Siteground support gave me a good resource today… a website previewer that can be used to see a site before you’re ready to switch the DNS.
Here’s a good article on how to diagnose and fix slow WordPress sites.
Website security scanning
We recently had a client with a hacked site, and I discovered some interesting security tools that are freely available.
Top 13 Online Vulnerability Scanning Tools
And here are some more…
Website Vulnerability Scanners
I used some of them to make sure the site had been cleaned up, and all is well. This underscores the importance of keeping WordPress up-to-date!
SQL to see domains for email addresses
I wanted to find out which domains were on somebody’s mailing list, and used this SQL command:
SELECT count((SUBSTRING_INDEX(SUBSTR(email, INSTR(email, ‘@’) + 1),’.’,1))), (SUBSTRING_INDEX(SUBSTR(email, INSTR(email, ‘@’) + 1),’.’,1)) FROM `phplist_user_user` group by (SUBSTRING_INDEX(SUBSTR(email, INSTR(email, ‘@’) + 1),’.’,1)) where confirmed=1 and blacklisted=0 order by count(SUBSTRING_INDEX(SUBSTR(email, INSTR(email, ‘@’) + 1),’.’,1)) desc
It resulted in this list. Pretty cool!
Recently, I’ve been learning about email and how to set things up so people can’t impersonate email addresses.
One of the things to set up is DKIM, which is a method of “signing” an email as it leaves your server. The recipient end can validate that signature when email is received, and if it fails the validation, the email can be rejected as not legitimate.
This site can be used to test if your DKIM signature is set up correctly:
Another way to test is to send it to your Yahoo email, then look at the message source. If you find “dkim=pass” in the header, you’re good to go.
And, one more way is to send an email to firstname.lastname@example.org and you’ll get a report back.
Additional resource: https://emailstuff.org/
Split domain email routing
We have a client who wants to use Google’s G-Suite email, in addition to their regular email service. So I found this page and figured out how to do it: Split Domain Routing at Luxsci
And here’s the Google page for setting it up: https://support.google.com/a/answer/7502379?hl=en
New serious vulnerabilities – Spectre and Meltdown
Two hardware vulnerabilities have been recently revealed, and they affect the CPUs (brains) of most modern computers and electronic devices. The only permanent fix is replacing the affected hardware but there isn’t anything available just yet. It’s going to take some serious work by hardware vendors to come up with a solution. That being said, software patches are being made available, so go ahead and perform any updates that become available for your computer, phone, tablet, and all other electronic devices as soon as possible.
Since this affects pretty much all computers, your website may also be rebooted during the patching process. Contact your web host with any questions.
Full details, in human-readable form (!) are on the Defiant blog: The Impact of Meltdown and Spectre Vulnerabilities
Huge password database found on the dark web
One of my newsletters had an interesting article in it today. It talked about a database of login credentials that is open and available for cybercriminals to download, if they know how to find it. They also provided an email address where you can check to see if your email is in the database.
How to See if Your Email is in The Database
Send an email to email@example.com with the subject line Password Exposure Check, and they will send you back an email if they find the sending email address in the database.
I did this with three of my email addresses, and two came back with one password each. They were very old passwords, I think, because I now use a scheme to make it different for every site but follows a pattern so I know what the password should be.
Never Reuse Passwords
Yes, it’s a hassle to keep track of passwords. You really should use a different password for every site because if you use the same one all the time, if one site gets compromised, it could potentially compromise any and all other accounts where you use the same password. This is especially true for email passwords. Think of all the information to be had if someone is able to log in to your email.
How to Keep Your Passwords Unique
One idea is to use a simple phrase that also includes a couple of different characters depending on the website where it’s being used. For example, you could use something like:
Hello world! 29#WE
Where WE is the first two or three letters of the name of the website. The only thing that would vary is the letters at the end (or in the middle, wherever you decide to put them). This strategy has worked well for me, though I do encounter some sites that don’t allow spaces or other weird characters, so it’s not always possible to follow the scheme for every site. But then I just remove the spaces and if that doesn’t work, I remove the special characters. And if those things don’t work, I just request a new password and then write it down in my password notebook.
Another thing I do, to vary them just a little more, is to use a different number for personal use websites (like AllRecipes.com or Facebook) versus business websites.
Stay safe out there!