Monthly Archives: April 2015

Zero Day Vulnerability Discovered In WordPress

OLYMPUS DIGITAL CAMERAMost WordPress vulnerabilities are minor, involving the use of outdated themes, plugins or other third-party software. However, a team of Finnish researchers has recently discovered a new zero-day vulnerability that allows hackers to execute code remotely on WordPress servers.

Juoko Pynnonen first reported the bug on Klikki Oy, describing it as a javascript injection vulnerability. According to Pynnonen’s report, hackers can use this vulnerability in websites running WordPress 4.2 or earlier to inject malicious JavaScript code into the site’s comment field. Assuming the comment is a minimum of 66,000 characters long, the JavaScript will be executed when someone views the comment.

An unauthenticated attacker can store JavaScript on WordPress pages and blog posts. If triggered by an administrator, this leads to server-side code execution under default settings,” said Pynnonen. “A usable comment form is required. It looks like the script is not executed in the admin Dashboard, but only when viewing the post/page where the comment was entered. If comment moderation is enabled (the default setting) then the comment won’t appear on the page until it has been approved by an admin/moderator. Under default settings, after one ‘harmless’ comment is approved, the attacker is free from subsequent moderation and can inject the exploit to several pages and blog posts.”

Surprisingly, this isn’t the first cross-site scripting vulnerability identified in WordPress. Earlier this month, WP developers released a new update to patch a similar vulnerability. While each of these vulnerabilities are unique, they both rely on code injects to harm websites.

Video: WordPress 4.2 stored XSS

You can click on the play button above to see a demonstration of how the most recent zero-day WordPress vulnerability works. It’s a rather simple bug that wreaks havoc on websites running the WordPress content management system (CMS).

So, how can you protect your website against this vulnerability? The only viable solution as of now is to disable commenting. This can be done by logging into your site’s dashboard and choosing Settings > Discussion > and unticking the box that allows visitor commenting. Of course, WordPress developers should be patching this vulnerability in the upcoming days, so make sure your site is running the latest version.

How To Craft a Blog Post From Start To Finish

guest-posting-01Still struggling to gain any traction with your blog? There are tens of millions of blogs currently online, but unfortunately only a fraction of them ever receive any noticeable amount of traffic. Unless you want your blog to fall into the abyss where countless others remain, you should take a methodical approach to crafting relevant, meaningful posts.

Step #1) Choose a Topic

The first step in crafting a blog post is to choose a topic. This is arguably one of the most difficult steps in the process, as many bloggers experience writer’s block. They may initially have several ideas, but once those are gone they struggle to come up with new post topics. If this sounds like a familiar scenario, try using Topsy, Google Trends, or Google News to find topic ideas that are related to your blog’s niche.

Step #2) Write

The second step in crafting a blog post is to write it. After choosing a topic, pull up your preferred document editing program (e.g., Microsoft Word, Open Office, etc.) and write your post. Some bloggers write directly in their blog’s content management system (CMS), but I recommend writing in a Word document first. Doing so will reduce the risk of your work being accidentally lost, and Word’s grammar and spell check will catch things you might  miss.

When creating a new blog post, write with the end user in mind and snot the search engines. Far too many bloggers focus on things like keyword density, word count and other metrics, assuming it will improve their search rankings. But in reality, this only hurts their efforts by taking away from the reader’s experience. After creating your blog post in a Word document, copy and paste it into your blog’s CMS (note: use the Word paste function to prevent formatting from being carried over). If you want to retain the formatting, (e.g., headings, bolt, italics, bulleted lists, etc.), you can save your Word document as an HTML file, and then copy / paste it into your CMS.

Step #3) Proofread and Edit

Next, go through and proofread your blog post to check for spelling and grammar errors. Even the most experienced blogger will have a slip up from time to time. Proofreading, will allow you to catch these mishaps before your visitors see them. You can also use this time to polish your blog post, making it sound more natural and appealing. When you are finished, go ahead and publish your new post.

Step #4) Spread The Word

Last but not least, let the world know that your blog post exists by creating links on your social media accounts. At the bare minimum, you should have an account on Facebook, LinkedIn, Google+ and Twitter, all of which can be used to promote your new blog posts.

What’s your preferred method for crafting new blog posts? Let us know in the comments section below!

Make Your Blog ‘Trustworthy’ With These Signals

checkmark1Does your blog properly utilize trust signals? If visitors feel that your blog isn’t trustworthy, they’ll likely exit out and head over to one of your competitors (never a good thing!). In order to keep your blog’s visitors actively engaged, you must show them you are trustworthy and credible. So, how exactly are you supposed to accomplish this?

About Us Page

Every blog should have an ‘About Us’ page set up for visitors to learn more about their operations. Whether your blog is strictly informational, or if it sells a product or service, adding an About Us page instills trust and confidence among your visitors. They’ll be able to visit this page to find out what your blog is about, how you got started, and why you’re the best in the business.

Of course, contact information is another critical trust signal that bloggers shouldn’t overlook. This doesn’t necessarily mean you have to add a phone number and physical street address to your blog, but you should add your email address so visitors can contact you. Maintaining a sense of transparency shows visitors that you’re trustworthy and not trying to run a scam.

Here’ s a tip: use an email address that’s attached to your blog’s domain address rather than a free service like Yahoo Mail or GMail. Doing so looks more professional and will have a stronger impact on visitors’ confidence in your blog. Many domain hosting services will provide you with an email address tied to the domain name.

Design / Layout

Your blog’s design and overall layout may also impact visitors’ opinion regarding whether or not your site is trustworthy. Ever find yourself searching for a product online only to stumble across an e-commerce website with a poor, amateurish-looking design? Sure, you have! Chances are you took your business elsewhere rather than rolling the dice on a site with a poor design.

Whether you’re using WordPress, Tumblr, Blogger or any other blogging platform, make sure you take the time to customize your blog’s design appropriately. WordPress allows for interchangeable ‘themes’ to instantly modify your blog’s appearance. If you’re using WordPress, stick with a premium theme to instill greater trust in your visitors rather than one of the hundreds of free themes. Visitors will take notice of your blog’s theme, viewing it with greater authority and trust than before.

Other Trust Factors For Blogs:

  • Website speed
  • Testimonials
  • Function (fix broken links)
  • Seals and logos

What are your thoughts on trust signals? Let us know in the comments section below!

Pros and Cons of User-Generated Content

trustrank2Do you struggle to come up with new topic ideas for your blog? If so, you may want to consider allowing user-generated content. Doing so is a great way to regularly  fill your blog with fresh, unique contents. When your blog has unique content, it will usually reap the benefits of a higher search ranking. However, there are both pros and cons to allowing user-generated content, which we’re going to discuss further.

Free Content

Let’s face it, buying content from professional authors and service providers is downright expensive. While many companies sell articles for as a little as 1 cent per word, high-quality, error-free content often costs ten times as much. User-generated content is  free. Each time a user publishes a new article, comment, forum post, etc., it adds value to your blog in the form of free content.

Higher Search Rankings

While Google has yet to reveal its exact formula for ranking websites, we know that content is a prime ranking signal. This means websites that allow user-generated content will usually — but not always — achieve a higher search ranking. New content encourages search engine bots to crawl your blog, at which point they’ll view it as being an authority figure.

Credibility

Allowing user-generated content to be published on your blog helps to build credibility. Visitors will view your blog as being a leader in its niche/industry if it contains helpful information published by other users. Of course, it can have the opposite effect by hurting your blog’s credibility if you allow the wrong type of content to be published.

Security

One of the biggest issues associated with user-generated content is the potential for malware, viruses, spyware or adware being uploaded to your blog. Even if you restrict users to uploading specific file types, hackers and other individuals with malicious intent may bypass these measures by spoofing the file name. Long story short, user-generated content can leave your blog susceptible to viruses and malicious software.

Moderation

Another hurdle faced by blogs with user-generated content is the task of moderation. Unless you want to take a chance your blog will be riddled with low value content, you’ll need to ensure all new user-generated content is reviewed before it’s published. Going through and approving or denying users’ content will ensure only quality, relevant content is published to your blog.

Do you allow user-generated content to be published on your blog? Let us know in the comments section below!

5 Undeniable Benefits of Blogging For Businesses

emf-rad-12

Still haven’t taken the time to set up a blog for your business? Many people assume blogs are used strictly for personal purposes, sharing with the world political views and movie criticisms. While many blogs fall under this category, many businesses find  blogs increase their sales.

#1) Boosts Your Credibility

Businesses that maintain active, informative blogs are viewed as being more credible in the eyes of their target audience. When a user searches for information related to your business online, he or she may notice your blog. If your competitor doesn’t have a blog, users may may assume you are more actively engaged with helping customers. They will view your business as being more credible and trustworthy since it contains an informative blog.

#2) Drives Traffic

Of course, another undeniable benefit of business blogging is it drives traffic to your website. If potential or current customers find your blog useful, they will read it,  and some will return periodically to see if you’ve published new content. You can use this extra traffic to your advantage by selling your product/service either directly on your blog or on a website linked to your blog. This alone should be reason enough to launch a blog for a business.

#3) Easier For Customers To Find

A lesser-known benefit of business blogging is the simple fact that it makes your establishment easier for potential customers to find. Let’s face it, the old days of finding a business’ street address and phone number in the Yellow Pages are long gone. Now, consumers use the Internet to locate this information. By maintaining an active blog, you’ll make your business transparent so it’s easier for potential customers to find. Just remember to include all of the pertinent information on your blog, such as the address, hours of operation, phone number, email address, etc.

#4) Showcase New Products

Business owners can also use their blog to showcase new products or services. You can use it to announce new offerings, or offer a discount for the first X number of buyers, or any other promotional offer. The next time your business adds a new product to its lineup, think about how to use your blog to hype the new product and get customers interested.

#5) Encourages Sharing

Blogs naturally encourage users to share the content on their social media networking sites/profiles. How does this benefit business owners?  If your blog readers share a blog post with their network of friends, family and associates, more users will see your blog, which in turn drives traffic and sales. You can drive even more social shares by including Facebook, Twitter and Google+ buttons on your blog.

Need New Topics To Blog About? Try Google Trends.

235235Whether you’re new to blogging or if you’ve been doing it for years, you’ll probably find yourself struggling to come up with new topic ideas at some point. Blogs are driven by fresh, unique content, which is why they tend to have a high percentage of returning visitors. But when you’re unable to produce new content, visitors will forget about the blog, going elsewhere for news and entertainment.

Rather than rehashing the same content that you’ve already blogged about, you should try searching for new topic ideas on Google Trends. This free tool shows search trends for various keywords. How is this helpful for bloggers? Generally speaking, you want to blog about relevant topics that are popular and meaningful. This tool allows you to see how many people are searching for a particular keyword or phrase and whether or not the trend is expected to continue.

To use Google Trends, simply visit https://www.google.com/trends/ and either search for a specific keyword or choose the the “Trending Now” option. Choosing the latter option will reveal the top searches of the day in your respective country. If you’re looking for a topic that’s more closely related to your blog’s niche or industry, type a relevant keyword into the search box at the top of the page.

For example, searching for the keyword “cybersecurity” on Google trends reveals its past performance. According to Google Trends, the keyword peaked in February 2015. While it has since declined somewhat in popularity, it remains on a strong path to popularity. Now, if you look at the bottom of the page you’ll notice a list of related searches along with their respective popularity. One such keyword is “cybersecurity framework,” which has a Google Trends popularity rating of 25.

If you want to compare the popularity of one keyword with another, click the “Add term” button above the chart. This will place the second keyword’s popularity alongside the first. Of course, Google Trends isn’t the only tool for locating new blog topics. Other excellent tools include Topsy, Alltop.com, and good ol’ fashioned Twitter. Familiarizing yourself with these terms will prove well worth the time invested.

What are your thoughts on Google Trends? Let us know in the comments section below!