WordPress Security from WordCamp Asheville 2016

One of the coolest things about WordCamp is that they post videos of each talk and presentation on WordPress.tv for viewing afterwards. It give you the chance to see all the great presentations you may have missed, or to revisit the ones you attended.

With so many WordCamps happening all over the world, it is a great resource.

My presentation from WordCamp Asheville 2016, titled WordPress Security: Don’t Be a Target, is now live on WordPress.tv.

Speaking at WordCamp Asheville – June 3 – 5, 2016

Tickets are on sale for WordCamp Asheville, and I hope many of you will come. This is my first opportunity to attend WordCamp, and I’ll actually be getting to speak at it. Come check it out if you are attending.

My presentation will be about WordPress security, how to make yourself less of a target, and how to harden your WordPress website against hackers using freely available tools.

Come say Hi if you attend!

Are You Putting Your WordPress Site at Risk?

WordPress as a platform has been a solid, secure application over the years. The few times a vulnerability has been found, the WP team has been super-fast to patch it, publicize it, and take care of business.

That said, there are two major areas where WordPress lacks in security:

1. Plugins

2. Administrators

There are so many plugins for WordPress, which is part of what makes it so great. However, those plugins can also present attack vectors, and we see evidence of this almost every day.

It was just revealed that most WP users have very little understanding of the risk they are lending to their own websites. Not updating plugins, not updating WP itself, and not doing backups, are the most easily fixed things that people tend to not do.

This puts WP websites at risk, lets them get hacked, and gives WordPress as a whole a bad wrap.

The survey of 503 WordPress users, which took place online during February this year, revealed that WordPress users are more exposed to security problems than expected. In total, 54 percent of respondents said they updated WordPress between once a week and every few weeks, and yet only 24 percent back their websites up — and only 23 percent have received training in the use of tools such as backup plugins.


On that note, I thought I’d mention that the most popular SEO plugin for WordPress, Yoast’s WP SEO, has a new, major vulnerability in it. GO UPDATE!

Snagit Charges for “Upgrade”

lipstick on a pig photo
Look! This pig has lipstick.

I am completely fine with paying for software that I really like and that serves a purpose for me. However, if you are a software company that is going to use the ‘paid upgrade’ model of charging customers to upgrade to the next major version of your product, make sure the next major version contains new features worth paying for.

In the case of TechSmith’s Snagit, they have failed to provide anything of real value in their latest release (version 3.0 for Mac, or 12.0 for Windows), yet they are asking for $24.95 to upgrade to the latest version.

I paid for version 2 of Snagit for my Mac (that’s version 11 for you Windows users), and I really enjoyed using it. It became a tool in my arsenal that I relied heavily upon for doing quick screen shots and adding text, notes, arrows, and more.

Then one day a couple of weeks ago the updater ran and I was suddenly looking at a trial version of Snagit 3.0. And it said it was going to expire unless I paid the discounted upgrade fee of $24.95.

Aggravated, I hoped to have my mood changed and be wowed by version 3.0. So I tested it out for a few days. I quickly found that it had a nicer look and feel about it, but other than that, there were no noticeable enhancements or actual upgrades to the product. It was the same product with about one new feature related to the video clipping tool — something I could care less about. And that new feature was only a new arrow selector of some sort. Not impressed.

Jason Eagleston, the “Snagit Product Owner” at TechSmith even admits in their self-congratulatory release video that “with this release we had a focus on updating the way Snagit looks and feels, partially to bring that consistency across all the Techsmith things that you are going to interact with, but ultimately it’s only focused on getting your content to be the most prominent thing on the screen.”

Hmm…I only interact with one Techsmith product, so why should this be a feature worth paying for? And how is it not the most prominent thing on my screen if I’m currently using it in the first place?

A couple of more employees in the video go on to talk about how much nicer the product will be to use, and that they really wanted people to feel like they were using something current and not outdated. So it really isn’t about an upgrade, it’s about a change of clothes.

The whole video is about them admitting that their product didn’t look that great, so they spent a lot of effort making it look better (or “flatter,” as they say in the video, which is supposed to be something we should like), and now they want their customers to pay for that. No real tool enhancements or additions, just a subjective improvement to the design. For $24.95? No thanks.

For those of you looking for a free alternative to Snagit, check out Skitch. With or without Evernote, it’s a nice tool that does just about everything Snagit does for screen capturing.

Photo by Darin Barry

Time To Abandon Social Sharing Icons?

After reading the following article, I realized that I too have witnessed social media sharing icons on many a website never gain any traction. It is as if they are completely ignored. I went on and removed them on this website moments ago.

Why I’m Done with Social Media Buttons

As someone mentions in the article’s comments section, there are certain instances where social sharing buttons are a good idea, and you should definitely make them look nice and work well when they are useful. However, sticking them at the end of every blog post just because some SEO-grading web tool says you should is not necessarily a good plan, based on the evidence.

Keep in mind, I’m referring to sharing icons, not follow-me icons (those which take visitors to your social media page).