HelloARI logo: vinyl signs and identity design web design«    sign design«    blog«    contact«  USE MY IMAGINATION
web design and wordpress development 94114

san frnacisco web design

Fake WordPress Email about CVE-2024-46188 Patch

Many WordPress users recently received a fake email claiming to be from the WordPress Security Team about a supposed vulnerability called “Remote Code Execution (RCE)” on their website. The users are asked to download, install and activate a CVE-2024-46188 Patch plugin.

Here is what the email looks like:

This is not a solicited email and you should not click on the download button, which will actually take you to a site that has cloned the WordPress.org site in a very sophisticated way. If you get tricked into installing the plugin, it will create a hidden user account with administrator privileges which will be sent to the attackers.

Here are a couple of things to be aware of so you can recognize phishing emails:

  1. The WordPress Security Team will never email you requesting that you install a plugin or theme on your site, and will never ask for an administrator username and password.
  2. Official emails from the WordPress project will always come from a @wordpress.org or @wordpress.net domain. You can notice that the above email comes from a “mailing-wordpress.org” domain. Tricky!
  3. Phishing emails insist that you act immediately or there might be crucial consequences. Always make sure you check if the information is legitimate before taking any action.

You can find more about WordPress Security Team impersonation scams here.

Posted in WordPress | Leave a comment

How to make a Vcard QR code

There are many services today that will sell you a business card that has a QR code and or a NFC chip so you can present it to a new business contact and they can easily scan it and add to their contacts. Who needs paper anyway?

But many of these services (like linqapp.com or popl.co or mobilocard.com) will want to sell you a monthly fee to host your data online and give other features. One simpler solution is to build your own QR code. Once you generate it you can share it a bunch of ways:

  • print it out on paper
  • print it as a sticker and put it on the back of your phone
  • save it in your phone so it can be scanned from your screen.

HOW TO MAKE A VCF FILE

Generate a plain text file that contains the Vcard info. One way to do this in MacOS is to click and drag your contact card out of your Contacts app – it will generate a .vcf file on your desktop.

Click and drag that icon into TextEdit and you will see the plain text. Once you have the plain text you can paste that into a QR code generator like https://www.qr-code-generator.com (there are many others – note that they might also have paid features but the basic QR code is a free feature).

here is some sample code (with most data removed)

BEGIN:VCARD
VERSION:3.0
PRODID:-//Apple Inc.//macOS 14.0//EN
N:Salomon ;Ari;;;
FN:Ari Salomon
TITLE:Web Designer
EMAIL;type=INTERNET;type=pref:ari@helloari.com
TEL;type=WORK;type=VOICE;type=pref:+14151111111
NOTE: more notes
item1.URL;type=pref:helloari.com
item1.X-ABLabel:_$!<HomePage>!$_
item2.URL:https://instagram.com/arisalomonart
item2.X-ABLabel:_$!<Other>!$_
item3.URL:https://www.facebook.com/AriSalomonPhoto
item3.X-ABLabel:_$!<Other>!$_
END:VCARD
Posted in Web Design | Leave a comment

Harnessing the Power of Cloudflare’s Free Bulk Redirect Feature

URL redirects play a crucial role in website management, ensuring seamless user experience and preserving SEO rankings. When it comes to implementing redirects, domain registrars often offer limited options, and some even charge additional fees for this service. However, Cloudflare, a leading web performance and security company, provides a powerful solution for bulk redirects, completely free of charge. Here’s how Cloudflare’s bulk redirect feature offers superior control and flexibility compared to other options in the market.

Bulk Redirect interface (2023)

The Power of Cloudflare’s Bulk Redirects

Cloudflare’s bulk redirect feature enables users to define a large number of URL redirects at the account level, all with a given HTTP status code. This means that you can effortlessly redirect multiple URLs simultaneously, saving time and effort in managing individual redirects. By leveraging this feature, website administrators gain granular control over their website’s redirection strategy, leading to improved user experience and optimized SEO.

Unlike some domain registrars, such as GoDaddy, that offer basic redirects at the domain level for free, Cloudflare goes beyond by offering a more comprehensive solution. Other registrars like Register.com charge a monthly fee ($1/mo) for redirect services. In contrast, Cloudflare’s free bulk redirect feature provides extensive functionality without any additional cost, on top of their many security and performance offerings.

Bonus: Email Forwarding

In addition to URL redirects, Cloudflare also extends its redirection capabilities to email accounts. You can forward email addresses associated with your domain to other email addresses. This added flexibility allows website administrators to streamline their online presence by managing both website and email redirects from a single platform.

Navigating the Bulk Redirect Interface

While Cloudflare’s bulk redirect feature is incredibly powerful, it’s become more confusing over the years as they added more and more features. The interface includes two key elements: “Create Bulk Redirect List” and “Create Bulk Redirect Rule.” Their documentation is not so helpful on this feature.

  1. Create Bulk Redirect List: This step involves defining a list of redirects by specifying the source URLs, destination URLs, and the desired HTTP status code for each redirect. This list acts as a repository for all the redirects you want to implement.
  2. Create Bulk Redirect Rule: After creating the redirect list, you need to create a rule that governs the application of those redirects. Without creating a rule, the redirect list remains inactive, which can be a source of confusion. By associating the redirect list with a rule, you activate and enforce the redirects across your website effectively.

Detail view of the list of redirects. I created these manually but you can also upload a CSV file with many redirects. 20 are allowed in the free version

Cloudflare’s free bulk redirect feature offers website administrators an unparalleled level of control and flexibility when it comes to managing URL redirects. Although the interface’s dual steps might seem confusing initially, understanding the purpose of creating both a redirect list and a redirect rule ensures a smooth implementation process.

By leveraging Cloudflare’s free bulk redirect feature, website owners can enhance their website’s user experience, preserve SEO rankings, and simplify their overall online presence.

Posted in Web Design | Leave a comment

USF Launches Mapping Jewish San Francisco

HelloAri is proud to announce the launch of a new education website. USF approached us in September of 2021 with their project to publish these detailed historical studies of San Francisco Jewish communities. We worked closely with the researchers to refine the content and find simple ways to present the data in a clear and compelling format — on a very tight budget. As always, we leveraged the power of WordPress, the world’s most popular content management system. We assembled many pre-built pieces of code to streamline the process. These include plugins and themes as well as security and performance enhancements.

The University of San Francisco’s Swig Program in Jewish Studies and Social Justice’s new Jewish history resource is called Mapping Jewish San Francisco.

Mapping Jewish San Francisco is a new digital humanities project that takes a collaborative approach to examine the complex history and unique religious, cultural, and political identity of Jewish San Francisco. Top scholars and experts are contributing exhibitions to tell stories of the Jewish individuals and institutions that have shaped and are shaping the San Francisco Bay Area.

Along with other academic institutions, libraries, archives, and leading Jewish organizations, Mapping Jewish San Francisco aims to bring the past to life, making it possible to travel back in time to visually explore the rich Jewish history of the Bay Area.

The project presents two current exhibitions – Out of Egypt by Aaron J. Hahn Tapper and The House of Love and Prayer by Aaron J. Hahn Tapper, with a third one called Honoring Our Elders: Queer Jewish Lives in the Bay Area by Rabbi Camille Shira Angel soon to come.

Learn More:

Posted in San Francisco Art, Web Design | Leave a comment

Google Workspace reversal on legacy free G Suite account shutdown

After 16 years of free email at your domain, Google announced users would have to start paying. Now they reversed that stance and say you can keep your free account if it is for personal use.

It was 2012 when they no longer offered a free version of what was also called “G Suite”. it is like a free Gmail account but at your own domain instead of at gmail.com. The paid version gets you get more storage, support — and many other features.

Good news: 501c3 nonprofits can still get Google Workspace and all the pro features free by request.

I host most of the sites I build but I have not hosted email on my server for a long time in order to keep it safe and speedy for my WordPress managed hosting clients.

now when you log into the Google Admin it will ask you to choose paid vs free and this is what the 3 screens look like:

read more at: arstechnica.com

Posted in Web Design | Leave a comment

Choose a personal Google Account vs a Google Workspace account

If you get a message like this when you log in, it’s referring to how you had an account already registered with Google using that email. Now you have a new kind of Google account with that same email address. Part of the confusion is that you can register any email as a “Personal Google account” – it doesn’t have to be a Gmail or a Google Workspace email account.

In other words, if you see this message it means you have a “personal Google Account” and a “Google Apps account” (now called a “Google Workspace account”) linked to the same email address.

Choose an account: There are two existing Google Accounts… Which account do you want to use?
1 – Google Workspace account An account owned by helloari.com
2 – Personal Google Account An account you created with Google

Learn more about “conflicting accounts“:

A conflicting account is a personal Google Account that was created using the email address of a Google Workspace account. A Google Workspace user could have two accounts with the same email address.

If you had old google account and now your email hosting is part of Google Workspace it asks when you login about a personal (or it might be considered a private account as opposed to a corporate Google Workspace account). Some might refer to this as a Google login in Workspace vs a Private account.

There is a way to combine to two accounts: see: support.google.com/a/answer/7062710
But it’s not required. You can just click on that first option “google workspace” and proceed.

This video explains in more detail:

a related error is “user name conflicts with consumer account”. if you get that your next step is to merge the old consumer email account with a new google workspace email account: If you’ve signed up for a Google account using your company email address, and later your company upgrades to Google Workspace, you might encounter a conflict between your old Google account and the new Google Workspace account. This conflict arises when both accounts use the same email address. To resolve this, follow these steps:

PART 1: Conflicting accounts occur when you initially use your company email to create a Google account. Subsequently, if your company switches to Google Workspace, creating a new work-related Google account, both accounts conflict because they share the same email address. If your personal Google account ends with “gmail.com” and has no aliases, it won’t face this conflict.

PART 2: When logging in, Google offers several options to resolve the conflict and separate the two accounts. You can:

  • Switch to an account with a Gmail address (exampleemail@gmail.com or another available Gmail name).
  • Switch to an account with a different email address (e.g., example@mail.com or any other email address).
  • Sign in with a temporary username provided by Google (example%domain@gtempaccount.com).

It is essential to resolve all conflicting accounts. If you opt for the last option, your account will be automatically renamed to the temporary name provided by Google. You will continue to be presented with these options during sign-in until you choose and confirm a permanent solution.

learn more about Merging accounts

Posted in Web Design | Leave a comment

Free Public Domain Stock Photos – leave your mark

2022 updated list:

Great photos (public domain) can be found from U.S. government agency websites:

  • USA.gov is a government-operated website that was founded to give access to government agencies and resources.

And a bigger list:

And some searchengines to help find free photos:

Many photo editors want to boycott Getty Images because of their “extortion” letters. List of Getty Images owned sites:

  • iStockphoto
  • MediaVast
  • WireImage
  • FilmMagic
  • Contour Photos
  • Master Delegates
  • Redferns Music Picture Library
  • Jupiterimages – stock.xchng and StockXpert
  • Corbis announced that it had sold its image licensing business, including the Corbis Images, Corbis Motion and Veer libraries and their associated assets, to an affiliate of Visual China Group—Getty’s exclusive distributor in China. Concurrently, it was announced that VCG would, after a transition period, license distribution and marketing of the Corbis library outside of China to Getty. The firm will also manage Corbis’s physical archives

Some of these links are via: Matthew Chan

 This YouTube video covers best practices for using other people’s images

Posted in Design | Leave a comment

1099k and independent web designers

You may have heard that you do not need to send a 1099-NEC (formerly called 1099-MISC) to a contractor if you paid them through PayPal, even if they made more than $600.

It’s pretty confusing and you should confirm with your CPA first (this blog doesn’t offer legal or tax advice) but I hope my recent research will give you a few new perspectives on how to manage small business tax reporting.

NEW RULES

As of 2022 the trigger for PayPal (or any 3rd party payer) to send a 1099k is reduced to $600. It used to be $20,000 (or 200 transactions).

WHO’S A REAL FRIEND?

If you pay with PayPal’s “friends and family” option (no fees) you are required to send the contractor a 1099-NEC. In other words, PayPal will not send them a 1099k if you use the “friends and family” option. PayPal will only include in their 1099k payments that are marked as “business” payments and those payments are always charged a fee (usually 3.49% + fixed fee of around 0.49 USD).

Venmo is also a 3rd party payment processor – they also ask for each payment if it’s to “friends” (like a repayment of borrowed money or splitting a bill) or for a business. I think this is only an option if you have business payments enabled for your account. The fee is lower: 1.9%+$0.10.

I think Square and all credit card payments (and payment services like Wise.com) don’t have free options so all those payments will be reported on a 1099k.

Zelle is always free of fees so banks are not going to ever send a 1099k.

Posted in Web Design | Leave a comment

How to remove a Google account from “Choose an account” page list

google-sign-in-remove-button-missing

Here’s a quick tip on something very simple that I could not figure out for the longest time. One of those bugs that was somehow thought to be a feature at some point in the development process over at Google. Too busy not doing evil, I guess…

The graphic above is very straightforward and familiar to anyone who uses more than one Google account.  Easy to add or remove accounts, right? The tricky part is that if you are logged into any of these accounts then you will not see the “remove” button. Instead, it will look like this (with just “add an account”):

add account - no remove

Add and Login to Remove?

In other words, to remove an account you have to log out of a different account but it doesn’t tell you which account you are logged into. And to find this page in the first place you have to “Add account” from the top right menu – so you have to add an account and then log out of an account in order to remove an account.

There are many ways to end up on this page I suspect – jumping between Google services such as Adwords or Google Analytics, for example. These are some of the URLs that will bring up the “Choose an account” list:

How to log out? visit accounts.google.com/logout and Google will log you out — then the remove button will be visible.

Some of the keywords I tried to find an answer online:

  • How to remove a Google account from your list of accounts on the “Choose an account” page?
  • How to remove sessions from Google accounts?
  • Google account +remove button missing

More links:

If you have never seen this interface it might be helpful at this point to know that once you can see the “remove” button then it’s very simple: click the “remove” button and ‘x’ any accounts that you want to remove from the list. This will not delete accounts of course, just remove them from the saved list. See the “Choose an account” picture at top.

 

Update 10/2014: Thanks for the overwhelmingly positive feedback on this post — seems like it’s been helpful to many people.

Update 11/2015:  It’s super simple to set the default Google account. You just have to log out of all the accounts and then first one you log in, is the one which will be the default, and then the next account you log in to will be the secondary account(s).
Details: osxdaily.com

Update 1/2022: you may get a ‘syncing is paused’ notice when you sign out. if you use the Chrome Browser then you can log into yoru main google account (if you have a main account) in the browser itself and that will default the user that appears in the list. You can actually sign into mulitple accounts in the browser and use that to control what account appears in the list of accounts. 

This list is also called the “Account Chooser” and it can break the AutoFill or AutoComplete of some web browsers.

 
 


 
 
 
Posted in Product Reviews, Web Design | 131 Responses

WordPress: adding extra line breaks, vertical space and more

There are issues with all the WYSIWYG (What You See Is What You Get) editors out there. It’s hard to make a browser-based tool that just works right. Over the years these tools have gotten better and require fewer “hacks” to get them to display what you want them to display.

The intutiive solution is to just add more blank lines (carriage returns, to use a typewriter term). But it doesn’t work — WordPress is trying to “clean” the code and this is useful in many situations but not always. Read More »

Posted in Web Design, WordPress | 21 Responses
© 1996 - 2024
contact  |  links  |  rss