Dear WordPress users: The sky is not falling. Yes, there’s a worm in the wild that is attacking older versions of WordPress. This is not a new scenario. It’s what malicious software crackers do: they write code that exploits vulnerabilities. It happens to operating systems, it happens to web browsers, and yes, it happens to blog software.
The solution to avoid being attacked is to keep WordPress up to date. With current versions of WordPress, that’s literally a two-click process. If that’s too difficult, then you need to either use the hosted WordPress.com system (where Automattic will keep the entire infrastructure up to date), or hire a system administrator to spend a few minutes to keep your software in shape.
Yes, it sucks if your blog gets attacked. It wasn’t your fault. But much like the car owner who leaves doors unlocked and is then burglarized, there are things to do to protect oneself and minimize the risk. The best protection against a WordPress security issue is to keep one’s blog up to date.
Does your blog or website have a contact form, or do you simply publish your email address for those who want to write? I hope that with very few exceptions you’re simply allowing folks to send an email.
Why? Because contact forms inconvenience the reader. Email is a far more flexible option for someone wanting to make contact. Individuals have an email system they’re used to… maybe they prefer webmail. Perhaps they like using Outlook, Thunderbird, or Mail.app. Forcing readers to use a contact form means they sacrifice their comfort and customizations.
If you’re part of the contact form crowd, I probably know what you’re thinking right now. You’re thinking “But if I give out my email address, I might get spam!” You’re totally right. But that’s not your readers’ fault. Don’t inconvenience your reader because your email system can’t deal with spam. It’s not about you, it’s about your reader.
What are the “very few exceptions” mentioned above for which I think a contact form is appropriate? There are two:
If you require more than 4 pieces of information (specific data that goes beyond name/email/message and such). An example would be if you’re soliciting input about a complicated product and you require several categories of information in addition to the message.
If you’re using the form as a front-end for an automated ticketing system.
Make it easy for your reader. Let them use the email system of their choice to get in touch.
Earlier this year, I wroteseveralposts about Facebook’s crappy terms of service (specifically the portion of their terms related to photo licensing). Shortly after I blogged about it, Facebook’s terms made national news and there was quite a bit of discussion.
Amongst those who thought I was making a big deal out of nothing, one of the consistent themes was that although the terms of service allowed for Facebook to use your photos for any purposes including advertising, they wouldn’t really do that, would they?
When I gave a talk at Ignite Portland surrounding this topic, I commented that people probably wouldn’t want their photos to be used for a dating service (in the video of my talk below, I make that comment if you start watching at 4:40). Guess what: Facebook is now doing just that. You can opt out, but the default setting on Facebook allows them to use your photos as advertisements to meet “Hot Singles in Your Area”. Lovely.
I see that Zuckerberg and crew did a 180 and reverted the “forever” clause in Facebook’s terms of service. It’s a small step in the right direction, but all of my original objections to Facebook’s terms (the objections that led to me deleting my account) remain. Facebook’s licensing terms are still too broad and claim far more rights than is necessary.
I’ll be speaking tomorrow night at Ignite Portland about social networks, media hosting, and licensing terms.
