Monday 2 May 2016

6 Paypal Security Updates NOT to miss

Share |

The 6 Paypal security updates to be compliant, or risk your online business

 

 Note: there has been a revision to the timeline. View my latest post  for updates.

 

Code, Hacker, Data, Security, Technology, Digital

If you have received an email from PayPal with the title "Changes required to your PayPal integration to continue accepting payments.", then yes you are not alone. It does seem pretty important and a quick check on PayPal's developer site will indicate that it is legit (just in case its spam).

It states that it is going to perform security updates very soon in the beginning months of 2016, and quickly answers that 'yes' you do need to take action, otherwise suffer the consequences of a non functioning payment gateway.

If you like me found their official instructions too detailed and difficult to digest, allow me to present you my own infographic with action timelines included. This will allow you to concentrate on the urgent action items first, and tackle them one at a time.


Get Paypal Security Upgrade Infographic



Saturday 19 March 2016

Onetone theme and SEO Yoast or All-in-one seo or any other

Share |

SEO and Onetone theme

I happily chose the Onetone theme from MageeWP for its simplicity and claims of SEO capability. I spent lots of hours filling up the content and polishing the site. BUT little did i know that the most popular SEO plugins like Yoast and All-in-one seo does not just work properly off the bat after installation.

What i found was that my canonical URL and other meta information was displaying wrongly on my home page. Going straight to wordpress settings in "Reading" and playing around did not help anything. I had to muck around for quite a few hours before settling on one way to do this. It is no beauty but it works.

>> This post is for those who are not setting the blog as their homepage, but is trying to use the theme's homepage. What i did was to disable the SEO plugin on the homepage, and replace with my own meta tags.

1. First you would need to disable your SEO plugin which i describe in a post. In the post i describe how you can selectively disable your plugin on the theme's home page. You should set the file path to 'wordpress-seo/wp-seo.php' if you are using Yoast.

2. In my case, I parsed the URL to only disable the plugin for the homepage.

3. Now, we can edit the theme's header.php file, and include our meta tags as we wish.


Feel free to post what worked or did not work for you.

Sunday 1 March 2015

Macbook pro stuck at Apple logo and spinning loading wheel during boot

Share |


My scenario: A Macbook pro laptop (around 2011 version) that refuses to boot up, and is stuck at the apple logo with spinning wheel. 

 

Context: This issue came about, after putting the macbook on sleep mode for a very long period of time, around 4 weeks, before trying to wake it up. It failed to do so. The power button was held down to force power off. Powering it up again and it thus became stuck at  the apple logo boot screen.

With the modern OS 's that come with the Mac like Lion and up, they were supposed to give users better options when it came to OS system recovery and restoration. They scrapped the traditional CD installations disks, and opted to go with methods like "Recovery partitions" and internet recovery.

While I believe their methods does work, and has helped many users, it however does not cater to every mac user who hits a corrupted drive, especially when coupled with poor access to the internet.

Below elaborates the options I tried to use to recover my macbook pro. It is not a solution-ing step-wise per-se, but it could help to educate the possible options you can try as well in your recovery. Images are only indicative, as they may not be the actual images captured during the troubleshooting.

Thursday 30 October 2014

Wordpress spam users are clogging my site !

Share |

Wordpress spam users registering in huge numbers

You have your wordpress site launched, and all is going well. But browsing around one day, you realised that your user list has been growing exponentially. Moreover, the user names and email addresses look somewhat... not so right.

You may be a target of spam bots.

Such spam machines target public wordpress sites, registering themselves as fictitious users, some up to even 1000's of users a site per day. This creates a big headache and lots of tedious maintenance work for site administrators.

Why Spammers do this:

Spammers have more than a few reasons for doing this,
  • creating spam content on the web to deliver on their own motives
  • exploiting wordpress vulnerabilities
  • other malicious intent to demote, and otherwise negatively affect target sites

 

How you suffer:

Target sites of attack then suffer from a variety of consequences, some potentially very bad,
  • Unsolicited wordpress comments with possibly lots of unwanted hyperlinks
  • Negative effects on SEO
  • May even lead to blacklisting of your email server (because your site sends emails to these fictitious users who sign up, which then bounce)
  • slows down your database with useless data

 

What you can do: 

Basically its always easier to implement counter measures early at the start, before the spammers find your site. Otherwise you will be tasked with the tedious work of cleaning up fictitious users and their comments.

Non-Membership sites: 

For non-membership websites, the answer is simple. We can simply disable new user registrations via the wordpress admin.

uncheck anyone can register option
Uncheck "anyone can register" option!

Membership sites: 

For those with membership sites, it is a little more tricky. It is not the end though, as there are many tools out there to help. This is a constant evolving game between the spammers and site administrators though, because with every ingenious solution, comes new attack methods developed by spammers to counter your moves - and the cycle continues.

As a side note, I suggest never to give newly registered users a default role anything higher than "subscriber". 

An article by Cozmoslabs proposes several solutions.
  1. Install plugins to introduce CAPTCHA to your registration form:

  2. I personally do not really like this approach, as the solution only addresses the site administrators' issue. It does not add value to the user, and in fact makes his form harder to fill.

  3. Custom redirect to another registration form instead of Wordpress' default form:

  4. I think this is an interesting solution worth exploring. You can direct the user to your own customized form that is aligned with your site brand image. The different URL and form elements should make it more challenging for automated bots.

  5. Registration confirmation via Email:

  6. Meaning users will receive an email upon registering. They then need to activate their account to prove that they are a human and not a bot.

    I think this is quite a neat feature, as it is a common approach in many mainstream sites. Users know what to expect. They have an extra step of activating through their email though.
The final choice is yours, depending on your individual needs.

You can find their article here.


Friday 3 October 2014

My computer screen / display monitor text is blur and fuzzy !

Share |

How to ensure your computer display is as SHARP as possible

Note: My post is based on a LCD monitor and laptop setup, with VGA wire connection. This post is not meant to cater for every possible setup out there, but as a general guide on how to optimize the display clarity with what existing software and hardware that you have. We do not attempt to cover smartphones, TV, and other devices here.


Many times we want the best for our eyes, as they are indeed a very great asset. However in the modern cities, we are spending more and more hours in front of a screen, whether from smartphones, laptops, TV, and other devices. Below are some tips you can try to make the best of your situation.

Hardware Tips
  1. Ensure that you have a good quality wire connecting your computer/laptop to your monitor. This usually means wires that are thicker, and with bigger ferrite beads - sometimes also called ferrite chokes. This will minimize electronic interference.

    Ferrite beads or Ferrite chokes


  2. Your monitor usually comes with some buttons to configure its settings. Don't stick to manufacturer's default! Make the best of it.
Monitor display hardware settings

My recommended settings are:
- Set contrast to high (70~80%). This increases the difference between dark and bright things on the display, and hence makes things appear sharper, and thus less strain to the eyes.

- Set brightness to low (about 30%) . Many people confuse this by setting it to a very high setting, thinking that it should make the screen clearer. In fact, with today's LCD/LED monitors, they are able to display too much brightness for our eyes in my opinion, unless you work outdoors in the sun. For most of us office go-ers, its fine. This goes hand-in-hand with the contrast setting above.

- Angle the monitor so that reflected ambient light ie. the ceiling light, does not interfere with what you are trying to see.

- For users with the older VGA connectors, use the monitor's auto adjust feature to calibrate the details like frequency clock, phase etc as the auto detection usually works well.
VGA connector

- For our better off counterparts who use the newer DVI connectors, there won't be this auto adjust feature available.
DVI connector



Software Tips
  1. Sometimes in Advanced settings, you will be able to adjust the settings that come with your graphic cards and its particular drivers. The configuration here really depends on your setup which i will not elaborate on. The key is to try different settings, like graphics hardware acceleration etc to see what works for you.
  2. Clear-type settings: With Windows 7, they introduced ClearType technology. It was meant to make text sharper and easier to read. This was not the case however, as many users on the web complained about blur screens. 
    • I wrote about this in another blog post. I believe this has got to do with the quality of your display, and whether it is able to display the smooth font gradients as required. Otherwise, this technology can backfire on unsuspecting users who upgraded to Windows 7. I suggest to play around with the settings to see which way appears clearer for you.

    ClearType Technology. Makes things worse?

  3. Adjust the OS display settings to the native monitor resolution. Which means, make the OS display in settings that the monitor was manufactured for. This will give best results.   
  4. Chrome settings: Depending on which software you use the most in your everyday work, the specific software settings if mis-configured can really take its toil on the eyes. Recently, Chrome introduced ClearType as well in a recent version upgrade. This made many users upset. If you are experiencing blur text suddenly, do check out their bug report for a solution.

    For me, it worked by switching off "direct write" via a little known setting. Just enter chrome://flags/#disable-direct-write directly into your chrome URL bar. And toggle it off.
Turn DirectWrite OFF

Have other suggestions? Found a way? Tell us in the blog comments.


Sunday 14 September 2014

Retrieve back lost emails in Contact Form 7 Wordpress plugin

Share |

Make Contact Form send emails and recover those that were .... lost ....


Note: This write up is for users of wordpress plugin Contact Form 7, who are looking to retrieve back their lost emails that did not send out from their website. The aim is not to tackle how to make the plugin send emails to your desired account successfully which have already been tackled in many other blogs. 

Recently I had a client using the popular wordpress plugin Contact Form 7. His complaint was that he has not been receiving emails from the form for quite a while. And this has been happening for a couple of months. Since this form was a source of business revenue, it sure was not only an important problem so to speak, but an expensive one as well.

Investigating, I dived into the plugin settings. First i tested it with a neutral email recipient like gmail. That seemed to work. Setting it back to our domain's email address or my clients' preferred account however just did not receive anything. Something was fishy.

Contacting the hosting provider gave some clues on what was happening. Apparently some user on our shared hosting plan was sending out spam, causing the whole mail server to get on the spam blacklist. How come we get penalized for this i'm really not sure. I thought they were supposed to take care and prevent such problems...

As you know, waiting for them to react and rectify usually takes time. I had to fix it now.
Setting wordpress to use an external smtp server did the trick.

The lost business opportunities however kept bugging me. After-all this form was for potential business clients to express interest, so it meant money.

I searched for the email logs, they had to be somewhere.
Searching high and low, and I finally found them.

Go to Cpanel -> File Manager.
In the root folder, look for Mail folder -> New.
Hope you find something here, because i found several of the "lost" emails, together with mentions of error and rejection messages. Ouch...

Find Email Logs in Cpanel







Overview of my attempts:
1. Tried to set Contact Form 7 to send forms to my Gmail account. (works)

2. Tried to set Contact Form 7 to send forms to host domain email address, which is the domain where wordpress was installed. (dosen't work)

3. Contacted the hosting provider. (was told that because i was on a shared hosting plan, the mail ip was blacklisted due to some spammer)

4. I set wordpress to send email from my specified smtp server. (finally it works)

5. Put in place some anti spam measures.

6. And now that settles things for the time being. But the lost business kept haunting me.
Went to dig for Cpanel email logs.

7. Found them in Root - > Mail - > New

Useful links for those with email problems:
http://buzztone.com.au/contact-form-7-email-issues/#spam
http://contactform7.com/faq/

Disclaimer: Due to the multiple factors that can cause email problems, the solution presented here is meant to be an avenue of possible help, and cannot promise more than this. Feel free to post comments/questions though.

Sunday 7 September 2014

Find out who is using my Wordpress theme

Share |


Recently I needed to find out how other websites were also using my Wordpress theme of choice. I did not seem to find many tools out there to accomplish this. So i developed one here. This is still in prototype.