Retired Themes-Round 2 (sorta)

And the theme retirement trend continues on WordPress.com with new additions to the previous list of retirees:

  • Bueno
  • Dark Wood
  • Enterprise
  • Inuit Types
  • Monochrome
  • Motion
  • Neutra
  • Notepad
  • Notes IL
  • Paperpunch
  • Steira
  • Structure
  • Titan
  • Under The Influence
  • Vostok

Again, existing sites can continue to use their theme even though it is retired and sites set up prior to a theme being retired can switch to that retired theme. What you cannot do is create a new site using a retired theme.

Continue reading “Retired Themes-Round 2 (sorta)”

Use the Support Search, Luke!

With the upcoming Automattic Annual Get-together (Automattic being WordPress.com’s parent company), many of the support options usually available to even those WordPress.com users with paid upgrades will be temporarily closed or minimized and support requests will be channeled to the Community Support forums for assistance. Yikes!

Those of us who regularly volunteer in the Community Support Forums are well acquainted with user frustrations when it comes to getting a timely answer to an urgent question. What doesn’t always seem obvious is that answers to many of the questions asked in the forums can be found in one of the best resources around – The WordPress.com Support Site.

Continue reading “Use the Support Search, Luke!”

Doing Business on WordPress.com

More companies are making their way to WordPress.com to build their web presence either as a blog or as a full website (as long as e-commerce is not the primary function of the site). And what’s not to like? On signing up and agreeing to the Terms of Service, a company gets a free or low-cost website with all updates and security handled by Automattic, excellent SEO built right into the platform, an excellent up-time record and, if a company chooses to buy the Domain Name Upgrade, there’s also easy branding or integration with the company’s existing website.  If you are comfortable with not having total control over your website, mostly in the areas of plug-ins and use of special code, WordPress.com is an excellent choice for business.
Continue reading “Doing Business on WordPress.com”

Hacked!? Not So Much: Your WordPress.com Account and Security

This past weekend a number of WordPress.com users discovered that a spam post promoting a “make money from home” scheme had been published on their websites without their prior knowledge or consent.  Many of those sites had not posted for some time while others had recently posted. What was common to them all, apparently, was the use of the same password for both their WordPress.com site as well as on other sites they logged into and which had been cracked.

Pete Davies, who works for WordPress.com, posted this response in the Community forums:

Thanks for letting us know about this. We also noticed something suspicious. We have reset the passwords of all affected users and have sent them an email to let them know. If there was any spam posted and not removed before we got there, we also went ahead and cleaned that up.

It is very likely that you were using the same password on WordPress.com that you used elsewhere. Recently, a few large services — LinkedIn, Yahoo, eHarmony, and Last.fm to name a few — have suffered well-publicized security breaches that have exposed email addresses and passwords. Although the passwords are usually stored securely, simple passwords can be decrypted or “cracked” in a matter of hours using modern technology.

Hackers gather the lists of email addresses and passwords from these services and then try to use them to access accounts on other popular services, like WordPress.com. If you used the same password multiple places, then your account can be compromised. That is what happened here. We do have measures in place to protect password guessing or “brute force” attacks but in this case, since the password is known beforehand, there is no need for a hacker to guess.

You should have a strong, unique password for every account you have on the internet. We have some more information on selecting a strong password in our Support section, please read through it:
http://en.support.wordpress.com/selecting-a-strong-password/

If you have any additional questions about the security of your account, please contact us using the form on this page:
http://automattic.com/security/

We take security seriously, and are happy to answer any questions you have.

via Spam post? « WordPress.com Forums.

More information on keeping your WordPress.com account secure can be found in the WordPress.com Support doc on Security.

The importance of having a unique password for every internet site you log into cannot be stressed enough and, if you use a public computer (at work, the library or at university) to connect to the Internet, the importance of logging out of those sites and clearing the browser’s cache and cookies each and every time is equally important.

Expired Domain? Oh no!

WordPress.com users with expired domains seem to be the flavor du jour in the Community forums today. So, this would be a good opportunity to remind users that if you’ve registered a domain name, regardless of whether through WordPress.com or not, take a moment and go look up your domain’s expiration date and add it to your calendar, digital or otherwise. If you registered your domain through WordPress.com, you can find this information in the “My Purchases” section of your Dashboard and if your domain is registered elsewhere, you can find it with your Domain Registrar or by performing a WHOIS search on your domain. Don’t depend solely on a renewal reminder notice or email from your domain registrar to keep your domain name up to date and in your possession.

Also, even if you’ve set your domain to automatically renew, check that your chosen payment method is current and that the renewal takes place on time. Don’t just assume it will.

If you don’t, you may find that recovering an expired domain could get very costly.

WordPress.com explains the Domain Expiration Process

Blog Privacy and Subscribers

One of the first things you are asked to decide when signing up for your WordPress.com site is your site’s Privacy setting. Most people have already thought about whether they want their site visible to casual readers or have their site out of public view, but they may have not thought about the subscriber aspect of this decision.

Sites whose Privacy settings are either public or blocked to well-behaved search engines are open to subscribers, whether by RSS feed, Email subscription or, for WordPress.com users exclusively, the WordPress.com Reader (“Blogs I Follow”). Subscribers can also find your site through the tags and categories you have used on your Posts by browsing the WordPress.com global tag listings or by searching. The global tag listings also automatically send out notifications of new posts via Ping-o-Matic.

privateloginSites that are private do not publish an RSS feed, do not have their Posts added to the global tag pages, nor do they appear in any search. Visitors arriving to your site will see a log-in page and unless you have invited them to view it, they will not have access. In order to be invited, visitors must have a WordPress.com account.

New to WordPress? In addition to that WordPress.com address you really want for your public site, register a second, private site for testing settings, themes and features.

Up to now this is pretty straightforward. So what happens if you start out with a public site and later decide to make it private?

First of all your site’s feeds will no longer be available. Anyone who has subscribed by RSS feed will not receive notice of new posts, nor will new posts be pinged by WordPress.com to the various services they connect to through Ping-o-Matic. Categories and Tags on your posts will no longer appear in the global tag listings. Subscribers, both WordPress.com users and those who have subscribed by email, will still show up on your Subscribers stats page. However, in spite of any misleading dashboard messages, like the one below that appears after you publish a new post, new posts are not sent out to your previous subscriber list. The only people who will be able to subscribe to your private site are the people you’ve invited to view it.

If you change your private site to a public one, keep in mind that all the posts that were previously published will now be visible to your site visitors, subscribers and search engines. Any private users that you have invited will be removed from the invited list, however, if they have also subscribed to your site, they will continue to receive notice of new posts.

•••Note: The behavior described in this post is correct as of today’s post.

•••Additional Note: This post deals with privacy settings for your entire site.  In addition, there are visibility settings for each post and page that allow you to selectively keep them out of public view. Information on this and other privacy settings in an upcoming post.

Want to receive updates from WPcom Maven? Stay tuned by subscribing by email or by RSS feed from my sidebar.