A Break Between Storms, Boulder Creek, California

“I believe the world is incomprehensibly beautiful — an endless prospect of magic and wonder.”
— Ansel Adams

Illustrated Guide to SEO On-page Topic Targeting

Search engine optimization is important, but so is creating rich and engaging content for your readers.  This Moz blog article presents a framework, complete with incredibly useful graphics,  for creating on-page topic targeting optimization easy and scaleable.

Security Flaws and Updates Galore

It’s only Tuesday, and it’s already been a very busy week for WordPress site owners and Webmasters.  Yesterday, April 20th, Securi announced the XSS vulnerability affecting multiple WordPress plugins including some of those most widely used by the community.  This has resulted in a slew of plugin updates being released.  I expect the updates to continue rolling in as additional plugin authors discover and correct the issue.  Alongside the many plugin updates, WordPress released a security update to the core system, 4.1.2 as well.

WordPress is a remarkably customizable and flexible platform.  It is constantly evolving and part of what makes it so great, the vast community of WordPress developers and plugin authors, makes it subject to security issues.  The large percentage of sites running WordPress, last reported at 23.7% of ALL websites, makes it a high-profile targets to hackers.  It is imperative that site owners and Webmasters keep their WordPress installations, including all plugins up-to-date.  Sadly W3tech reports only WPTavern reports roughly 36% of sites are running the latest version of WordPress.

Is your site up-to-date?



WordPress 4.0.1 – Critical Security Release

Image credit: Andy Fitzsimon

WordPress.org states 4.0.1 is a critical security release for all previous versions.  All sites are strongly encouraged to update.  If you have automatic background updates turned on, your site will automatically be updated in the next few hours.  If you do not have automatic updates turned on, Download WordPress 4.0.1 or login to your WP Backend and go to Dashboard ? Updates and simply click “Update Now”.

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbournof the WordPress security team.
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavkovi?.

New WordPress Theme Vulnerabilities Discovered

Wordfence creator, Mark Maunder, has identified  several themes with either a Cross-site request forgery (CSRF) file upload vulnerability, or an email sender vulnerability.  The exploit of these security hole has been seen in the wild. If you are using any of the  themes listed below,  you should contact the developer immediately to see if there is a patch available. Work with them to determine if your particular version contains the vulnerability and get their advice on what action to take.  If the developers do not respond after a reasonable amount of time, work with your hosting provider or webmaster to determine if you have a vulnerability and what action to take.  Remember that deactivation will not remove the vulnerability. If no patch is available, or if the theme appears abandoned or unsupported you should completely uninstall and remove all files associated with the theme or plugin from your site to remove the security hole.

  • Cubed Themes version 1.0 to 1.2. Remote file upload vulnerability. Distributed by themeprofessor.com. Exploit released on 9 November 2013.
  • Army Knife Theme, unspecified version. CSRF File Upload vulnerability. Theme is distributed byfreelancewp.com. Exploit released 9 November 2013.
  • Charcoal Theme. CSRF File upload vulnerability. Distributed by the official WordPress repository. The theme hasn’t been updated for several years, so we recommend deleting all files from your system.
  • WP Realty Plugin may contain an email sender vulnerability. Please contact vendor for clarification. We’re seeing exploits that claim to exploit this hole. Plugin is distributed by wprealty.org.
  • The following themes distributed by orange-themes.com appear to contain a remote file upload vulnerability and we’re seeing exploits appear in the wild, all published around November 12, 2013:Rockstar Theme, Reganto Theme, Ray of Light Theme, Radial Theme, Oxygen Theme, Bulteno Theme, Bordeaux Theme. Please contact the vendor to find out of your theme is applicable and what action to take.
  • Amplus Theme version 3.x.x contains a CSRF file upload vulnerability. We’re unclear who the vendor is, but it appears to be Themeforest.
  • Make a Statement Theme version 1.x.x (also known as MaS ) contains a CSRF file upload vulnerability. Exploit distributed November 17, 2013. Vendor is themes.mas.gambit.ph.
  • Dimension Theme, unspecified version, contains a CSRF file upload vulnerability. Theme is distributed by ThemeForest. Exploit appeared November 17th, 2013.
  • Euclid Version 1 Theme contains a CSRF File Upload Vulnerability. Exploit appeared today. Theme is distributed by FreelanceWP.com.
  • Project 10 Theme, Version 1.0. Remote file upload vulnerability. Distributed by ThemeForest. Exploit appeared today.

See also CVE Details

Why You Should Upgrade to Windows 8.1

Eight Reasons to Consider Upgrading to Windows 8.1

Start Screen

UPDATE: Microsoft has temporarily pulled the 8.1 RT version due to issues some users experienced when installing the update on their tablets and mobile devices.

  1. The Start Button Is Back! One of the most hated Windows 8 changes was the missing start button.  Windows 8.1 brings it back to the taskbar—tap or click to get to Start. If you prefer, you can now go straight to the desktop when you sign in. And use the same background for both your desktop and Start. Plus, see all your apps at a glance in the new all-apps view.  Right +clicking on the Start button brings up a handy menu of power user and system management tools:  Event Viewer, Device Manager, File Manager, Control Panel, Run Command, Search, to name a few.
  2. It Has a Smaller Footprint: If you are already running Windows 8, upgrading to 8.1 will get back 8-15% of storage space
  3. Improved Search: Bing Smart Search gives you results from your PC, your apps, and the web. Results are in a clean, graphic view that lets you do things and launch apps right away. Find a song and start playing it, or find a video and watch it right away.
  4. SkyDrive,Your Files are Always with You: SkyDrive is free online storage that’s built into Windows 8.1. Save documents, photos and other files to SkyDrive automatically, and get to them anytime, from any of your PCs or devices. You can also use SkyDrive to protect your files if something happens to your PC. And you can use SkyDrive to share and collaborate with others, and see your stuff on mobile and non-Windows devices. Microsoft has made SkyDrive the default place to save new documents, and improved things on the back-end to ensure the system sees them as local files in every way that matters (for searches, etc.).
  5. Improved Multitasking: The snap feature is much improved allowing you to resize side-by-side apps to suite your needs. Depending on the size of your screen, you can see up to four apps at once.
  6. Automatic App Updates:  Windows Apps will now update automatically Updates happen in the background, and the Windows Store will stop bugging you with that ever-increasing count of pending updates.
  7. Improved Multi-Monitor Support: Web Designers, Graphic Artists and Photo Editors rejoice! External monitors are a big deal for Windows tablets, since many of them have serious computing power but screens that aren’t exactly what you’d call large. Now in Windows 8.1, users will have more control over how content renders on a second display, giving tablets more flexibility.
  8. Native Facebook App: If you upgrade to Windows 8.1, you’ll be able to run the official Facebook app for Windows, which provides a native experience for PCs.

Windows 8.1 was released October 17, 2013. It took about an hour to update my laptop from Windows 8 to 8.1.  My computer had trouble reconnecting to my router after the upgrade, but a router reboot solved the issue.  Other than that, the upgrade process went smoothly.  Learn more about all the new features here.

 Short Video on how to update to 8.1


iOS 7 Rolls Out Today – What You Need to Know Part 1

Today, Apple released the latest mobile platform update iOS7.  iOS powers the iPhone, iPad and iTouch devices, and is also used on Apple TV.  This article focuses on mobile devices.


Before you upgrade, check to see if your device is compatible with iOS7:

In addition to the newly announced iPhone 5s and 5c, the following devices are compatible with iOS 7:

  • iPhone 4
  • iPhone 4S
  • iPhone 5
  • iPad 2
  • third generation iPad with Retina display
  • fourth generation iPad with Retina display
  • iPad Mini
  • fifth generation iPod Touch

Also note: Some new features are not available on older generation devices.

New Look

The first thing you’ll notice is the new look.  No more glossy beveled icons. The design goals were to make iOS7 “simpler, more useful and more enjoyable — but still feel instantly familiar.”  It takes some getting used to, especially to long-time devotees, but the overall reaction to the new design has been positive thus far. Designers across the web have been scrambling to emulate the “flat-look” trend.  Despite the cosmetic makeover, most of the features and options you are used to are still in the same places.  There are some new features to take note of outlined below under New Features.

 New Features


Swiping, from the right and left edges of the screen, has come into it’s own as a quicker, more efficient way to navigate the iOS as well as getting around the web in Safari.

Control Center

iOS7 Control CenterThis feature has been on the user wishlist for sometime.  The Control Center  is activated by swiping upwards from the bottom of the screen to reveal a set of options for controlling various settings. The arrangement of these icons differs depending on whether you’re using your device in landscape or portrait mode, but the options, icons and functions remain the same. This feature seems to be more suited for the larger iPad screen. On the iPhone, Control Center takes up the majority of the screen, while on the iPad, it only takes up a quarter of the screen in Portrait mode. The layout is much less confusing as well, with each feature sectioned off in thirds on the iPad. Media controls are located to the left, Toggles in the middle, and frequently used app shortcuts on the right.

Because the feature is by default accessible anywhere, Control Centre can also be accessed from the lock screen without unlocking your phone. If you would like to change this setting, you can disable Control Centre from appearing on your lock screen or while you are using apps via Settings > Control Center menu.

Air Drop

AirDrop facilitates sharing between iOS devices.  It lets you quickly and easily share photos, videos, contacts — and anything else from any app with a Share button. Just tap Share, then select the person you want to share with. AirDrop does the rest using Wi-Fi and Bluetooth. No setup required. And transfers are encrypted, so what you share is highly secure. Your AirDrop visibility settings can be configured from Control Center to allow interaction with nobody, only those you know (your Contacts) or Everyone.

The option to share via AirDrop shows up whenever you click the Share button for most items including photos, videos, contacts and web pages. In order tt use AirDrop, choose an item you would like to share, hit the Share button (it looks like a box with an arrow coming out of it) and select the target device in the AirDrop field. If no devices show up, tell the recipient to adjust their visibility or add you as a contact.

Receiving via AirDrop is similarly simple, and whenever a user tries to share with you a confirmation dialogue will appear asking you whether or not you want to receive the item or not. The prompt will often include a preview of the photo or video and indication as to what it is you are receiving.

This new feature only works on the iPhone 5, fifth generation iPod Touch and the fourth generation iPad (and older) and iPad mini due to a dependence on a newer Wi-Fi chip found in these devices.


More on the Apple site
The folks over at MakeUseOf have put together a handy guide to all things iOS7