UPDATE: Feb, 2012 – Well, the market is not so down now… but, this Scottrade free trades code still works great!

In the Stock Market? – With recent declines in the stock market a lot of negative people like to say, “see, you lose all your money when it goes down”. Of course, the people that know what they are doing don’t lose. And when it goes down as far as it has in August 2011, the smart people start buying for the long term. Selling high, buying low – that’s the basic strategy. Selling low and buying high is the dumb strategy.

Visit my Hub on Hubpages: New Hub Posted on Ten Basic Concepts of Social Media Marketing

Unwitting website owners are often taken in by the cheap price offered by some website hosting companies. These low-budget solutions are often called ‘economy hosting’. Like anything with the name “economy” attached to it, its just a euphemism for ‘cheap’.

For a serious business, going ‘cheap’ may seem wise at first but is often disastrous. Starting out on a shoe string budget often leads to a cheap mentality, which often leads to failure.

Website hosting is no exception. Many folks simply have no idea what the differences are with hosting plans and what they really need. So, without any better knowledge, they often fall for the cheap price of the economy hosting plans.

A wise rule of thumb, even for the tightest of budgets, is to never go for the cheapest alternative. It is cheapest for a reason; and although one may not understand the complexities of web hosting, choosing something built for business is always a better choice.

Here are the top five reasons (in this writer’s judgment) that the cheap economy hosting plans can be problematic. These are in no particular order…

1. Slow Page Load- Frequently, when compared to real business-class hosting, the economy website loads slow or is even unreachable at times due to server time-outs (from slow loading). This is the last thing you want when you are trying to promote a reliable image for your business.

2. Slow FTP – When editing a website, having a good FTP connection is critical. In my experience with most cheap web hosts, the FTP is very restrictive and it takes forever to upload or download files. This is because there are so many customers on one server, the host is forced to put heavy restrictions, otherwise the server will crash all day long. Slow performance is the result. It may not seem that big a deal to a website owner who doesn’t even know what FTP is, but it does slow down your web developer and will add hours to your invoices. Not good.

3. Overcrowding – A typical low-budget economy hosting account shares space with between 2000 and 10,000 other websites. Some hosts go even further with 50,000 other websites all sharing the same server. No wonder it operates so slow! There are many downsides to this. For example, if just one of those sites starts having trouble, gets hacked, or gets too busy, the whole server suffers.

4. Lack of Control – Sure, most hosts provide a Control Panel, but this only gives you what controls they want to give you. You may see dozens of fancy buttons and icons that say all kinds of techy things, but trust me, its very limited what you can do even with a professional working with you. The pro will probably get frustrated with the inability to do certain best-practices because the host has disabled so many things.

5. Poor Email Services – There are many things that can go wrong with email. It can run slow and be significantly delayed in either direction. It can get blocked by spam filters even when you are not sending any spam. It can get hacked, or whatever. There are 100 things that can get screwed up with email and when you are on a cheap shared host its FAR more likely to happen. If you are running a serious business this sort of thing can really ruin your day or week or month.

WordPress, without argument, is the most popular blog and cms software available. Its well-coded, easy to set up and use, and heck — its a lot of fun! However, not all is peaches and cream. Because of its massive popularity, WordPress suffers from ETS or  exploit-target-syndrome. Popular software inevitably becomes a major target for hackers to find exploits and other underworld activity.

Common attacks include various injection attacks that attempt to hijack the blog and deface the website by posting ads and links to porn and other objectionable content. Others even more sinister, change the administrator access so the owner gets locked out completely. Less obvious, but still insidious, are comment spam injections where spammers learn to inject SQL statements that drop comments and URLs directly into the database therefore bypassing all anti-spam security measures. All of these can be dangerous, or just annoying. The good news is you can minimize the potential of these attacks by hardening your WordPress installation.

1. Properly name your Database and Tables: This should be done during installation and you should never just allow the default installation settings to take hold. If you use Fantastico or Scriptaculous for example, they create database names and table prefixes that start with wp or wp_. This is not wise to install this way and will lead to being vulnerable to hacks and  injections.  The better way is to name your database something unguessable. Like, t100wp or bfdwp99 . Its probably wise to put “WP” in the name, but not in the beginning. This just helps you remember its a WordPress database. For the table prefix, again use something unguessable, like djj88_  – this could be anything and should be like a short password. Whatever you do, don’t use the default wp_ or no prefix at all. Both of those options create a vulnerable database.

If its too late and you already have a blog with default table prefixes, its a bit of a pain to go back and change it. But worthwhile. Its very tricky to do correctly without breaking your WordPress install, so this should probably be handled by a pro. I can help, you can contact me here.

2. Increase Anti-Spam Security for Comments: Comment spam is a big problem. Some blogs are wide open to total nonsense appearing in the comments, while others have to manually read and prune their comments to prevent this comment spam from getting on the site. If you are serious about solving the Comment spam problem, the first step is to make sure ALL comments require approval – this can be found in the general settings of your WordPress dashboard. Some may say, “but I want an open free-flowing discussion”, I say, great! Please post your phone number below. Allowing anyone to comment without some sort of filter is just plain stupid. The Internet is full of nefarious characters looking to exploit your blog. Why make it easy? Most of the comments you get are garbage anyway.

3. Only use well-reviewed and highly rated Plugins found on the WordPress.org site: Using plugins found on random sites found in a search is dangerous. If you limit usage to only plugins available on WordPress.org you will find a bit more security. However, its not automatic. Look at the reviews and ratings. If a plugin has a lot of bad reviews in relation to good ones, don’t use it. If it has a low rating don’t use it. If it has very few reviews and few ratings (even if very positive) don’t use it. Only use plugins that are well-established with decent ratings, and decent reviews over a significant period of time. Unless you are an adventuresome web-geek that likes to test things and know how to recover from a WordPress disaster, stay away from questionable plugins.

4. Delete the user Admin and Create your Own administrator: Never use Admin as the username for your WordPress blog. This leaves it open to attacks. Create a administrative user that is hard to guess and delete the default user “Admin”. You can also create your own user upon installation, and never even create Admin as a user.

5. Make your administrative user password difficult to guess: As with any web password you should never use simple passwords. Many web hosting companies put minimal requirements on passwords nowadays so simple passwords may be a thing of the past. But in my experience people still use them. The basic idea here is to:
A. Never use a proper name or any word that can be found in a standard dictionary.
B. Mix case letters always (uppercase lowercase)
C. Use numbers mixed in with your letters
D. Use punctuation or special characters if allowed.

Applying these tactics make password cracking very hard for the hacker.  A password like suzy123 can be cracked very easily with simple password cracking software; however, Su7y!23 is way more complex and cannot be cracked easily if at all.

There are many more ways to secure your WordPress installation and make your site a hard-target for the script-kiddies who like to play with vulnerable sites. These 5 ways will help move you in the right direction. If you want a professional to help you lock down your site, please contact my office here.

I think so. After being nagged to death by popups, I finally upgraded to Firefox 5. Even though half my add-ons were deactivated because of incompatibly, I went for it. What a mistake. The Firefox 5 browser feels like I’m using Internet Explorer, which is ridiculous irony that makes my skin crawl.

Its slow, the CACHE and history seems to force itself unless you delete EVERYTHING from the history records, which isn’t always desired. Sometimes you just want to delete cache and leave the URL history. I thought I was locked out of my blog because I had set up a redirect to a maintenance page while I did some db updates.  I removed the redirect, and Firefox 5 still used the cached redirect over an over. I had to work with Chrome the rest of the day. Maybe from now on.

The new navigation scheme is oddly a half-breed of IE and Chrome. What happened to Firefox? You were the best, now you suck.  I can’t even use this piece of trash Firefox 5.

Trying to revert to an older version, but they make it hard.  May just uninstall it altogether.  Thanks for wasting my time Firefox 5, you suck.

If you are like me, you hate blog spam. As your blog becomes more popular this annoying phenomena only increases in frequency and intensity (both the spam and your aggravation level). There are many anti-blogspam solutions available for your blog software that can help. I recommend Conditional CAPTCHA for WordPress. It can really cut down on the automated bot submissions that are just abusing blogs all day long.

However, as with any software, the people who proliferate the Internet with their garbage are always finding ways to defeat the defensive measures employed by blog owners. And the spam goes on.

So, I have conceived of a solution that is so radical, so explosive, so… simple… that I hurt my shoulder trying to pat myself on the back. Before I reveal the idea (you can just skip ahead if you can’t wait), I want to explain the main reason that this blog spam exists in the first place.

Why do you get this crap? The simple answer is SEO. Search Engine Optimization is the art and science of improving a website’s rankings in the major search engines. SEO is a very good thing for website owners to do and is essential in today’s Internet market place. However, as with anything in life, there are always cheaters. Those who find a technique that helps their SEO efforts and then they find a way to automate it and abuse the hell out of it. Thus is the foundation of blog spam.

Years ago those who deal in SEO discovered a neat trick. By leaving comments on blogs with links back to whatever URL you put in the form, you could acquire oodles of oneway backlinks. WordPress by default comes with a URL field in the comment form that allows people to post their website address (URL) with their comment and it automatically links the URL to the name given in the name field. So the evil geniuses wrote programs which allow one to comment repeatedly and thus create tons of backlinks. With a few clicks of the mouse one could post hundreds or thousands of blog comments.

Well, like any aggressive SEO method, the big search engines such as Google saw this as illegitamate and deemed it as spam. Its potential SEO value greatly diminished. But the genie is out of the bottle and every shameless SEO continues to employ this technique to this day. Their goal: to get as many backlinks for their website as possible.

Now that you understand why this occurs, you will understand my drastic solution.

The Solution

SOLUTION: Delete the URL field from the comment form. Amazing! Incredible! Genius!

The main reason these fools continuously submit spammy comments is to get their URL (link) on your blog. If you remove the field, whammo… purpose eliminated. Of course they can still put links in the comment text, but most anti-spam software discards that all day long. So it is not very appealing to the spammer.

Additionally, this will cause problems for bots which auto-submit to your blog. A field is missing and their input will break. The auto-bots will get errors and move on to other places.

For some sites this may not be feasible because the URL field in the comment form is important to you. Well then, this ain’t for you then.

How to Remove the URL field from your WordPress comment form:

1. In your wordpress admin dashboard click on Appearance/ Editor.

2. Select Comments.php from the list of files on the right side.

3. Find the line of code:
<br /> <input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>” size=”22″tabindex=”3″ /><label for="url"><small>Website</small></label>

and DELETE it!
4. Save your changes. Done.

NOTE: This file is theme-based, so your theme may have slightly different code here. If you are smart, you will find the right thing. Also, you must do this for every theme you have sitting in your theme folder not just the active one, especially the default theme and Twenty Ten which come with WordPress. Spammers will use the paths to the default themes to bypass your changes to your own theme. You could just delete all those themes anyway if you are not using them

One last caveat… it doesn’t do anything about pingback comments with the URL. But those are less frequent and they represent a backlink for you anyway, so not a big deal.

This can also be done by FTP and direct file editing if you are so inclined. If you are a wordpress.com user, sorry… this won’t work.

“irregardless” is not a legitimate English word. Its a malformation of the words Regardless and Irrespective which both represent its intended meaning without mixing them. Its a double negative which makes it mean the opposite of the speaker’s intention. And it sounds stupid when people say it. Example: “Irregardless, I ain’t got no money.” – Actually means, “Regarding that, I do have money.”

So, if you want to use the right expression there, say “Regardless” or “Irrespective” or even better if you want to sound really smart, “notwithstanding”.  They all mean the same thing. Stop saying irregardless… its just an ignorant word.

Today must be software update super day; Microsoft Windows,  Java, WordPress and my Cpanel web hosting server all required updates today. Windows wanted it so bad it shut down my computer to force it to happen. Must be a conspiracy!

WARNING: If you get an email with subject “Rejected Federal Tax transfer”  its bogus and contains an .exe file hidden in a .pdf file name. Delete delete delete!!

“Your Tax transaction (ID:xxxxxxxxxxx), recently sent from your checking account was canceled by the The Electronic Federal Tax Payment System.”

UPDATE: Another email going around with the subject: “Federal Tax payment canceled” – same thing as above.

Sounds strange doesn’t it? “keep a website out of the search engines”?? Why would anyone want to do that? Well there may be several reasons. For example, the site is in development and you don’t want it indexed before its ready to be indexed. Maybe you have a private member site that is for a small group like your family or church group and you don’t want it showing up all over Google. There could be a number of reasons you would want to do this. Well the good news is, you can — and its easy!

Important: It makes a difference if your site is already indexed in Google or Yahoo or where ever.

Method 1 - For a brand new website that has never been indexed at all…
1. First check to make sure it really hasn’t been indexed. You may think to yourself, “I just bought this and set it up on the hosting yesterday, it can’t be indexed already!”. But you’d be surprised how fast it can get picked up these days. Make sure it is NOT indexed at all! (in Google type “site:yourdomain.com” — without any quotes and change the domain to your domain. You should see a message

“Your search – site:yourdomain.com – did not match any documents.”

This is good, you may proceed to step 2. If it shows some indexed pages and not that message above, move to Method 2 below.

2. Create a robot.txt file with the following code:
# go away
User-agent: *
Disallow: /

3. Upload to the root of your website. DONE!

Now if Google, Yahoo, Bing or any other legitimate search agent tries to get it, it will be rejected right at the gate.

Method 2 - If your site is already indexed you must NOT put that robot.txt file there. “Why?” you ask. Because if its already indexed, the search engines cannot learn to de-index it because they cannot get in. Your existing indexed pages will remain indexed. So if your pages are showing up in the search results do the following:
1. Remove any robot.txt file (for now, you can put it back later when its all clear)
2. Add the following meta-tag to every page on the site… EVERY PAGE! <meta name=”robots” content=”noindex,nofollow” />
3. Upload all pages to the live server and you are done.

Now you can just wait it out. It may take a few weeks for the search engines to catch on. If your site was in existence for some time and there were a large amount of pages, it will take quite a while to remove it all. For removing a dead site out of existence, see my article How to Remove an Entire Website from the Internet

Another step you can use if you have Google Webmaster Tools account is to “remove URL” feature. In Google Webmaster Tools under the domain you are working with select Site Configuration>> Crawler Access >> Remove URL (tab). If you can get your hands on that, it will remove the site from Google pretty quick. You have to have verified ownership of the account, so don’t try this with your competitors website, it won’t work. However, this will not remove it from other Search Engines like Yahoo. For that you will have to wait for the noindex, nofollow tag to take effect.

Also note that bad bots (naughty evil search agents) will still ignore these directives and follow and index all the day long. So this works to get your site out of the important nice search engines, not the naughty ones.