March, 2015 | Will Chatham

Update 4.23.15: I received a promotional email (spam) from TrueCar.com today, even after I was assured that they had unsubscribed me! I let them know by responding to their tweet from 3.31. They asked me to DM them about it, and they requested me to forward the email I received so that they could investigate an apparent “bug” in their system. The person on the other end of the twitterator said they I was indeed unsubscribed, so they weren’t sure what was going on. I’ll keep you all posted!

Update 3.31.15: TrueCar tweeted me today, saying that the issue I describe below is a display issue of some sort. They assured me that I was in fact unsubscribed from their email communications.

Thanks for looking into the matter, TrueCar.com!

—————

I run across this sort of thing all the time: companies that violate the rules of the US CAN-SPAM act, the law that is intended to protect consumers from unwanted email. If I have time, I stop to email companies I find violating the law to kindly point out what they are doing wrong. Call it some sort of self-satisfaction, Robin Hood vigilantism, or pure geekish annoyance, but I can’t help myself sometimes. Here’s one I sent today to TrueCar.com.

To: feedback@truecar.com
Subject: True Care website feedback

Hi, I noticed that when I go to “Subscriptions” in my profile, there is an issue with unsubscribing from emails.

If I uncheck all subscription options, then check “Unsubscribe from all,” then click the Save Changes button, it says my options have been saved.

However, if I go to another page and return to “Subscriptions,” the “In-stock offers from your dealers” button is checked again. How is that “Unsubscribing from all?”

You guys might want to fix that, as it violates the US CAN-SPAM act.

Thanks,

Will

Sneakily re-subscribing me to a category of emails, after I have specifically opted not to be a part of it anymore, is blatantly in violation of the CAN-SPAM act. Particularly, the part that says, “You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you.”

Yes, they include that option, but it doesn’t seem to fully work.

I will let y’all know if I hear anything back.

WordPress as a platform has been a solid, secure application over the years. The few times a vulnerability has been found, the WP team has been super-fast to patch it, publicize it, and take care of business.

That said, there are two major areas where WordPress lacks in security:

1. Plugins

2. Administrators

There are so many plugins for WordPress, which is part of what makes it so great. However, those plugins can also present attack vectors, and we see evidence of this almost every day.

It was just revealed that most WP users have very little understanding of the risk they are lending to their own websites. Not updating plugins, not updating WP itself, and not doing backups, are the most easily fixed things that people tend to not do.

This puts WP websites at risk, lets them get hacked, and gives WordPress as a whole a bad wrap.

The survey of 503 WordPress users, which took place online during February this year, revealed that WordPress users are more exposed to security problems than expected. In total, 54 percent of respondents said they updated WordPress between once a week and every few weeks, and yet only 24 percent back their websites up — and only 23 percent have received training in the use of tools such as backup plugins.

—ZDNet

On that note, I thought I’d mention that the most popular SEO plugin for WordPress, Yoast’s WP SEO, has a new, major vulnerability in it. GO UPDATE!

Month: March 2015

TrueCar.com Violates the CAN-SPAM Act

Are You Putting Your WordPress Site at Risk?