I’ve been trying to get my email under control, and much of that has been focused on cleaning up all the various email lists I’ve been added or subscribed to over the years.

One thing I’ve noticed in my adventures in unsubscribing is just how much the process varies from vendor to vendor.

When I click on an unsubscribe link in an email, I will accept one of the following paths:

1. I am immediately unsubscribed and see a message on the screen telling me so.
2. I am shown what types of emails I am subscribed to from a current marketer. I can then select which lists I do not wish to receive any longer.

The following things are unacceptible, and if I see them when I click on an unsubscribe page, I close the window and just mark it as spam in GMail.

1. If your unsubscribe page does not carry any information over from the link in my email and you force me to manually enter my email address. You get marked as spam.

2. If you give me a message after I click that says “You will be removed from our list in 8-10 days,” you get marked as spam. How can I be instantly added to your email list when I subscribe but it takes 8 days to remove me? Spam.

3. I’m reserving a special hell for Constant Contact and their “SafeUnsubscribe.” If there’s ever been a more oxymoronic name for a product – I’ve never seen one. It’s up there with “Pleasant Root Canal.”

So if you use Constant Contact’s “SafeUnsubscribe,” you are shown a redacted version of your email and a text box where you are expected, nay, commanded, to re-type what they already know. Strike one.

In addition to that, there’s a second set of buttons to say “Yes, I want to unsubscribe” or “No, stay on,” where I could adjust the emails based on “interests” that the email marketer thought to create.

Finally, don’t email me right away to tell me that I’ve unsubscribed from your list. Tell me on screen. Don’t waste more of my time deleting yet another unwanted email.

The post Adventures in Unsubscribing appeared first on HighEdWebTech.

I had a vendor call me this week, hawking their CMS product.

That in itself is nothing new. I’ve always received vendor and sales calls in my role as running the web at several different institutions. When I got a promotion last year to manage our creative team, the calls increased tenfold. For the most part, I try to be polite and friendly, listening to at least a bit of the pitch and being honest.

If you want to sell to me and people like me in not just higher ed, but in any role, here are a few tips I’ve found to be helpful.

Don’t slag my current product

When this starts, I say “oh, I’ve got another call, can I call you back?”

We didn’t pick our current CMS by accident. We knew its pros and cons before we made a choice. We tested, reviewed and examined just about every CMS in the market. We made our choice, we built our sites. We’re committed. We obviously have figured out your perceived “scalability and security” concerns, otherwise we wouldn’t be using the product.

@mrichwalsky but how else will they be able to tell you that their CMS is better?

— Donald White (@donbwhite) May 14, 2013

You’d also know from your Salesforce.com notes that I told a different salesperson at your company months ago we had no intentions of switching when we’ve barely finished our conversion.

Tell, better yet, show me how your product will make my life easier.

I’m most likely to pay attention to your product when you show me how it will make my life easier or will solve a need I have.

For example, I’m really interested in mobile products, and we need one, but a whole new platform that doesn’t connect with any of our existing content and will need all sorts of new content generation and content strategy isn’t high on my radar of things to tackle now.

You had my curiosity.

But if your product has lots of nice API backend tools that will plug into my existing content, like Kurogo, now, you have my attention.

Understand our business cycles

Understand there are times of year that are better for us to not only listen to your pitch but actually get funding approval to buy your product.

If you’re selling to admissions, avoid the Spring, especially the time from February 1 to May 1. We’re all laser-focused on getting students to come to our school.

The summer’s slightly slower in higher ed, but know there are fewer people around in general, and approvals, especially if any faculty members are part of the process, are going to take for. ev. er.

If you can, avoid August 1 to September 1. Back to school is nuts. Same goes for Thanksgiving to Christmas. Not only am I running the end of year gauntlet, I so badly want to survive to that holiday break in one piece.

To recap, the best time to reach me is September 1 to November 1. On Tuesdays. From 2-3 p.m.

We can make the government look efficient

Understand that higher education is a land of bureaucracy and red tape.

Take that amount of red tape, and add in some red duct tape and red masking tape, and you’ll start to understand the levels of nightmare we have to live in sometimes.

If we worked in a small digital agency, or a mom-and-pop brick and mortar shop, we would be able to make quick decisions and get something funded.

When it comes to selling to higher ed, it’s the exact opposite.

There’s paperwork and budget approvals. There are capital requests and depreciation and all sorts of things I don’t understand.

Basically, if I need an approval, assume I will need approval from everyone and then a few more people. If you’re product costs more than $100, assume it’s going to take three times longer than usual.

A quick equation:

TL/DR;

Selling products is hard. Don’t criticize my software choices to help you sell your software. Give me time to get all the approvals on my end. Know there are better times of year to sell me stuff.

The post Tips for Selling to Higher Ed appeared first on HighEdWebTech.

Photo By Shimer College

It’s Commencement season in higher ed, and while we all scramble to complete the last minute preparations and get our live streams ready to go, I thought I’d take a moment and look back at some great Commencement speakers and their addresses to students.

For the most part, Commencement speakers are boring and often drag out an already long ceremony. I don’t remember my Commencement speaker. I think my wife had the guy that invented “The Club.” Remember that thing?

Here are a few people that gave interesting and thought-provoking addresses.

1. David McCullough – Wellesley High School

Ok, it’s a high school graduation, but a great message.

“None of this day-seizing, though, this YLOOing, should be interpreted as license for self-indulgence. Like accolades ought to be, the fulfilled life is a consequence, a gratifying byproduct. It’s what happens when you’re thinking about more important things. Climb the mountain not to plant your flag, but to embrace the challenge, enjoy the air and behold the view. Climb it so you can see the world, not so the world can see you.”

2. Neil Gaiman – University of the Arts

3. David Foster Wallace – Kenyon College

This one’s different because it’s been taken from its original form and made into a movie that really puts guts behind Wallace’s words. You can listen to his full address here or purchase a book version at Amazon.

4. Randy Pausch – Carnegie Mellon University

His “Last Lecture” will go down as one of the most moving speeches ever, but this commencement address given in 2008 is still powerful and touching.

5. Steve Jobs – Stanford University

This is Jobs at his most reflective and contemplative. I wish he was still around.

The post 5 Great Commencement Speakers appeared first on HighEdWebTech.

At EdTech, we strive to create the most valuable resources for higher education technology professionals. One of the ways we do that is by highlighting the smartest and most innovative education tech bloggers on the web.

My title may say creative director, but I’m a tech guy through and through and I really appreciate this. Now that admission season was wrapped up and we’ve launched our $100 million capital campaign, I’ll have more time to blog. Promise.

The post HighEdWebTech named top 50 higher ed IT blog appeared first on HighEdWebTech.

The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.

So, what can you do to build a secure WordPress installation? A few things.

1. Get the Better WP Security plugin
This plugin by Chris Wiegman gives you a ton of options to better secure WordPress, including interesting features like turning off your WP admin area during certain parts of the day. Grab the plugin from the WordPress repository here.

2. Use strong passwords
WordPress likes strong passwords, but make sure you have many users or a multisite setup, you should require all levels of users to use strong passwords. If you are generating passwords when you add a new WP user, use a strong one. I use this site often to generate random keys and passwords.

Why are strong passwords important? Let’s look at three potential passwords: doctor1, 6TrSB45aO6 and bl+4NF=(N35+ixq.

We should immediately not use the doctor1 code as its based on a dictionary word. If we use WolframAlpha to analyze this password, it returns that it’s a very weak password and this data:

number of passwords | ~~ 2^36~~78.36 billion
time to enumerate | ~~ 9.07 days (at 100000 passwords per second)
password entropy | 36.19 bits

For the password 6TrSB45aO6, WolframAlpha calls this password very strong.

number of passwords | ~~ 2^57~~174.9 quadrillion
time to enumerate | ~~ 55456 years (at 100000 passwords per second)
password entropy | 57.28 bits

55,000 years to enumerate compared to 9 days on the last password, that’s pretty good. Let’s run the last one.

WA calls bl+4NF=(N35+ixq a very strong password and gives this data:

number of passwords | ~~ 2^98~~3.953×10^29
time to enumerate | ~~ 125.3 quadrillion years (at 100000 passwords per second)
password entropy | 98.32 bits

Where it took 55,000 years last time, now it takes 125.3 quadrillion years. Can you even comprehend that number, and that’s trying 100,000 passwords a second. That’s a strong password.

3. Use a password manager
But Mike, you’re saying, how can I remember a password like bl+4NF=(N35+ixq? Easy. Use a password manager. This one isn’t directly related to a secure WordPress, but if you create yourself a 40 character password, you’ll be safe. How safe? Let’s run one through WolframAlpha. Let’s use this one:

FJpJi28pcAafzrt:Z9RSeb0kfRhszb.(0P]cN9LV

At 100,000 passwords a second, that one would take 2.669×10^66 years. I’m not even sure how many zeros that number would have. A lot.

I use 1password and all my passwords are 50 characters, for everything. It’s a bit pricey, but I was able to find a half-off coupon on the web pretty easily. What’s nice is that you can store your passwords securely in Dropbox and have all your passwords at home, the office and so on. LastPass is another good alternative.

4. Remove your admin user and change your database prefix
Many times, when you set up WordPress, the admin user is made by default. This is fine at first, but immediately create a new user, give that user administrative powers and remove the admin user. That’s a common target for hackers.

It’s good WordPress security practice to rename your tables from the default titles, because hackers often look for installs that haven’t been changed, and can write their malware to look for tables named in most cases the default, such as wp_usermeta.

The best time to change it is when you’re first installing WordPress, but it is possible to do it after. I’d recommend using a plugin like Better WP Security. It will do the heavy lifting for you. But if you’re feeling adventurous, you can do it manually, by adding this line to your wp-config.php file:

$table_prefix  = 'wp_2f2fss_';

You can make it whatever you like, just make sure you end it with an underscore. The next step is to rename your real database tables. This is slightly more tricky if you don’t have access to the database itself or something my PHPMySQL admin. You can learn more about this process here.

5. Add another layer of authentication to your site
For several months, I’ve used Google’s Authenticator app to sign into all of Google’s products as well as other sites that support it like Dropbox.

While it’s a pain to enter in one more piece of data, it’s as easy as copying the information from your phone, which is something we all have with us 24/7. When you login to Google, you’re asked for a 6 digit code, which you can have texted or called to you or use the Google Authenticator app, which gives you the code to enter.

On your phone, it looks like this:

There’s a WordPress plugin you can install to add this level of 2-factor authentication to your blog. The setup takes just a few moments. That screen looks like:

That QR code there? Just take a picture of it with the Authenticator app and it knows all it needs to know to start generating keys for you. Once you’re all set, your WordPress login screen will look like this:

That, friends, is a pretty secure WordPress setup. Chances are very slim to none someone is going to crack both your strong password and the code generated by Google.

The post 5 ways to secure WordPress easily appeared first on HighEdWebTech.

He said something about big box retail and big business that we in higher ed would be smart to heed. From the post:

Instead of trying to rescue a dying American heritage brand — one that probably deserves what’s coming to it — he could have spent the last year building his own. Instead of trying to fix Honeywell, he could have built Nest. Instead of trying to make a gauche mall store cool again, he could have rented out a few empty Blockbusters and done something interesting.

This easily applies to higher ed as well.

Are we spending too much energy to fix the legacy issues and challenges associated with higher education and missing out on the new opportunities?

Sure, some of our higher ed institutions are involved with MOOCs and Coursera, but thousands and thousands of smaller institutions are not.

What are they going to do? Are they going to try to fix the dying brand or build Nest?

The post What Can Higher Ed Learn from JC Penney’s Failure? appeared first on HighEdWebTech.

Services like BrowserLab and IE NetRenderer are OK, but they only give you static images, you can’t interact with the pages or see how things like CSS and JS affect the rendering of the page.

Other than having a PC on my desk, you can go the virtual machine route. I’ve tried this with Parallels and VMWare Fusion, but had mixed results. The other challenge was having the right number of licenses for Windows. We sometimes had them sitting around, sometimes didn’t.

Recently, we had a report of one of our sites behaving strangely in IE. I was at home at the time, on a Mac, and couldn’t test the specific issue. I actually spun up a Microsoft Windows Server at Amazon just to test IE. It was only a few cents to do this, but took forever to wait for the EC2 server to spin up and then I had to spend the time trying to figure out how to connect to it (again, Mac guy here.)

Thankfully, Microsoft has launched a new, easy way for developers to test their sites on different versions of IE and Windows OS version, called Modern.IE. They have released
test versions of IE using Virtual Machines that you download and manage in your own development environment.

As I’m on a Mac, I was curious what they had to offer. They have virtual machine images (VMIs) for Parallels, Fusion and Sun’s free VirtualBox. They have VMIs for versions of IE 6 through 10 and OSes XP through Windows 8. They also offer a Node.js application to do simple compatibility checks.

This isn’t just for Mac users though – they offer images for Windows and Linux users.

Addendum: I guess Adobe’s BrowserLab just recently shut down.  Bummer.

The post Microsoft makes browser testing easier appeared first on HighEdWebTech.

James Martin, S.J. has a great book, The Jesuit Guide to (Almost) Everything: A Spirituality for Real Life, if you’re interested in learning more.

Anyways, let’s back up a few weeks. On February 28, Pope Benedict announced that he was resigning, catching all the world by surprise, including us. As a Catholic university in Cleveland, we were inundated with media requests for faculty members and our President, a Jesuit priest, to comment on the resignation and what would happen next.

On March 12, the Cardinals met in Rome for the Papal Conclave, their secret meeting and voting for the next Pontiff. On March 13, the world was greeting with white smoke, signaling that a new Pope had been chosen.

As the marketing group at a Catholic university, we were aware of the conclave, of course, and ready when the new Pope was announced. We figured that there would be media calls, and we’d write-up a news release, some homepage graphics and celebrate the new Pope on our social media channels.

That all changed when Cardinal Jorge Mario Bergoglio was announced as the new Pope.

I was watching the announcement from a classroom at Cleveland State University, where I was teaching a two-day web class. The name was read out of the new Pope, and then one of the announcers said “Oh! A Jesuit!”

There has never been a Jesuit Pope before Francis. Not in 2,000 years of Popes and in 450 years of the Society of Jesus. I remember my reaction to hearing the new Pope was a Jesuit: “Whoa!”

Our marketing crew sprang into action. One of the first things we posted was a message on our Facebook page. It quickly became our most shared, liked and viewed content in the history of the John Carroll Facebook page. Here’s the post:

It was interesting to see the bump on Facebook’s insights the next week. That’s a pretty big jump in reach. If we use BlueFuego’s Facebook engagement equation, we get a total engagement of 10.7%, which is good, but this formula doesn’t take into account the number of shares (100) of any given point, which is becoming an important engagement metric. The shares of this post are what I believe  helped us reach over 20,000 people, 18,000 of which were viral, according to Facebook itself.

That evening, we put up a homepage rotating graphic celebrating the new Pope. The media descended upon campus, as not only were we one of the few Catholic universities in Cleveland, but we’re the only Jesuit university in town. We built a page collecting all the media mentions, interviews and more, which you can see here.

It’s been a great and interesting few weeks on our campus. People are energized. I hope that the newfound press and awareness of what the Jesuits are will give JCU more visibility in the weeks, months and years to come.

The post The Pope Francis Bump appeared first on HighEdWebTech.

Since March 2008, this site’s been visited by over half a million people who have read the 318 posts I’ve written. In that time, I’ve travelled the world talking to folks, I took a new job doing web things at a new University, got promoted to run the creative team here, and started my web consultancy with friends in the US and UK, Gas Mark 8. I’m even an adjunct professor now. How crazy is that.

Sometimes work drags us all down and we’re all overworked and stressed out, but every once in a while, especially on a day like today, I step back, take stock, and reflect – something I’ve learned how to really do at a Jesuit institution.

I’m a lucky guy.

I get to do a creative job every day with an awesome team. I’ve got a lovely wife and two amazing boys. Sure, my basement floods and it gives me panic attacks, but overall, things are pretty awesome.

Thanks for reading, commenting, twittering me and more over the last five years. Here’s to five more.

The post Happy 5th Birthday to HighEdWebTech appeared first on HighEdWebTech.

After a week or so, our awesome Admission team came to me and asked who hadn’t logged in yet. Hmm. Good question. We didn’t have a plugin or anything turned on to track this, so I did some creative coding. Please – if there’s a more efficient way of doing this, let me know.

The first step I did was to query the wp_users table to get the user ID’s of all the users. Something like this:

$query = "SELECT ID,user_email,display_name,user_registered from wp_XXXXXX_users ORDER BY ID";

$result = mysql_query($query);

Now here’s where it gets tricky. The wp_users table in WordPress by default doesn’t tell you the last time someone logged in, just when the account was created. If we want to know when they last did anything, we need to go looking in the wp_usermeta table. In that table is a meta_key field. There are many for each user ID, so we are looking for the one called last_activity. In that field will be the date and time the user last did anything in our site. If they’ve never logged in, they’ll have no activity.

Again, this isn’t efficient, but basically we loop through the IDs we queried before and see if there’s a last_activity value in the meta_key field. If there is, great, that user has logged in. If there isn’t, we can assume they haven’t logged in.

while ($row = mysql_fetch_assoc($result)) {

 $userid = $row['ID'];

 $q = "SELECT * from wp_XXXXXXX_usermeta where user_id = $userid and meta_key = 'last_activity'";

 $r2 = mysql_query($q);

 $num_rows = mysql_num_rows($r2);

 if( mysql_num_rows($r2) > 0){
	//This person has logged in
 }else{
       // Do whatever you need to here. I made a pretty table of user info
	echo "
Not logged in: ".$row['user_email'];
 }

}

If you’re running a site with a few users, this method isn’t too terribly taxing. Our WordPress site, however, has several thousand users so this query is pretty taxing. We don’t run it very often, which is good, because I would not recommend such a inefficient query be run in a production environment.

And since I know you were going to ask, the wp_XXXXXXX_usermeta table is named that way for a purpose. It’s good WordPress security practice to rename your tables from the default titles, because hackers often look for installs that haven’t been changed, and can write their malware to look for tables named in most cases the default, such as wp_usermeta.

The best time to change it is when you’re first installing WordPress, but it is possible to do it after. I’d recommend using a plugin like Chris Weigman’s Better WP Security. It will do the heavy lifting for you. But if you’re feeling adventurous, you can do it manually, by adding this line to your wp-config.php file:

$table_prefix  = 'wp_2f2fss_';

You can make it whatever you like, just make sure you end it with an underscore. The next step is to rename your real database tables. This is slightly more tricky if you don’t have access to the database itself or something my PHPMySQL admin. You can learn more about this process here.

The post Checking if a WordPress User Has Ever Logged In appeared first on HighEdWebTech.