Protect your WordPress login

Update: This post is outdated. We now offer SSL certificates for free to all customers, and recommend that you make your entire WordPress blog use SSL (rather than just making the dashboard SSL using the FORCE_SSL_ADMIN trick described below).

Do you login to your WordPress blog securely? Are your username and password encrypted so that “hackers” can’t steal them and then break into your blog? (Probably not!)

By default, each WordPress blog is configured to send the login username and password as plain (unencrypted) text. If a hacker can see what you are sending during your login, they can easily steal your username and password. This can happen if you have a virus installed on your computer. It can also happen if your computer is virus-free but connects via WiFi. If your main computer uses a wireless connection, or if you or other users of your blog ever login with their laptops — blogging from a coffee shop, anyone? — remember that these connections can be insecure, and could be susceptible to revealing your password.

You can protect your blog by installing an “SSL certificate” and configuring WordPress to require secure logins. Your browser will then encrypt your username and password so that no one can intercept them.

Read the rest of this entry »

“Domain Registry Of America” scams continuing

We’ve recently heard from several customers who have received what appears to be a domain name renewal invoice from a company called “Domain Registry of America”.

These “invoices” are a scam. Domain Registry of America is unrelated to our company, and has been cited by the FTC for “deceptive conduct”.

If you look closely at the “invoices”, they actually say something like “This notice is not a bill, rather an easy means of payment should you decide to renew your domain with us.” However, that small print is easy to miss.

We have a page about Domain Registry of America scams with much more information. We encourage you to make sure that whoever pays your invoices is aware of it.

Statistics of registrars violating the ICANN domain name transfer policy

In a previous post, I talked about how some domain name registrars have been violating the ICANN transfer policy for years, preventing domain name holders from easily transferring domain names.

I lamented the lack of detailed statistics about how many transfers each registrar rejected. However, it turns out that some of those numbers are actually available right on the ICANN Web site.

Read the rest of this entry »

Registrars continue to violate the ICANN transfer policy

One of the most frustrating things we deal with is helping customers transfer domain names from other “registrars” (domain name companies) to us. To do this, we ask the old company to release the domain name, and they then have five business days to either release it or reject the transfer.

There’s an obvious potential conflict-of-interest here. An unscrupulous company could easily make more money by rejecting the transfer and forcing the domain name owner to renew it there instead.

Read the rest of this entry »

Need support? Count on us.

Recently, the Web hosting industry has been abuzz with talk of companies trying to outsource their mail service. One of our largest competitors recently announced that because half of their customer requests for help were about e-mail, and because e-mail is difficult to get right, their customers should just use GMail instead.

The problem is that GMail, Yahoo mail, Hotmail and other free mail services have no real support. If you have trouble, there’s no way to talk to the people running the mail system and ask them about individual messages.

Read the rest of this entry »

“We’ll Pay the Ransom” to Network Solutions for domain names

Let’s say that you want to register a domain name, so you go to the Network Solutions Web site to see if the name is available. If the domain name has not yet been taken, Network Solutions will register it for themselves behind your back, forcing you either to buy the name from them immediately (at their high price of $34.99), or wait four days until they release it again (at which point someone else may be able to get it before you).

If this happens to you, we imagine that you might feel something like this:

Fictional 'ransom note'

We’re introducing a new “We’ll Pay the Ransom” promotion, wherein we will pay Network Solutions the $34.99 necessary to register the domain name for you. Or, if you’ve already paid it, we’ll credit your account $34.99. Either way, just sign up to transfer the domain name to us and a year of our Web hosting.

Read the rest of this entry »