A higher ed colleague shared this week that his institution noticed that Tint, a social media aggregation and monitoring platform used by many institutions of higher education, is was placing JavaScript code on its client’s public facing Tint pages. This code calls instructions from Coinhive, a tool that allows site owners to use their user’s/site visitor’s computers to mine for cryptocurrencies. Tint was using the CPU of site visitors to mine for currency, in this case the currency Monero.

Continue reading

There have been several high profile plugins lately that have been found to be posting spam and deceptive links on user’s blogs lately.

One such is the “Display Widgets” plugin. You can read Wordfence’s detailed breakdown of the spam. It turns out the original developer of the plugin sold it, and the new owner started to place spammy backlinks and other bad code into the plugin. This gave this “developer” access to tens of thousands of blogs and the site owner’s never knew it was happening.

I was checking the WordPress that runs this blog today to see if there were any plugin or system updates for me to do, as is good practice. I noticed one today had an update, a no-follow plugin I’ve been using for a few years. Today, I saw that plugin had an update, and I looked at the changelog to see what was new, which is also a good thing to look at instead of blindly trusting plugins.

I saw this, which set off my Spidey sense.

No offense to this new maintainer person, but seeing a plugin go to a new person, one that has no other active plugins in the WP repository, has no mention of this plugin on his blog, and whose Twitter feed is mostly links to Twitch videos makes me nervous.

Bad Feeling

It’s not clear if this new developer volunteered to take over the plugin, or buy it outright. I suspect a purchase. The previous owner/developer had a cadre of plugins and a blog focused on monetizing content.

Let me be clear. I’m not against anyone making money by selling their theme or plugin. I am also not saying that this new developer/owner of this particular plugin is going to do anything nefarious. It’s worth keeping in mind that this particular tool has over 30,000 active installs.

The reality of the web nowadays is that we need to be nervous about what we allow into our sites. We need to be careful about what we let have access to our data. I believe one of the reasons WordPress gets a bad rap when it comes to security is that the software makes it extremely easy to install themes and plugins from anywhere on the Internet, not just the WordPress repository. Many people don’t know the difference between a compromised theme and a legit one, unfortunately.

I’m going to hold off on updating this. This new version does not add any functionality, it merely reflects the new owner. I’m going to see what things are added or removed in the next version, and move forward from there. Unfortunately, this may be our new reality going forward.

I’ve been watching a lot of videos lately about boats. I don’t own a boat, but I think they’re cool. I’ve been watching videos about the narrowboats that cruise around the canals of England and Wales. I’ve been watching videos about catamarans sailing the oceans. Big boats, small boats, it’s all good. What I’m learning in watching these videos is that sailors often have to prioritize work and tasks to keep the ship sailing towards its destination.

We face similar challenges in our marketing and web offices. We are often understaffed and overrun with projects, some mission critical and some that are not as strategic. Often, leadership at your institution or division will say that we, as web and marketing folks, need to organize, prioritize, and measure the effectiveness of our work so that we can use that data to say no to requests that we typically receive from departments, schools, colleges, and other groups across campus.

TNohere are many KPIs you can use to help prioritize your projects and leverage as your department’s reasoning for saying no. Of course, you need to find the metric that makes the most sense for your institution or group. Maybe you say that your department now has marching orders to focus on projects and work that drives tuition revenue. Maybe you say that your new focus is on undergraduate enrollment. Graduate enrollment. International students. Retention. Capital giving projects. A certain element of the strategic plan. You’re focusing on your President’s passion project. You get the general idea.

All of those things are ways that we can use to tell people no.

There are different ways you can sail the seas of no. You can give a hard no. Maybe you use a “no, but,” where you offer to do the work but give a deadline that’s far off in the future. Perhaps, you ignore the request altogether. Each of these methods is full of peril and rocky shoals.

In my experience, people on campus react one of several ways.

In a perfect world, they’d understand the importance (or not) of their project. They’d appreciate our honesty and straightforwardness and understand why we can’t do a poster for the speaker coming to campus that a handful of people will go to1. Often the one we had one week’s notice of.

More often than not, this would happen.

We would nicely, and politely, say no to a project, via phone or email. We would feel good about our decision and get back to our work. Then, sometimes as soon as ten minutes later, the phone rings and the caller ID shows that a dean or vice president is calling. I know right away what they want.

“What aren’t you doing X project? You’ve always done it. X is important!”

On some occasions, that conversation would happen at a VP to VP level. I don’t know if that’s better or worse.

Sometimes they’d back down, but often, despite our arguments, we’d still do the work. We’d shuffle projects around, work late, or farm something out in order to keep the project moving and get it completed.

I get why the departments push back. No one wants to be told no or made to feel that the work they’re doing isn’t important. They feel they, like marketing, is understaffed and overworked.

Pushback and saying no is a problem that I have yet to solve in my 20 years of working in marketing and web. I’ve been thinking lately about why that is.

Personally,  I don’t like saying no. I like making people happy and I like doing good work for my institution. I want to have good relationships with folks across campus and I want them to like me, too. I admire folks who can stick to their guns and continue to say no.

My question is how do you do it? How do you say no, back it up with data, and get offices across your campus to understand, and ultimately, accept the fact that a marketing or web team can’t take on their project, for whatever reason works for your institution.

Much like I can’t sail a boat, I want to learn how to say no and bring calm seas to my life.

1 – We found that electronic means was a much easier and time-saving method for promoting limited-interest on-campus events. Tools include social, intranet, digital signage, and other campus calendering sites.