WP Time Machine – free off-site backups for WordPress

A few days ago, @bakkel tweeted about WP Time Machine. This WordPress backup solution turned out to be exactly what I’d been looking for. It gathers all the relevant bits (like your blog’s database, uploaded images, etc) and uploads them to Dropbox, Amazon’s S3 or FTP. It even adds a file with comprehensive restore instructions. I’ve argued before that backups need to be absolutely painless, and with this plugin they are.
More WP Time Machine – free off-site backups for WordPress

QNAP TS-210 first impressions

The most important thing about keeping your data safe is that whatever backup or redundancy setup you choose, it has to be easy. If you need to remember to make backups, you’ll forget. For me personally, I’ve opted to go with a RAID1 solution, where my data is written to two separate disks. This means my data is safe from drive failure, and since I’m using a version control system, I don’t really need any kind of rotating backup scheme. That’s why I got a QNAP TS-210 a couple of weeks ago, and so far I love it.

I’m no expert when it comes to NAS devices (this is my first one), and so I’m not saying the QNAP is better than the similarly priced Netgear ReadyNAS Duo or the Synology DS210j. I couldn’t find any comparative reviews, so I went with the one I thought looked cool and had the best hardware specs. I did want to go with a specialist brand as opposed to something like the WD “World Edition”. I’ve never really trusted consumer solutions, and WD isn’t my favorite brand.
More QNAP TS-210 first impressions

Roy | August 25, 2010 | English,Gadgets | Comments (13)
Tags: , , , , , ,

Don’t let your disks topple over!

I know they look good, but placing your external hard drive vertically (as many are intended these days) is actually a data security risk. Models like the Lacie pictured here, many WD models and countless others may be easier to fit onto your desk than horizontal designs, but you can knock them over. It happened to a friend of mine yesterday, and it looks like he’ll have to pay a lot of money to get his data recovered, or consider it lost.

This also adds a reason to why RAID1 drives (with two disks that store data twice) are safer. Typically, those type of devices have a wider base and are much less inclined to topple over. But anyway, if your drive is the kind that can be placed flat on your desk, I’d recommend doing so.

Roy | August 12, 2010 | English,Gadgets | Comments Off
Tags: , , , , , , ,

How to keep your data safe on a budget

I’ve recently decided to move my business out of my family’s home, to a nearby office building. While this is very convenient in many ways, it also meant I had to find a way to move data to and from there safely. As a web freelancer, I feel it’s my responsibility to keep client data very secure. Not only do I not want to lose it, I also need it to remain private. That’s why I looked into things like RFID protected and rugged harddrives.

There are two distinct threats I wanted to keep my data safe from. One is from data loss through drive failure. I’m going to be taking it with me every day, so I needed a sturdy drive that could take some (accidental) abuse. The other threat is theft. I wanted the contents of the disc to be protected in case it fell into the wrong hands. It was essential for me that I’d be able to use the device on Windows, Mac and Linux computers, which rules out most products that use software encryption.
More How to keep your data safe on a budget

WP-Cumulus updated to address yet another security issue

danger signA few weeks ago I rushed out an update to fix a potentially dangerous Cross-Site Scripting (XSS) vulnerability in WP-Cumulus. With the PHP part of the plugin shielded from ‘outside use’, I was hoping no more issues would pop up. Still, I’m glad MustLive alerted me to another issue that uses the Flash movie itself. The exploit worked by calling the SWF file directly, and supplying link with javascript. I’m not quite sure how dangerous this is, but I’ve modified the movie so it only executes regular links.

Please update your copy of WP-Cumulus to 1.23 asap. For most users it should only take two clicks.

The should not affect how WP-Cumulus works on WordPress blogs. But there have been a number of ports and other projects that use the Flash movie. I urge the authors of those projects to examine the new Flash movie, and see if it still works in/with their product. The exploit is not unique to WordPress, and they may need to modify the security check to fit their project.

WP-Cumulus 1.22 fixes a security hole, please upgrade!

danger signYesterday, Thomas Scholz alerted me to a security weakness in WP-Cumulus. He noticed XSS hacking attempts targeted at wp-cumulus.php that could, in rare cases allow malicious code to be executed. This issue has been fixed in version 1.22, and I strongly recommend you upgrade straight away. It’s better to be safe than sorry, and the attack has already been seen ‘in the wild’.

WP-Cumulus can be downloaded here, but chances are your blog will notify you of the new version and allow you to upgrade automatically.

Obfuscate email addresses using PHP

If you want to include an email link in a WordPress template, or any other web page for that matter, its advisable to ‘obfuscate’ the address. Unfortunately, spammers scour the web to harvest email addresses, so if you simply place your address online, you’re very likely to get a some extra unwanted email. That’s where obfuscation comes in.
More Obfuscate email addresses using PHP