One missed checkbox can lead to 47,000 spam users!

By David Innes, | April 26, 2016

One site owner got more than 47,000 spam user signups!  Yikes!

Did you know that if forget to click one checkbox during setup and anybody can create a visitor’s account on a WordPress website.  Anyone or ,unfortunately, any spambot.  Or, even more unfortunately, all of them!

Most people, even beginners, figure out they should click that checkbox.  And theoretically it’s no big deal.  By default new accounts are just for “subscribers,” which only lets them add comments a little more easily.  Not a big deal, again, since you can easily write comments without an account.

Theoretically.  In practice it can be a giant, performance (and possibly SEO) sapping drain on your site.

The other day I was doing an assessment of a new client’s existing website and found not one, not 10, but more than 47,000 of these spam user accounts!

I was already logged into their site so even though they weren’t yet a client I turned that option off for free.

To disable spam account signups:

  • Went to their dashboard
  • Chose General from the Settings menu
  • Scrolled down to “membership”
  • Unchecked “Anyone can register”
  • Scrolled the rest of the way down and clicked “Save Changes.”

That was the easy part!  Deleting those 47,000+ members took quite a bit longer!

I try not to beat our own drum very often but in this case?  Sometimes it’s a very good idea to let a professional web developer check your site out to make sure all your performance and security i’s are dotted, t’s are crossed…

And checkboxes checked!


Should you use a slider or carousel on your website?

By David Innes, | April 21, 2016

"Abandoned Carousel" by Flickr contributor Jason Rogers.

Very simple website with both a title and URL that answers itself: Should I Use A Carousel?

Slideshow widgets were an instant hit on websites when they came out years ago.  They were fun, they moved, and especially they were new!  And so people landing on a site would watch them.

Now?  Not so much.  According to usability researcher Eric Runyon says that sliders might really slow down your site and consume a lot of your visitor’s mobile bandwidth but less than 2% are ever clicked on.  And 89% of those clicks are the first slide.

  • Homepage visits: 3,755,297

  • Percentage that clicked a feature: 1.07%

    Source: Eric Runyon

To be honest there are places where a slideshow can come in handy.  But you want to put them in context and you really want to have a reason.  A quickie demo slideshow on an inside “how to” page?  Where the thing to be demonstrated is actually to simple to make a video for?  Sure.  A quick demo of several uses or applications of a product on a page that goes into more detail?  That could be good too.

Point being that the answer isn’t always no.  It’s just usually no.

(Crystal ball prediction: those full-size homepage “hero” images were cool too.  And maybe they still are.  But I predict users will start scrolling past them almost as fast as they’re scrolling past sliders and carousels now.)

“Abandoned Carousel” photo by Flickr contributor Jason Rogers.


Why we keep your backups on another server…

By David Innes, | April 17, 2016

Image of smoking network cable

The phone call from a former client that made us take long-term maintenance seriously: “Do you have a backup of my website?  I accidentally deleted my site from my server!”  It’s not that easy to delete your whole site, but from time to time people do.  Not as catastrophically as the owner of a web hosting company managed to.  (He deleted his site and all his client’s sites too!)  But still possible.

Luckily we did have a backup of his original site.  Even more luckily his hosting company had a 24-hour backup.

Our former client had simply deleted what looked to him like a copy of his site in a former employee’s folders that turned out to be an alias to his main site.  Deleting that deleted all his on-site backups too!  Yikes!

Other simpler can lose your whole site including your on-site backups?

  • You get a new credit card and forget to update with your host, who then terminates your account.
  • Your site ends up hacked, corrupted, or encrypted by “ransomeware.”

That’s why we don’t just regularly backup our clients websites but back them up to secured, encrypted cloud servers.  And hold on backups for up to 6 months (and use a less frequent backup system and store those backups for years.)


Can you be too personal with “Personal Security Questions?”

By David Innes, | October 10, 2015

Short answer?  “Personal security questions” aren’t secure.  Irony, right?  Don’t use personal information to answer those”Personal Security” questions.


Nihilistic Password Security Questions image from the awesome "This isn't Happiness" blog

Nihilistic Password Security Questions image from the awesome This isn’t Happiness” blog.

Mother’s “maiden” name? Hospital where you were born? First school you attended? Best friend in high school?

Hmm. Let’s say someone was, oh, say, an identity thief. And let’s say they happened to have access to any of the 5,000+ lists of nearly one billion hacked user accounts from the likes of Target, Home Depot, Experian, the Office of Personnel Management, T-Mobile, Ashley Madison, and (well, it’s a very long list.)  And let’s say nearly all of those hacked sites stored your personal security questions in plain text?

How hard would it be for them to gain access to your other email addresses?  Your tax records?  Your school records?  Your work accounts?  Your social media accounts?  Your bank, and brokerage, and mortgage and… again, well, another long list?  Yikes!

You might change your password regularly, but how often does your mother’s “maiden” name change?

So… my advice when answering “personal security questions?”  Be anything but personal when answering them!

So what to do instead?  Sort of like passwords pick to or three random words, a nursery school name, or (if you’re sneaky) something that’s absolutely not true about you.

Example #1

  • Mother’s maiden name? “old mother hubbard”
  • Best friend in school? “old mother hubbard”
  • First phone number you remember? “old mother hubbard.”

(Note: in addition to often being stored as plain text security questions are rarely checked for repetition.)

Example #2

  • Favorite team? “go cougars” (especially if you’re a Huskies fan)
  • Mother’s maiden name? “go cougars”
  • Make and model of your first car? “go cougars”

Answer personal questions anyway you want, in other words, as long as you don’t give personal answers.


Ideal Client: Established Materials Sciences Sub-contractors

By David Innes, | September 20, 2015

Ideal clients for Website Updates: Materials Sciences Subcontractors

Well-established materials science sub-contractors might have thousands of clients for their specialized products and services… or if they’re in aerospace they might only have one or two!  Their marketing might be low-key, even word of mouth, and once established they may even have been doing business with the same procurement reps year after year.

Times change though.  New markets open up, and so does new competition.  And sometimes even old contacts retire or move on.  Sooner or later someone up the chain of command, often an upstart, is going to say “who are these guys and why, exactly, are we…”

Their usual contacts might have the answer but sooner or later someone’s going to open a browser and search for a little information.  That’s when it’s a great idea to have a clean, responsive, contemporary, and professional-looking website so when they ask the question, on their phone or tablet, from a bedside or business lunch, the answer’s clear, crisp, and concise.

We love updating old-school websites for well-established companies.   If you’re an established materials sciences sub-contractor with an out of date website, or if you know someone who is, have them give us a call.


Ideal Client: Mid-sized Local Ad Agencies

By David Innes, | September 20, 2015

Ideal client for website maintenance: Mid-sized ad agenies

Ad agencies know the value of offering full service to their clients.  And so in addition to designing and placing their television, radio, and billboard advertising it’s no surprise agencies like offer their clients website designs as well.  That way the client’s branding and messaging is consistent across all media.

Agencies often aren’t as crazy about managing the nuts and bolts of website management.  That’s where we come in.

At we love to keep other people’s websites safe, secure, backed up, and up to date.  We love updating other people’s pages and posts when they send us new web content designed to coincide with new video, print, and even social-media ad campaigns, newsletter mail blasts, and press releases.

Because we specialize in website development and support an ideal client for us is an agency that needs to support multiple websites for multiple clients, but doesn’t have the in-house staff to cost-effectively manage the task.

If you’re a mid-sized local ad agency with responsibility for clients websites, or if you know someone who is, have them give us a call.  We’d love to help!


Tip: How to Recover Your WordPress Password

By David Innes, | August 12, 2015

If you don’t log in often it’s easy to forget the password on your WordPress website.  Here’s how to recover your password.

  1. Find the login page for your site.  (It’s almost always something like””)
  2. Click “Lost Your Password?”

    Find the "Lost your password?" link.

    Find the “Lost your password?” link.

  3. Type your username (if you remember it) or your email address in the… well… “Username or password” box.
  4. Click OK and in a few minutes you’ll get an email message with a link that will allow you to create a new password.

This might seem like a funny way to operate but it’s a lot more secure.  I mean why doesn’t WordPress just send you your password?  Turns out WordPress stores only a strongly encrypted version of your password — so strongly encrypted even it can’t get it back out again.  So that’s why it asks you to create a new one.

Long as you’re making a new password make sure it’s a good one.  The good news if you forget?  Now you know how to create a new one!


Update Sales Tax For Your Your PayPal Buy Now Buttons

By David Innes, | August 11, 2015


PayPal Pay Now buttons

If you use ecommerce for local and in-state sales chances are you have to track and pay sales tax.  Here’s what to do if you use PayPal “Buy Now” or Add to Cart buttons on your website and your state or local sales taxes change.

Here’s how to set up your sales tax rates:

  • Log in to your PayPal account.
  • Click the Business Profile icon next to “Log Out” and select Profile and settings.
  • Click My selling tools.
  • In “Selling online”, click Update next to “Sales tax.”
  • Click Add New Sales Tax.
  • Choose the states for which you are setting up tax rates.
  • Enter a tax rate. Only click “Apply rate to shipping amount” if your state requires it.
  • Click Continue, or click “Create Another” to set up another sales tax.

Source: PayPal Help Center


Why I Love Getting Dozens of Automated Emails…

By David Innes, | July 23, 2015

I love getting good automatic messages

I’ve been getting dozens and dozens of automated emails this morning from sites all around the internet and… it’s making me really happy!

The message?  Simple.  From the dozens of sites I’ve built and maintain their software’s up to date enough to do their own security updates automatically.  And let me know that…

Your site has updated to WordPress 4.2.3

Howdy! Your site at [your URL] has been updated automatically to WordPress 4.2.3.

No further action is needed on your part. For more on version 4.2.3, see the About WordPress screen:
[your URL] /wp-admin/about.php

WordPress released their update to answer several security concerns.  By default recent WordPress releases have been configured to automatically keep themselves up to date.  And give you a little head’s up in email.

Aaah, the joys of receiving tons of nearly-identical messages from all around the internet.


Still have Flash On Your Site? Fewer and Fewer People Can See It!

By David Innes, | July 18, 2015

Every day more and more browsers block Adobe Flash

Every day more and more browsers block Adobe Flash

Adobe® Flash has been dying for years. Apple’s refusal to support it on IOS. People joke (and often worry) about Adobe’s frequent, sometimes daily “security updates.”   And it’s recently come to light that major companies and even governments have been using undisclosed exploits in Flash to spy on anyone they might not like!

Now, as WordPress SEO guru 

Flash is dead, bye bye!

Firefox is now blocking Flash by default. Flash was always a stupid idea, but in the off chance that you’re still using it on your site, you probably should stop for real now. I mean, we have animated GIFs for annoying content!

Follow the link to see the annoying GIF animation de Valk shared.

Do you still have Flash on your site? It might just be driving your old video player. It might be running an old slideshow. If your site’s old enough it might even be driving your entire website!

Used to be if you wanted visually interesting content on your website you had to use Flash.  But there have been native HTML solutions for years. Times change.  Time to upgrade.