WordPress is the biggest content management system around,  The good thing about this is that there is a wide array of themes and plugins that various people have developed.  The downside is that it makes WordPress a giant target for hackers.  Security is paramount if you are going power a website with WordPress.

Currently, WordPress websites are under attack.  A network of 90,000 compromised sites are performing brute force attacks to try to gain access to WordPress websites.  (To those who don’t know, brute force attacks attempt to learn your password by trying many common passwords in a rapid manner.  The more power behind the brute force attack and the shorted the span of time that it would take to guess your password and get in.)  If your site is compromised, it will be added to the network and used to hack other sites.  In other words, as the brute force succeeds, it becomes stronger and more capable to add other sites.

How can you prevent this?  Over at TypeAParent, I shared some WordPress plugins to help prevent spam and strengthen security.  One plugin in particular would be helpful with this attack: Apocalypse Meow.

The first thing that Apocalypse Meow can do to protect you is remove the "generator" tag that WordPress adds to the website.  This tag doesn’t display, but notes that WordPress created the website and even the version number that you are running.  This might not be something you see, but to a hacker it is a flashing neon sign telling them just how to attempt to hack your website.

The second thing that Apocalypse Meow can do is rename your administrative account.  By default, WordPress suggests the name "admin" for your admin username.  Most people don’t change this and so millions of sites are administered by "admin."  Hackers need just guess the password (not a hard proposition in many cases) and they have full control of the site.

Last week, there were over 7,000 login attempts made on TechyDad.com and TheAngelForever.com.  That is about 2 attempts every 3 minutes.  Of those attacks, 98.8% were trying to log in as "admin."

As a side note: These stats were recorded by Apocalypse Meow,  It records all successful and failed login attempts.  If one user tries and fails too many times (user defined, but starts at 5), then you are locked out of logging in for awhile.  Usually, this thwarts brute force attacks, but in this case the attackers wisely assault sites from many different compromised WordPress installations.

Still, why not make things more difficult for the hackers?  They are mainly looking for "admin", so rename the Admin account to something else.  Make sure it is something you can remember, but nothing obvious like "admin1" or "administrator".  Apocalypse Meow can help here too.  It provides an easy method for renaming the admin account.

In a matter of seconds, you can thwart 98,8% of attacks, keep your site safe, and help make sure that your website doesn’t unwittingly get conscripted in the hacker’s brute force army.

NOTE: The computer image above is by DTRave and is available from OpenClipArt.org.

Last week, a huge announcement went out that had repercussions the world over.  No, I’m not talking about the new Pop announcement (though that was important to many people as well).  I’m speaking about the announcement that Google will be closing down Google Reader.

For many people, Google Reader was a daily stopping point in their Internet travels.  I used it to keep track of over 100 different websites.  I could have spent an entire day checking each site for updates and saving the ones I was interested in reading later.  Instead, it would take me about an hour to go through many of them.  I could also prioritize.  I’d typically read the web comics sites in the morning (favorites such as Bug Comic, Saturday Morning Breakfast Cereal, Sheldon, and XKCD) followed by some geeky websites.  I’d also go through a long list of blogs to find articles I was interested in and mark them to be read later.

Had Google Reader not been around and I needed to go to each site manually, I’d likely have quit reading most due of lack of time.  I likely would have frequented only a dozen or less websites instead or would have checked sites but not looked back to see postings I missed.  Thanks to Google Reader, I could read more in less time.

But now that’s going away.

What’s a RSS-addict such as myself to do?  I heard of a couple of alternatives, namely NewsBlur and Feedly, but initially had trouble with them.  You see, not only did I hear about them, but thousands (if not millions) of other people heard about them at the same time.  We were all rushing those alternatives and their poor servers couldn’t handle it.

I could hardly blame them.  For years, Google Reader was *THE* go-to place to manage your RSS feeds online.  Other feed readers lived in their shadow for so long that they didn’t need to up their server strength.  With Google Reader on the way out, though, they’ve been beefing up their servers.  After trying both, I think Feedly is my new feed reader.

Newsblur was nice, but Feedly just seems to have a few extra features that help make my feed reading.  Specifically, while looking at an item in my feed, I can load it in a web browser right within the app and, when I am ready to read the next item in my feed, simply swipe to move on.  With Google Reader, I used to have to launch my phone’s web browser (separate from Google Reader) and then go back to Google Reader to move on.

Feedly isn’t perfect, mind you.  The main categories are in different colors and widths for no discernible reason.  In addition, I’m still at the mercy of another company.  If Feedly decided to shut down six months from now, I’d be back at square one.  Ideally, I’d like to host my own feed reader.  I might still do that, but until I find a script that suits my purposes Feedly will do everything I need a feed reader to do.

Did you use Google Reader?  If so, what are you switching to?

NOTE: The "RIP Google Reader" image was created by combining Halloween Rounded Tombstone by cgbug on OpenClipArt.org with an altered version of the RSS feed icon from Wikimedia Commons.

Being a web developer, I’m used to learning new things.  If I didn’t, my skills would quickly become useless as technology passed me by.  The latest new set of skills I’ve picked up on is site speed optimization.

Now, don’t get me wrong, I’ve understood the basic principles of making your site run faster for awhile now.  Larger files means longer download times.  Images should be scaled down with sizes specified (so the browser doesn’t have to guess at the size).  JavaScript should be minified.  Unneeded code should be removed instead of just commented out.

Still, there was a lot I didn’t know how to do.  My education began with the infographic at this site.  Intrigued, I checked out HeadJS.  This is a small JavaScript library designed to load other JavaScript files.  The problem with having many JavaScript files is that they download one at a time.  This means they can become a serious drag on page load times.  HeadJS, instead, loads many script files together to that the load times drop.  I put it into place on a project at work and was amazed at how quick it became.

After HeadJS, I found a hidden (to me) gem on Google’s website: PageSpeed Insights.  Enter your URL into this tool and it will analyze your web page.  The resulting report will tell you how fast your page is (using a score from 0 to 100) and how you can make it run faster.  (There are extensions for Chrome and Firefox as well.  These are useful if your site isn’t accessible to the outside world.  For example, if you must log in to view it.)

Using this, I took the latest beta of FollowerHQ from a score of 60 to 91.  I didn’t record before and after load times, but the application certainly feels snappier.  In fact, at this point, the main drag on the site is the fact that the Twitter avatars that it loads aren’t optimized.  (This is obviously something that isn’t under my control.)

I’m going to turn this tool loose on TechyDad.com and TheAngelForever.com next.  Using the recommendations here, I should be able to get the two blogs running much faster.

What steps have you taken to ensure that your blog or other website is running as fast as possible?

Yesterday, while relaxing at home, B decided to check her Facebook account on her iPad.  She immediately told me that she thought she might have been hacked.  To make sure, she went on her laptop.  Sure enough, I came and saw that she had been locked out.  Not just locked out, though, but locked out due to a virus.

Wait… a virus?  Mind you, this was without Facebook having any ability to scan our computer.  Also, this was after being locked out on the iPad.

Nice lesson in malware prevention.  Of course, we’re both well versed in the "don’t run programs from sources you don’t trust" rule.  We also have anti-virus software running all the time on our computer just in case anything slips by our "common sense filter".  (Security is all about layers.)  Still, we can just click Continue to re-enable the account and scan using our anti-virus of choice, right?  After all, the next screen does say "you can also remove them yourself."

I’d click the "We’ll remove them ourselves, please unlock the account" button, but all I see is a "Download and Run McAfee" button.

At this point, I began to wonder just how valid this notice was.  I didn’t doubt it was from Facebook, but I began to question whether this was just an isolated incident.  So I did what anyone would do: I searched Twitter and Google.  On Twitter, I found numerous people who were locked out due to "virus infections."

Two stood out to me in particular.  First was @grilledcheez.  She responded to one of my tweets with the following:

If this was an actual virus infection, why weren’t both of the accounts locked out?

And then there was @jason_michael who was locked out of his Facebook page due to a "virus infection"… on a Mac:

This was looking very fishy.  Especially when a Google search turned up a deal between Facebook and McAfee.  Facebook will helpfully "detect" viruses on your computer and offer to clean it for you using McAfee’s software.

Of course, if you don’t want to install McAfee on your system, that’s fine.  You can use your own anti-virus software, as this Facebook post illustrates.  However, there’s a catch.  You first need to agree to the McAfee Scan and Repair Terms of Service.  (That’s why I don’t have a screenshot.  I didn’t want to agree to their TOS.)

I do have one more screenshot, though, from @jason_michael.  Apparently, he got back in without running McAfee.  You see, his third screen didn’t display a "Run McAfee now" message, but this instead:

Yes, he was able to simply click to certify that he ran anti-virus software and then was able to get back into his account.  No forced downloads and no required TOS agreements.  So why did he get the optional treatment and we didn’t?  My only guess would be that Mac-Windows difference.  After all, you can’t require a Mac user to install Windows software.  (It’s trivial to detect what operating system you are running.  In fact, I use Google Analytics which does – among other things – just that.  Hello to the 22.25% of TechyDad visitors who used Macs or iOS devices in the past month!)

In the end, after writing almost this entire post, I got back into B’s Facebook account again by using Internet Explorer instead of Chrome.  However, I’m not sure if it was a matter of IE being allowed in where Chrome wasn’t or if the lockout was only for a certain amount of time.  Still, the big red warning bar and only presented choice of running McAfee seems very scammy to me.

It looks like I’ve got yet another reason not to use Facebook.  And, if Facebook insists on pushing McAfee on its users due to "virus infections" that it "finds", they will give many users a good reason to move away from them and to a different social media platform.

When you get an Asperger’s Syndrome diagnosis, one of the first things you do is go on a quest for information.  Thankfully, there are a lot of resources out there.  Here are a few of the ones we have found over our time.

Books

Books are, of course, a great resource.  Many books have been written about Asperger’s Syndrome.  Some cover general information, some are designed to allow children to understand Asperger’s Syndrome, and some help educators know how to help Aspies reach their full potential.

Here are a few of the ones that we like:

Can I Tell You About Asperger Syndrome?: A Guide for Friends and Family – This book begins with an introduction from a child with Asperger’s and moves on to techniques that can help an Aspie learn and deal with the neurotypical world.

All Cats Have Asperger Syndrome – This is a humorous book relating cat behavior to Asperger’s Syndrome.  Behind the humor, however, is a very accurate telling of what it is like to have Asperger’s Syndrome.

Asperkids: An Insider’s Guide to Loving, Understanding, and Teaching Children with Asperger’s Syndrome – This book gives a good overview of techniques that assist kids with Asperger’s Syndrome to deal with the neurotypical world.  It also helps describe some ways to teach children on the spectrum.

Spaghetti is NOT a Finger Food ( and other life lessons ) – This is an e-book I’ve already reviewed.  It is a story detailing a day in the life of Connor, a kid with Asperger’s.  The story is told through Connor’s eyes, so you get to see just what he is thinking as events unfold.  It is a great book to read with kids to help describe some of the challenges that kids with Asperger’s Syndrome have.

Blog Posts and Web Pages

Of course, there are a lot of blog posts online dealing with Asperger’s Syndrome.  Here are a few that I’ve recently found useful/informative.

The AQ Test – This is a quick test to help determine if you have Asperger’s.  If you score above 32, you likely have Asperger’s Syndrome.  The average for those who are neurotypical is under 17.  (I scored a 36.)  Of course, as with any test, it isn’t completely accurate.  You could score high and not have Asperger’s Syndrome.  Still, a high score does mean that Asperger’s is a definite possibility.

Ten Things You Should NEVER Say To An Autism Parent – This is a great blog post detailing some of the questions that you are bound to hear when you have a child with Asperger’s/Autism.  Everything from questioning your parenting skills to doubting the diagnosis (because random strangers are better informed than your doctor) are covered.

Debunking 6 Myths About Asperger Syndrome – This has a few of the most common misconceptions that people have about those with Asperger’s Syndrome.  It provides some needed insight to dispel the myths.

Asperger’s and Literalism, aka Why We May Seem Condescending and Pedantic – This was a great post by a friend of mine, Christina.  Christina has Asperger’s and has a son on the spectrum as well.  Her blog post is a good insight into why people with Asperger’s might act rude when we don’t mean to.

50 Positive Characteristics of Aspergers – Too often, Asperger’s is phrased as a horrible disease that a person much fight against their entire lives just to have a chance at a normal life.  And while it may often feel this way, there are a lot of good things that comes with Asperger’s.  This focus on the positive was refreshing.

70 Tips & Tricks for Educating Students with Aspergers/High-Functioning Autism – Parenting a child with Asperger’s is tough, but so is being a teacher to an Aspie.  This list can give educators some valuable tactics to help students with Asperger’s Syndrome reach their full potential.

There are many resources out there for those with Asperger’s Syndrome and/or for those who interact with those with Asperger’s.

What resources would you recommend?

NOTE: Some of the links above are Amazon affiliate links.  I will receive a small compensation if you use them to make a purchase.  Also, the "book" image above is from CrazyTerabyte and is available from OpenClipArt.org.