my thoughts, musings, rants and discoveries . . .

There are a couple of things about stock WordPress that bug me. When it comes to managing users, I really think they could have done a lot better than to simply track names, nicknames and various IM accounts. What if you’re using WP to front-end a business site and you want to track company name, phone number, address and things like that? I have found a couple of plugins out there that will allow a user to add more information after he has registered, but during the registration process. Seriously, how many of you like to go in afterwards to add more registration information?

The other problem I have experienced has had to deal with restricting certain pages from access unless someone has indeed been registered with my site. Most of the plugins that deal with this function will restrict the entire site from access unless a person has been registered. Now imagine someone coming to your home page and the first link he clicks on is restricted. That can get annoying real fast. And it’s worse when even the home page is also restricted.

So, I wanted to put in place a simple live demo page off my company’s website and wanted to make it registration based without actually affecting all of the other pages on my site. And we determined there was more a little more user information we wanted to capture. Unfortunately, this wasn’t to be had with a single plugin and I really didn’t have the time to modify the WordPress database to add the additional user fields I wanted to track. I managed to pull this together with three items:

1. The iframe tag: This tag, which is used just like any other html tag set allows you to embed a website into another website. Its attributes work very much like those of the image tag in that you have to designate the src, which is the url of the page you wish to embed. Then you have to declare your height and width. I felt this would be a bit easier to manage than merely having people click on a link to be directed to where the demo software actually resides.
2. The Page Restrict plugin: This is the plugin that I used to very easily require login to view specific WP Pages. Once it’s uploaded and activated, you simply go to the settings page and then click on whatever pages you want to require login for. It’s as simple as that.
3. Register Plus plugin: This is what I used to modify the user registration information, including the additions of some custom fields. A very handy plugin to have if you care about who visits your site. Plus, this plugin provides numerous customizations to the way email notification works as well as provides you the ability to get rid of that WordPress logo on the registration page and replace it with your own logo. Great stuff!

So, there are obviously better ways for building up such a site. But if you’re using WordPress as a form of CMS, and you don’t want to spend much time or cash to develop such a solution, this is a good way to go. You can literally be up and running in a matter of a few minutes.

Enjoy!

If you’re like me, you’ve already advised your family members against clicking on those emails from the bank that want you to confirm your security settings, which are about to expire or which need to be increased. While some of these emails are legitimate, it’s just easier to do this than it is to teach people to check the url the link is porting to. After all, if you let your mouse hover over this link to bankofamerica.com, you’ll find that it’s really just directed back to my site, which is hopefully considered nonthreatening. Now imagine that underlying link going to a site that’s really a spoof of the bank’s. You enter your id and your password and guess what? Nothing happens. Yet.

Well, there are other things to be concerned about. And most of the time you’re relatively safe. But sometimes, especially when you’re busy researching things out, you come across a link in a news thread that looks as if it could be informative. So you click on it. And it looks like dribble. But what you’ve secretly done is downloaded some cookie or installed some malware that is tracking and reporting all of your mouse clicks and keystrokes back to someone who wishes to do you harm.

Then there’s cross-site scripting where someone illegitimate has hacked into some legitimate guy’s site to install malware there. You happen to be on a trusted site, but they’ve secretly been compromised, which now leaves you compromised. Think these things can’t happen? Think again.

I recently had one of my customers let me know that their server was being used as part of a botnet attack on someone else’s domain. I took a look and sure enough, the server had been compromised. Of course this was easy to fix and measures were put in place to tighten things up. But you get the idea. He had been compromised. It could have been much worse.

There are things that you and I can do to protect ourselves. For example, we can use some common sense. I don’t view porn and I don’t download pirated software or music. That right there is a huge step forward in protecting myself. Furthermore, my systems tend to be Mac OS X or Linux. I don’t use Windows. That again is a great step forward since much malware is written to execute on Windows platforms. But there’s more.

Typically when I go perusing in parts unknown, I use an onion router. Ever watch a movie where the cops are trying to trace back a cyber criminal through various internet hops? Well, imagine going through hundreds and possibly thousands of hops. Well, you can if you’re using an onion router. To learn more about them, click on this link. If you’d like more info on them, drop me a note and I’ll either post more on the subject or answer you directly. Basically, an onion router isn’t just for allowing you to spy on sites while avoiding detection. It also keeps sites from tracking down what sites you frequent and when, etc. Basically, we all have certain routines. And the more your computing routines are predictable, the more likely you are to be compromised.

There are so many things that can be couched between links on sites that unless you’re browsing them in source code, you could be left fairly unaware. There’s a tool for Firefox that can help with some of these risks, on top of these other measures I’ve mentioned. Basically, by adding the noscript plugin, you can designate safe zones and non-safezones. And within each zone you can have various levels of protection against embedded scripts. Just don’t disable the statcounter script when you visit my site as I’d like to record the visit please.

Whatever you do, don’t let this post turn you into a cyber agoraphobic. That’s not my intention. I actually spent part of Christmas day in conversation with someone convinced the internet is evil, e-commerce is evil, and… well, you get the idea. They aren’t. But there are evil people as there are in all walks of life. So take a little precaution. Read up on what are valid threats. Make sure you apply security updates to your OS. Believe it or not, those companies you give your money to for your software, operating system, etc., typically have people dedicated to finding vulnerabilities and then patching them. And for goodness sake, if you see something that looks questionable, then question it. Either steer clear or ask someone more knowledgeable.