HTTPS Green-padlock-in-circleThere’s no arguing that WordPress has grown to wield much influence on the web, but one area they’ve lacked compared to services and platforms like Facebook, Reddit, and Twitter was their lack of offering HTTPS to sites hosted at WordPress.com that use a custom domain name.

Those days are now over.

They’ve partnered with Let’s Encrypt, a new service offering free SSL certificates, to offer SSL to sites without the site owner having to know how to install SSL.

That’s huge because creating, generating, and installing SSL certificates can be a difficult task, even for those of us with a strong technical background. Thanks to the API nature of Let’s Encrypt, the entire SSL generation and renewal process can be automated, reducing the technical hurdles to implementation and improving adoption.

Why is this important? A few reasons.

First, there’s never been more attention put on security, encryption, and the safety of information. By making it brain-dead simple for their users, WordPress is helping to improve the security of the web.

Second Google loves themselves HTTPS and SSL. Not just in general, as we’ve seen lately in their Gmail messages, but they are starting to rank sites that use HTTPS higher. Still think that HTTPS and TLS is too taxing on your servers? Not so.

Third, by having their sites being sent over HTTPS, WordPress.com can serve those sites using HTTP/2, which means faster, more efficient content delivery.  This is important as our sites get larger and larger, with more CSS, javascripts, responsive high-DPI images, and more. The HTTP/2 repo at Github says:

At a high level, HTTP/2:

  • is binary, instead of textual
  • is fully multiplexed, instead of ordered and blocking
  • can therefore use one connection for parallelism
  • uses header compression to reduce overhead
  • allows servers to “push” responses proactively into client caches

Kudos to WordPress.com and Automattic for this move. A safer, more secure web is a better web.

Panama Papers WordPressAs if the constant security threats, plugin takeovers, and general state of malware wasn’t enough motivation to keep your WordPress installation updated to its latest versions, here’s a major reason to keep your WordPress installation, themes, and plugins up to date.

Perhaps you’ve heard of the Panama Papers, which is turning out to be only one of the biggest leaks of corporate information in history. It’s already brought down one world leader, and possibly another, ousted people at organizations like FIFA and more, and shined a light on the nefarious ways the rich will use to protect and hide their money.

One of the ways hackers got access to the files at Panamanian law firm Mossack Fonseca was through an old version of the WordPress plugin Revolution Slider, according to WordFence, who specialize in WordPress security plugins and services. Their post goes into great detail about the specifics of the possible hack. The short version is:

Mossack Fonseca had a Revolution Slider vulnerability in their WordPress site which probably gave an attacker access to their systems including their WordPress database. Once they had access to the database, they could easily see credentials for other services, including, astonishingly, their email server, which was sat on the same network as the web servers. As you know the big part of this leak was firm emails. Between this WordPress vulnerability and an unpatched Drupal installation, this was ripe for the picking. Once into the network, it was trivial to get access to the mail servers, they had, after all, the username and password to do so, stored in plaintext  in the WP database.

This is especially shocking given the sensitive information this firm was storing. You would think their data and information would be locked down harder than any bank and government. It’s not hard to do–expensive, sure, but not impossible.

Take a moment, and make sure your site and plugins are up to date.

how-do-you-do-fellow-kids

Like many of my fellow web colleagues, I’ve struggled to wrap my brain around how Snapchat works. It’s definitely geared towards a younger demographic with its “swipe this way, swipe that way” user interface.

I’ve got the basics down: I’ve added some friends, I’ve sent some snaps, tried some filters, and even a few face swaps with my kids, often to scary result.

The one area of Snapchat I find the most interesting is the “story” feature. The ability to quickly and easily share updates in that platform is very easy and feels much more interactive than Twitter or Instagram updates, especially since it doesn’t use a timeline-based approach. I can quickly go through all the updates of 1 person, which is nice. This sort of approach hopefully means Snapchat doesn’t see the type of user pushback when timeline changes are made.

I’ve added a few celebrities to see what kind of content famous folks and brands were putting out there. The quality varies pretty widely, though some are doing it better than others. The Cleveland Indians do some pretty neat behind the scenes stuff on Snapchat. I’ve never seen Whitney Cummings do comedy, but after hearing her great interview on the Tim Ferriss Podcast, I added her and it’s been pretty interesting to see how she uses the platform.

snapcodeRecently, something strange has been happening. A ton of people I don’t know started adding me. I don’t know them, and they don’t show up as friends in my friends area. Best I can surmise, is when I wrote a post about creating Snapchat geofilters last year, I included a picture of my snapcode, which you can see to the right. Not that many people read my blog, so they all can’t be coming from that. It’s strange.

As a test, I made my “story” public as a test for all those people who added me so they can see some of my snaps that I share on my story. It’s been pretty eye-opening.

 

Here’s some basic stats that Snapchat gives you:

2016-03-26 10.55.20

Yes. This past weekend, a picture I posted of the chicken noodle soup I made was viewed 8,400 times in 12 hours. That’s incredible reach and engagement – way more than I get from Twitter, Instagram, or Facebook. I’m enjoying my newfound, invisible audience of people I don’t know. I’ve started taking photos more and sharing them, and watching the thousands of views add up. It’s kind of addicting.

If Snapchat is serious about wanting brands to get onboard, they need to offer more robust analytics to not only brands, but all users. There wasn’t an area I could find that I could easily see all the people who have added me. I can see the most recent, but no count of all of them. That would be useful information to do some measurement against, especially since they give you some performance metrics on your post.

Want to see more pictures of my soup, or the delicious roast potatoes I made the other day? Add me. Everyone else is.