1. Update (and keep updating) your website’s software. The #1 avenue for hackers and malware is outdated or unused software. This includes WordPress and plugins—so when you see those update notices, update. (But backup first.) And get rid of anything you’re not using.
2. Keep your connection clean. Install an anti-virus solution—yes, even for Macs. Personal firewalls are a good thing, too. And when connecting to the Internet, make sure it’s secure. Your home may be one thing; Starbucks is another. Use https:// (versus http://) whenever you can. The NoScript plugin for Firefox checks out Javascript on the site you’re visiting before it loads– and you can get software that scans sites for malware, too. (Side note: Did you know your credentials are passed unencrypted via FTP? The Sucuri expert suggested using sFTP or SSH instead of FTP, not to store your credentials on your FTP client, deny anonymous logins, limit connections and practice least privilege. Smart.)
3. Use trusted sources. This goes for everything—from websites you visit to software you download, from plugins you use to WordPress themes you install. Make sure the plugins you use are still being supported. Make sure the WordPress themes you install aren’t loaded with malware (it happens more than you think!). And make sure your host is a good one. Do they publish their security practices? How often have their sites been infected with malware or blacklisted? Vet your host by using this URL: http://www.google.com/safebrowsing/diagnostic?site=typeyourhostingcompanywebsitehere.com (Note: We like HostGator, and this is just one reason why).
4. Follow best practices. Change the WordPress admin user. Cancel any users that aren’t needed—on your site and your server. Use child themes (We do). Change your server file permissions—to at a minimum, 644 on files, and 755 on folders. (If your host requires you use 777 on everything, it’s time to get a new host.) Install the Sucuri monitoring plugin if you have Sucuri security (We use and recommend it on our sites). Continue disabling pop-ups. If you’re doing a fresh installation of WordPress, add a DB Table Prefix. Add secret keys into your WP-config file. Require SSL for all administrative logins. And, of course, use good passwords. (Did you know 123456 is the most common password followed by 12345?) Or better yet, use good passphrases complete with letters, numbers and other characters.

Hackers love “admin” users.

Upon WordPress installation, the default user named “admin” is created.  In order for hackers to get into your WordPress administration pages, they need to have your username and password.  If you have a user that is named “admin”, you’ve just given the hackers half of the puzzle.  So what do you do?  Create a new user.  Name is anything other than “admin”.  Assign its role as Administrator.  Log back in as this newly created user.  Delete “admin”.

Hackers love outdated WordPress versions.

It’s a continual cat-and-mouse game.  The hackers look for security vulnerabilities in the software and once discovered, the programmers work to close those vulnerabilities.  The programmers then release updates to the WordPress application.  If you don’t update to the latest WordPress version, you are leaving your website open to hacker attacks.  So what do you do?  On the Dashboard, under your website name, if there you are running an outdated WordPress version, it will give you an option to update.  Do it.

Hackers love outdated and free, unsupported WordPress themes.

WordPress themes don’t just make your website “pretty”.  Your theme, for the most part, controls the look of your website, but it also includes a lot of programming code and scripts–code and scripts that can allow badguys into your website.  So what do you do?  Programmers who develop WordPress themes will often update them.  These updates may include security fixes.  Check with your theme programmer for any new updates to your theme.  Better yet, see if you can get on a mailing list to be notified when updates to your theme are available.

Hackers love outdated WordPress plug-ins.

WordPress plug-ins are a popular way for hackers to hack into websites.  So what do you do?  Review your Installed Plugins from time to time and always update to the latest plugin version.  Sometimes an update may result in the plugin not working the way it was, in which case, cut your losses and find a new one.  Don’t stick with outdated plugins.  Also, delete all plugins that are not actively in use.

What can you use Twitter for?

1. Following. Name a well-known person you like or respect, someone who makes you laugh or entertains you, someone you wish you could get advice from or hear what they’re reading or talking about. Or a company or organization you’d like the latest updates on. It could be personal or professional. Now, find their Twitter name (@whateveritis), and go follow them. (After you sign up for a free Twitter account, that is.) You’ll get updates in real-time; just quick little tidbits that won’t disrupt your day… that much. And if they do, you can always unfollow them.

2. Communicating. If you’re a brand, you want to hear from and talk with your customers. Twitter is just another way to do that. “Why not e-mail or text?,” you ask? Good question. Some like Twitter better than e-mail because it’s quicker (limited to 140 characters), more casual (no need for a greeting or a sign-off), and so—like researchers who choose shorter questionnaires to get more/better responses—Tweeters choose Twitter because they’re more likely to get back a quick response. And unlike texts these days, Twitter is free. Of course, before you sign up for Twitter, you’ll want to assign someone—or better yet—several people to watch for and reply to customers’ Tweets. You don’t want to be “that company that doesn’t respond.”

See more great Twitter infographics at blogs.loc.gov or click this one!

3. Marketing & Selling. This is by far the trickiest one.  Because unless you have a name already, it’s hard to break through the tweettweettweettweettweet—well, you get what we’re saying. It’s noisy. And the most successful techniques we’ve seen small companies use to break through that noise are either incredibly creative (which can be difficult or expensive), and almost always way too time consuming for the average entrepreneur. If you think you want to make that expense, contact us. Otherwise, we suggest you use Twitter to send out sales and marketing messages as you have time—just don’t expect too much in the way of monetizing it, especially when at first you have very few followers.

4. Researching. Not only can you see what people all around the world are talking about (“What’s Trending“), but also you can narrow it down to the topics that interest you. Perhaps you want to find out what people are saying about the new soda that launched. Or their thoughts on the job news this last week. You can do this, manually, using the Twitter interface, or you can do what we think is easier: check out free services like Monitter and Hootsuite.

And now, a word on privacy. “Direct messages” (d@twittername) can only be seen by you and the person you’re direct Tweeting. To direct Tweet someone, he/she has to be following you, and you have to either use the Twitter interface or remember to put the “d” before their name when sending the message (Else suffer the potential consequences as an unfortunate Senator did.). Normal Tweets to an individual (using @twittername at the beginning of the Tweet) won’t be instantly sent to your other followers, but anyone who looks at your Twitter profile will see that Tweet. (If you “mention” another Tweeter by using @twittername elsewhere in your Tweet, it will be sent to your followers.)

And remember, of course, that all of your Tweets are being stored in the Library of Congress. No joke.

Jumping in to a campaign, however, involves a rush. You may use a fun technology or forge new ground. It’s entrepreneurial—like you, right? But… it can also be more laborious than fruitful.

Recently, a non-profit company asked me to incorporate Twitter into their website. “Great!” I said. “Who will be doing the tweeting? What are you going to tweet about? How are you going to get followers?”

“I don’t know. We just want Twitter.”

Against our advice, they went forward. Five months later, they hadn’t tweeted a word, even though they’d paid for us to design their page.

Another client wanted an RSS feed but didn’t know much about it. Another wanted to use QR codes because “they’re cool.” But what did they have to do with their business?

We’re not saying not to use new tools and technologies. Just make sure you know why you are, and what you want to get out of them—you know, strategize. Otherwise, however fun—it’s a waste of your time.

Next post… When & why to use Twitter.