If you’ve been following me on twitter, then you already know that we’re working hard to plan this year’s WordCamp for you. We’ve added a few new people to our planning committee this year and have decided to move the event downtown.

We’re thinking of the Crossroads area. You know, right near where we hold our MeetUps!

Registration is opening this week, so clear the first weekend in June on your calendar and prepare to become the envy of all your WordPressing friends.

Add your own plugin suggestions in the comments!

Baby Steps
1. Keep WordPress updated.
2. Make sure your computer is protected, you have a reputable hosting company and use secure passwords.
3. Report security issues when you see them.

There are more Advanced Options…
1. Consider hiding your indexes
2. Change table prefixes
3. Create a whitelist with your IP address

Back that Stuff Up – Manually or with WP-DB-Backup – easily backup your core WordPress database tables and other tables in the same database – http://wordpress.org/extend/plugins/wp-db-backup/

Known Threats
- SQL/link Injection (text is hidden with CSS)
- Tim Thumb Vulnerability – Acular script is uploaded to the cache directory. Check for it. http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/
Admin SSL – encrypts admin panel/post/etc  w/ SSL (Secure Sockets Layer) – http://wordpress.org/extend/plugins/admin-ssl-secure-admin/

Monitoring Plug-ins
AntiVirus -Malware protection for your blog – http://wordpress.org/extend/plugins/antivirus/
WordPress File Monitor – Monitors your WordPress installation for added/deleted/changed files; alerts you via email – http://wordpress.org/extend/plugins/wordpress-file-monitor/

Status Plug-ins
WP Security Scan – checks your WordPress website/blog for security vulnerabilities and suggests corrective actions – http://wordpress.org/extend/plugins/wp-security-scan/
Exploit Scanner – searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plug-ins for unusual filenames – http://wordpress.org/extend/plugins/exploit-scanner/

Login Plug-ins – (btw, login error messages on WP are telling)
Login Lock – (User Locker also recommended) Enforces strong password policies; provides emergency lockdown features; monitors login attempts; blocks hacker IP addresses; and logs out idle users – http://wordpress.org/extend/plugins/login-lock/
Limit Login Attempts (like LoginLock but w/ forward and reverse proxy) – Blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible. – http://wordpress.org/extend/plugins/limit-login-attempts/

Comment Spam
Akismet – checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen – http://wordpress.org/extend/plugins/akismet/
Keypic – checks forms against the Keypic Web Service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen – http://wordpress.org/extend/plugins/keypic/

Untested
BulletProof Security – protects your website from XSS, RFI, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. One-click Website Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check… System Info: PHP, MySQL, OS, Memory Usage, IP, Max file sizes… Built-in .htaccess file editing, uploading and downloading. – http://wordpress.org/extend/plugins/bulletproof-security/

/raiseshand
/bothhands

I know you’re dying to learn, too, so I’m going to ignore the fact that I can’t actually see any hands raised.

Join us tomorrow night at 7:00pm at OfficePort in the Crossroads to learn from Tom Jenkins the basics of BuddyPress. He’s the best and you deserve it.

See you all there!
Josepha

1. Twitter Persona – You don’t have to be exactly “yourself” on twitter, but you do have to be real and consistent. Whether you’re Katie the 24 year old helping teachers or Nick the 46 year old community expert, create a profile for the account and stick with it.
2. SEO Pros – There are a lot of varying opinions on how to optimize a site. Matt Cutt’s has pointed out to us recently that optimizing isn’t a requirement, but when it’s being done we always would hope it’s being done within the confines of best practices. Consider hiring a professional for a better use of your time.
3. Social Media Uses – A phrase that I learned from Blue Zoo sums up the way Social Media circles can be used: Twitter = Happy Hour, facebook = The Livingroom, LinkedIn = Your Office. Use these tools as they were meant to be used, primarily for creating/enriching relationships, not spamming people.

There were so many great sessions being taught and I hope that the takeaway was just as valuable in those I couldn’t attend as they were in mine.

Huge kudos to the coordinating team for such a fabulous conference! Crossing my fingers for a great one next year as well!

First impressions, however, are positive.

Instant feedback about who is on your site and what they are looking at could be immensely useful for anyone who has an off-site campaign to compliment their on-site work.

Immediately apparent downside is that it does not work on any filtered profiles.

The more I learn, the more I’ll share, but I foresee a lot of nerd time in my future!

Here are some tips on how to make sure your genuine (and may I say genius) comments aren’t seen as spam.

If you’re a spammer, go away. Silly spammers, tips are for kids!

Maybe not kids in the age appropriate sense, but certainly for real people (who were once kids of someone) hoping to have conversations with other real people.

1. Keep It On Topic – If what you want to say doesn’t make sense where you’re trying to say it, then you shouldn’t say it. There are hundreds of thousands of places to interact on the internet, don’t hijack someone’s conversation because you’re ready to change the subject.

2. Keep It Real – Sometimes you don’t match the typical demographic for subjects you’re interested in. Stick to your own voice anyway. For instance, I love to knit. I’m not talking the “look how many things I can make out of a rectangle” knitting, I’m talking “look at this code: I will knit it, I will wear it, and it will look good” kind of knitting. I am always outside the demographic, but I never pretend to be a little grandma knitting booties for grandbabies.

3. Keep It Conversational – When reading through a thread, don’t reply as someone online. Imagine these people are around a pub table with you and respond accordingly. Don’t join a discussion about pinot varietals with a comment about your current, entirely unrelated project. It would be rude in life and it will be rude here.

The primary thing to remember is that isn’t a foreign system. Begin any contribution to a forum or online discussion with the knowledge that you have something worthwhile to say and say it that way. Points of view have value and when we trust in that value, we’re more likely to state it well and follow up on feedback.

It’s just a conversation.

You say something, I respond and vice versa. And just like that it’s midnight, we’ve talked our way through two bottles of wine, and we have all learned something. We have successful conversations daily that never devolve into disjointed shouting about how successful we are.

Well… hardly ever.

Not Allowed #9: Never comment and then abandon. Always subscribe!

Woohoo!

I wish I could say there is a magic Spam-Be-Gone System, but there isn’t any one option that is foolproof. All of them will require a little bit of manual labor from you.

Well, as manual as a website can get, anyway.

For all of us who use WordPress, mostly we drop in Akismet, activate it and let everything run. From time to time, of course, you still have to wade through the miring tower of comments and decipher which are real or fake so you can discard the spam.

Here is the Three-Point Identification System.

1. Check the Given Name – Spammers have gotten semi-savvy; they know that they need to have a comment that sounds remotely viable. When it comes to names, though, it’s like no one pointed out that “real onlinepoker”  isn’t a name.

2. Check the URL – Don’t click it! Hang on … There will be plenty of people who read your site and comment in earnest. Those people will leave their actual web address, if they have one, or nothing at all. If the website includes phrases about smokeless cigarettes or has about three Xs, then it’s spam.

3. Check the Comment – If both the name and the site look reasonable, check the comment itself. If it makes zero sense or simply says “thank you for loving me,” then you can sort of bet there is an issue. Watch out for all that flattery at the beginning, it can be there to distract you from the links to pr0n at the end of the comment.

Most of the time, you’ll catch them at Step 1.

I’ve just opened myself up to the Attack of the Spam Clones, here, so I hope this comes in as handy for you as it’s about to be for me!

Not Allowed #8: Making Star Wars references when you haven’t seen the movi- oh wait!
That doesn’t apply to me anymore! Score on toast.