If you are a customer of Hotchilli and need help in migrating your website, email or domain name, then feel free to contact me about my migration service.
Little known UK ISP Hotchilli, which offered a mix of website hosting and some very out-of-date ‘up to’ 8Mbps ADSLMax based copper broadband packages, has finally kicked the bucket and will be shutting down the services it provides on 30th March 2018.
The ISP hasn’t really done anything noticeable in the broadband market since they launched their ADSL packages some years ago and since then they’ve failed to keep pace with modern changes, which means that most of you probably won’t have any idea who they are (despite them having been around since the early years). The following statement has been posted on their website (as spotted by The Register).
Service Statement
Dear Customer,
At Hotchilli, we have always strived to bring our customers the best range of product and service offerings whilst endeavouring to provide value and the quality of service customers expect to receive. Part of ensuring we are able to provide this value involves comparing our service offerings and pricing against other service providers.
Following our most recent review, the results have unfortunately shown we have fallen behind our competitors. This has resulted in an in-depth look at our costs, service pricing and the investment required to maintain and indeed enhance the high level of customer service and range of offerings we believe our customers are looking for.
It is only following this most recent review that we have arrived at the very difficult decision to inform our customers of our intention to discontinue the services we provide.
We are therefore sorry to notify you that we will discontinue the services we provide you on 30/03/18.
We will of course be happy to assist you migrate any services you take from us to another service provider where possible. We deeply regret notifying you of these intentions and would like to thank you sincerely for your custom.
In an unfortunate turn of events, WordPress 4.9.3 was released earlier this week and it included a bug which broke WordPress auto-update. Millions of sites auto-updated from 4.9.2 to WordPress 4.9.3 and it broke their ability to auto-update in the future.
What Broke?
WordPress 4.9.3 included a bug that causes a fatal PHP error when WordPress tries to update itself. This interrupts the auto-update process and leaves the site on 4.9.3 forever.
“#43103-core aimed to reduce the number of API calls which get made when the autoupdate cron task is run. Unfortunately due to human error, the final commit didn’t have the intended effect, and instead triggers a fatal error as not all of the dependancies of find_core_auto_update() are met. For whatever reason, the fatal error wasn’t discovered before 4.9.3’s release – it was a few hours after release when discovered.”
Update Your Site Manually Now
Some of you will find that your hosting company has taken care of this for you, especially if you are on a ‘Managed WordPress’ plan. If you are now stuck on WordPress 4.9.3, you will need to manually update your site to continue receiving auto-updates. To update manually and get past this broken auto-update issue, simply sign into your WordPress site as your admin user and visit Dashboard → Updates and click “Update Now.”
After the update, make sure that your core version is 4.9.4. You can scroll down and check the bottom right of your admin panel and it should say “Version 4.9.4”.
If your WordPress site is not being actively maintained, then feel free to contact me about my Managed WordPress service.
This was a very random and strange occurrence, suddenly my wife’s PC would no longer boot from the SSD drive, instead, it kept trying to boot from the secondary disk. Even when I accessed the boot menu in bios and told it to boot from this disk, it still refused.
So I booted from my Windows 10 USB stick and used command line tools. When I used diskpart, it was also reporting that the disk was empty and unformatted as well. I went through the usual repair procedures, but could not detect the previous Windows installation.
So since I did not fancy spending ages trying to fix this, I went to do a Windows re-install, which is really the easy option now we store all our data on onedrive cloud storage anyway, so nothing gets lost. But this is when I received the above error 0x80300025, We couldn’t install Windows in the location you chose.
The first thing I did was to disconnect my secondary drive, so that the system could not keep trying to boot from it. I then went into the bios to set the boot drive, but this time received another message telling me I could not boot from this disk with the current settings. So I had to go into my bios and change the CSM settings to allow legacy devices as well as uefi.
Why this suddenly happened, and why I had to change this setting is a mystery, my best bet is that maybe my 5 year old accidentally got into the BIOS and fiddled with the settings when the system was booting. Although TBH I do not recall having EVER set this CSM setting before, I am pretty sure it has always been in uefi mode by default.
So the 2 steps if you get this issue are: disconnect other drives, check your bios/uefi settings.
Meltdown and Spectre are the names of two serious security flaws that have been found within computer processors. They could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995.
What are Meltdown and Spectre?
Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected.
Spectre is slightly different. It potentially allows hackers to trick otherwise error-free applications into giving up secret information.
Is it serious?
Yes. Meltdown is “probably one of the worst CPU bugs ever found” according to Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw. It is very serious in the short term and needs immediate attention.
The problem with Meltdown is that anything that runs as an application could in theory steal your data, including simple things such as javascript from a web page viewed in a browser.
Spectre, on the other hand, is harder for hackers to take advantage of but is also more difficult to fix and is expected to be a bigger problem in the long term.
What kinds of devices are affected?
Practically every computing device affected by Spectre, including laptops, desktops, tablets, smartphones and even cloud computing systems. A few lower power devices, such as certain Internet of Things gadgets, are unaffected.
What is a processor?
The processor, or central processing unit (CPU), is the primary chip in a computer that carries out the instructions of a computer program – in essence, the brain of the computer.
When you command a program to do something, it is the processor that carries out that command, co-operating with the rest of the system to perform whatever task is needed.
There are other types of processors, including graphics processing units (GPU) or graphics cards, co-processors such as sensor chips that detect motion or similar physical conditions, but the term “processor” without a caveat is generally exclusively used to describe the CPU.
Does it only affect Intel processors?
Spectre affects all modern processors, including those designed by Intel, AMD and ARM, but Meltdown is currently thought only to affect Intel chips manufactured since 1995, with the exception of the Itanium and Atom chips made before 2013.
Credit cards could be at risk due to Meltdown. Photograph: Alamy Stock Photo
The core system, known as the kernel, stores all types of sensitive information in memory. This means banking records, credit cards, financial data, communications, logins, passwords and secret information could which is all be at risk due to Meltdown.
Spectre can be used to trick normal applications into giving up sensitive data, which potentially means anything processed by an application can be stolen, including passwords and other data.
Is it already being used to steal data?
The UK’s National Cyber Security Centre said that there is no evidence that Meltdown and Spectre are actively being used to steal data at the moment, but the nature of the attacks make them difficult to detect.
Experts expect that hackers will quickly develop programs to launch attacks now that the information is available. Dan Guido, chief executive of cybersecurity consulting firm Trail of Bits, said: “Exploits for these bugs will be added to hackers’ standard toolkits.”
What can I do about it?
Users can do little to avoid the security flaws apart from update their computers with the latest security fixes as soon as possible. Fixes for Linux and Windows are already available. Chromebooks updated to Chrome OS 63, which started rolling out in mid-December, are already protected.
Android devices running the latest security update, including Google’s Nexus and Pixel smartphones, are already protected. Updates are expected to be delivered soon. Users of other devices will have to wait for the updates to be pushed out by third-party manufacturers, including Samsung, Huawei and OnePlus.
On Thursday night, Apple advised customers in a blog post to update their devices’ operating systems and only download software from “trusted sources such as the App Store”. The company also said that “there are no known exploits impacting customers at this time”.
If you are running old and unsupported operating systems or old phones which are no longer receiving updates, then there is no fix and your devices will remain vulnerable unless you upgrade your operating system.
I do offer Windows 10 upgrades for anyone that is not able to do this themselves.
Will the fixes slow my computer?
While the fixes for Spectre are not expected to have much immediate impact on the performance of computers, the nature of the fixes needed to protect against Meltdown could have a significant impact.
That’s due to the separation of the application and kernel memory required by the various operating systems to prevent the flaw being used to access protected data. Separating the two memory systems like this means that tasks that constantly require the kernel do to things, such as writing files to disk or sending data over a network, could be significantly slower due to the increased time it will take for the processor to switch between the application memory and the kernel memory.
Some early estimates predict up to 30% slower performance in some tasks. Whether users will notice a difference on their computers will depend on the task they are trying to do. Gaming, browsing and general computing activities are unlikely to be affected, but those that involve lots of writing files may become slower.
Some technologies, such as Intel’s Process-Context Identifiers (PCID) that was included with the company’s processors since 2013, can lessen the impact of the fixes if taken advantage of in the operating system.
Who found it?
Meltdown was independently discovered and reported by three teams, including Jann Horn from Google’s Project Zero, Werner Haas and Thomas Prescher from Cyberus Technology and Daniel Gruss, Moritz Lipp, Stefan Mangard and Michael Schwarz from Graz University of Technology in Austria.
Spectre was independently discovered by two people, including Horn and Paul Kocher, who worked in collaboration with Daniel Genkin, from University of Pennsylvania and University of Maryland, Mike Hamburg from tech firm Rambus, Lipp, and Yuval Yarom from the University of Adelaide and Data61.
What about cloud services?
The problem is magnified for cloud services such as Amazon’s Web Services and Google’s Cloud Platform, due to the scale of their computing resources and the potential impact on performance of the fixes.
Amazon said it was in the process of patching systems with all but a “small single-digit percentage” of its Amazon Web Services EC2 systems already protected, but that “customers must also patch their instance operating systems” to be fully protected.
Google also said that the majority of its systems were updated, but that some additional customer action may be needed for its Compute Engine and other Cloud Platform systems.
Dodgy WIFI signals are a royal PITA, and with so many devices in your home now using WIFI, such as phones, tablets, Fire TV, PC’s, printers, every bit of speed matters. While none of the tips in this article are new, most of them can all be carried out for free or very cheaply, and they might just help you get a little bit of extra performance from your wireless network.
1. Find the right spot for your router
This might not be something you’ve thought about, but properly positioning your router can make a significant difference when it comes to ensuring good coverage around your home. It can be difficult to move your router around too much when its location is somewhat dictated by the location of your master socket, but ideally, you might want to consider some of the following.
First of all, try to elevate your router as much as possible. At the very least, it’s not a great idea to keep your router on the floor, so try to keep it on top of a cabinet or desk. If your router is upstairs, you won’t need to worry about elevation, but at least keep it off the floor.
If possible, try to move your router to a central point in your home. If your router is by a window, or in a corner, a good deal of the signal is going to be lost. Positioning your router centrally means a more even coverage around the home. This can be difficult depending on the location of your master socket, but if it is easy to achieve and doesn’t look unsightly, investing in some longer cables to give you a little more room to play with can pay off.
Finally, moving your router away from obstacles can also help. So don’t keep the router in a cupboard, or close to furniture that might block the signal. Where possible, try to allow for some clearance around the router.
The biggest problem here is then connecting your WIRED devices to the router. More often than not, these devices tend to be in the lounge, such as your TV, Fire TV, skybox, games console etc. In which case the best solution is to get a small ethernet switch and connect all your devices to this, and 1 cable to connect your switch to the router.
If you have a modern dual-band router, you’ll have the option to connect at the 5GHz frequency instead of 2.4GHz. Lots of routers will take care of this for you automatically, but they also allow you to manually control which frequency you want to connect to (you’ll need to set up two SSIDs in your router settings).
As a rule, 2.4GHz will give more range, but connections will be faster at 5GHz. The other advantage of the 5GHz spectrum is that it will generally be less congested. That is, there will be less interference from things like home appliances and your neighbours’ WiFi.
3. Change the channel
No, we’re not talking about the TV here. Rather, your router will transmit its signal on particular channels chosen from an available range. If other wireless networks in your vicinity (i.e. your neighbours) are transmitting on the same or adjacent channels there is a possibility that you might run into interference issues.
You can use a WiFi analyzer to scan nearby networks for interference, look for SSID’s running on the same channel as yours.
To help you do this, download the WiFi Analyzer tool from the Windows Store and install it onto your laptop.
Here also is the one I use for Android and a few options for iPhone.
These tools take the guesswork out of improving your router’s signal settings by looking for interference caused by overlapping signals broadcasting on the same channel and letting you know how to change the channel. This article gives more detailed instructions.
4. Check those antennae
Lots of modern routers have internal antennae, so there’s not much you can do about that (though they should be optimally set up, so there probably isn’t much need for worry). However many routers (new and old) still use external antennae.
Crucially, when it comes to positioning these antennae, the general advice is to place them perpendicularly. So if one antenna is pointing straight up, the other should be positioned horizontally, at a right angle to the first antenna. This is because reception will be better on your tablet, smart phone, laptop, etc. if their antennae are oriented the same way. So, positioning your antennae perpendicularly ensures better communication with your devices no matter their orientation.
5. Keep your router away from other electronic devices
At this time of year, your Christmas lights are likely to be a big culprit, but other electronic devices like computers, TVs, power adaptors, and even fluorescent lights can all cause interference to your wireless signal. So it pays to keep your router as far away as possible from these sources of interference, even from the electrical sockets. Entirely isolating your router might prove to be an impossible task, but try to reduce exposure as much as you can.
6. Check for bandwidth hogs
Do you sometimes find that despite having a strong WiFi signal, everything is slow as hell, or just stops working altogether? And does this often seem to happen at the same time every day?
One common cause I found was Windows updates, check the related posts below for more details on this one.
Another cause is video streaming. If you have multiple people in your house, all streaming video on their laptops, tablets, Amazon Fire Sticks then this is going to suck all your bandwidth and leave not much for anyone else.
Torrent downloading is another one, if you have someone in your household who likes to download files via torrent, then this can easily consume all your bandwidth due to the way it works.
If you have a decent router, then there should be tools in your router admin to show you all the connected devices and how much bandwidth they are using. You may need to enable QOS (quality of service) to get this data.
7. Extend your WiFi
If there really is nothing that can be done about your existing WiFi signal, then you could consider using a WiFi extender or powerline adaptor to extend your WiFi into poor signal areas of your home.
A Wi-Fi range extender sometimes called a range expander, is a type of wireless repeater used to expand the reach of a wireless LAN. The device is situated in between a base router or access point and a client that is not close enough to receive acceptable service or one that is on the other side of a barrier.
Powerline adaptors turn your electrical cables into a speedy network.
Simply plug one end into a power socket next to your router, and connect with an ether cable, and plug another adapter into any other socket in your house. Voila, you now have your broadband connection extended to that socket, which you can use via an ethernet cable or WiFi if it also has a built-in WiFi extender.
Wi-Fi extenders have long been a popular option when it came to solving Wi-Fi dead spots in homes, but with the introduction of mesh Wi-Fi systems over the last couple of years, many casual users have been eyeing these new systems instead, mostly due to how easy they are to set up and use.
Mesh Wi-Fi systems consist of two or more router-like devices that work together to blanket your house in Wi-Fi. Think of it as a system of multiple Wi-Fi extenders, but one that’s much easier to set up—and doesn’t require multiple network names or any other quirks that some extenders have. All it takes is plugging in the units and following some simple steps in the accompanying app. Once it’s all set up, managing your network is also really easy, as most of the advanced, complicated features are out of the user’s way and the big features that people want are easily accessible and simple to use.
How Is Mesh Wi-Fi Different Than Using an Extender?
One facet that many people don’t realize about mesh Wi-Fi systems is that they’re meant to replace your current router, and not work alongside it. So while Wi-Fi extenders simply boost your main router’s Wi-Fi signal, mesh Wi-Fi systems actually create a whole new Wi-Fi network, separate from your current router’s Wi-Fi.
Plus, if you ever need to manage your mesh Wi-Fi network, you can do so through a simple smartphone app, and not through your router’s complicated admin page. It makes it a lot easier to change settings and see a glimpse of your network overall.
Mesh networking also allows these multiple router-esque units to communicate with one another in any sequence they wish. Traditional Wi-Fi extenders can only communicate with your main router, and if you set up multiple Wi-Fi extenders, they usually can’t communicate with each other. However, mesh Wi-Fi units can talk to whichever unit they want to give the best coverage possible to all of your devices, which is a huge benefit.
For example, if you set up the first and second mesh unit in your house, you don’t have to worry about placing the third unit close to the first unit, since it can simply just get the signal from the second unit that you set up, allowing you to create a much larger range than you could with Wi-Fi extenders. Think of it as a relay race where runners hand off the baton to the next runner to advance down the track—mesh Wi-Fi systems work the same way.
Furthermore, if you were to open up a Wi-Fi analyzing app, you would notice that your mesh Wi-Fi network is actually transmitting separate Wi-Fi networks, one for each unit that you have set up. This is how traditional Wi-Fi extenders work as well, but with those, you would often have to switch between networks manually (between Network and Network_EXT, for example). However, a mesh Wi-Fi network still acts as a single network, so your devices will switch between mesh units automatically.
Proving once again that medication is not the answer to getting inattentive kids to do well in school, four Fort Worth area public schools are finding success with the LiiNK program. This revolutionary approach to schooling and counteracting ADHD is based on the idea that offering kids more unstructured play can help them focus and do better in the classroom.
It seems silly to label the concept of allowing kids to be kids as “revolutionary,” but we have gotten so far away from letting children enjoy life that the idea is indeed raising a lot of eyebrows. In fact, some teachers in the school districts involved initially resisted the idea because they feared they would be unable to teach the children everything they needed to learn in the amount of time available until they saw the results. Although this again is another case of common sense not kicking in, since how much of that time do teachers actually spend teaching vs dealing with disruption and bad behaviour.
At Fort Worth’s Eagle Mountain Elementary, kindergarten and first-grade students are now being given two 15-minute breaks in the morning and another two in the afternoon. The total recess time of one hour per day is three times the amount they were given previously. They go outside regardless of the weather to play games or use the playground equipment.
Just five months into the new schedule, teachers found that their students were more attentive listeners who were better able to focus, follow directions, and solve their own problems. They were also less fidgety. Even parents are noticing the changes, commenting that their kids seem to be more creative and independent.
The pressures of public education are immense, with young children being increasingly pushed to do well on standardized tests, and subjects like physical education, music and art getting the short shrift. It’s easy to imagine how kids with more active dispositions would struggle in such a restrictive environment.
In today’s quick-fix-obsessed society, the answer for many has been to give these energetic kids an ADHD diagnosis and some pills in an effort to get them to sit still. There are countless reasons that drugging young children is not the best route to take despite Big Pharma’s claims to the contrary, not the least of which is the likelihood of suffering a number of unpleasant side effects from ADHD meds and screwing up your kids future.
Contrast this with the simple concept of a recess, which has been shown in studies to give kids a number of vital physical, emotional, social and cognitive benefits. In fact, the American Academy of Pediatrics calls it a “crucial and necessary component of a child’s development.”
The LiiNK program was inspired by the education system in Finland, where students earn some of the best scores in the world in science, math and reading. Experts say that giving kids recess essentially “reboots” their systems. When they return to the classroom afterwards, they have renewed focus and are more receptive to learning.
Maximizing the benefits of recess
The breaks need to be outside to be effective. Texas Christian University Kinesiology Professor Debbie Rhea says that natural light, fresh air and vivid colors all have a positive effect on the brain and its functioning. Spending time in “green outdoor activities” has been shown in studies to reduce ADHD symptoms.
It is also essential that the students’ recess entails unstructured play, she says, which means they can run around, play together and invent games or use their imagination. Teachers should take a limited role, staying nearby to ensure everyone is safe.
The program has been so successful in Texas that other schools across the nation are hoping to implement it soon. It’s amazing how such a simple concept – giving kids time to run around outdoors – can have such a transformative effect. With this approach, everybody wins… except, of course, Big Pharma, who won’t be selling as many poisonous ADHD meds to parents who have been fooled into believing their only option is drugging their kids.
For the last few weeks my son has been unable to use his gmail, gdrive or in fact any part of his g suite account using Google Chrome, due to getting this dreaded #400 bad request error.
The 400 Bad Request error is an HTTP status code that means that the request you sent to the website server, often something simple like a request to load a web page, was somehow incorrect or corrupted and the server couldn’t understand it.
I googled this errors for hours, but none of the solutions I found worked.
I completely uninstalled chrome and started from scratch, no dice.
I even tested this on my own PC, and had the same issue.
Tested with other browsers, but they do not have this issue.
After troubleshooting the issue extensively, what I discovered was that this problem was only affecting my son’s google profile and only occurred after I created his profile in chrome and synced it. If I logged into Gmail without creating the profile, everything worked, If I used the guest profile, or if I used incognito, everything also worked fine. So the issue is clearly with the Google profile and what chrome is trying to do after it has downloaded/synced it for the first time.
I contacted Google support (as I have a paid g suite account), and had some painful exchanges, with them insisting that a #400 error is a client-side error and so the issue is with my environment and not a problem with any of their services. It has taken a lot of perseverance and repeating the evidence over and over to show that it is not a local environment issue, but finally, a solution has been found.
All you need to do is reset your google profile sync.
Review if there is anything needed to keep on your profile. For example, Bookmarks which you can backup by following the steps from here https://support.google.com/chrome/answer/96816.
Make sure to check every item in that list (most of them is like clear browsing history).
After checking what needs to be exported and download, the next step would be to click on “Reset Sync” button on the bottom and this will delete all the sync data that cannot be recovered.
I did not need to delete the profile from the browser, but if the above solution does not solve your problem, then I would give that a go as well.
I hope this helps the many other people who are having this error and never found any solution.
One of the services I provide is managed WordPress websites, and a common negative comment I hear from people is about WordPress security, claiming “WordPress is not secure.”. More often than not these words of misplaced warning come from other web designers or IT guys who clearly have not done their research, and really should know better. The obvious major drawback of this information is that clients then become fearful of potentially falling victim to malicious behaviour. But the truth is, WordPress core is one of the most secure publishing and web development platforms you can choose to develop a site on.
What most people don’t realize, is that WordPress is not a set it and forget it system
WordPress security isn’t about setting and forgetting. Rather, it’s about taking every measure you can to harden your website to prevent it from being hacked. It’s not just up to WordPress to implement security for you either. Using WordPress, as with any off the shelf CMS, means YOU are responsible for your website maintenance, including security. This actually true of ANY website, especially bespoke built websites, which are the most likely to have gaping security holes since they will have never been maintained or updated.
While WordPress already does a lot to harden its core, there’s a shared responsibility between you, your hosting infrastructure, and WordPress to be vigilant about enforcing security best practices, or hire someone like me to do it for you.
So, if you are rejecting WordPress due to WordPress security concerns, let me enlighten you with a few reasons to convince you that WordPress is actually more bullet proof than you might realize.
The No.1 culprit of a hacked WordPress website is due to an outdated extension or outdated core caused by poor or non-existent maintenance.
Hacking is newsworthy
WordPress wasn’t always as secure as it is now. Back in 2009, when WordPress was on the brink of massive popularity, the CMS contained a number of security vectors that were exploited and
picked up by the news. The platform received extreme criticism, in which was really the community’s way of saying that WordPress needed to up its game and become more bulletproof.
These security concerns were addressed in version 2.8, following a string of security patches to strengthen the WordPress codebase. While security was on the shaky end then, today WordPress is quite secure. Yet, because WordPress makes up such a huge chunk of the internet (28 percent and rising; 1.2 billion downloads) if a hacker is scouring the web to cause trouble, there’s at least a quarter chance they’ll land on a WordPress website.
As such, these security exploits are publicized when any high-profile attack occurs. This gives WordPress a reputation for being less secure than comparable CMSs, like Drupal and Joomla. However, this is completely inaccurate.
The reality is, WordPress is secure enough for millions of end users and a number of Fortune 500 companies to trust their online business with.
Other popular CMS’s like Drupal and Joomla aren’t targeted as much, simply because they aren’t as widely used as WordPress. While WordPress powers over half (52 percent) of all CMSs on the web, Drupal powers a mere two percent and Joomla only six percent of the CMS market. So, when WordPress does get hacked, it’s commonly covered by media outlets and the news. But what many people don’t realize brings us to the next point.
Most security exploits are a result of an outdated component.
Most security attacks on WordPress occur through an outdated theme, plugin, or through WordPress core. Of all the high profile exploits in recent years, each attack has targeted vulnerabilities that
could have been avoided with a simple update. Therefore, it is not the fault of WordPress when these breaches occur, it is the fault of the website owner not properly maintaining their website.
It’s your duty to update plugins, themes, and WordPress core accordingly.
While so called managed WordPress hosting providers like WP Engine or GoDaddy may run automatic updates to the WordPress core for you, they do not update all your plugins and themes to ensure they contain the latest security patches, this is still down to you, so the term “Managed WordPress” is obviously rather misleading to many website owners, who are unwittingly under the impressions that EVERYTHING is being managed, which is not the case. Just to be clear, the managed WordPress solution I provide, does include everything.
If you do not have someone like me managing your site and are managing your own website, then It is also up to you to familiarize and educate yourself regarding plugin and theme best practices. While free plugins and themes are awesome, when browsing the plugin repository, make sure the plugin/theme has been updated recently and works with the latest version of WordPress. If you activate a plugin/theme that’s more than a year old, you could be potentially opening up a portal for hackers because the extension will most likely not have been patched with the latest security update.
Premium plugins and themes are less likely to contain security vulnerabilities because they are monitored and updated more regularly. That’s one benefit of paying for a premium component
— you won’t have to worry about the author going astray and neglecting to keep the theme/plugin up to par with the latest security standards. However, do not try to pirate premium themes and
plugins; this is a bad idea because they most likely won’t contain the latest security scripts.
There are many security vendors working quickly to detect and patch vulnerabilities.
In terms of security, no system is perfect. According to WordPress.org, “Security is about risk reduction, not risk elimination, and risk will never be zero.”
This is true not just for WordPress, but for any system. That’s why, in addition to the WordPress core team, many third-party security providers work endlessly to detect and fix vulnerabilities.
Even against the most secure systems, hackers can still find a way in if you don’t take the right precautions;
The open source nature of WordPress means that anyone can contribute to detecting security vulnerabilities, meaning faster fixes. For instance, you might have heard about a recent WordPress security breach through the REST API (introduced in version 4.7.0) where 1.5 million-plus pages running that specific version were defaced. Various security vendors detected the vulnerability and immediately reported it to WordPress to build an update.
If your enterprise site contains highly sensitive information, or you are just worried about this happening to you, there’s no way it could have as long as you invest in managed services that automatically run WordPress updates for you. I was notified of this breach as soon as it was made public and immediately started issuing patches across all my client sites so that nobody was affected.
So Just remember…
WordPress is as secure as you want it to be.
If you want your site to be shielded with layers upon layers of security shields, then you can. But laxity in security will only result in exposure to vulnerabilities.
It’s your duty to take additional measures to harden the security of the WordPress site you’ve built. With the help of managed hosting and service providers like myself, security is taken to the next level. To avoid a treacherous site invasion, there are some additional security measures you can (and should) take to harden the security of your WordPress site. The hosting I use for WordPress includes web application firewalls, intrusion detection, brute force protection, malware scanning and more.
Enforce Strong Passwords
This is the most basic of security measures you should be taking. If a hacker decides to run a brute-force automated script, an easy to guess password will make it more accessible for them to crack the code. Instead, use a strong password generator to make sure your password is secure enough. You can also use a plugin like Force Strong Passwords to enforce strong passwords for other users on your site or with WordPress Multisite. By default, I always use strong randomly generated passwords on all client sites.
Use 2FA (Two-Factor Authentication)
Enabling 2FA adds an extra layer of security to your login credentials. 2FA works by requiring a second factor of information that only you can give, like a code sent to your phone to verify your
activity on a specific computer.
Use SSL For Data Security
SSL (secure sockets layer) encrypts all information submitted to your site. This means hackers won’t be able to see or intercept the data your users share on your site (like credit card info). While WordPress doesn’t come with automatic SSL, most hosting providers offer SSL and many now offer Let’s Encrypt.
Since Google has started issuing “Not Secure” warnings for pages not secured with HTTPS, it’s now important to make this transition to HTTPS if you haven’t already in order to avoid your clients seeing this warning message. Therefore I now enable SSL on all client sites by default.
I had this problem yesterday on my WordPress multisite installation, one of the sites was giving this “ERR_TOO_MANY_REDIRECTS” error but the other site was working just fine. This really had me scratching my head as it was working fine the night before.
Solving problems like this often requires trial and error, but sometimes you can be a detective and backtrack what has changed since it last worked. In this case, the last thing I had done was I had enabled Cloudflare, but I recall it was working after that as well. But then I remember the annoying habit that Google Chrome has of OTT caching not just of pages but of DNS lookups, meaning I may well have actually tested the site properly after the switch.
So first I disabled Cloudflare, which I was sure must be the cause, but nothing changed, I was still seeing the error. then I checked the SSL, that was valid and passed all the SSLLABS tests too. Then I thought to try another browser since Google Chrome has a tendency to cache dns results as well. Voila, the site was, in fact, working with Cloudflare disabled. So I went through the Cloudflare settings and found the cause.
Cloudflare’s Flexible SSL option can cause redirect loops when combined with certain configurations. Because all requests are sent to origins over HTTP when Flexible SSL is selected, an origin configured to redirect HTTP requests to HTTPS will cause a redirect loop, causing browsers to display “The page isn’t redirecting properly” or “ERR_TOO_MANY_REDIRECTS”.
It is well known that we, the consumers, trust recommendations coming from peers or fellow consumers much more than we trust what businesses are telling us about them. Therefore businesses selling social proof are very powerful and they can easily manipulate our thoughts on any brand.
Yelp even won a court settlement recently, giving them permission to legally manipulate ratings. Both Yelp and Trustpilot claim that they don’t manipulate the truth, but when you take a closer look at the evidence and the services they are selling, it is clear just how manipulative and untrustworthy they are, thus you will often find people asking “Can Trustpilot be trusted” or “Is Trustpilot a scam”.
There are quite a few sites online that allow you to write reviews on any company, but the majority of worthwhile ones are paid services geared towards businesses collecting product reviews on their e-commerce websites, so members of the public cannot just go and write a review about the company, it is by invite only. The rest are shady and untrustworthy business directory websites like yelp.com.
So when I originally discovered trustpilot.com many years ago it seemed like there was finally a useful and transparent review site, but alas I was very wrong, Trustpilot is indeed what we would generally classify as a scam and definitely not trustworthy.
Trustpilot may well have started well back in 2012 when it was run by just a couple of guys, maybe they even had honourable intentions to keep the site honest, we will never know. But one thing is for sure, even if that was the case then their ethics, morals and standards have since gone out of the window, and any good intentions left by the wayside in favour of greed and profit.
While they do have some self-proclaimed checks in place to stop business owners from posting fake reviews on their own company or multiple reviews from the same IP address, that seems to be about the limit of their efforts.
So can Trustpilot be trusted?
In short no. Trustpilot is completely corrupt and dishonest. They game their own system, manipulating reviews in the favor of their paying customers, and they will also delete any negative reviews about themselves.
I have left multiple reviews about Trustpilot on trustpilot.com, and each time they have deleted it.
Trustpilot Deleting negative reviews
Trustpilot’s service has degraded so much that it is now being reviewed on other review sites for its untrustworthiness.
Trustpilot reviews on SiteJabberTrustpilot on reviews.io
The so-called compliance team pushes the boundaries of incompetence and dealing with their constant lies, excuses and ignorant canned responses severely tests your fortitude.
Corrupt & Dishonest
The general consensus from everyone who has ever had a legitimate review removed and dealt with the compliance team is that Trustpilot is indeed a scam, is completely corrupt and dishonest, and cannot be trusted. You will find hundreds of users on Sitejabber and Reviews.io confirming this and that Trustpilot manipulates reviews in favour of clients on their paid plans and will remove the majority of negative reviews, falsely inflating their positive ratings.
Even worse is the fact that Trustpilot will knowingly and willingly assist known scammers, fraudsters, and conmen with their criminal activities. Manipulating their reviews and helping them to maintain a false positive profile that hides the truth, so that can continue scamming and defrauding the public. This makes Trustpilot criminals themselves, as bad as the criminals they support.
From my own dealings with them over the years, I can confirm that I have experienced this dishonest, unethical, incompetent and biased behaviour from their so-called compliance team many dozens of times.
I have posted a lot of reviews on Trustpilot over the years and I have now lost count of how many times they have removed legitimate negative reviews at the request of their client and have then refused to reinstate them unless I have removed literally every negative word from the review, or have requested outlandish and unattainable evidence such as letters from a judge or police reports, which of course do not exist.
Once you have removed everything they have requested, they will then refuse to reinstate the review on the basis that it does not say anything about the service you received from said company, which of course they forced you to remove.
If you have mentioned the name of the company or the CEO/owner of the company in your review, they will even use this as an excuse not to publish and will demand that this information is removed, even though this information is not personal or private and is publicly available online at companies house.
There is of course no logical reason to not mention the name of the company that you are reviewing since that information is obviously displayed right at the top of the page, since this information is required for the Trustpilot site to even work. Of course, if you point that fact out to the compliance team, they will simply ignore it.
The compliance team also completely refuses to check facts or look at evidence when provided, even if it is something as simple as clicking a link and looking at a web page to verify companies trading names or look at an image. You certainly get the distinct impression that the compliance team is lacking in the brain cells dept and are probably working out of an Indian scam call centre.
I have even reported a convicted criminal to them and provided evidence of this criminal’s activities, conviction, and subsequent incarceration, as well as copies of correspondence from Trading standards. All of which they duly ignored, deleted my review, and continued to allow this criminal to game their system for his own benefit.
Most consumers will simply get so frustrated with these vexatious and convoluted tactics and dealing with these mentally challenged call centre staff, that they will give up, which is clearly Trustpilot’s intent.
If a company is using Trustpilot’s free service then the situation is reversed, and it seems as though they will happily allow defamatory or fake reviews to be posted unabated, will put in minimal effort to deal with complaints and will make it as difficult as possible. I have had to resort to threats of legal action to get fraudulent/fake reviews removed.
in fact, if you read the feedback on the sites mentioned above, business owners are claiming they are being blocked by TrustPilot from even reporting defamatory or fake reviews.
The only way to not find yourself being abused on Trustpilot is by using their paid service, after which you receive preferential treatment and allow you to abuse the system instead.
As if this was not bad enough, Trustpilot will also allow any company you have reviewed to then get revenge by making malicious and defamatory posts against you personally.
According to Trustpilot’s own guidelines
“1.1 You can write a review on Trustpilot about a company if you have had a buying or service experience with that company,”
But Trustpilot does not follow these guidelines. If you have a personal web page or a blog, then a vindictive business owner can get revenge on you for posting a negative review by posting any malicious and defamatory lies they like about you by linking to your personal website/blog. Trustpilot will not do anything about it (unless you threaten them with legal action).
This makes it very risky to post reviews using your own identity.
Even your old reviews are not safe
If you think that reviews that you post years ago are safe from this abuse and tampering, think again. Your old reviews are also subject to Trustpilot’s incompetence and abuse of the system as well.
I have as recently as November 2022 had notifications about dozens of my old reviews (both positive and negative), being taken offline for suspicious behaviour. Upon checking, I found even more old reviews were marked as deleted, unknown to me.
When I asked the Trustpilot compliance team for an explanation as to how there can be suspicious activity on reviews that are years old, they of course couldn’t give any, and just provided a canned response with links to their policies. I wouldn’t have been surprised if they had come up with some time travel response TBH.
The only vague explanation I got after a lot of pushing, was that if reviews are left by different people/accounts from the same IP address, this would be flagged as suspicious.
I then had to explain how dynamic IP addresses work, and that it is quite normal that the same IP address would be used by many different people over the course of several years. So beware, when your dynamic IP changes (such as when your router reboots) or if you switch broadband providers, this is likely to result in Trustpilot flagging you as suspicious and deleting all your reviews.
This would also be the case if you leave reviews using your mobile device over 4g/5g, or via public wifi, since your IP address will always be dynamic in these cases and will be used by hundreds, if not thousands of other people.
No option was given to get the reviews back online, just a notification that it has been deleted and that’s final.
I was forced to contact them separately about each and every review they took offline and question it. When I pointed out that evidence was provided for many of these reviews back when they were originally posted, I discovered they keep no record of this whatsoever and they demanded that I provide the evidence again.
Obviously, the only way this is going to be possible is if this is a company/provider you still use and can thus provide a recent invoice/receipt.
Otherwise, you are not likely to still have evidence from something you purchased several years ago and have not had any dealings with that company since.
I went back and forth dozens and dozens of times with the incompetent compliance team on this, asking why they ask for the same evidence for something years later, never getting an answer, and just getting endless the usual canned responses with links to their policy stating why they ask for evidence.
Finally one of them admitted how incompetent they are, not only do they not keep copies of evidence or any record that you ever provided in the first place, they even lost/deleted the evidence I had re-sent during the course of the conversation.
So what does this mean to the consumer?
Unfortunately, since Trustpilot is dishonest and allows reviews to be manipulated, this means that the scores and ratings you see for any company may not be reliable and should not be trusted, so should never rely solely on Trustpilot as your only source.
They do have processes in place to stop the same person from leaving multiple reviews under different names, and knowing how to get around this will be beyond the ability of the average person who is not very computer-literate. So this does mean that fake positive reviews are less likely.
However, the way they do this is also very unreliable since it is based on IP addresses, so as mentioned above, if someone else who once had your IP address also reviewed the same company, both yours and their reviews will be deleted for “suspicious behaviour”.
Always read the reviews, don’t just go by the scores either. Often a company may have 4+ stars, but if you read all the most recent reviews, they will be loads of negative ones. Dishonest companies will continuously get fake positive reviews to keep their overall rating high and to push the negative ones off the first page.
Another solution to verify a company that seems too good to be true is to check other directory sites such as sitejabber.com, yell.com, yelp.com, freeindex.com etc which they may not be monitoring. Also social media, Facebook, Twitter, LinkedIn etc. Companies that are in the habit of removing negative reviews will usually not allow posts on their Facebook page without moderation, or will quickly remove anything negative, so this is easy enough to test. No company can remove other people’s tweets though, so check their timeline and do a search for specific phrases.
If you post reviews on Trustpilot, and you have your own business/website, then I would also suggest doing so anonymously to avoid vindictive retribution from malicious business owners when you post negative reviews. When this happens, Trustpilot will not help you, unless you pay them.
When it comes to leaving reviews, I suggest using other review sites such as SiteJabber and reviews.io and facebook, which seem to be far more trustworthy and less susceptible to manipulation.
TP-Link TL-WPA7510KIT 1200 Mbps Dual Band Gigabit AC750 Powerline Adapter, Range Extender, Broadband/Wi-Fi Extender, Wi-Fi Booster/Hotspot
Recent Comments