Changing Our Domain Name?

As a consultant, as far back as 2007, when businesses used to come to me in need of redevelopment, I would tell them that the best thing they could do was to “get WordPressed”.

I explained how they needed to take their dinosaur HTML site and have it converted into the most search friendly system I knew of, and that’s how this particular website was born.

It’s a specialized niche site, to fit the growing industry of converting sites into WordPress, and that’s how the domain name came to be chosen.

Yesterday however, attorneys for the WordPress Foundation sent me an email, saying that we are in violation of the WordPress copyright by using WordPress in the domain name. ;(

On the one hand, I realize that a company does have the right to protect themselves from misuse of their trademarked name or logo, but on the other hand, I’m surprised that they have nothing better to do with their time than go after supporters like us, who provide services based on their product.

Here’s a copy of the letter in its entirety:

Re: Trademark Infringement By

Dear Mr. Hendison:

I write on behalf of the WordPress Foundation to ask that you stop all use of the domain and transfer it to WordPress and that you also remove the WordPress Logo from your site. As you know, our client is one of the world’s most famous providers of blogging and website support services and offers these services under its famous WORDPRESS trademarks. It has used its WORDPRESS trademarks for many years and this trademark is the subject of many trademark registrations throughout the world including the United States.

As I am sure you can understand, in business a company’s brand is its reputation with customers. For this reason it is critical that a company have the ability to control how its brand is presented to the public. Further, the company has set out its domain name policy on the WordPress.org website as follows: “For various reasons related to our WordPress trademark, we ask if you’re going to start a site about WordPress or related to it that you not use “WordPress” in the domain name.” http://wordpress.org/about/domains/

Your use of the domain name(the “Subject Domain”) and your use of the WordPress Logo is without the permission of WordPress and removes its brand reputation from its control since visitors to your website will wrongly believe that the site is controlled by, or at least approved by WordPress when this is not the case.

In order for the company to maintain control of its reputation, we ask that you transfer thedomain to WordPress and remove all uses of the logo from your website. Should you care to discuss this matter please don’t hesitate to call or email me. I await your reply.

Very truly yours,

Steven M. Levy, Esq.
FairWinds Partners, LLC
1632 Wisconsin Avenue, NW
Washington, D.C. 20007
United States
+1-202-341-3722
steve.levy@fairwindspartners.com

Now I really don’t have the time or money to get into some legal battle that I would probably end up losing in the long run, so I said I would come up with a new domain, and would remove their logo (as obfuscated as it is) from our header.

Our communication back-and-forth has been very cordial, and Mr. Levy said that they could give me a reasonable amount of time to make the switch, get the new site indexed, etc. but I can’t find a domain name I like yet this morning.

We’ve established a pretty good  business here, and we’ve got some good search rankings, decent backlinks, and a loyal base of returning customers who know us by name.  Changing domain names is really going to require some thought, and this morning I set out to get one.

My first thought was to follow the suggestions that WordPress makes here and use a WP instead of their name, but when I tried to buy GetWP.com I found that it was already taken.  I was surprised at that, so I tried to visit the site, but when I did,  I got redirected to a subdomain of WP.com, called get.wp.com –  Huh? Could it be?

Yep – I looked up the registrant information, and found that the domain I want –  GetWP.com –  is already owned by the folks at WordPress – The same people telling me to use WP!

Registrant:
   Automattic, Inc.
   60 29th Street
   #343
   San Francisco, California 94110-4929
   United States

I really like the name GetWP.com, and feel it would be a fair substitution – after all, they’re not even USING it!  So I wrote the lawyer back just now, asking if maybe they’ll consider giving me getwp.com, but I’m not going to hold my breath.

Anyway, I thought I’d share – After they refuse, have you got any ideas for me for another good domain name?

Scentsy WordPress Themes

We’re excited to be working with another company on a new design that will enable Scentsy consultants to have an affordable theme that meets their desired look and feel. This theme will be in 100% compliance with the Scentsy corporate guidelines.

Update August 26 2011 – It’s here – $39 for one color or $99 for all six.

[flash /wp-content/uploads/scentsy-youtube.flv]

Optimize Your Database

One of the drawbacks to using WordPress is the fact that if you work hard on your website, not only by adding content regularly, but perhaps changing your page copy, trying different calls to action, working on conversions, etc. then your database can ultimately grow quite large.

While a problem may not present itself for months or years, it’s reasonable to assume that someday, something will go wrong and you’ll wish your database was smaller and cleaner. Perhaps it will come during a routine upgrade and you’ll notice something’s out of whack, or the automatic upgrade will fail, forcing you to upgrade manually.

On the other hand, you might discover a problem only after something has gone seriously wrong – like while trying to restore a backup after a loss – and at that point, to put it technically, you are screwed.

Because we manage a lot of domains on a lot of different hosts, we’re probably a lot more prone to see a problem than you are, however, it never hurts to be safe, and be proactive. That’s why it’s a good idea to keep your database clean of unnecessary data.

A few weeks ago, while dealing with a site that had literally hundreds of revisions for every page, and a giant database that was giving us problems moving from one server to another, I looked for a plug-in that would get rid of all these revisions that we no longer needed.

I found a good one in WP Optimize, that not only gets rid of unwanted revisions, but also optimizes the database tables, which was previously only accessible through your web hosts phpMyAdmin.

Rather than tell you all about it, take a look at this 2 minute video…

 

WordPress Shopping Cart PCI Compliance

There’s a set of requirements called the Payment Card Industry Data Security Standard (or “PCI DSS”) and it was developed by the PCISSC – (the Payment Card Industry Security Standards Council)

These requirements are designed to provide a standardized set of consistent security measures for merchants to follow that are handling credit card transactions.

The standard includes 12 requirements for maintaining a secure operation:

Build and Maintain a Secure Network

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect Cardholder Data
  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

  • Requirement 5: Use and regularly update anti-virus software
  • Requirement 6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data
  • Regularly Monitor and Test Networks
  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes
  • Maintain an Information Security Policy
  • Requirement 12: Maintain a policy that addresses information security

For WordPress your E-commerce options are limited, and for a PCI Compliant shopping cart, they’re limited even further.

There is no way in a million years you should consider developing a new site using ANY shopping cart that is not willing to be compliant or in my (non legal) opinion, you’re setting yourself up for a lawsuit.

This list of WP shopping carts and their PCI compliance info will grow over time…

  1. Shopp – They are compliant, and they are willing to say so, partly why they are one of our current chosen platforms.
  2. Eshopp – We love this free plugin. By shifting all cardholder data entry onto Authorize.net, there are no compliance issues. Sweet!
  3. Cart 66 – They say they’re compliant right on their home page.
  4. PHP PurchaseThey say they’re compliant right on their home page.
  5. Cart 32 – They do claim compliance.
  6. Vevo CartThey DO claim to be compliant
  7. WooThemes – They offer various add-ons 

These carts are either Non Compliant or simply not addressed on their sites:

  1. WP Ecommerce – Although we HAVE tested and passed compliance once and found no issues,  they now seem to fail any test, so we’ve given up.  They offer no statement about compliance, either that we could ever find, even using Google to search their site
  2. WP Auctions –  No mention of PCI Compliance – check.
  3. WP eStoreNo mention of PCI but they use something called instant digital product delivery – check
  4. Shopper PressHas more than 20+ payment gateways, but not PCI compliant?  check
  5. Market ThemeNo mention of PCI Compliance – check.
  6. Word Press Shopping Cart Plug-inNo mention of PCI compliance – check.

In the comments below, please leave any links to compliance info for anyone you come across, and I’ll update this list. Likewise, if you have information about anyone that’s NOT compliant, that would be helpful too.

WP Ecommerce – What You Should Know

If you need to learn a lot about PCI compliance, this is pretty damn good…

[imaioVideo v=1]

Upgrading cForms Plugin

Tip on some steps: Before creating or editing files such as abspath.php or cforms.js, change your local directory to a folder named after the site you’re working on. This will help prevent accidental uploading of these edited files for one site onto another, which will cause the forms to stop working. Having these for backup for each site worked on also comes in handy.

1. Before beginning, be sure you have the latest cForms downloaded and unzipped from Delicious Days.

2. FTP to the plugins directory of the site, download a full backup copy of cForms.

3. Do a database backup in the wp-admin, if you haven’t already done it.

4. Deactivate cForms.

5. Upload the new cforms folder through ftp. (Be sure you are uploading the cforms folder and not the zip file name – this will cause cforms to have errors and partially work.)

6. Leave the ftp on for now – activate cForms again.

7. Go to the cForms admin page.

8. Does it say: It appears that cforms was not able to create abspath.php…?
If it does, start a new text file. Copy the green highlighted code cForms produced.
Looks like: <code>&lt;?php $abspath = ‘/home/www/domain-name.com/’; ?&gt;</code>
Paste that code into your new text file and save as abspath.php.
Upload that file to the cforms folder.

9. Refresh the cforms admin page to be sure it’s correct now.

10. If you see more notations at the top, such as upgrade database table, just follow the instructions. This isn’t as common anymore unless you’re upgrading a very old installation.

11. Final step: test one of the forms.

Failed tests:

1. Did you add the abspath.php file and is the path on that correct? If the installation is in a sub-directory, check to see that cforms recognized that and the sub-directory is showing at the end of the file path in abspath.php.

2. If cforms didn’t tell you to add the abspath.php file, check that it’s actually in the cforms folder anyway. If not, create one using the above code with the correct server path.

3. Is the cforms folder it’s own? In the plugins directory, when you open the cforms folder, do you see files or another cforms folder? If you see another cforms folder, you will have to open it, select all the files and folders, and drag them up one directory.

4. Follow this path in your ftp: cforms/js/. Download the cforms.js file and open for editing.
Just past the copyright information, look for this line:
<code>var sajax_uri = ‘/wp-content/plugins/cforms/lib_ajax.php’;</code>

If the wordpress installation is in a sub-directory, add it to the code like this:
<code>var sajax_uri = ‘/sub-directory-name/wp-content/plugins/cforms/lib_ajax.php’;</code>

Upload the file and re-test the form.