

These links were the brainchild of search engine giant Google. They work like this; the links allow websites, online articles or blogs to post or display links, however, the links cannot pass on any SEO capabilities on the content that they are posted on.

Why Should you Care?

Putting nofollow links on outbound links on a website allows a website owner to assure search engines that his content will benefit his end users. In addition, the presence of such links also assures Google and other major search engines about the ethical nature of your practice. In addition, websites that use nofollow links and have a few outbound links also rank well if the links are used appropriately. You only need to know how.

How to Use them?

In general, NoFollow tags are simple pieces of HTML that, once appended to hyperlink allow website owners the chance to allow or prohibit search engines from following certain links.

Let’s explain this with an example. A NoFollow link would look something like this:

<a href="" rel="nofollow">Your anchor text will go here.</a>

The link above simply incorporates a nofollow link through the text rel="nofollow". That is all there is to it.

When can you Use them?

NoFollow links are basically designed to curb link spamming especially in the comments sections of blogs. And as mentioned there might also be instances in which you may want to link to a website but do not want to transfer any “Google Juice” to it.

Keep the Google Juice for yourself

What is Google juice? The reason that Google views links to other websites is a stamp of approval to show that the websites in questioned include quality content. The higher these web pages are in PageRank, the more influence their links will have.

While linking to other websites might seem the neighborly thing to do, there can be times where you aren’t feeling so charitable. In cases such as these, NoFollow can help if you do not want to transfer any Google juice to other websites.

When linking to Questionable Websites

You can’t prevent some bad eggs from latching onto your website. While search engines like Google shouldn’t hold you responsible for websites that link onto your own, they may decide to penalize it if the offending links include content that is of poor quality. Other reasons why Google might penalize you in such situations are if the links are not relevant to your website’s theme, are part of a link exchange scheme or come from unsavory sources.

The most obvious course of action to prevent something like that from happening is to prevent your website from accepting links from websites if there are no backlinks involved. If you absolutely have to initiate the nofollow process, all you have to do is to add rel=”nofollow” to the link code. This will prevent search engines from penalizing you.

For Paid Links

Sponsored links can adversely affect your PageRank if they are not handled correctly. Here is what Google has to say about paid links and nofollow tags, “In order to prevent paid links from influencing search results and negatively impacting users, we urge webmasters use nofollow on such links.”

Affiliate or advertising links offer webmasters payment to offer their links or pay commissions for any sales that a visitor makes after he follows the link. Any website that passes PageRank from a paid link can be considered as spam by Google and be removed from the search engine’s database. Such practices are against Google’s Webmaster Guidelines after all.

For example, if you are adding a paid link, reviewing a product or sponsoring a post, you can always add a nofollow code with a statement of disclosure in the post. Remember, there are some links that may look like they are sponsored even though they might not be. For example, linking to big name brands like Amazon can make the links look sponsored by search engines. Add nofollow tags to them and no search engine will question their purpose.

However, the search engine is interested in links that display the value of any linked sites for their own ends rather than as a source of financial gain.

If you are accepting money to add textlinks to another page, its best that you clarify that your page will be a nofollow to the person who is paying you. If Google suspects that you are adding links from websites that have a habit of being spammy, you will be penalized. The results will be devastating. For one, your web pages will be lower in Google’s search results. In addition, your online business will get less traffic and your blog will lose its marketable value. That is not something you want happening if your online activities are also your only source of income!

Blog Comments

Websites and publishers often tag their blog comments as NoFollow so that search engines pass over links that might have been posted by users. The technique is basically used to prevent spammers from publishing links on your website on the sly. Expect link drops if your blog allows comments without moderation.

Link to Competitors

You definitely want to stick a nofollow tag on a link or website that is competing for the same search keywords as your own especially of you need to link to it. The last thing you need to do is help them out.

User Generated Content

User generated content is similar to blog comments. It works like this; if you allow someone the chance to contribute content to your own website without moderation, a nofollow tag can spare your website from being seen as it were vouching for links from questionable websites.


Use nofollow tags in your links if you add infographics or links from other online sources or websites. You do not want to seem like you are endorsing them especially if you are not responsible for their content.

Why Google is concerned about such issues is apparent. Embeds such as infographics and widgets offer website owners an easy way to generate links. Such a convenience can also be abused. How? The links in question might in turn contain more links that link to third parties.

Privacy Pages

You will want to save up on the crawl budget that you are given for a website. While you can noindex your privacy pages, a better course of action would be to nofollow each link. A simple action such as this is all it takes for you to assure bots that you have no interest in promoting the pages in search engines.

When not to use NoFollow

The About Us Page

When it comes to initiating NoFollow links, knowing when you shouldn’t do so is just as important as when you should not. Experts recommend that the action should not be used on About Us pages. Remember, the About Us page on your website is one of its most important. Not only does it brief visitors on what your website is about it also lists relevant info that allow visitors to do business with you like your business’s address or phone number.

In addition, you are more likely to use industry specific terms in your About Us page more as compared to other pages. Such tactics are useful in picking up some targeted customers that use search engines through term such as these. Needless to say, it’s a good idea if you don’t NoFollow such pages. The same goes for your FAQ page. In addition, avoid adding NoFollow tags to every link on your website. You only want to increase the page rank of each internal page.

Sculpt PageRank

When NoFollow was first introduced by Google, a popular SEO process allowed SEOs to sculpt PageRank. In other words, the practice involved adding links to sites that were not actual links of the pages that they were ranked for. In theory, it worked like this; adding a nofollow tag to one link in a page with 10 links would end up redistributing 10% of the link juice to the rest of the nine links. This created a mess to say the least. Such a technique looks unnatural to search bots.

A Word to the Wise

The old adage “you can’t have too much of a good thing” rings true for nofollow tags. In other words it’s best that you be careful in how you use the tags. If your links have too many nofollow tags, they might be flagged as spam by Google or other search engines. Too many nofollow links can also be a sign of link manipulation. Needless to say, it pays to exercise caution where you use them. Not only will this help you avoid penalizations and spammers, it will help you rank your pages better on PageRank.

Comment spam used to be a cheap trick that allowed websites to boost their rank in the days when Google was just a fledgling and spreading its wings. A lot of webmasters still use unethical means or linking techniques to post comments on online blogs. Such a technique comes with negative repercussions. It leeches PageRank from the website where the blogs are posted. In addition, it allows visitors the chance to visit the links. The fact that the links might be dubious in nature or hold questionable content is another point of concern.

NoFollow tags aim to put a stop to that and to decrease the number of webmasters that use such techniques for their own ends. The fact that NoFollow tags do not allow other websites to link to your own does not mean that the tags are not valuable at all. On the contrary the technique has yielded plenty of traffic for web masters who know how to use them. And besides, a no follow link is better than none at all.

Visit us at



How to Prevent Cyber Fraud

A host of security pitfalls have been born of the internet, namely because the World Wide Web is not nearly as secure as many individuals believe it is. Unfortunately, the vast majority of surfers…

For full article and other interesting tech related stuff visit the website.

Nasdaq, NYSE consider data sharing deal to prevent trading outages

Nasdaq and the New York Stock Exchange are currently in early talks over what would be an unprecedented partnership after the two leading US stock markets experienced recent halts in trading due to tech problems, The Wall Street Journal reports. The rival exchanges are currently considering a system that would allow each company to run a backup steam of stock-pricing data from the other in the event of an outage, the Journal says. Such an agreement would allow trading to continue as the affected company fixes whatever tech issue it’s having at the time, thanks to help from the competing exchange.

Continue reading…

The Verge – All Posts

Autopilot isn’t enough: experts call for new pilot training standards to prevent crashes

For over a decade, aviation safety experts like the NTSB’s Robert Sumwalt and NASA scientist Key Dismukes have warned that pilots should never drop their guard — that they not only need to monitor their instruments, but also their co-pilots to keep fatal errors from occurring at times when the plane is most vulnerable. In 2003, they achieved a major win: citing a 1994 NTSB study that claimed 84 percent of accidents might have been prevented if the crew caught errors and / or questioned their superiors, they convinced the FAA to offically change the on-duty titles of pilots so both individuals would always have active responsibility.

Continue reading…

The Verge – All Posts

How to Prevent Your WordPress Website from Being Attacked

WordPress is known as the best blogging platform for a reason. I am sure everyone knows it as an amazing CMS platform which enfolds a multiple number of features and functions on it. One excellent thing with WordPress is it has got a plenty of plugins and resources which helps in enhancing the functionality of any website.

How to Prevent Your WordPress Website from Being Attacked

The recent attack on WordPress blogs by unidentified hackers has brought the vulnerability of WordPress to attention. Categorized as ‘brute force’ attacks, they made the news and warned WordPress site owners – once again – that it is in their best interests follow safety best practices.

The Evolution of WordPress

It has taken WordPress 10 years to become the most popular web content management system in the world. It is estimated that 22% of new sites and approximately 60 million sites in all, are powered by WordPress. CNN, eBay, Forbes and Sony are just some of the leading brands that maintain WordPress sites. The CMS generates over 4 billion page views and close to 40 million posts each month. According to website monitoring service Pingdom, WordPress is the blogging system of choice for the world’s top 100 blogs.

These numbers will definitely give you an idea about the massive impact of WordPress on businesses and individuals using the cyberspace.

Even as WordPress has evolved, sites and blogs powered by this system have become the favorite targets of hackers. The bottom line is, WordPress security must be taken seriously. If you are not aware of the security risks and the mitigators/controls you can use to bring risks to acceptable levels, read on.

Vulnerabilities in WordPress and How You Can Counter Them

To understand how you can safeguard your WordPress site against malicious intents, you first need to know about the vulnerabilities in the system. An idea about the possible ways in which your WordPress site/blog can be attacked, can prepare you for counter-measures at your end. These are the most common attacks on WordPress powered sites:

1. Brute-force password attacks:

If your site has been the victim of a brute force attack, then right off the bat, it can be assumed that your username and password credentials are not up to the mark. Basically, this type of attack involves trying to guess your username and password. So, if you still have the default ‘admin’ username or a weak password, you are extending an open invitation for attacks. Keep in mind that brute force attacks don’t stop after one failed attempt; attackers keep at it and manage to get the better of you. The persistent attempts at infiltrating your site can cause performance issues as they take a huge toll on your server memory.

How do you prevent it? The basic precautionary measure you can take includes not continuing to use the ‘admin’ username. Create a unique and hard-to-guess user with Administrator rights. If your name is Jennifer or Tim – which you display publicly on your blog – don’t use the same as your username. That would make it too easy for anyone to guess. It cannot be emphasized just how important it is that you set a strong password. A good one will have lower and upper case letters, characters and numbers. An example for a complex password is B5l(78)O12g9 or IlOve&28BlOg. Here are some don’ts of creating a password:

  • don’t use string numbers in sequence like 456789
  • don’t contract your domain name, username or company name; avoid permutations of these names as well
  • don’t create alphabet-only or only numerical passwords
  • don’t create short passwords, i.e. less than 8 characters long
  • avoid using a word from the dictionary as your password
  • never use a password that is the same as your username!

You can also consider installing a login limiter for WordPress. This basically quarantines or blocks a username/IP address that is trying and failing to complete login requests above a specific threshold rate. For instance, a penalty time-out of one hour can be imposed on a limit of 10 attempted logins every 5 minutes. Such limits will discourage and frustrate hackers as they won’t be able to try enough variations to gain illegal access.

2. Cross-site scripting:

Abbreviated as XSS, cross-site scripting allows attackers to inject client-side scripts into webpages being viewed by other users. Attackers may take advantage of this vulnerability to circumvent access controls.

In script injection, attackers look for one of your site’s input elements – such as the name, search or contact field – and inject malicious JavaScript or PHP commands. There are many ways in which such an attack can compromise your WordPress site. Attackers may make their way into your database, insert data and make it visible to your visitors. They may steal sensitive customer or financial information, impersonate users by accessing and hijacking session information (communication between site and users), and even bring down your entire site.

How can you prevent it? There are different measures you can take to combat cross-site injection. File validation, data validation and output sanitization are some techniques. As these involve some technical background, it is best to look them up and understand them in their entirety, for successful application.

3. Attacks on specific vulnerabilities in older WordPress versions or WordPress plugins:

It is not uncommon to hear about attacks on older WordPress versions. If you are using a version of WordPress after 2.8.3, you’re on the safe side; it is however advised that you upgrade to the latest version (3.5.1), which includes a number of fixes that can keep your site safe. Out-of-date plugins are extremely vulnerable to attacks – if you have been holding back on updating to newer versions, it’s time to do the right thing.

A good way to prevent hacking is to use quality plug-ins with good ratings, many downloads and active author support. Reliable authors will address security issues and accordingly update their plug-ins.

How to Keep Your WordPress Site Secure

WordPress site/blog owners can take a number of precautionary steps to strengthen security. Here are some you can invest in.

  1. A basic technology update to keep hackers away from identifying system loopholes is essential. There are many areas where hackers can spot loopholes and plan attacks. A comprehensive technology update will include malware checks, laptop password updates and anti-virus updates. Also make sure that your operating system, ISP and router have adequate firewalls.

  2. It is important that you back-up your entire database using a plug-in or even manually. You can choose from some excellent plugins that perform automatic full-site backups, such as BackUpBuddy (available on a yearly subscription and the easiest option for restoring a WordPress site), VaultPress (monthly subscription) and WordPress Backup to Dropbox (free and premium).

  3. As mentioned earlier, don’t hesitate to update plug-ins or your WordPress site, fearing that it would break your website. Some best practices in this regard include (a) ensuring that back-ups are up-to-date, by scheduling them on a daily or weekly basis (b) updating WordPress, plugins or themes at the earliest – pay attention even to minor updates as they will contain critical security fixes and (c) for major WordPress, theme or plugin updates, wait for a while until developers have conducted live testing on the updates. If you have another WordPress install, you can try duplicating your website and updating it first to determine if it’s fine to do the same with your live site.

    Note: You can follow news about the latest fixes/patches on WordPress Development.

  4. It is best to invest in a good hosting service. A provider well-versed with WordPress will be able to handle permissions and installation more capably, and the variation in service will be apparent to you. Partnering with a reliable service that knows WordPress can do its bit for site/blog security. Here are some options:

    Bluehost: A popular choice, Bluehost offers shared and upgraded shared hosting with added resources and fewer users on one server.

    Dreamhost: It detects hacks proactively

    WP Engine: This is a good bet if you want top-of-the-line WordPress security. From regular security scans to daily back-ups, it helps you address security issues easily and conveniently.

  5. There are quite a few free and paid security plugins that can monitor and protect your WordPress site. A free security plugin – Wordfence – offers multiple monitoring levels and is also available as a premium plan. Bulletproof Security (limited monitoring), Sucuri (malware clean-up), WordPress Firewall 2 and VaultPress are other options you can explore. The WP Security Scan is also a good security solution; this plug-in scans your blog for vulnerabilities and reports malicious codes to you.

  6. New WordPress sites are more prone to attacks as there is a much less likelihood that they will have all the key security fixes. Hackers have been seen to capitalize on this. You can avoid presenting your WordPress site as a newbie by removing the text link ‘Powered by WordPress’ in the footer, removing default posts on the Homepage and adding as many posts as possible to your site, to make it appear as if it’s been in existence for a while.

  7. As discussed earlier, it is important that you change the default admin log-in and have a strong password. There is a good choice in tools to check password strength. Some you can explore are Password Meter (AskTheGeek), Password-Review (LBW-SOFT) and Password Checker (Microsoft).

  8. As a cautionary measure, you can keep your visitors from browsing your entire directory. Hackers can study directory structures to identify security holes. To disable directory browsing, you can add the following to the .htaccess in your WordPress blog’s directory:

    # disable directory browsing
    Options All – Indexes

    Note: .htaccess is a file used by Apache to define your website’s access rules

  9. Make sure that admin files are adequately protected; only you and a limited number of bloggers should have access to them. .htaccess is one way to restrict access. Depending on whether yours is a static IP address or multi-user blog, you can restrict access only from a defined number of IPs. For more information on how to go about the same and step-by-step instructions, you can look up Apache’s documentation.

  10. As a responsible WordPress site/blog owner, the onus is on you to address security proactively. There are multiple ways to do this. Download new WordPress software updates through CMS backend. When you do this, also verify the compatibility of the new release with your web server’s MySQL and PHP versions. If you notice any violations or bugs you can report the same to the WordPress community. You can submit information at Encouraging users to report security issues is a good way for the WordPress community to be aware of the latest threats and effective measures at their disposal.

How Can You Deal with Spam?

Spammers are just as troublesome as hackers; WordPress site owners will vouch for this. Thankfully, there are different ways in which you can combat spam. Here are a few:

  • Moderate comments made by readers. Bots will be moderated but manual comments can be blacklisted or marked as spam. Enable the “Comment author must have a previously approved comment”. This means comments from trusted readers will get approved automatically.
  • Block suspected spam bots by noting the IP address on your dashboard. You can block one or a range of IPs to address spam.
  • Installing anti-spam plugins is also one way to combat spam. Three of the popular plug-ins that do this job pretty well are Quiz, Akismet and Simple Trackback Validation.
  • If you have the time and inclination for it, delete all the spam comments on a regular basis, depending on their frequency of occurrence.

There is no predicting when your WordPress site may be the target of malicious elements. If – despite your best efforts – your site is compromised, don’t panic. Inform your host about it, let your fans and readers know about (through Twitter or Facebook), implement the necessary fixes, change your passwords and importantly, make a note of what you should have done to prevent the attack. This will help you enhance site security for the future. Also, remember that it’s not the end of the world – you can have your hacked WordPress site up and running pretty quickly, depending on the type and extent of attack.

Visit InstantShift


Phishing Attacks And How To Prevent From Being Hooked

Editor’s note: This is a contributed post by Abel Wike. Abel is web content manager at, well-known global leader in providing SSL security solutions to thousands of happy customers.

Cybercrime has shown its teeth in the last five years, most predominantly, in the online fraud cases caused by phishing. Have you ever noticed why you are receiving increasing number of spam or fake emails every day? These emails are pretending to be legitimate as they are made to look like they are coming from reputable government institutions, corporate companies, and well-known organizations, when in fact, they are not.

This is called Phishing fraud in which user information like user ID, password, credit card details is acquired during electronic communication, that is, if you give it to them. Phishing mail contain links to websites that are highly infected with malware, with the intention to bring users to the website and extract confidential details from them.

Lines of Attack

Email spoofing and instant messaging are a few types of Phishing fraud which frequently leads users to give out their details on a fake website. The fake sites, look similar to legitimate websites so you aren’t paying attention, you could fall for the trick. There are three techniques of phishing:

Spear Phishing

Spear Phishing targets chosen group like people from same company or organization instead of throwing thousands of emails randomly. They go up against upper-level targets. In Spear Phishing, the evident source of the e-mail is likely to be a person within the receiver’s own organization and generally, a person who holds authority.

Clone Phishing

In this technique, a hacker uses the contents and receiver’s address from a legitimate, previously sent mail to a receiver, except this time the content has been replaced with a phishing link, and a fake reply to address.


Whaling involves a web page or email that pretends to be a legitimate. Their target: senior managers in private companies who are in the position to disclose secret company information. Whaling attack emails comprise of a legal summon, consumer complaint, or managerial issues that require an urgent reply from the receiver.

How Phishing Attacks Harm Your Business

Phishing is a serious crime in the cyber world. Due to Phishing, there may be

  • financial loss
  • data loss
  • blacklisting of institutions
  • introduction of malware and viruses into a PC or a computer system
  • illegal use of user’s details
  • misuse of your social security number etc

The phisher can also take a user’s account details and open a new account on the name of the user for financial gain. Phishing can even be used to ruin someone’s life by misappropriating and misusing their personal details.

Phishing Attacks in 2012

According to Anti-Phishing Working Group (APWG), phishing activities have been increasing and most phishing websites are hosted in the US. In the last three months in 2012, an average of over 25,000 unique phishing email reports were reported to the APWG. Plus, the number of unique phishing sites detected exceeded 45,000 per month. For more detailed reports before the last quarter of 2012, click here.

phishing in 2012

Financial services and payment services are common targets for phishing fraud but also stated in the report is a 12% hike in reports of phishing in online games. Gaming credentials are stolen by hackers and game items they have acquired were sold in the black market for actual cash. Also affected are the identities of the gamers.

Protection against Phishing Attacks

It is advisable to keep our eyes open against phishing. Here are some steps that might be helpful to prevent you from being part of the statistics.

Two-Factor Authentication

Gmail, Facebook, Dropbox, Microsoft, Apple’s iCloud and possibly Twitter (soon) is using two-factor authentication. In this process you login with a password and a secret code you will receive on your mobile phone so unless the hacker has access to your mobile too, having just your email and your password is not enough to break into your account.

gmail 2 steps verification

HTTPS instead of HTTP

HTTPS is a more secure protocol than HTTP as it encrypts your browser and all the information you send or receive. If you are looking to make online payments or transactions, opt for an HTTPS website. Such HTTPS websites are equipped with SSL (secure socket layer) that creates a secure channel for information transition.

Website Reliability

With Phishing, hackers can create a similar website with a normal-looking login page where users enter login details or even credit card details. Therefore, before entering login details users has to check the padlock appeared on the top or bottom of webpage.

It indicates that user is communicating with the real website. Many websites have EV (extended validation) SSL certificates that turn address bars into a green bar so users easily get idea about authenticate websites.

Anti-Spam Software

With use of anti spam software user can reduce phishing attacks. Users can control spam mail thus securing himself from phishing. These software can also help with browser hijacking, usually finding the problem and providing a solution.

Hyperlink in Email

Never click hyperlinks received in emails from an unknown or unverified source. Such links contain malicious codes and you be asked for login details or personal information when you reach the page you are led to from the hyperlink.

email phishing

Always run a search of the association’s name and click in from the search results.


With a firewall, users can prevent many browser hijacks. It is important to have both desktop and network firewalls as firewalls check where the traffic is coming from, whether it is an acceptable domain name or Internet protocol. It is also effective against virus attacks and spyware.

From the above discussion, it is sure that with some essential prevention steps users can secure their confidential information from phishing expeditions. SSL is also an important part of online security that protects user against phishing attacks.


Here are more website-related security articles we’ve posted in the past:

6 Steps to Prevent Identity Theft

Even if you’ve never had your credit card number stolen, you’ve probably heard the horror stories outlining massive devastation that can happen to families when someone becomes victim to…

For full article and other interesting tech related stuff visit the website.