September 6, 2009 by Kevin O'Keefe

Wordpress blogs hacked : Law firms need to consider Wordpress support costs

After Wordpress came under attack by hackers over the weekend, well known blogger, Robert Scoble, reported last evening that he no longer feels safe with Wordpress.

A few weeks ago some hackers broke into my blog here (this was before 2.8.4 was released). At first I thought they just left some porn sites in a couple of blog entries. So we upgraded Wordpress (I was on 2.7x back then). Deleted a fake admin account. Deleted the porn sites. And thought we had solved the problem. We didn't.

They broke back in, but this time they did a lot more damage. They deleted about two months of my blog. Yes, I didn't have a backup. I should learn to do backups (we're doing them now). Life has a way of beating you if you don't have backups.

Anyway, this time they also put some malicious code on my archive pages. Google sent me an email saying they had removed my blog from its index. That got a whole team to look into how they broke in. Now thanks to TechCrunch and Mashable you know there was a vulnerability in Wordpress which let them break in. Even more good details on Lorelle's blog.

Turns out that if you ran Wordpress at Wordpress.com (Wordpress hosts your blog), you were probably safe from attack. The reason being that Wordpress kept doing regular updates to its software to prevent such attacks.

However, a lot of publishers, including a lot of law firms, do not host their Wordpress blogs at Wordpress.com. They want more control and features on their blog than Wordpress may offer. They're hosting their blogs on their own servers at co-location facilities or having service providers host their blogs on the service provider's servers. In which case, timely updates may not have been made to prevent major hacking like this.

And it's not easy as just keeping up to date with every Wordpress update (which can come quite regularly and making the upgrades. It's possible the Wordpress upgrades won't work on your blog or worse yet, the upgrades will cause other parts of your blog to fail.

As discussed in Scoble's Friendfeed comments, lots of Wordpress blog publishers, including law firms and firms hosting blogs for law firms, use plugins to add various features to their blog. Wordpress upgrades are not necessarily tested on blogs with such upgrades. So when Wordpress upgrades come out those running Wordpress blogs on other than Wordpress.com can not just install the upgrade. Testing and often fixes to bugs that develop must be done.

Wordpress is good blog software and may be the most widely used. The fact that it's Open Source has allowed it make major advances and develop quite a following. But with mass use and open development, it can be susceptible to hacking like this.

For law firms running their blogs, it's not as easy as just downloading blog software and being up and running. In addition, when outsourcing your blog hosting, having a solution provider whose business is blogging is a plus.

Bottom line, when you are considering the cost of Wordpress (free) and all the plugins created on Wordpress for blog features, you need to consider the cost of the support you need.

Tags: , ,
Don't get left behind, get your own blog

Lexblog

Become a part of the conversation

LexBlog creates and maintains professional, turn-key blogs for law firms and businesses. For more information fill out and send this form or call 1-800-913-0988.

all information is required please
May 12, 2009 by Kevin O'Keefe

Law blogs : You get what you pay for

John Kormanik, a founding partner of Boise's Kormanik Hallam & Sneed and former Idaho Deputy Attorney General posed the following question in LinkedIn Legal Blogging Group's discussion forum: 'I am considering starting a blog concerning my law firm, practice and assorted topics. Which platform is best suited for this type of blog, Google Blogger or Wordpress?'

A lengthy discussion ensued among members of the group. I thought I'd share my response to John's question.

I have a dog in this hunt so take this as you may. But I am a firm believer that you get what you pay for. The goal here is not to save money by blogging, but to enhance one's reputation as an authority and to grow business by networking through the net.

Your blog is your home base in that networking. The result is a heck of a word of mouth reputation that keeps on giving throughout your professional life.

Blogger is a non-starter as far as a professional and safe environment for lawyers. That's true for a number of reasons discussed on my blog and elsewhere.

Wordpress and Typepad, though better, are lacking unless a lawyer really knows what they are doing with blogging, social media, and networking through the net. You also have design issues.

I practiced law for 17 years. I helped build a firm with 2 partners and a couple staff to 15 lawyers and 30 or 40 employees. I then started my own firm doing plaintiff's trial law work.

As far as how my competition, my clients, prospective clients, referral sources, media, judges, and jury members perceived me and my firm, I did not want to take a back seat to anyone. That meant both doing a good job and making certain everyone in my firm carried themselves in a professional fashion. There were necessary costs to that - but that was okay as we were doing good work for good clients as a result.

It all depends where your goals lie, how much time you want to dedicate to learning how to network through the net via effective blogging (not just getting a blog up), and the risk you want to take with your image as to how you wish to start blogging.

Lower long term goals, lots of time, and a willingness to risk your reputation? Go it alone on one of the free/low cost platforms. Otherwise you may want to get a professional team to help you.

As you tell your clients, there is a benefit to hiring a lawyer in getting legal matters handled correctly. You can do your own legal work. However, there's a benefit to having a lawyer so you accomplish what you want and avoid long term problems. It's the same for blogs and networking through the net.

The true advantage you have today is that the cost to do great things in marketing, networking, and client development through the Internet is so low. Blogs have become a great equalizer for smaller firms with lower marketing budgets. In addition the cost of professional help in blogging is peanuts compared to ad and marketing buys we used to make in the yellow pages, print, and the like.

Sure, there are exceptions to the above. There always are. I know some excellent law bloggers using Blogger, WordPress, and TypePad (many whose arrows I'll feel in my back after they read this post). I'm just talking about the safe and prudent route for most lawyers and law firms new to blogging.

Tags: , , ,
October 13, 2008 by Kevin O'Keefe

Why Blogger, WordPress, and TypePad domains are no good for your law blog

Krishna De, a brand engagement and social media communications expert, guest posts at Business Blog Consulting on why Blogger, WordPress and TypePad domains are no good for business blogging.

While doing a recent social media workshop, De found it heartening to see that so many attendees were were blogging about their business. However, she became pretty disheartened when she found most of those blogs had been developed on a platform such as Blogger or Wordpress.com.

    Investing a little in implementing a business blog that is hosted on your website not only makes you look like you take business blogging seriously as part of your online marketing strategy, it also means that every link to your great content is a link to your website.

    That way you will be sure to benefit even more from your online content strategy buildng links to your business blog.

It's not just a small business issue. Just like I find large large law firms skimping by on these domains, De finds large businesses making the same mistake.

A colleague of mine on a social media working group is employed as an online expert for an online insurance company, and their external consultant had advised them to develop a business blog using Wordpress.com.

I’ve even seen Marketing Directors of major companies who should know more about branding than most use a blog that is detracting from their personal brand online as they are using Blogger.

Online personal branding experts even look to encourage people to use Typepad.com as a blog platform - whilst it’s a great blogging platform that I use and recommend, if you also have a website, a Typepad blog is not going to help you with your link building and search engine optimisation strategy which is becoming even more critical as few people now move beyond page 1 of Google when searching and researching online. What do they do if they can not find what they are looking for online on the first page of their search? They change the words they are using to search with of course.

There are many lawyers and firms who have figured out how to using domain mapping and development work-arounds to use these blog publishing platforms on their own domain. As long as they have covered the other bases of blogging effectively, such lawyers may be okay.

But I see a ton of law blogs on subdomains of TypePad, WordPress, and Blogspot. See for example West Virginia Family Law Blog (WordPress), Divorce Law Journal (TypePad), Florida Divorce & Family Law Blog (Blogger's Blogspot).

As De says '[I]f you are going to invest in business blogging, be good to yourself… don’t have all those wonderful incoming links to your great content go to a blog that is not hosted by you.'

Related Post:

Tags: , , , , ,
April 24, 2008 by Kevin O'Keefe

WordPress blogs being hacked

WordPress lawyer blogsBeen reading recently of problems with blogs running on WordPress software being hacked.

Mike Abundo explains the hack creates spam pages within blogs and creates hidden text links to those spam pages on other blogs. A single blog can fall victim to both.

Spam is bad enough on a professional blog. 'Good morning in-house counsel and consumers, here's the latest in porn for you direct from our blog.' Hidden text can be even worse as it can get you unindexed at Google.

Om Malik further references the hacking and explains the hackers' motivation:

  • To infect visitors by exploiting a browser vulnerability
  • To place ads they can then get revenue from
  • To embed links to blogs they own, improving their page
  • To entice people to click on links that lead them elsewhere

And it's just not happening at small time blogs. A ZDNet WordPress blog was hacked.

Don't treat this as a 'Chicken Little - the sky is falling.' But do not note that as a lawyer, you can't just throw up a blog and dismiss potential problems.

WordPress is a good solution supported by a vibrant open source community. But it has been susceptible to hacking.

There's a reason that not one of the 50 plus AmLaw 200 law firms is using WordPress for a firm branded blog.

Tags: ,
January 25, 2008 by Kevin O'Keefe

NY Times takes major stake in blog platform

The New York Times has invested $30 Million in Automattic, the web based commercial arm of the Wordpress blog platform.

Tags: , ,