What we're talking about ...

How to customize user roles on WordPress

How to customize user roles on WordPress

Website managers can customize user roles on WordPress to enforce five basic permission levels, easily assigned within their default WordPress dashboards. But complex user permission configurations require advanced user role assignments beyond the defaults and require an advanced user role plugin for greatest control and flexibility.

Customize User Roles
 

The default permission levels available in WordPress are a good place to start thinking about assignments because user role plugins typically build on these assignments.

How WordPress manages user roles without a plugin

(Default) Basic WordPress user roles

  • Administrators – The god-like website manager who can control the destiny of everyone and everything within WordPress, different from editors because they can change themes, manage widgets and plugins and determine the roles of other users.

  • Editors – This is the vice president within WordPress who acts as the mouthpiece and moderator on behalf of the ones in charge. Editors mostly spend their time editing, deleting and approving comments. But they also have access to pages and most of the plugins on the website.

  • Authors – These are the senators of the website, managing their own interests by publishing their posts as they wish, without review. They can’t add or delete media files, but they can cause a lot of problems by publishing any words and linking to any website they wish.

  • Contributors – These are the children who must wait for their parents’ approval before leaving the house with their Halloween costumes on. WordPress contributors can write their own posts but can’t publish them until they’re approved by a more powerful user.

  • Subscribers – Can’t do much more than manage their pictures and profiles associated with the comments made on the website.

How WordPress manages user roles with a plugin?

(Advanced) Plugins to change user defaults:

Customize User RolesHow do you assign administrative control to one plugin but not another? The default won’t cut it for website managers who need to add and customize user roles with granularity.

For instance, many organizations will want to assign a user to manage the website’s event calendar while another is in charge of sending email blasts to users.

There are a number of great (and free!) plugins for website managers to use for customizing user roles on WordPress, but only two that come in with more than 100,000 active installs and more than 4 out of 5 star ratings:

  • User Role Editor Plugin (Blotter’s Choice!) – Uncheck or check boxes of capabilities to add a selected role or add new roles and customize its capabilities according to what the user needs. This plugin is the most robust and intuitive way to manage user roles beyond their default assignments.

User Role Editor Screenshot

  • Members Plugin (Blotter’s 2nd Choice!) – Allows you to edit, create, and delete roles, control which users (by role) have access to post content and allows you to use shortcodes to control who has access to content. Many website managers utilize this plugin to create a virtual Intranet, making a website completely private to employees or assigned membership.


More about how to customize user roles …

There’s a number of folks out there who are complaining about the way WordPress defaults the user capabilities. Specifically, that the assignments are needlessly granular and should be simplified down from the default five categories. On the contrary, the assignments make sense when you consider the need to extend functionality to multiple classes of users who are managing and interacting with your website. WordPress approaches their defaults without consideration of plugins that might be layered on top of their content management system. Indeed, there’s efficiency in this simplicity and website managers should ensure they’ve mastered their understanding for these assignments before installing a third-party plugin which may over complicate the user roles.

A note on security

It is worth mentioning the very real dangers that arise when depending on third-party plugins to manage the security settings of a website, especially when permissions are involved. The integrity of a website is compromised each time a third-party plugin is added, so website managers developing a permissions protocol may consider writing a custom plugin. Also remember to enforce password security for all users assigned on a website. Website management involves multiple layers of security without having to compromise convenience.

CNN.com bait and switch SEO titles

CNN.com bait and switch SEO titles

More and more online journalists are using provocative headlines to garner likes and shares while distracting readers from the facts. Bait and switch SEO titles reflect a new trend in yellow journalism, a term first used for nineteenth century United States’ political coverage (published on yellow newspaper) when journalists crafted news to exploit readers’ most vulnerable emotions – fear and curiosity.

CNN Bait and Switch Headline

CNN baits readers with an untrue permalink.

The Internet is awash in sensational posts from upstart news sites, but it’s not just the online blogs Upworthy and Buzz Feed doing it. Established news organizations are also using coercive techniques to get clicks.

We’ve busted CNN.com using bait and switch SEO titles to display shocking headlines that are not true.

Consider CNN.com’s recent headlines after Reverend Gary Hall, Dean of the National Cathedral, called on the church’s governing body to remove two stained-glass windows put in place to honor Confederate Generals Stonewall Jackson and Robert E. Lee. His statement immediately (and wrongly) became a mandate, rifling across online social networks courtesy of news organizations that misappropriated the man’s request by writing misleading headlines for their news feeds. Google search results reveal the culprits who use bait and switch SEO titles, particularly where an HTML permalink goes to a story with a different headline than what originally displayed. In this particular example users viewed search results with the title, “National Cathedral to remove Confederate Images – CNN.com” while the destination page displayed the very different headline, “Cathedral urged to remove Confederate images.”

Bait and switch SEO titles allow website managers to differentiate their website posts using what some pundits call “information gaps” in headlines to capture the interests of readers. For example an information gap exists when a headline leaves out details that could have been included: The reason this mom gave for abandoning her baby will surprise you! But the practice of writing sensational headlines becomes misleading when the actual facts are different from the headlines. If, for instance, that article reveals to readers that the mother and baby were penguins, not human beings.

An especially egregious “yellow blog“calling themselves “Newswatch33″ has been trolling readers with headlines that South Carolina is actively seceding from the Union, but these yellow journalists take it a step further with the fabrication of facts:

“A petition has been started within the South Carolina House of Representatives for the state to secede from the United States.”

Newswatch33.com and their "yellow journlism"

Newswatch33’s false headline is shocking and untrue.

While there is no source sited within the article to support their information, the article carefully embeds that statement between a quote from the Governor and a statement from Leland Summers, the South Carolina Division Commander of Sons of Confederate Veterans who defends the Confederate flag. While it’s true that Summers fails to connect a segregation-era symbol with Charleston’s racist attack, he has not begun a petition to secede nor is there journalistic evidence that any members in the South Carolina General Assembly recently introduced such a petition to secede.

While the prospect of a rogue state makes great headlines, the facts are faked.

Another bit of their yellow journalism quotes a “Citizen’s for White Rights” source confirming Dylann Roof received $4 million in donations:

“Michael Lawson, attorney for Citizen’s For White Rights released this statement ‘Our organization wants to ensure that Dylann Roof receives fair and equal treatment under the laws of our nation. With all of the publicity this recent incident is receiving along with the Black Organizations looking to make our client guilty, it’s important that Dylann Roof is protected. The donations we are receiving will ensure his protection as we wait for trial as well as when the trial begins.'”

Of course the problem with the article is there is no such person as Michael Lawson, nor a Citizen’s For White Rights organization. The urban legend watch group Snopes.com quickly dispelled the rumor while suggesting the news source “is a fake news site that coincidentally appeared on the scene just after the very similar NewsWatch28 fake news site apparently shut down.”

Perhaps it’s not our fault that we impulsively share these “yellow headlines” without properly vetting them. We want to share our shock with friends! This Information Gap Theory of Curiosity, a phrase coined by George Loewenstein in the early 1990s, explains the psychological phenomenon when readers feel an emotional “itch” on the brain that requires them to scratch it by reading and sharing the headline. That’s the “gap between what we know and what we want to know,” says Loewenstein. Teasing readers by omitting conclusions to a question, displaying images that are purposefully ambiguous, and challenging readers to test sexual, social, moral or morbid assumptions are all tools used to create these unquenchable gaps in headlines.


yellow-journalists-newswatch33


 

We have a moral responsibility to ignore agitator websites fanning flames with lies. Those who share bogus bait and switch SEO titles do so to the detriment of relevance. Journalism fails when news is fabricated in this way.

While yellow journalism seems business-as-usual to a few, the misinformation damages critical dialogue by omitting facts that could otherwise enlighten. At worst it causes readers to tune out: “Those folks are far too gone for me to even consider the issues – I just can’t deal with the news anymore!”

We must do better when sharing articles on social media, by vetting the news source and identifying the telltale signs of misleading bait and switch SEO titles meant to elicit more clicks.

Google content and functionality directives

Google content and functionality directives

If it sometimes feels like Google has a gun to your head when it comes to following SEO best practices, then you’d be correct. However, Google publishes their secret formula here, the cornerstones for any company’s successful Internet presence. This Google-sanctioned website content and functionality, the soul and body for website search engine optimization (SEO), must be followed – or else.

Website managers often fail to line up their strategies around these two Google pillars. Instead, some website managers deploy bad backend infrastructure and useless Applesque graphics, carefully written marketing copy and exhaustive navigation.

Google Monopoly

Worst of all, many of these folks ignore Google content and functionality directives, guidelines that are readily available for anyone to read and apply to a website. Here’s what Google says to website managers:


1. Google 101: How Google crawls, indexes and serves the web

Google Logo

2. Google Webmaster Guidelines

3. When your site is ready


Don’t forget the functionality!

It should be noted there are ways to give website managers an edge – beyond what Google tells us. Traditional and new marketing strategies within the functionality of your WordPress website can take a website from good to great:

Use WordPress content management system (CMS) to level the playing field for your website. WordPress optimizes website content and functionality for website managers because the functionality can be easily added via plugins. These free or inexpensive modules plugin to your website to provide useful utilities for visitors. Here are common plugins used on WordPress that website managers should not be without:

  • Email Signup and Newsletters (i.e., MailPoet)
    Offering the ability to capture a visitor’s email address for the purpose of marketing to them later remains a good way to solicit content on a wide scale. The content from your website’s CRM can be easily re-purposed for email newsletters sent directly to subscribers with just a few clicks.
  • Appointment Calendar (i.e., Ink Appointment)
    Scheduling managers allow users to book hair appointments, medical office visits or any type of booking requirements for a business keen on capturing new users and having them sign up directly for services. Scheduling management is clutch for retail businesses, especially, but also serve the interests of consultants who want to schedule appointments and update appointments online with their customers.
  • Lead Capture (i.e, Gravity Forms)
    Most websites have a sidebar where users are asked to enter more than just an email address “To get more information on the service or product.” Software companies such as Brooklyn-based Thoughtful Systems or Chicago-based Neon CRM keenly capture visitors to their websites, parlaying that information to a sales manager who returns the phone call, offers the sales pitch and closes the deal.

    Landing Page Example

    Landing Page Example at http://thoughtfulsystems.com

Hipster designs are pretty and useless. Ask yourself if there is utility behind the slick designs of that slider, and if the rotating images provide unique functional options rather than rote stock photos. Does your website’s easy-to-maneuver and simplistic influence of the (nearly) trillion dollar company that is Apple actually do anything? The iPhone was not beautiful because of its lack of tactile buttons or original pinch and swipe touchscreen, the iPhone was fundamentally a good machine that delivered efficient functionality in a pretty package.

Don’t try to predict what Google wants when you can read it
Few website managers can claim to know exactly how Google evaluates websites for indexing on search results, but the steps above are clear, concise and the only sure-fire way to get results on your website. Where classic SEO strategies included key word listings and back linking to popular websites, today’s standards – as dictated by Google – are very different.

Google puts a gun to your head for how website content and functionality needs to look on a website to be properly indexed on their search results. There’s no changing it. Like it or not, the Google formula for content and functionality is what generates successful search results for your Internet presence.

The Failed U.S. Conspiracy to Control Domains

The Failed U.S. Conspiracy to Control Domains
Oprah Sucks

Read Yahoo! Finance’s take …

The recent outcry over the new dot-sucks (.SUCKS) generic top-level domain (gTLD) portrays a U.S. government that has failed everyone, even as the bureaucracy divests control over the Internet Corporation for Assigned Names and Numbers (Icann).

Generic top-level domains were specifically purposed for websites in the beginning, or that’s the common misconception world-wide-web dinosaurs cherished about the same time Al Gore was inventing the Internet:

  • Popular DomainsDot-com (.COM) for business
  • Dot-net (.NET) for networking
  • Dot-org (.ORG) for non profits
  • Dot-edu (.EDU) for schools
  • Dot-gov (.GOV) for governments
  • Dot-mil (.MIL) for military
  • Dot-xxx (.XXX) for porn

The failed U.S. conspiracy to control domains has gone on for more than two decades, led by the U.S. Commerce Department’s efforts to bring order to Icann, the domain name management organization who has ignored calls from Congress to ban the proliferation of useless names again and again. There are currently approximately 850 gTLDs, or domains, for the market to consider.

An embarrassed Senate Congress chairwoman Edith Ramirez recently elucidated their failure to organize the destiny of domain names on the Internet:

“The Commission provided Icann with policy recommendations in which we highlighted a range of issues implicated by the impending rollout of the new gTLDs, including the increased risk of consumer confusion …. I therefore urge Icann to consider ways in which it can address the concerns raised with respect to .SUCKS, as well as to consumer protection issues more generally, on a broader basis.”
– Senate Congress chairwoman Edith Ramirez

Both free-market and libertarian minded pundits are disparaging over the .SUCKS debacle just the same, realizing the mean-spirited and offensive circumstances Icann unleashed in their efforts to enrich themselves with more revenue.

“Developers, engineers and other Internet stakeholders were free to build the open Internet because ultimate U.S. control ensured its smooth operation. If Icann can’t fulfill its basic function of overseeing Internet names without U.S. oversight, there’s no way it can protect the Internet from authoritarian governments such as Russia and China trying to close down websites they don’t like.”
– L. Gordon Crovitz in The Wall Street Journal on June 1, 2015

The counterargument
Others conclude that by limiting domain names there simply is not enough inventory to supply the free market. Recent domain sales in the month of May demonstrate just how lucrative the market is when inventory is limited:


gTLD Domain Name
Sold For Where Sold
1. Mera.com $132,500 Private
2. Adopting.com $125,000 DomainHoldings
3. FBET.com €50,000 = $54,500 Sedo
4. MyFood.com $33,500 Sedo
5. WJM.com $33,000 Private
6. BD.net $29,500 Sedo
7. LILV.com $28,000 eNaming
8. Astrology.tv €25,000 = $27,250 Sedo
9. 8255.com $26,500 Sedo
10. EasyFundraising.co.uk $24,000 NoktaDomains
11. AttorneyGroup.com $20,000 Sedo
12. Bando.com $19,999 Sedo
13. 5227.com $18,000 DomainsNext
14. IMX.com $17,500 Sedo
15. Buji.com $16,000 NoktaDomains/4.cn
16. Macfarlane.com £10,000 = $15,300 Sedo
17. Hi.net $15,000 Sedo
18. Paris24.com $11,000 Sedo
19.
tie
CZ.cc €10,000 = $10,900 Sedo
19.
tie
Joy.eu €10,000 = $10,900 Sedo

DN Journal follows the domain market and gathers trends. Any 3-letter .coms have been selling very high in 2015, but what is also interesting is the number of .net and .tv sales documented during the month. It’s only a matter of time until four-letter .coms become as lucrative to buy and sell as the lesser number letters.

Even if there were enough domain names, freedom of expression should allow for any gTLD, right? Well, not exactly. Freedom of speech (at least in the United States) does not include the right to be a jerk. The .SUCK domain would directly incite those who are targeted. A visit to www.uscourts.gov suggests obscenity and hate is illegal:

  • [It is llegal] to incite actions that would harm others (e.g., “[S]hout[ing] ‘fire’ in a crowded theater.”). Schenck v. United States, 249 U.S. 47 (1919).
  • [It is llegal] to make or distribute obscene materials. Roth v. United States, 354 U.S. 476 (1957).

Slander seems peanuts where national security is concerned. Disrupting business over the Internet would be an act of war. DNS hijacking may seem an act of terrorism when done by a rogue perpetrator, but subversion by a country or large organization is something else. As recently reported in the New York Times Magazine, Russia employs hundreds of trolls and troublemakers who could easily be repurposed to disrupting gTLDs:

Several Russian media outlets have claimed that the agency is funded by Evgeny Prigozhin, an oligarch restaurateur called “the Kremlin’s chef” in the independent press for his lucrative government contracts and his close relationship with Putin …. One Russian newspaper put the number of employees at 400, with a budget of at least 20 million rubles (roughly $400,000) a month.
– Adrian Chen, The New York Times

There will be continued debate whether the U.S. government – or any independent oversight paradigm – has the ability to manage ICANN and the dynamics of the evolving domain markets given the failed U.S. conspiracy to control domains.

Better passwords to keep your junk in the trunk

Better passwords to keep your junk in the trunk

Chances are someone has naked photos of you or your family. A recent survey shows that 9 out of 10 Millennials have documented their own whoopie cakes, humpty dumplings or baloney ponies. But what precautions have they taken to keep their money makers private?

A unique method for choosing passwords is critical given that a typical lowercase six-character password can be guessed in less than 10 minutes. Choose multiple stategies when picking a better password and you’ll be protected.

We shred documents in office compactors and tell our children to avoid contact with strangers who ask questions – so advocating for good password policies in your office or home should be a no-brainer.

Keeping your junk in the trunk may depend on it.

Last year’s iCloud celebrity photo hack should be a wake up call for everyone. Nude and compromising photos of nearly 100 celebrities were published, without permission, on the imageboard called 4chan.

4chan Celebrity Scandal

The hackers simultaneously pulled the pants off victims and the world’s largest Big Tech Company by using a service called “iBrute” to gain access to those celebrities’ passwords – and ultimately stealing the photos stored on their phones and in the cloud. When TIME magazine accused Apple of negligence in allowing the vulnerability in Apple iCloud’s “Find My iPhone” service, which helps users locate a lost or stolen phone, Apple responded with this strongly worded statement rebuffing the accusation:

None of the cases we have investigated has resulted from any breach in any of Apple’s systems …. To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.

Blotter Password Reset

Business Insider butressed the liability argument from Apple’s accusers, reminding readers that the ability to gain access to Apple’s iCloud accounts would likely require the ability to identify the user or email address of each victim. Given the ease with which hackers find email addresses and usernames, however, Apple can’t be held fully responsible for users’ bad password choices.

What if those victims had been provided with guidance on setting up good passwords?

These five easy methods to choose passwords and keep your junk in the trunk could save your own tuckus from broad publication.

Again, use a combination of strategies, not just one! Choosing a password that’s both easy to remember and practically guess-proof is something to tell family and friends about, too. After all, the integrity of your jaybird may be at stake.

1. Parenthesis always

A lot of us forget that parenthesis can be used in passwords. That means that you should be utilizing the symbol – or any of the special characters – around EVERY password you ever choose, going forward from today.

  • Password Parenthesis Example: mypassword becomes (MyP4$$^^0rd)

2. Leetspeak is not so good

Leetspeak, an alternative alphabet that uses various combinations of ASCII characters to replace Latinate letters, can help. But foiling password guessing programs can be problematic if that’s your only strategy. For instance, Leetspeak will not keep your password safe if you’re using it in an obvious manner. (Pa$$word is one of the first combinations these password applications will attempt, for example.)

  • Password Leadspeak Example: IfYouCanReadThisYouAreOffToAGoodStart becomes 1fuc4nre4dth15ur0ff2ag00d$t4rt

3. Password Ebonics

Because password cracking applications rely on languages the criminal hackers have imported from open-source dictionaries, it’s best to utilize languages that are unformalized or entirely made up. Here are a few examples:

  • Password Ebonics Example: PeepsOffDaHizzleSup
  • Password Redneck Example: FoScoAnSevenYearsGo
  • Password Jive Example: IGotsSomeFeelinWesNotInNoKansasNoMo

4. Bigger is better

Experts suggest repetition of unique letters is good security when choosing a password. For instance, many, many letters arbitrarily inserted in your password phrase can pretty much prevent any password cracking application from guessing it. Of course, the downside is remembering the number of letters used.

  • Password Repetition Example: HoustonWeHaveAProbleeeeeeeeeeeeeeeeeeeem!

5. Special character substitutions

Special characters should go beyond standard punctuation to include all the SHIFT-NUMBER letters, albeit not necessarily at once. A novel way to do this is by including your anniversary date or another arbitrary date (preferably not your birthday or something that could be guessed by a hacker).

  • Password Password Example: September202008 becomes September@)@))*

 

Blotter Password Reset

Better passwords to keep your junk in the trunk also keeps your money safe!


Most hackers are interested in stealing unique identifiers for the purpose of theft, of course.

By utilizing a password strategy that is personal and unique, you’ll be more likely to remember the password and mitigate the possibility of brute force or other malicious attacks.

Creating good passwords to keep your junk in the trunk is the responsibility of everyone you’re close to. If those around you are not using good security strategy, neither are you!