Microsoft has introduced a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks.
After enabling the new Mobile Network Protection feature on Android and iOS devices you want to monitor, the enterprise endpoint security platform will provide protection and notifications when it detects rogue Wi-Fi-related threats and rogue certificates (the primary attack vector for Wi-Fi networks).
Threats it can spot include rogue hardware such as Hak5 Wi-Fi Pineapple devices which both pen-testers and cybercriminals can use to capture data shared within the network.
MDE will also alert users to switch networks if it spots a suspicious or unsecured network and push notifications when it discovers open Wi-Fi networks.
While the feature is enabled by default on mobile devices, Microsoft also provides detailed info on configuring network protection on Android and iOS devices via the Microsoft Endpoint Manager Admin center.
“As the world continues to make sense of the digital transformation, networks are becoming increasingly complex and provide a unique avenue for nefarious activity if left unattended,” the company said this week.
“To combat this, Microsoft offers a mobile network protection feature in Defender for Endpoint that helps organizations identify, assess, and remediate endpoint weaknesses with the help of robust threat intelligence.”
Disabling MDE Network Protection (Microsoft)
Cross-platform endpoint security platform
This is part of a broader effort to expand Defender for Endpoint’s capabilities across all major platforms to allow security teams to defend network endpoints via a single, unified security solution.
One month later, Microsoft announced that threat and vulnerability management support for Android and iOS reached general availability in Microsoft Defender for Endpoint.
Android and iOS vulnerability management lets admins decrease mobile endpoints’ surface attack and, in the process, increase their organization’s resilience against incoming attacks.
“With this new cross-platform coverage, threat and vulnerability management capabilities now support all major device platforms across the organization – spanning workstations, servers, and mobile devices,” Microsoft said.
Earlier this month, Redmond also said that a new MDE feature allows admins to “contain” unmanaged Windows devices on their network if they were compromised or are suspected to be compromised to block malware and attackers from abusing them to move laterally through the network.
In the last year, over a billion new Android phones were activated. Ready to join the fun, but not sure which phone is best for you? Consider one that’s loaded with the best of Google, that can fold to fit in your pocket or fit your budget, or has a camera that can capture any shot. Regardless of which phone you choose, making the switch from iPhone to Android has never been easier.
Starting today, support for the Switch to Android app on iOS is rolling out to all Android 12 phones, so you can move over some important information from your iPhone to your new Android seamlessly. Once you’ve got your new Android phone, follow our easy setup instructions to go through the data transfer process. You’ll be prompted to connect your old iPhone with your new Android phone either with your iPhone cable or wirelessly via the new Switch to Android app. The instructions will walk you through how to easily transfer your data like your contacts, calendars and photos over to your new phone.
Once you’re all set up, you can get started on your new Android device by checking out our favorite features.
Express yourself in new ways: With the Messages app and Gboard, it’s easy and enjoyable to send messages — especially between friends who use Android. Group chats, high-quality photo and video sharing, read receipts and emoji reactions are all available thanks to RCS, and thousands of emoji mashup stickers are there to help you express your feelings. (Rest assured, your iPhone friends will still receive your messages as well.)
Video chat with anyone, anywhere: If your friends and family have Google accounts, it’s easier than ever to video chat with Google Meet on Android. Or if you prefer FaceTime, you can still use that in the latest version of Chrome. Or with apps like WhatsApp in Google Play, you can chat with whomever you like for free around the globe. Android has so many options, it’s easy to stay connected with those that matter to you the most.
Tune into your favorite music: Catch up on the latest hits with your preferred streaming service available on Android. And if you had previously purchased and downloaded music on your iPhone, your music will transfer over to your Android phone, as long as it’s digital rights management (DRM)-free. Your purchases and downloaded content from Apple Music will still be accessible on your new Android device by downloading the Apple Music app.
Your favorite apps and more: With Google Play, you’ll find the apps you already use and love, and quickly start to discover so many more. Looking to plan an outdoorsy getaway? Hipcamp will help you book your next camping spot, Skyview Lite will be your stargazing guide to the sky, and AllTrails will help you find a hike that’s perfect for you and your friends. A summer of fun made possible with your new Android.
A privacy-first approach: On your new phone, your data is proactively protected by Android. Android helps defeat bad apps, malware, phishing and spam, and helps keep you one step ahead of threats. Messages, for example, helps protect people against 1.5 billion spam messages per month. Android also provides timely recommendations, like prompting you to select your location-sharing preferences when opening an app to help you make the best decisions for your privacy. Read more about how to keep your data private and secure.
More devices that work better together: Choose from a wide variety of Chromebooks, Wear OS smartwatches, Google TV devices and Fast Pair supported headphones, like Pixel Buds, that work better together with your phone. In fact, some of your Apple products will still work with your Android device, like AirPods.
Get more done with Google apps and services: Traveling on vacation and can’t read the local signs? Scan the text for instant translation so you can get to your destination quickly. Editing a Google Doc on your laptop, but need to finish on the go? You can easily keep work going on your Android phone, too. Google prides itself on being helpful, and the best of Google is built into Android phones.
Share music, photos and more across devices: Nearby Share lets you easily share music, photos and other files between your nearby Android and Chrome OS devices. To share content like photos and videos with non-Android devices, you can easily use sharing built into Google Photos or several other apps that allow you to share with friends and family and keep them in an organized memory bank for the future.
Customize your Home screen with Android Widgets:Widgets are helpful additions to any Home screen, putting the information that’s most important to you right at your fingertips. There will soon be 35 Google widgets available on Android, so whether you want to have easy access to Google Maps’ real-time traffic predictions or have translations at the ready so you can communicate with family and friends, Android is there to make your life a little easier.
Technology that’s useful for everyone: Everyone has their own way of using their devices. That’s why we build accessible features and products that work for the various ways people want to experience the world. Whether you want to use your device without ever needing the screen using TalkBack, or you want to take what’s being said out loud and create a real-time transcript with Live Transcribe, Android has you covered when and how you need it.
And that’s not all. Between our major annual updates, we’re always adding new features to Android.
Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively.
An old school phenomenon
Shadow IT is not new. There have been countless examples of widespread shadow IT use over the years. In the early 2000s, for example, many organizations were reluctant to adopt Wi-Fi for fear that it could undermine their security efforts. However, users wanted the convenience of wireless device usage and often deployed wireless access points without the IT department’s knowledge or consent.
The same thing happened when the iPad first became popular. IT departments largely prohibited iPads from being used with business data because of the inability to apply group policy settings and other security controls to the devices. Even so, users often ignored IT and used iPads anyway.
Of course, IT pros eventually figured out how to secure iPads and Wi-Fi and eventually embraced the technology. However, shadow IT use does not always come with a happy ending. Users who engage in shadow IT use can unknowingly do irreparable harm to an organization.
Even so, the problem of shadow IT use continues to this day. If anything, shadow IT use has increased over the last several years. In 2021 for example, Gartner found that between 30% and 40% of all IT spending (in a large enterprise) goes toward funding shadow IT.
Shadow IT is on the rise in 2022
Remote work post-pandemic
One reason for the rise in shadow IT use is remote work. When users are working from home, it is easier for them to escape the notice if the IT department than it might be if they were to try using unauthorized technology from within the corporate office. A study by Core found that remote work stemming from COVID requirements increased shadow IT use by 59%.
Tech is getting simpler for end-users
Another reason for the increase in shadow IT is the fact that it is easier than ever for a user to circumvent the IT department. Suppose for a moment that a user wants to deploy a particular workload, but the IT department denies the request.
A determined user can simply use their corporate credit card to set up a cloud account. Because this account exists as an independent tenant, IT will have no visibility into the account and may not even know that it exists. This allows the user to run their unauthorized workload with total impunity.
In fact, a 2020 study found that 80% of workers admitted to using unauthorized SaaS applications. This same study also found that the average company’s shadow IT cloud could be 10X larger than the company’s sanctioned cloud usage.
Know your own network
Given the ease with which a user can deploy shadow IT resources, it is unrealistic for IT to assume that shadow IT isn’t happening or that they will be able to detect shadow IT use. As such, the best strategy may be to educate users about the risks posed by shadow IT. A user who has a limited IT background may inadvertently introduce security risks by engaging in shadow IT. According to a Forbes Insights report 60% of companies do not include shadow IT in their threat assessments.
Similarly, shadow IT use can expose an organization to regulatory penalties. In fact, it is often compliance auditors – not the IT department – who end up being the ones to discover shadow IT use.
Of course, educating users alone is not sufficient to stopping shadow IT use. There will always be users who choose to ignore the warnings. Likewise, giving in to user’s demands for using particular technologies might not always be in the organization’s best interests either. After all, there is no shortage of poorly written or outdated applications that could pose a significant threat to your organization. Never mind applications that are known for spying on users.
The zero-trust solution to Shadow IT
One of the best options for dealing with shadow IT threats may be to adopt zero trust. Zero-trust is a philosophy in which nothing in your organization is automatically assumed to be trustworthy. User and device identities must be proven each time that they are used to access a resource.
There are many different aspects to a zero-trust architecture, and each organization implements zero-trust differently. Some organizations for instance, use conditional access policies to control access to resources. That way, an organization isn’t just granting a user unrestricted access to a resource, but rather is considering how the user is trying to access the resource. This may involve setting up restrictions around the user’s geographic location, device type, time of day, or other factors.
Zero-trust at the helpdesk
One of the most important things that an organization can do with regard to implementing zero trust is to better secure its helpdesk. Most organizations’ help desks are vulnerable to social engineering attacks.
When a user calls and requests a password reset, the helpdesk technician assumes that the user is who they claim to be, when in reality, the caller could actually be a hacker who is trying to use a password reset request as a way of gaining access to the network. Granting password reset requests without verifying user identities goes against everything that zero trust stands for.
Strong, unique passwords are key to helping keep your personal information secure online. That’s why Google Password Manager can help you create, remember and autofill passwords on your computer or phone: on the web in Chrome, and in your favorite Android and iOS apps.
Today we’ve started rolling out a number of updates that help make the experience easier to use, with even stronger protections built in.
A consistent look and feel, across web and apps
We’re always grateful for feedback, and many of you have shared that managing passwords between Chrome and Android has been confusing at times: “It’s the same info in both places, so why does it look so different?” With this release, we’re rolling out a simplified and unified management experience that’s the same in Chrome and Android settings. If you have multiple passwords for the same sites or apps, we’ll automatically group them. And for your convenience, you can create a shortcut on your Android home screen to access your passwords with a single tap.
You can now add a shortcut to Google Password Manager to your Android homescreen.
More powerful password protections
Google Password Manager can create unique, strong passwords for you across platforms, and helps ensure your passwords aren’t compromised as you browse the web. We’re constantly working to expand these capabilities, which is why we’re giving you the ability to generate passwords for your iOS apps when you set Chrome as your autofill provider.
You can now create strong passwords on your computer or mobile, on any operating system.
Chrome can automatically check your passwords when you enter them into a site, but you can have an added layer of confidence by checking them in bulk with Password Checkup. We’ll now flag not only compromised credentials, but also weak and re-used passwords on Android. If Google warns you about a password, you can now fix them without hassle with our automated password change feature on Android.
For your peace of mind, Password Checkup on Android can flag compromised, weak and reused passwords.
To help protect even more people, we’re expanding our compromised password warnings to all Chrome users on Android, Chrome OS, iOS, Windows, MacOS and Linux.
Simplified access and password management
Google built its password manager to stay out of your way — letting you save passwords when you log in, filling them when you need them and ensuring they aren’t compromised. However, you might want to add your passwords to the app directly, too. That’s why, due to popular demand, we’re adding this functionality to Google Password Manager on all platforms.
Adding your passwords directly is now possible on all platforms.
In 2020, we announced Touch-to-Fill to help you fill your passwords in a convenient and recognizable way. We’re now bringing Touch-to-Login to Chrome on Android to make logging in even quicker by allowing you to securely log in to sites directly from the overlay at the bottom of your screen.
Touch-to-Login signs you in directly from a recognizable overlay.
Many of these features were developed at the Google Safety Engineering Center (GSEC), a hub of privacy and security experts based in Munich, so Guten Tag from the team! Of course, our efforts to create a safer web are a truly global effort – from our early work on 2-step verification, to our future investments in technologies like passkeys – and these updates that we are rolling out over the next months are an important part of that work.
Google this week announced that new warnings added in the Google Workspace Alert Center will keep administrators notified of critical and sensitive configuration changes.
Previously known as G Suite, Google Workspace provides secure collaboration and productivity tools for enterprises of all sizes. Accessible from anywhere in Google Workspace, the Alert Center delivers real-time security alerts and insights, to help admins mitigate threats such as phishing and malware.
With the new alerts in place, admins will also receive notifications whenever select changes are made to their Google Workspace configurations.
Specifically, warnings will be displayed when the primary admin is changed, when the password for a super admin account has been reset, and when changes are made to SSO profiles – when a third-party SSO profile has been added, updated, or deleted for the organization.
“These additional intelligent alerts will closely monitor several sensitive actions, making it easier for admins to stay on top of high-risk changes to their environment and potentially malicious actions being taken by bad actors,” Google explains.
An email notification containing key details on the event will be delivered to admins and super admins for each alert. The security investigation tool will allow admins to further investigate the reported incident.
The alerts and their associated email notifications are enabled by default and cannot be turned off.
The new capability is rolling out to all Google Workspace customers, including legacy G Suite Basic and Business customers, and is expected to become visible for everyone in the next couple of weeks.
Earlier this year, Google boosted malware and phishing protections in Workspace with updated comment notifications that now also include the commenter’s email address, so that users can better assess the legitimacy of the message.
A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments.
This approach is quite unusual as all the intermediate steps that typically characterize email attacks are there to help evade detection and minimize the chances of raising red flags on email security products.
According to ReversingLabs, which has been following AstraLocker operations, the adversaries don’t seem to care about reconnaissance, evaluation of valuable files, and lateral network movement.
Instead, they are performing “smash-n-grab” attacks to his immediately hit with maximum force aiming for a quick payout.
From document to encryption
The lure used by the operators of AstraLocker 2.0 is a Microsoft Word document that hides an OLE object with the ransomware payload. The embedded executable uses the filename “WordDocumentDOC.exe”.
To execute the payload, the user needs to click “Run” on the warning dialog that appears upon opening the document, further reducing the chances of success for the threat actors.
Unknown publisher warning(ReversingLabs)
This bulk approach is in line with Astra’s overall “smash-n-grab” tactic, choosing OLE objects instead of VBA macros that are more common in malware distribution.
Another peculiar choice is the use of SafeEngine Shielder v2.4.0.0 to pack the executable, which is such an old and outdated packer that reverse engineering is almost impossible.
After an anti-analysis check to ensure that the ransomware isn’t running in a virtual machine and that no debuggers are loaded in other active processes, the malware prepares the system for encryption using the Curve25519 algorithm.
The preparation includes killing processes that could jeopardize the encryption, deleting volume shadow copies that could make restoration easier for the victim, and stopping a list of backup and AV services. The Recycle Bin is simply emptied instead of encrypting its contents.
AstraLocker 2.0 ransom note(ReversingLabs)
AstraLocker background
According to the code analysis of ReversingLabs, AstraLocker is based on the leaked source code of Babuk, a buggy yet still dangerous ransomware strain that exited the space in September 2021.
Additionally, one of the Monero wallet addresses listed in the ransom note is linked to the operators of Chaos ransomware.
This could mean that the same operators are behind both malware or that the same hackers are affiliates on both ransomware projects, which is not uncommon.
Judging from the tactics that underpin the latest campaign, this doesn’t seem to be the work of a sophisticated actor but rather one who is determined to deliver as many destructive attacks as possible.
Attackers used a newly discovered malware to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa.
The malware, dubbed SessionManager by security researchers at Kaspersky, who first spotted it in early 2022, is a malicious native-code module for Microsoft’s Internet Information Services (IIS) web server software.
It has been used in the wild without being detected since at least March 2021, right after the start of last year’s massive wave of ProxyLogon attacks.
“The SessionManager backdoor enables threat actors to keep persistent, update-resistant and rather stealth access to the IT infrastructure of a targeted organization,” Kaspersky revealed on Thursday.
“Once dropped into the victim’s system, cybercriminals behind the backdoor can gain access to company emails, update further malicious access by installing other types of malware or clandestinely manage compromised servers, which can be leveraged as malicious infrastructure.”
SessionManager’s capabilities include, among other features:
dropping and managing arbitrary files on compromised servers
remote command execution on backdoored devices
connecting to endpoints within the victim’s local network and manipulating the network traffic
In late April 2022, while still investigating the attacks, Kaspersky found that most of the malware samples identified earlier were still deployed on 34 servers of 24 organizations (still running as late as June 2022).
Additionally, months after the initial discovery, they were still not flagged as malicious by “a popular online file scanning service.”
After deployment, the malicious IIS module allows its operators to harvest credentials from system memory, collect information from the victims’ network and infected devices, and deliver additional payloads (such as a PowerSploit-based Mimikatz reflective loader, Mimikatz SSP, ProcDump, and a legitimate Avast memory dump tool).
SessionManager targets (Kaspersky)
“The exploitation of exchange server vulnerabilities has been a favorite of cybercriminals looking to get into targeted infrastructure since Q1 2021. The recently discovered SessionManager was poorly detected for a year and is still deployed in the wild,” added Pierre Delcher, a Senior Security Researcher at Kaspersky’s GReAT.
“In the case of Exchange servers, we cannot stress it enough: the past year’s vulnerabilities have made them perfect targets, whatever the malicious intent, so they should be carefully audited and monitored for hidden implants, if they were not already.”
Kaspersky uncovered the SessionManager malware while continuing to hunt for IIS backdoors similar to Owowa, another malicious IIS module deployed by attackers on Microsoft Exchange Outlook Web Access servers since late 2020 to steal Exchange credentials.
Gelsemium APT group links
Based on similar victimology and the use of the OwlProxy malware variant, Kaspersky’s security experts believe the SessionManager IIS backdoor was leveraged in these attacks by the Gelsemium threat actor as part of a worldwide espionage operation.
This hacking group has been active since at least 2014, when some of its malicious tools were spotted by G DATA’s SecurityLabs while investigating the “Operation TooHash” cyber-espionage campaign. In 2016, new Gelsemium indicators of compromise surfaced in a Verint Systems presentation during the HITCON conference.
Two years later, in 2018, VenusTech unveiled malware samples linked to the Operation TooHash and an unknown APT group, later tagged by Slovak internet security firm ESET as early Gelsemium malware versions.
ESET also revealed last year that its researchers linked Gelsemium to Operation NightScout, a supply-chain attack targeting the update system of the NoxPlayer Android emulator for Windows and macOS (with over 150 million users) to infect gamers’ systems between September 2020 and January 2021.
Otherwise, the Gelsemium APT group is mainly known for targeting governments, electronics manufacturers, and universities from East Asia and the Middle East and mostly flying under the radar.
Do you want to send email to WordPress users from your admin dashboard?
It’s actually quite simple to use WordPress for sending emails to your registered users. This can be useful if you have a membership site and want to send email announcements or other updates to your site members.
In this article, we’ll show walk you through the steps for sending emails to WordPress users without needing any code.
When Should You Send Email to WordPress Users?
WordPress automatically sends transactional emails to your customers like order receipts and password reset links. But you can also send mass emails to your entire list of users from WordPress. While this isn’t a recommended practice, it’s a good option to have in case you don’t have a proper email list maintained in an email marketing service.
If your website allows users to register, learning how to email users right from your WordPress dashboard is always an important skill. You may want to send emails about new product updates, changes to your website, or other important announcements.
How to Send Email to All WordPress Registered Users
To send emails to your WordPress users, just follow the steps below. First, we’ll set up WP Mail SMTP to take care of your WordPress email delivery from the backend. Then, we’ll set up another plugin that lets you select your WordPress email recipients, compose an email, and send it.
First, you’ll need WP Mail SMTP on your site to deliver your emails reliably to intended recipients.
By default, WordPress uses PHP Mail for emails which is commonly responsible for poor email delivery and spam blocks by mailing servers.
A much more dependable method for sending emails takes advantage of SMTP. In SMTP, your emails are properly authenticated, so their legitimacy is easy to verify. As a result, your WordPress emails are able to avoid spam filters and reach recipients without fail.
To install WP Mail SMTP on your site, first select a plan that’s appropriate for your needs.
You’ll be able to log into your WP Mail SMTP account area once you’ve purchased a plan and created your account. From your account area, click on the Downloads tab.
Now, press the Download Mail SMTP button to start the ZIP file download.
While the download is in progress, it’s a good idea to use this moment to copy your WP Mail SMTP license key. You’ll need this later on.
When the file has finished downloading, open your WordPress dashboard. Then, go to Plugins » Add New.
Here, you can upload the plugin file that you just downloaded. Click on the Choose File button and locate your WP Mail SMTP zip file in your download folder.
After selecting the file, click on Install Now. It will only take a few seconds for WordPress to install this plugin.
Press the blue Activate Plugin to activate WP Mail SMTP on your site.
Great job! Now we just have to configure a mailer with WP Mail SMTP to finish the setup.
2. Integrate WP Mail SMTP With a Mailer
WP Mail SMTP needs an API connection with a mailer service in order to deliver your WordPress emails properly.
The WP Mail SMTP setup wizard allows you to set up a connection between your WordPress site and a mailer service very easily.
After you activate the plugin, the setup wizard should launch automatically. But if for any reason it didn’t start, you can launch it manually.
From your WordPress dashboard, go to WP Mail SMTP» Settings. Underneath the Mail section, find and click the Launch Setup Wizard button.
The wizard will ask you to select an SMTP mailer service from a wide range of options.
If you need a reliable and reasonably priced mailer, we recommend SendLayer. However, you’re free to choose from other available options.
When you’ve selected a mailer, click Save and Continue. You’ll need to fill out a few fields to configure the mailer connection.
If you need help setting up a particular mailer, click one of the links below for detailed instructions.
In the final step of the setup, WP Mail SMTP will ask you to check the features that you want to enable. If you have the paid version, you can enable extra features like email logs (which we highly recommend for the purposes of this topic).
If you check the Pro features, the setup wizard will then require you to add your license key (which we copied in an earlier step). Insert your license key and then press Verify License Key.
The wizard will now send a test email to make sure your configuration is properly set up. If all is good, move to the next step.
3. Get the Send Users Email Plugin
Now that you have WP Mail SMTP configured, you can rest assured that your emails originating from any plugin on your site will always deliver successfully.
But by default, there’s no way in WordPress to write an email and send it to your WordPress users at will.
To be able to send emails to any recipient of your choice in WordPress, you’ll need to install a plugin called Send Users Email.
When the plugin is installed and activated on your site, you can start sending emails to your WordPress users easily.
4. Send Email to Registered Users
Open your WordPress admin area and then click Email to Users » Email Roles.
You should now see a page with options to send emails to people selected by their assigned WordPress roles. If you want to send the email to all of your WordPress subscribers, checkmark the box against Subscriber.
You can also select other types of users as your recipients such as administrators and authors. The email subject field lets you write a subject line for your email. There’s also a rich text field for composing the body of your email message.
After selecting recipients and writing the email, press the Send Message button,
Your email will now start sending to all WordPress users that you selected by role above.
But what if you only want to email individual users rather than mass emailing your entire list?
The Send Users Email includes a feature that lets you individually select each registered WordPress user you wish to send your email to.
To access this feature, go to Email to Users » Email Users. Here, you’ll see a list of all registered WordPress users on your site. You can simply select the users that you want to send emails to from this list.
As before, you can use the email subject field and email message fields to customize your subject line and email content.
Press the blue Send Message button to send your email to individually selected WordPress users.
Congratulations! You now have the necessary tools to send emails to WordPress users entire individually or to your entire subscriber list.
5. Track Your WordPress Emails (Optional)
Generally, WordPress isn’t the best way to send emails and run email marketing campaigns. This is because of the inherent limitations of the platform when it comes to email functionalities.
WordPress is primarily a content management system, so its email capabilities are only basic. For the best results and much easier management, you should consider using a dedicated email marketing service (Sendinblue, Constant Contact, and MailerLite to name a few).
However, if you are going to send some of your emails from WordPress, then it’s wise to log and track your emails.
One of the many benefits of WP Mail SMTP Pro is that it includes email tracking features. With this feature, WP Mail SMTP can track how many times your emails were opened and clicked by your subscribers.
To enable this feature, navigate to WP Mail SMTP » Settings.
On the top of the Settings page, click on the Email Log tab.
Here, make sure that the Email Log option is enabled.
Now scroll down to view additional email tracking settings. You can enable open and click tracking to collect open and click rate data for every WordPress email you send to users.
With email tracking enabled, you will be able to see engagement metrics for each email right within your WordPress dashboard.
This information is extremely helpful as it allows you to experiment with different subject lines to produce higher engagement levels.
And that’s all! You now know how to send email to WordPress users (by role and individually) and also track the performance of your emails from your admin area!
Ready to fix your emails? Get started today with the best WordPress SMTP plugin. WP Mail SMTP Elite includes full White Glove Setup and offers a 14-day money-back guarantee.
If you’re like me, you often find yourself feeling like there’s not enough time in the day—and by often, I mean pretty much every day. When there’s no time to waste and you have to nail down your priorities, adding structure and consistency becomes a necessity. That’s where time blocking apps are an excellent way to manage your schedule: they force you to plan out every minute of your day.
Connect your time-tracking app to your other tools
Some time blocking apps work better for people who are more visual, while others are better for those who need more organization. Some apps are geared towards solopreneurs and freelancers, while others are designed for folks who work as part of a corporate team. That’s why I spent several weeks testing dozens of time blocking apps—to figure out which ones were the best for which people.
Whatever your reason for time blocking, one of the time blocking calendars here should speak to you and your needs.
Time blocking is a time management technique where you schedule how you’ll spend your time during every minute of every day. Each task you need to complete gets time scheduled on your calendar, so you can make sure you have the bandwidth for every to-do list item.
Most people’s work calendars look like this:
Your meetings are there, and the rest of your time is just assumed to be open. A time blocked calendar, meanwhile, fills in all of those gaps:
Time blocking as a time management technique was popularized by Cal Newport, author of Deep Work. Newport says he dedicates 10-20 minutes every evening to time blocking his schedule for the next day, but when you choose to block your time and create your schedule depends on what works best for you. You might create your schedule every day when you get to work, at the end of every work day for the next day, or at the beginning of each week for the rest of the week.
Additionally, you can approach the time blocking method in a couple of different ways. You might schedule time blocks for specific tasks around your meetings and other commitments, or you might choose to schedule time specifically for meetings and other commitments.
For example, instead of accepting meeting invites for whenever people send them, you may block off Monday, Wednesday, and Friday for working on tasks and leave Tuesday and Thursday open for people to schedule meetings. Then, you can break those big sections for Monday, Wednesday, and Friday down into specific tasks—daily or weekly, based on your priorities.
Scheduling time for tasks forces you to think about how long each task is going to take you to complete, which, over time, can help you form more realistic estimates.
What makes a great time blocking app?
How we evaluate and test apps
All of our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.
You could just use your calendar app to time block your schedule, or even a sheet of paper, but dedicated time blocking tools make the process a lot easier. Here are the criteria I used to determine the best time blocking software:
Integration with your current calendar. Being able to sync a calendar with a time blocking planner saves time and helps keep schedules error-free, so this is a must-have.
Ease of use. Some apps are just downright hard to figure out, so it was essential that my picks had a simple, intuitive interface that was easy to navigate.
Calendar and tasks in one place. No one wants to deal with having their projects and to-dos scattered in too many places. The purpose of a time-blocking app should be to simplify, which means being able to find and review your tasks in a central place.
Customization. While the ability to customize features like colors, themes, lists, alerts, and notifications is of varying importance, I chose apps that I felt provided enough flexibility to fit most people’s day-to-day needs.
Integration with other tools. Integrating your time block planner with your calendar is just the standard, but integration with other apps and tools is a wonderful cherry on top.
Sunsama is by far the best-designed app on this list. The app wastes no space, and after setting it up, you’ll immediately understand how to use it. There’s a task list, sorted by date, and there’s a sidebar with a calendar. You can flip this around if you want, but either way, it’s quick to drag tasks over to your calendar, making it convenient to jot down all your duties for the day and then focus on planning them all out accordingly.
Another neat feature is the ability to properly categorize all your tasks. Most time blocking apps have some kind of tagging aspect, but Sunsama takes it a little further with what they call contexts and channels. Contexts are essentially overarching categories, like Work or Personal. Within those categories, you can create sub-categorizations, like Focus Time, Creative Time, or Family Time to further drill down the organization of tasks.
Where Sunsuma really stands out is how it helps you plan out your day. Sign on in the morning, and you’ll be asked which tasks you have to work on, how long you think they are, and when you want to do them all. It really makes the process of blocking your day painless, and there’s even support for sending a summary of your plan for the day over to Slack in a single click. When nearing the end of your day, Sunsama will prompt you to jot down what you finished that day and what you didn’t get to, which I found a nice way to regroup before logging off.
The app is full of little touches like this, and the result is that time blocking your daily to-do list feels easier here than in any app we tested. And integrations with Trello, Gmail, GitHub, and Jira mean you can drag tasks over from a variety of apps. Google and Outlook calendars are both supported. The main downside: there’s no free plan.
Sunsama pricing: Starts at $20/month. No free version, though there is a 14-day free trial.
If you’re looking for a Sunsama alternative, try Timepage. It’s not a traditional time blocking app, but the sleek interface and added features, like weather reports and RSVP reminders, make it a worthy option.
HourStack is well-suited for teamwork, with the ability to add multiple users and manage an entire team’s workflow. But it also works well as a task tracker app for individual professionals who just want to keep track of their work, monitor how much time is spent on each task, and block time out to focus.
You start by blocking time for the day/week. Then, when you’re ready to start on each task, click the task, and select Start to initiate a timer. When you’re finished working on the task, you can complete it if it’s finished, or if you run out of time, you can roll the task over to work on it again later. In the Reports section, you’ll see detailed metrics for the time estimated and spent on each task. And as bonus, you can integrate HourStack with Google Sheets to export all your insights, which is very useful when you need to present or share your time spent with people who don’t use HourStack. I also personally loved how visual the platform was—you can see all your tasks and events for the week as cards on your dashboard (Sunsama actually does this similarly, too).
HourStack will pull events from Google Calendar and Outlook 365, but it doesn’t add those events directly onto your HourStack calendar. Instead, you’ll see them in a sidebar on the right side of the screen and can drag and drop them onto your HourStack calendar.
The main downside to HourStack is that it doesn’t have a place to keep a to-do list. Instead, you’re mostly using your calendar to capture your to-dos. But it does have native integrations with apps like Trello, Todoist, and Asana, so you can see your to-dos from another app within HourStack to plan and schedule in one place. There are also integrations with HubSpot, GitHub, and Google Sheets—plus basically every other app, thanks to HourStack’s Zapier integrations, which let you do things like automatically adding new calendar events to your HourStack calendar and vice versa.
Add new Google Calendar events to your HourStack week
HourStack Pricing: 14-day free trial. Personal plan starts at $9/month.
Timely is an HourStack alternative that also allows you to track billable projects within a team. One of the biggest differences is the lack of an actual timer—instead, it uses a Memory app to track time automatically, which is nice, especially if you’re working on other projects in the background.
If you use Trello or Jira as your to-do list or project management tool, Planyway lets you block time on your calendar using those tasks.
You can easily create and place all your tasks into your pre-created Trello lists (or create new lists within Planyway), and then just drag and drop them onto the Planyway calendar. Connect your existing calendar, and you’ll see those same tasks or events with the rest of your schedule. The app did take a bit of time to think about integrating with my Google Calendar, but after a few refreshes, it wound up working just fine.
Planyway also gives you the option to connect it to your Google, Outlook, or Apple calendar, so you can see your calendar appointments in context. On its Free and Basic plans, Planyway supports one-way syncing: you can see your Planyway cards in your calendar using an iCal URL, but you can’t see your calendar events in Planyway. Two-way syncing that keeps both calendars in sync is available on the Pro plan.
Planyway Pricing: The Free plan includes one-way calendar syncing; from $3.99/month for the Pro plan that includes two-way calendar syncing and recurring tasks.
TickTick Premium lets you compile your tasks in a to-do list and then block time for those tasks on your calendar. But TickTick offers a feature that the others don’t: a Pomodoro timer. So if you want to combine time blocking with the Pomodoro Technique—or if you’re looking for the best task management app with built-in time blocking—TickTick Premium may be the best option for you.
Adding tasks to your calendar in TickTick isn’t as simple as it is in some of the other apps. Instead of dragging and dropping tasks onto your calendar, you have to take a few steps. While adding a task, you can use natural language processing to add a due date—for example, you could type “walk the dog tomorrow.” Do that, and your task will have a due date. If you forget, that’s ok: you can edit a task and select a due date. It will then show up on your calendar as an all-day event—you can drag it to whatever time you want.
TickTick can also pull events from your existing calendar and display them on your TickTick calendar; or you can set it up to push TickTick events to your main calendar. You can’t manage calendar appointments in TickTick, though—the appointments from your calendar are basically only there for reference. But it’s enough to plan your day.
Another neat feature to take advantage of is the Eisenhower Matrix. The name may sound a little intimidating, but it’s actually very simple. You can use the matrix to organize your tasks according to Urgent & Important, Urgent & Unimportant, Not Urgent & Important, and Not Urgent & Unimportant. This system essentially provides a way to properly prioritize and tag your tasks with a simple drag and drop. As someone who can get overwhelmed with the number of tasks on my plate, being able to see a visual representation of my tasks prioritized was a huge help.
You can integrate TickTick with thousands of apps using Zapier’s TickTick integrations. This is great for adding tasks to your calendar or pulling in tasks from other apps like Gmail or Slack.
Create TickTick tasks from new saved Slack messages
TickTick Pricing: The free TickTick product doesn’t include a calendar view; from $2.79/month for TickTick Premium that includes the calendar view and RSS feeds to and from third-party calendars.
Best free time blocking app for Apple users (and hyper-scheduling)
Sorted^3 is the self-proclaimed app for hyper-schedulers—and as someone who self-identifies that way, I’d absolutely agree.
Sorted^3 has an excellent onboarding flow. When you sign up, you’ll be immediately directed to a tutorial showing you how to use app shortcuts and other unique features, like Magic Select (more on that in a bit). While the amount of information may seem overwhelming at first, it does a superb job of guiding you through all the features that are available to you as you start using them.
On the hyper-categorization front, there’s a tab for lists that has sections for errands, notes, links, and groceries, so you can put any tasks or information that you want to store for later—but you can also schedule out any tasks from the lists as well.
Back to Magic Select. This feature lets you quickly highlight multiple items in your schedule. This means you can delete, recategorize, retag, or reschedule multiple tasks without too much effort. Surprisingly, out of all the other apps I tested, none had this feature.
You’ll also get an auto-scheduling feature. You can add all your tasks to the schedule section, assign a certain period of time for each one, and then let Sorted^3 do the heavy lifting of blocking out time for all your tasks. You can even add an automatic buffer period between tasks, and you’re able to move things around after they’ve been scheduled.
Sorted^3 also has some nice Apple-specific features. For example, you can sync to iCloud and can take advantage of Siri to plan out tasks.
Sorted^3 pricing: Free; PRO version is $14.99
SkedPal also has great auto-scheduling capabilities, and it’s worth a look if you like the idea of Sorted^3 but don’t use Apple devices. SkedPal’s time map feature allows you to throw a task into a category, like Focus Time or Weekends, and then automatically schedules it within that task category.
Do you need a time block app?
You might decide that you don’t need a dedicated app for time blocking, and that’s fine. Here are some other ideas:
We included TickTick in the list above, but some of the other best to-do list apps also have basic time blocking features, including Any.do and Todoist.
Honestly, any of the best calendar apps could work for calendar blocking. Just add your tasks as calendar appointments.
Serene is a distraction blocking app that also works great for planning your day. It’s not exactly a time blocking app, but might be better for some people.
Also worth noting: if you already have a great to-do list app and a great calendar app, you could just connect the two using Zapier.
Google Calendar + Jira Software ServerMore details
But if you want everything in one app, one of the tools in this list should do the trick. Each app offers a free plan or free trial, so you can try them all and pick the one that works best for you.
Yes, you need to turn shortcuts on. If you try these Gmail shortcuts without turning them on first, you’ll be slamming that C key into the void. So if you think your Gmail keyboard shortcuts aren’t working, try this first.
To turn on Gmail shortcuts:
Click the Settings gear in the top-right corner, then See all settings.
Scroll down to the Keyboard shortcuts section, and choose the Keyboard shortcuts on option.
Scroll to the bottom, and click Save Changes.
Congrats! You can use all of Gmail’s shortcuts now—here are the ones you should start using right away.
1. Browse through your emails
Prefer using keyboard navigation over mouse? Flip through the email threads in your inbox using K to go to the previous email and J to go to the next email.
Press Enter / return to open the selected thread. Then:
Press U to go back to your inbox.
Press ]or[ to archive the message and go to the previous or next message.
Press # to delete the message.
Press Shift+Uto mark the message as unread.
2. Jump between categories
Gmail also has “jumping” shortcuts that instantly take you to your desired inbox category. Use the following combos to visit different categories:
Main inbox: G + I
Starred conversations: G+S
Snoozed conversations: G+B
Sent messages: G+T
Drafts: G + D
All mail: G + A
If you like to use Google Tasks and Gmail together, you can even go to the Tasks window by pressing G + K.
3. Compose new emails
Here’s a universal and easy-to-remember one: composing a new message. Press C, and the trusty New Message window will pop up.
4. Add CC and BCC
When you open a compose window, it keeps the CC and BCC options nestled for you to click and add fields for them. Add those fields instantly using the Gmail shortcut Ctrl / command + Shift + C(CC) or Ctrl / command + Shift + B (BCC).
How to create a Gmail shortcut
You can change your Gmail shortcut keys to better suit your workflow. Here’s how to customize Gmail shortcuts:
Go back into the main settings menu you used to turn on shortcuts, then click the Advanced tab.
Find Custom Keyboard Shortcuts and choose Enable. Gmail will send you back to your inbox.
When you visit the main settings menu again, you’ll see a new tab titled Keyboard Shortcuts.
Click that tab, and you’ll get a menu where you can customize your shortcuts as much as you’d like.
Do more with Gmail
Want to go even further? Here’s a list of every Gmail shortcut, courtesy of Google itself. And here are a few more guides to make you a Gmail power user:
.png)
