I have been on a mission for quite a long time now to find a reliable parental control solution and content filtering solution and created a detailed post on the subject a few years ago.
I have tried all kinds of software, most of which has been lacklustre or simply unreliable as it will randomly stop working (Microsoft Family Safety, Bitdefender Parental Controls) or simply doesn’t do what it claims and gives you a false sense of security (Qustodio).
Avoid iPhones
Many parents cannot afford to pay for software for all their devices as it is, and Apple has now made this an even more difficult solution for parents by blocking all 3rd party software vendors from using parental controls on iPhones and iPads or by crippling their software and making it useless.
So if you are thinking of buying your child an iPhone or iPad, I would suggest you consider an Android device instead if you want any kind of parental control.
DNS Filtering
Lately, I have been trying out a number of DNS filtering services and I believe I have finally found one that not only works, but is also FREE, at least for the basic service. It is called CleanBrowsing DNS.
How DNS Works
What this basically does is that it takes you DNS requests and instead of just return the IP address to your device as normal DNS would, it will process the request itself and returns the website content with any filtering applied.
So it will either completely block any website on the not allowed list, or will enforce the SAFE SEARCH mode on sites like youtube and google, thus overriding local settings on your devices.
Using DNS filtering is a simple case of changing the DNS servers on your broadband router admin, which will affect every device in your house that is using WIFI or connected to the router via cable.
If you have older kids with mobile phones, then you would also need to apply the cleanbrowsing DNS settings to their phones directly, otherwise, it would have no effect when they are connected to the mobile network.
Please bear in mind that DNS filtering is very easy to bypass for any kids that are quite computer literate or even just know how to use google to search for a workaround.
So for older kids, you will need to have some parental control software on their devices in order to stop them changing the DNS settings, and be sure to check for yourself that it cannot be changed. I recommend MMGuardian.
On Windows computers/laptops, you simply need to make sure that your kids are not administrators, and only standard users, then they will not be able to change network or DNS settings. You should make yourself the only administrator.
The free version of CleanBrowsing will not block social media sites. If you want to do this, then you will need to purchase the paid plan so that you can add your own filters to block those sites or others which are not blocked by default, you can also create separate profiles for each child if required.
If you have set the DNS filtering at router level and want to bypass the DNS filtering on your own devices, then simply set different dns servers on those devices. I recommend using CloudFlare DNS rather than your ISP.
As everyone knows by now, the biggest reason for hacked WordPress Websites is lack of maintenance, resulting in vulnerabilities caused by out of date WordPress core, plugins and themes.
IT is critical to keep your WordPress installation up to date as well as all your themes and plugins, failing to do so will result in your website having vulnerabilities that cybercriminals can take advantage of to get access to your website, install malware, redirect your traffic, use your site to DDOS other sites or steal customer data.
With so many tens of thousands of plugins available, many created by bedroom coders, many also often get abandoned by their developers or just do not get updated regularly enough to stay compatible with the latest version of WordPress. In some cases, the developers have been known to sell their plugins to cybercriminals.
So it is also important to keep a check on all your plugins to make sure they are still being maintained and supported and have not been removed from the WordPress plugin repository.
I do a lot of WordPress support these days, removing malware, fixing bugs, improving performance, migrations and of course, performing updates and installing security. In almost every single case I find that customers are not taking advantage of the tools they have available through their control panel.
Installatron
Installatron is an application installer that allows quick and simple installation of web application such as CMS’s, blogs, forums and much more. It is used by many hosting providers in their hosting control panel (Cpanel, Plesk and DirectAdmin) and is also available as a remote installation for anyone else.
What most people do not realise is that Installatron also has the ability to monitor your WordPress installation and inform you about updates or to just install them for you automatically.
First login to your hosting control panel and look for the Installatron icon. If you do not have this, then your hosting probably does not offer this option, in which case you have the option of installing the remote version yourself or moving to a host that does offer Installatron.
If you are based in the UK then I can recommend my own hosting provider Guru, you can read my review of Guru here.
Clicking on this icon will then show you all your existing apps which were installed using Installatron. If you did not install WordPress using Installatron, then it will not show up here, but don’t worry you can also import any existing WordPress install (see below).
Manage Your Application
From the list of installed application, click on the wrench icon to manage your application. From here you can choose your notification or update settings.
Note that Installatron will send out email notifications whenever an action is completed, so be sure to verify that the email address you have set is valid and that you have whitelisted emails from the control panel.
What settings you use here very much depends on how critical your website is you and your business.
If you have a simple brochure website, then you could just set everything to auto update, and then just make sure you check your site after updates occur to ensure everything is still working as expected.
If your website up time is critical to your business, then I would suggest just enabling notifications, and then performing the updates manually outside of business hours so that you can easily roll back if any issues occur.
Backups
If something goes wrong during an update, which breaks your website, then you will need to restore your latest backup. So the first thing I recommend is that make sure that you have backups in place and that they are working and that you know how to restore your website from backups if required.
Check with your hosting provider how often they are performing backups of your website, and test out the restore process.
Some hosts only do automatic system backups for their own recover use and do not provide any backups you can use yourself.
Some hosts only provide monthly backups as standard, which isn’t really sufficient. A good host will at least do them daily. My host (GURU) performs backups every 4 hours.
Most hosts will provide an option in their control panel for you to perform manual backups
Installatron also gives you the option to perform an automatic or a manual backup prior to performing any updates. You can choose to backup locally to your hosting space, to backup externally to various cloud storage services or via FTP.
When you perform a manual update by clicking the “update” button, it will ask you if you want to perform a backup first. You can also perform backups on demand using the backup button.
IF you do not want to perform untested updates on your live site, then you can use the clone button to make a copy of your website on a sub-domain (e.g. testing.yoursite.com). You can then perform all the updates on the clone first, make sure everything is working, and then do the same to the live site.
For detecting abandoned plugins or plugins with vulnerabilities I recommend installing WordFence. This will scan your installation and report any issues it finds with your plugins and themes.
Import existing WordPress install
If your WordPress installation was not created via Installatron, then no problem. Simply go to the application browser, choose WordPress, then choose import instead of install.
The process is very simple and entirely automated, all you need to do is choose the website/domain you want to be imported.
You will then have access to all the Installatron features.
I got a big shock this week, I went to login to my facebook account only to be met with the dreaded “Account disabled” message. Why the heck had my account been disabled?
I was very confused at first since I had received no warning or notifications and I could not think of any reason why. Then later that day, I got an automated email from Facebook. The short answer, because their AI (Automated Idiot) system is seriously flawed, screwed up, and incorrectly banned me for copyright infringement that never happened.
The long answer
I did some work for a client a few months back, and this client screwed me over and refused to pay me for any of the work I had done, but continued using the logos I had created on his facebook page (and other places).
As per the law and my terms and conditions, I still owned all intellectual property rights (IPR), which I reminded him of and asked him politely to stop using the images and remove them from his Facebook page, which he ignored. So I submitted copyright infringement reports to facebook to get the images removed.
The images in question were removed by Facebook, but that same automated AI also came to the ridiculous conclusion that I was the one committing the copyright infringement instead of the person reporting it and claiming copyright, and subsequently disabled my account for infringing my own copyright on my own images.
In addition, it seems that once you have been disabled, Facebook will do whatever it can to stop you from creating a new account. Any attempt to do so thus far had resulted in each account being disabled within 24 hours. Presumably, they are picking up the name and ip address or possibly the Windows tracking ID.
This is clearly completely unwarranted and unethical behaviour by Facebook to disable accounts in this way with ZERO verification of facts and way to get a mistake reversed. It also causes a bucketload of other problems as Facebook is the only method I have for contacting some people, it is also my default login (Single Sign On) method for multiple websites, meaning I can no longer get into those websites either.
I also had multiple business pages for my various websites, plus I also managed pages and ad campaigns for clients, all of which are also now gone.
What can I do about this? Nothing it seems, as the entire Facebook system, is completely automated and there is no human being to interact with. No one to contact, no email addresses, no phone numbers, nothing. So when Facebook F*cks up, you simply have to live with their mistake and suffer the consequences. You cannot get more unethical than that.
I have written a letter to the Facebook UK HQ based in London, explaining the obvious mistake their system has made, in the hope someone with morals and ethics might read it and care enough to sort it out, but I won’t hold my breath as Facebook do not have a reputation for being either caring or ethical.
If anyone reading this happens to know someone at Facebook who can fix this screw up, please send me a message.
The other very worrying thing I realized from this whole situation, is how open to abuse Facebook’s system is. It is obviously very easy to get someone banned from facebook simply by submitting a bunch of bogus complaints about them, which the automated system will blindly believe without any kind of validation or human interaction.
UPDATE 2nd May 2019 : My account has been re-enabled
I got a surprise today when my wife told me that my profile was back online.
I have no idea how or why, but clearly someone I contacted has resolved this for me, so thank you to that person.
For the benefit of anyone else who finds themselves in this situation, here are the various actions I took to try and get my account reactivated.
I owned multiple appeal cases, which resulted in a canned response. But I replied to that email every single day. I doubt this was ever read by a human being though.
I continued to reply to the original emails I received regarding the copyright infringement.
I sent continued emails to the facebook abuse address
I sent a message to the Facebook business page
I wrote a letter to the Legal Dept at the Facebook London office and sent it recorded delivery.
I looked up Facebook employees on Linkedin and sent tweets and emails to several people listed as management.
I am inclined to believe it is the letter that did the trick.
I have now taken the precaution of creating a backup Facebook account using a completely different name, email address, phone number etc, and giving that user ADMIN rights on my business and all my pages. So if this ever happens again, I won’t lose access to anything.
Update 10th May 2019
I received this canned response template letter from Facebook’s London office today, basically telling me that the website is nothing to do with them and they have no control over it or access to user accounts, so I have to contact Facebook in Ireland.
So clearly they are not the ones who re-activated my account. So I therefore must assume that it was one of the people I emailed or tweeted who resolved it for me anonymously.
So I fairly recently moved all my WordPress websites to Guru (which I am happy with BTW) who use LiteSpeed server. As a result I also switched over to the Litespeed cache plugin.
This was working fine for about 1 month, then I started getting some weird and unwanted behavior, probably after installing updates.
On every single page on my site (this one) I was getting a background image inserted that was nothing to do with my site at all as well as some other random layout and menu issues.
I inspected the source and saw that the image in question was actually coming from one of my sub-sites Even more strange was the fact that this image was not even a site-wide background image on that site either, it was only used on a single page.
I determined it was Litespeed delivering the image by checking the network activity in the chrome inspector, and then disabling all the features in the lscache debug tab, which caused the CSS issues went away. So I then started disabling all the features individually and nailed it down the “critical CSS” option.
So I then contacted Litespeed support for help, who surprisingly were quick to respond and help, especially considering this is a free plugin.
So you have most likely performed an update on your WordPress site, which has resulted in your site being down with the message “Briefly unavailable for scheduled maintenance. Check back in a minute”.
Don’t panic as this error is fairly easy to fix, read on to find out how.
What causes this error?
Whenever you perform an update in WordPress, such as updating a theme or plugin, WordPress automatically puts itself into maintenance mode. And during this maintenance mode, it displays the “Briefly Unavailable for scheduled maintenance” message to visitors rather than just leaving you with a broken website throwing errors.
Under normal circumstances, once the update is complete, the maintenance mode is disabled and this message disappears. But sometimes the update process may fail, usually due to timeouts or plugin issues, and the maintenance mode will remain enabled.
The quick fix
When maintenance mode is enabled, WordPress also creates a special maintenance file in the WordPress directory. Once the update process completes, this file normally gets deleted, this disabling maintenance mode.
When the update process fails or gets interrupted, this file is not deleted, which results in maintenance mode remaining enabled and the “BRIEFLY UNAVAILABLE FOR SCHEDULED MAINTENANCE” still being displayed.
So a quick fix is to manually delete this file from the server, here is how.
The quickest and easiest way to do this is via your hosting control panel using File Manager.
Cpanel hosting control panel
Simply login to your web hosting account and then hit the File Manager Icon. The above image is from CPANEL which is what most hosting providers use. If you are not using CPANEL and cannot find any file manager, just ask your host where to find it.
If for some reason your host does not provide a file manager, then you can also do this via FTP. Your hosting provider will have specific instructions on how to do this.
Cpanel File Manager
Once you are inside the file manager, locate the home directory for your WordPress installation. This is usually “public_html” or “wwwroot“.
Now find the .maintenance file in your WordPress directory.
Do a right click on the .maintenance file and choose the delete option.
If you do see the .maintenance file, you may need to “show hidden files” in the file manager settings. Click the settings button in the top right.
Then refresh the file listing and hopefully the file will now be visible, allowing you to delete it.
Once the file is delete, refresh your website, and hopefully, it should be working and no longer displaying the “Briefly unavailable for scheduled maintenance” message.
GURU is a host I had not previously heard of which I had started seeing recommended more often on my WordPress groups, as usual with lots of positive feedback and great reviews on the group and on Trustpilot, but nowhere near as much as the likes of SiteGround, which easily has more (shill) recommendations than any other WordPress host.
So in my quest to find something better than SiteGround, Guru were next on my list to try out. I obviously wasn’t foolish enough to blindly believe the Trustpilot reviews, which everyone knows by now are usually biased and easily manipulated.
So here is my review of guru.co.uk WordPress hosting, in this review I am using their £19.95 reseller plan.
TLDR: I decided to stick with Guru, so I will be updating this review of their services over time.
Disclaimer: There are affiliate links ahead, because why not!. My reviews & opinions are always honest and legitimate and I will never falsely recommend a product or service just for affiliate clicks. If you have a problem with this, just do not click the links.
Wpx hosting seem to have almost too good to be true reputation, with positive reviews everywhere and they boast that they have superior WordPress performance and support compared to all other WP hosts, and the reviews do seem to concur, especially this one.
So wpx hostinghave quite a reputation to live up to and I have quite high hopes and expectations from them here. However the same was also true of SiteGround, it is very hard to find negative reviews, yet my experience with their customer service and support has very rarely been positive.
stop sharing your passwords on freelancer websites such as PeoplePerHour and Upwork
As a freelancer/consultant, I use freelancer sites like PeoplePerHour or upwork on a regular basis. One of the issues evident in every job I have done is the total disregard for security on these platforms.
Most IT or web-related jobs done on freelance platforms are going to involve the exchange of sensitive data, specifically passwords, which is required in order to do the job. Clients will gladly share everything with multiple freelancers without a second thought, including their logins for control panels, hosting accounts, domain registrars, websites, and everything else.
This unconscious sharing of such details has massive security implications which I will address below and offer better and more secure alternatives.
Security Bad Practices
Firstly and most importantly, you should not post any sensitive information in the job chat/discussion on the freelancer sites (unless they are temporary logins that will be revoked/changed). These conversations are stored in plain text and not encrypted in any way and can be viewed by anyone with access. Certainly, in the case of PeoplePerHour, upwork and Fiverr, I have asked them directly and they have confirmed this is the case.
In fact Fiverr support even said outright to me that they do not recommend sharing passwords on their platform, even though it doesn’t state this anywhere on their site, they do nothing to discourage it and this is exactly what everyone does.
Secondly, your login details are for your own use, and everything that is done with your login credentials links back to you. If you share these credentials with multiple people and there is a security breach, you will have no idea who is responsible. If you are an employee and have a boss, then you will most certainly be blamed for the security breach, which could cost your company dearly.
Hackers are everywhere, don;t share your passwords insecurely
Thousands of sites get hacked and data is stolen every single day. Most of them are unaware they have even been hacked and the breach can go unnoticed for months or even years in some cases.
If any of the freelancer sites suffer a security breach, the hackers will have access to any data which is not encrypted, which includes all those login details that clients have entered in the chat with their freelancers. Not forgetting that the support staff can also read all your discussions as well, so any dishonest support agent could simply lift your login details and use them for illicit purposes.
Sadly there are also a lot of unscrupulous freelancers out there too, who will intentionally do damage to your systems in order to generate more work for themselves, or may seek revenge in the event of a dispute or disagreement.
I have had many jobs cleaning up after such situations and have found all kinds of back doors, insecure plugins, malware and extraneous logins that presumably had been created by other freelancers.
SECURITY GOOD PRACTICES
Ideally, you should find a single reliable freelancer/company who you are happy with and stick with them, rather than hiring a different freelancer each time. Not only is this better for security, but using multiple freelancers can also cause other problems as they are oblivious to what work their predecessor has done, and so will often break or undo each other’s work.
Sticking with the same person/company creates a relationship as well as a recurring income, which will, in turn, result in a better quality of work, fewer issues and less expense as they will know your systems and the work they have done before and be more inclined to keep you happy.
Plus any decent freelancer/contractor will use a task/project manager and will keep notes on the work he does for ongoing clients which also improves communication and project management.
Do not post sensitive information in the workstream/chat. An exception would be if you are providing a temp login which will be revoked once the job is done.
If you do need to give a freelancer (or anyone) temporary access to your accounts or website, then ideally you should provide them with their own login, not give them yours, which you should revoke (delete) once the job is done. You should also give restricted access where possible so the freelancer only has access to what is required to do the job.
If it is not possible to create a separate login for your freelancer, then you should always change your passwords after the job has been completed.
HOW TO SECURELY SHARE YOUR DATA
everyone should use a password manager
Create a Secret Link
There are a number of online tools which will allow you to share information with someone securely via a special secret link that is randomly generated just for you and only works once. As soon as the recipient clicks on the link to view the information, that link and all the information is destroyed.
This makes it safe to share that link via email or on freelancer sites, because the link only works once, so is useless to anyone else that finds it after it has been used.
This tool allows gives to a large text area, allowing you to share any amount of information in one go. It also allows you to put an optional time limit on the link (how long it will stay active for) and also an optional passphrase to protect the link as well. So you could then provide the password via phone or SMS to make it extra secure in case the recipient won’t be checking the link immediately or there is any chance of it being intercepted.
Everyone has access to cloud storage and the ability to share files and documents FOR FREE.
I come across a surprising number of people who are unaware of this, but every single Windows user has access to OneDrive by default. It is part of the Windows operating system and allows you to sync up to 5GB of files to the cloud for free. You can then share these files with anyone simply by sending them a link.
Even if you do not use Windows, you can still get a free Microsoft / OneDrive account.
So you could temporarily put all the info you need to share into a text file or word doc, and share that link with your freelancer. Once the job is done, unshare that file and delete it. You can also password protect the share for added security.
You can also do the same with Google Drive, which you also already have access to if you have a free Gmail account or use Google Workspace.
Use a password manager
Using a password manager is something I recommend to everyone. It will remember all your passwords and other personal info for you, software licenses, bank details etc. It will automatically log you into websites, fill in forms, generate strong passwords for you and more.
Some of the most popular solutions are 1Password, Bitwardenand Dashlane, some of which offer a free edition, although there are many other apps available which vary in features and simplicity.
Password managers are also the most secure way to share logins and other sensitive information with your freelancer and then revoke the share once the job is done. You simply choose to share a login, enter the freelancer’s email address, and it will send them a share request. If they already use the same password manager, then job done, otherwise, they simply need to register for the free version in order to accept your share request.
As a result the login details are never shared in plain text, as the freelancer will only use the password manager.
WORDPRESS ACCESS
I am going to mention WordPress specifically because this is something I deal with a lot, since I build, support and manage WordPress websites.
In almost every WordPress job I do, clients will send me their own admin login, which they have sent to every freelancer before me, who still has access as the password has never been changed.
If you need to give someone permanent access, then create a new admin user just for them, if just need to provide temp access, then I suggest using the “temporary login without password” plugin, which will allow you to provide a temporary login which will automatically expire after x number of days.
I turned on my PC the other day, only to find that my License was no longer active, and there was that message in the bottom right-hand corner telling me to activate Windows.
I tried to activate Windows, but it failed, telling me “We can’t activate Windows on this device because you don’t have a valid digital license or product key”. It was also reporting Windows 10 home as the only valid digital license. Both statements were wrong as have Windows Pro and a valid license key, which it wouldn’t accept either when I tried to re-enter it. Since I upgraded from home to pro some time ago, my guess was that it was picking up the previous digital license.
To cut a long story short, I ended up having to contact Microsoft support and they had to generate a new digital key, I then had to wait 24 hours and try activating again, which worked.
Here are the steps to be performed.
Open command prompt (windows key + R )
Type “slmgr -rearm” (without the “) -go to services (Windows key + r > type services.msc) Look for windows update service > restart it -restart your computer
Wait 24 hours, then try to reactivate Windows
If it still does not work, then I suggest contacting Microsoft support and they will reset your license.
Do this by running the “get support” app from your start menu.
You will need to go through the automated suggestions until it gives you get the option to speak to a real person. At this point, you want to choose Windows –> Technical support in order to get the chat option.
Do not mention license activation issues, as this just sends you to the knowledge base or forums and will not give you the chat option.
I just discovered that Microsoft introduced a new OneDrive feature a few months ago that will make it easier to recover from ransomware attacks. Files Restore which was previously a OneDrive business feature has made its way over from OneDrive for Business to personal OneDrive accounts. The catch is you’ll need an Office 365 subscription to get access to the new Files Restore feature. OneDrive users can now use it to simply restore files from any point in time within the last 30 days. If you accidentally delete a file you’ll be able to restore it, or if you make some bad changes and want to roll back to an earlier copy.
Microsoft is marketing the Files Restore feature as a good way to protect against ransomware attacks that lock files on a local PC, and often try to delete copies that are stored in synced folders – replicating those changes in the cloud. We’ve seen a number of these attacks recently, and victims have been forced to pay money to try and get their files back.
If OneDrive detects mass deletion of cloud files, Microsoft will alert users through an email or mobile / desktop notification and a recovery process will let you quickly restore to a time before the ransomware attack. “It’s the first of its kind in the industry,” says Seth Patton, general manager of Office 365. “We believe OneDrive is the safest place to store your files.”
Alongside this new Files Restore feature, Microsoft has also added password protected sharing links for OneDrive to make it a little more secure when you share out sensitive files or folders. This has been a long time coming and is a feature Google drive has had since forever.
Outlook.com is also getting updated with email encryption for Office 365 subscribers. The email encryption can be enabled on individual messages, and Outlook.com will even prompt you to encrypt emails if it detects information like social security numbers in messages. Recipients will be able to read the messages in Outlook.com, Outlook for iOS and Android, the Windows Mail app, or just by visiting a link in the email if the level of security at the recipient doesn’t meet Microsoft’s encrypted connection standards. Outlook.com users will also be able to prevent recipients from forwarding or copying emails sent from the service.
If you need help getting set up with OneDrive or Office365, feel free to get in touch.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/10591125/nerNuDl.png)
Recent Comments