Protect yourself and your site with strong passwords

In a previous blog post, I discussed my latest woes fighting hackers and spammers. Since then, I’ve discussed this situation with colleagues, did some more research and cleaned up many more hacked sites.

The biggest “Ah Ah” moment for me has been looking into password strength.  For the longest time, I used pretty easy to remember passwords, but with the use of 1 password, I no longer have to and can use incredibly long and difficult password.

If using such a tool is simply not an option for you, you might want to keep these rules in mind:

  • Use at least half a dozen letters. Mixed-case is good. Use random letters or uncommon acronyms only. Do not use words. If it’s in a dictionary… DON’T USE IT!
  • Use Numbers. At least a few integers (0, 1, 2, 3, 4, 5, 6, 7, 8, 9). More is better.
  • Use Punctuation. Punctuation is essential in a strong password. WordPress will let you use pretty much any punctuation mark that you see on your keyboard.
  • Change your passwords a few times of year.
  • Do not use the same password as your username or part of the username.
  • Do not use your name, family members or pets names.
  • Take advantage of online password generator tools such as Strong Password Generator.

Avoid using these types of passwords at all times:

  • P@ssw0rd
  • BusinessName123
  • may191968
  • 4257770707
  • admin

Finally if you’re more of a visual person, here’s a comic strip that explains password strength.

Transferring a domain can be an adventure. Learn how to make it less painful.

One of my WordPress colleagues, Kathryn Presner writes an interesting newsletter full of web design tips. Her latest one discusses the process one should take to transfer a domain name from one registrar to another:

First, avoid doing a domain transfer when you’re very close to your renewal date. Give yourself lots of time, just in case something goes awry. A month is great – two weeks should be doable. A week is really cutting it close.

Be sure the domain is unlocked before starting the process, or your transfer will be denied. Domains are usually kept locked to prevent unauthorized transfers, so when you’re ready to initiate a transfer make sure to go into your domain control panel and unlock it.

Make sure the contact email in your current account is up-to-date. Much of the transfer process relies on email notifications at every step, and if you’re not getting notifications at the right address, it throws a huge wrench into the works. On the flip side, some registrars will deny a transfer if you’ve changed any registrant details within a few months of renewal, so be sure to look through your registrar’s transfer FAQ before changing any contact information.

For most types of domains, you will need a special code from your current registrar. Because nothing is simple in the world of domain transfers, the code goes by many different names: EPP, authorization code, AuthInfo code, transfer key, transfer secret, and so on. Not only that, but simply locating it may not be obvious! You may have to look around for a while to find it – and take note that some registrars provide it directly in your control panel, while others will only email it to you. Again, if you get stuck, your registrar’s transfer FAQ may provide clues.

Keep an eye on your email after you’ve submitted the transfer request
and when you get an email from your new registrar, be sure to choose the option to accept the transfer. You should also get an email from your old registrar and/or see a note in your control panel that a transfer is pending, at which point you can manually approve the transfer by logging into your control panel and clicking in the right place. If you don’t complete both these steps, your transfer will be either delayed by several days or blocked entirely.

Make a note of any services you may be using from your current registrar, such as domain parking, forwarding, email, custom DNS, or others. You will need to ensure that your new registrar offers the same services, and then once the transfer goes through, set up the equivalent services again. Be aware that there may be a time lag between when a service stops at your old registrar and when you can re-start it at your new registrar.

I know it seems like a lot to remember. Once you’ve done this a few times, it does go faster, but it’s always a bit of a rigamarole. Good luck to all in your domain-transfer adventures!

For more great web design tips make sure you subscribe to Zoonini’s newsletter or browse through back issues.

Keeping Your Web Info in Order

For some, building a website can be quite a big undertaking. Once you’ve done it once or twice, like anything, it gets easier. You’ve learned the lingo, understand the difference between domain registrar and hosting and have a good idea what your web designer will need from you.

One of the most crucial part is very simple, yet often overlook and that’s keeping everything about your website info in order. I’ve seen this problem happen many times when taking on new clients who dealt with a previous web designer. Transitioning to a new web designer can be painless or complicated, depending on how well you’re prepared.

All web designers see this and most of us offer similar advice. In this month’s copy of Zoonews, Kathryn Presner shares the following tips:

Domain registration – be sure you are listed as the domain registrant (not your web designer!) and that the email address on file is an active account. If your web designer’s email is listed as a contact instead of yours, make sure you switch it over to your own email address before you cut ties with your old designer. This is extremely important. I’ve heard of business owners who lost control of their domain name because they failed to do it.

Hosting account – keep handy all relevant details, including the name of your hosting company, the URL of your web-based control panel, and its username and password. Know your FTP (file transfer protocol) credentials, including your FTP host name, login and password. This information will allow your new designer to access your web server and website files.

Logo – have an electronic version of your current logo on hand. It should ideally be in a vector format (like Adobe Illustrator or EPS) on a transparent background, to ensure the greatest design flexibility.

Graphics – retain electronic versions of any images such as stock photos that you may wish to reuse.

E-commerce – know the login details of all e-commerce accounts you may have, such as PayPal and shopping cart systems. Be sure you have access to the accounts, and that they’re registered in your name.

Keep on file in an easy-to-remember place all other information and documents related to your website. It’ll simplify your life – and that of your new web designer – more than you can imagine.

Kathryn Presner runs a web design company, Zoonini Web Services in Montreal. She’s also spoken at several WordCamps and is a moderator on the WordPress Support Forums.