On Christmas Eve 2009 all of my websites were attacked. I have two hosting accounts with GoDaddy and all of my wordpress sites on both accounts were down. In addition two business partner’s of mine who have their own unique hosting accounts (one with GoDaddy and the other with HostMonster) also had all of their wordpress sites go down at the same time.

After almost a full month of work I have finally managed to clean my server completely of any and all malware and to rebuild my sites with MASSIVE increased security way above and beyond the standard WordPress stock installation. Knowing that I was not the only one to be attacked and that there will yet be many more people in the future I would like to outline some suggestions of both how you can prevent these types of attacks in the future and how to clean out the malware on your site if you have already been infected.

I recently purchased the “Lock Your Blog” Program from Alex Sysoef who is a WordPress Genius! The DVD is free if you pay the requested $9 shipping. In addition to having the DVD shipped to your home, you can also access the videos on his site after you pay the shipping fee. I highly encourage anyone concerned with WordPress Security to follow this link and purchase his program and go through it step by step. Just the same I will outline some of the highlights here:

PREVENTATIVE WordPress SECURITY: Keep me safe!

You have to understand that wordpress is so widely used by so many people online that it becomes a primary target for hackers. While I assume that you have already installed WordPress on your server, preventative security starts with the install process. Changing the default table prefixes and WordPress user keys is essential to protecting your site from intruders. Check out www.expertwordpress.com for a custom version of wordpress that eliminates these stock security loop-holes.

If you have already installed WordPress download and install the WP Security Scan plugin. By activating and running this plugin you will be able to determine which of the basic loop-holes you have. This plugin has a few tools that may be helpful in closing your site down from future attacks also.

Install the plugin Secure WP which will change some of the default codes in the background of your WordPress that otherwise leave you exposed including hiding the version of WordPress you are using.

Install the plugin Limit Login Attempts. The default settings are good enough but you may choose to enable to notification setting so you can receive and email when anyone tries to login more than 4 times unsuccessfully.

Install the plugin WP-DB-Backup and configure it to email you a daily or weekly backup of all your WordPress databases. This will help you restore your site should it be compromised.

Keep all your plugins and core WordPress updated. Developers update their plugins regularly to close security gaps and fix bugs that could otherwise leave you exposed. Visit the tools menu of your blog as often as possible to run all available updates.

Configure and install the Akismet plugin to automatically quarantine spam comments. Set it up to auto-delete comments after 30 days.

LIKE I MENTIONED BEFORE THERE IS SOOOO MUCH MORE YOU CAN DO IF YOU ARE WILLING TO SPEND THE $9 AND PURCHASE THE “LOCK YOUR BLOG” PROGRAM I MENTIONED ABOVE!

RECOVERY: I’ve already been hacked!

Bad news huh? Your site has already been compromised and now you need to clean it out and get it back online.

1. Contact your hosting provider and let them know you think you have been attacked. Ask them to verify that your databases are still clean of any malware. Most hosting providers do not have the resources to automatically scan and clean all of your files at any given time but they do monitor your databases and can scan them with relative ease. They may also have other suggestions to help you clean your site.

• Via your FTP client software (e.g. Filezilla) delete all your themes that you are not using. Also delete any other files that you aren’t concerned with keeping. This will speed up the time you will spend cleaning through files.

• Setup an account with Google Webmaster Tools and setup and verify your site. If Google has crawled your site recently and found any malware it will display a warning in your Google Webmaster Tools account and walk you through locating and deleting the malware. After you clean your site you will also come back here to request a new crawling to verify that your site is no longer infected.

• Also check with http://stopbadware.org/ to see if your site has been registered. They also have a lot of good tips (non wordpress specific) to cleaning your site.

Ok, now for the WordPress Security specific things you have to do. To be perfectly honest if you have been compromised then there is most likely malware code in almost every php file on your server. It spreads quickly and hides in very unique places. This essentially means you have to delete everything and start over. This means the process of cleaning malware from your wordpress site basically includes backing up all the non-replaceable files, and starting afresh. The only way to do that without losing all your content will be to purchase a new hosting account and rebuild your site almost from scratch. This will be 100% less time consuming and more secure in the long run than it would be to attempt the manual scan of every file on your server. Here is a step by step solution that should help you complete this process.

1. Just in case we fail in duplicating your site we want to create a full backup of all blog in case we have to revert back to it eventually. Do this by installing the wp-db-backup plugin and performing a backup of your databases.

• After you verify with your hosting provider that your databases are clean from any malware navigate to your tools menu and select the “Export” option. Export content from all the authors. This is the process of saving all of your posts, pages, and comments. The file needs to be less than 2MB.

• On the new hosting account install a new version of WordPress. I suggest doing a custom install utilizing the suggestions on www.expertwordpress.com. The stock version of WordPress has far too many WordPress security holes and we want to install a custom version that will avoid the common issues from the beginning.

• Follow the steps listed in the “Preventative Security” section above to secure your blog against future attacks.

• Search out, download, install, and activate a fresh copy of the theme you are currently using on your blog.

• In the Tools menu perform a WordPress Import of the XML file we saved in step 3. You should now have all your old content on your new blog as well as have the same general look.

• Make a list of all the plugins you used in your old blog and install fresh versions of each on your new blog. Double check all the settings and configurations to make sure they are the same.

• Copy the content of each of your widgets under the Appearance menu to your new site. As long as you are copying and pasting the content from within the WordPress appearance menu you will NOT have to worry about inadvertently copying over any malware code.

• Custom theme changes. By now your site should be almost 100% duplicated. The only things left to do will be to make the subtle changes that you made to customize your theme. Since these can vary in a billion ways I can’t provide instructions here but whoever helped you customize your theme last time can certainly help you do it again!

Now that you have rebuilt your site from scratch you should be safe from any potential future threats. Make sure all of your passwords including Database, Hosting Account, and WordPress passwords rank high in the password quality scale including at least one number and upper case and lower case letters.

GOOD LUCK!

Jacob S Paulsen

In the arena of internet marketing and online networking the experts teach us to search in social media for the type of people you want to do business with. This is good advice but most people interpret it incorrectly. The automatic assumption is that people building a mlm business should seek out people on Facebook and Twitter who are talking about, or already participating in Network Marketing. This is usually done by searching for keywords such as MLM, home based business, opportunity, etc. THIS IS A POOR STRATEGY!

If you follow this line of logic you are most likely to find yourself chasing the other chasers. You might build good friendships with these like minded people, but the chances of doing business with them is greatly limited.

When you are taught to network with people in social media, that you would like to do business with, you need to be looking for the people who will be naturally attracted to you. People with whom you can create a fast friendship and establish common ground. In short, search for people who share your passions. If you are particularly into scuba diving, chess, or fashion then you need to find the people who share that passion.

ACTION: Re-Read my post on Utilizing your Passions in Attraction Marketing and then create a list of keywords that you can use to identify people who share those passions on Twitter and Facebook.

Jacob S Paulsen

I’ve been looking for this for years! Don’t you grow tired of the time you spend trying to syndicate a good blog post or article? You could spend 15 minutes submitting a link to Digg, Facebook, Twitter, Delicious, StumbleUpon, etc.  For some time I have been looking for a service that would allow me to submit a link to all of these Social Bookmarking sites at once. Imagine the time that you would save.

At this point we have a great service for syndicating pictures and videos (pixelpipe) and a great service for updating our statuses on various sites at once (ping.fm). The good news is that FINALLY we have a Social Bookmarking syndicator. ONLYWIRE has come along just to end my nightmares! OnlyWire offers both free and paid accounts and so far my experience has been fantastic. They offer various tools such as browser plugins and more to help you readily syndicate content.

My very favorite part of the service is their WordPress plugin. I have removed my traditional “Add to Any” plugin that is most widely used on wordpress blogs to enable readers to syndicate a post/article and in it’s place I have placed the OnlyWire syndication button. In addition to having the same options to share a link with any one service users can also setup their own OnlyWire account to submit the link to all their social bookmarking services at once.

This is a huge WIN/WIN for readers and blog owners alike. Think how much more likely links are to be syndicated to various networks with the new ease of the OnlyWire system. I am encouraging all blog owners and internet marketers to subscribe to OnlyWire and install the plugin on their sites. The more users we can get plugged into the system the better it will be for all of us. Simply go to the bottom of this or any other post on my site and hover your mouse over the bookmark button. Create your own account and submit this article to all your networks. If you have your own blog go install the OnlyWire plugin to get your readers on the same service!!!!

Warning: Not all bookmarking services can be submitted to automatically. Sites such as Digg.com require human verification in order to finalize a submission. OnlyWire will automatically syndicate your link to as many social bookmarking sites as possible and then send you an email with notice should you need to manually finish the process for any specific services.

If I am currently following you on Twitter and you are looking for a way to get me to stop here are some suggestions:

1. Send me a DM (Direct Message) inviting me to join your ninja dojo or mafia family. This is so annoying and unprofessional that it will always cause me to unfollow you and then delete the dm.

2. Have a Twitter profile picture of a man or women with little to no clothing on. I assume people who feel the need to have mostly naked women on their profile are either promoting a business or product that is pornographic in nature or they think that dumb males will be more likely to follow them or click their links because of the image. Either way it makes me angry and guarantees an unfollow. Super unprofessional.

3. Send me a DM with a superficial and virtual gift, such as “I just sent you peace and happiness. You Should send me a gift back.” I hate these pointless and insincere games and I the only way I participate is by hitting the unfollow link on your profile.

4. Tweet 3-15 times within a 2 minute span. I follow more than 4000 people currently and so if I see more than one of your tweets on a single page of my timeline that means you have a serious problem. Either addiction to Twitter or you have a program tweeting constantly for you during the high traffic times of the day. Either way it just somehow bugs me. Perhaps because people like this very rarely have anything good to share.

5. Tweet the same link with a variation of text every 30 minutes. Some twitter profiles seem to have only one thing on their mind and that is to get you to visit their site. They change up the sales pitch to make it look different but the link is the same. They expect you to not notice because you don’t spend a lot of time in front of Twitter or because you follow enough people to make their redundant tweets not-noticable. Either way I think they are spammers and have nothing of value to offer me.

6. Use foul language. I don’t tolerate anyone who feels the need to use profane or foul language. The use of any generally accepted cuss words is a quick way to lose me as your followe. Its just not professional and while you may speak that way to your friends you shouldn’t do it with strangers. Either way you want to think of it we will both be happier when I stop following you.

7. Twitter snobs don’t get my follow. Some people feel so important about themselves that they expect people to follow them by the thousands when they are not willing to follow anyone back. Either they truly don’t think that anyone else has something of value to offer or they are simple hypocrites. Either way I won’t be one more follower that strokes their ego. There are of course some celebrity exceptions. People who have already been so successful that I don’t expect them to follow one million people just because that many people are interested in what they are doing.

8. Send me a DM with a link that is going to help me get more followers or learn how to make money on Twitter. I will first check your profile to see if you have more followers than I do. If you don’t (95% of the time) I will have to assume that your amazing program isn’t working for you and I don’t want to associate with spammers at all. If you have tons more followers than me I might even check out your link but I’ll still probably unfollow you simply because of the marketing methods.

9. Tweet in a foreign language that I can’t read. Its nothing personal but I just can’t justify following someone I can’t understand.

10. Setup multiple twitter accounts that all tweet the same thing. I don’t know for sure why people do this but if I figure it out I am sure to unfollow all of your profiles.

Do I sound like an angry person?

Do you disagree with my tactics or would you like to add your own reasons for unfollowing people?

Jacob S. Paulsen

So I’ve been having this conversation with other Internet Marketing buddies. When it comes to twitter its important to start a conversation and interact with people in a genuine and sincere way but what about just the general effort to get twitter followers?

It seems that people judge your credibility based on the number of people who follow you on Twitter but with that having been said you have to be really famous or previously successful to have thousands of people start following you spontaneously. Most of us despite our desire to be honest and and contribute quality information; we have to go to considerable effort to get enough followers for anyone to think us credible.

What are your thoughts? Is this constant effort of everyone to get more followers a fake and counter-productive effort or is it simply necessary to build a following in order to have any influence at all?

Jacob S Paulsen

The basic concept of social networking and online marketing is the same as traditional offline marketing. Meet people, build trust, and expose them to your product/opportunity. The reason the internet is getting so much attention is because of the ability to meet so many people at once. Building credibility is made a little more difficult but can be done over time.

While there are now thousands of different social networks popping up online there are 3 that have set themselves aside as the big dogs. The Holy Trinity of social media consists of Facebook, Youtube, and Twitter.

Each is clearly different in it’s own right and can be used differently in your overall social media marketing plan. All three are about community building. When setting up your profiles on these three sites make sure you are consistent. Try to use the same username on all the sites and don’t forget that your username should be some kind of combination of your name or initials. Using the same profile pictures on all your social media sites also helps people identity and remember you.

Your approach should be the same with all three. Create a professional and personal profile, find a niche, and add targeted friends. Its not enough to connect with people in only one place. Make it your goal to connect with the same people in all 3 places.

Other potential big hitters…

www.goodreads.com

www.friendfeed.com

www.flickr.com

www.orkut.com

www.myspace.com

Jacob S Paulsen

I had a recent request on my tutorial video page to record a tutorial about using “Tell A Friend” forms to further syndicate web pages and blog posts.

Before you watch my video about how to utilize the Cforms plugin to create a “tell a friend” form I want to quickly review the true application and purpose.

In our modern marketing world the tell a friend tactic is growing less and less common. Social news and social bookmarking sites like Digg and Delicious are making it easier to share web pages, blogs, etc with your online network. You need only share a link on your Facebook profile and all of your friends are exposed to it instantly. If any of them comment on it then all of their friends also become exposed to it. This is what we refer to as “viral.” How much more powerful is that type of syndication than trying to manually enter your friends email address and name so they can get an email telling them about this page?

There are still some simple applications for the tell a friend forms but let me emphasize that you would be much better off to put a “Digg” button, or a share on Facebook/Twitter link at the end of your blog post than to request that your readers manually fill out a form with the names and email addresses of a few friends. WordPress offers several great plugins for offering simple syndication of your posts by your readers. My favorites include the “Social bookmarking” plugin and the “Digg Digg” plugin.

That all having been said here is the 10 minute or less tutorial video about utilizing the “Tell A Friend” form and the mentioned plugins.

Another Tutorial Video in my Social Media Video Series

I met up on the phone with a good friend from Arizona to help them set up and use Flickr. I’m still amazed that I was able to get this one done in less than 10 minutes! To see other tutorial videos check out my youtube channel or click on the tutorials page above!

In continuation from my previous post “Favorite Web Services 1″ I would like to show you a couple more awesome web services that everyone should be aware of.

Geni is an online revolutionary geneology service. Its modern design helps you catalog your ancestry but in addition you will be able to keep track of birthdays and other recent news shared by family members. Search for long lost relatives and even add friends not related to you.

Google now has a new Website Creator. The genius of this new google program is that unlike many company website design programs google will also host your site for free. You can have as many pages as you would like and can integrate images and links etc. The one downside may be that the domain for your site will be http://yourgoogleid.googlepages.com This can be quickly solved though by purchasing a domain from somewhere like GoDaddy.com and
forwarding your domain to your google page. When you do the forward be sure to mask it.

Google has also developed an elaborate SMS information system. You can send a text message from your phone to googl (46645) with an inquiry such as a phonebook request, weather info, sports scores, etc. The service is amazingly fast. It never takes more than 10 seconds to get a text message back with the requested info. If you are looking for the phone number or address for the local Staples just text “staples denver, co” to 46645 and in seconds you have all the info you want. There is no cost in addition to the normal cost to send and receive the text message.

Woot.com is an amazing site that offers exactly one product each day. You can often buy multiple of the one item but watch out because they have
stellar deals. The webmasters are very creative and even if you don’t want the item of the day it might be worth reading about it anyway.

Jacob Paulsen