Network Solutions – WordPress Security Update

Network solutions has issues this email about their WordPress security update: 

As you may be aware, there are ongoing attacks against WordPress across the world. Attempts are made frequently by criminals to gain control over your WordPress blog and to then use that for their own illegal purposes. Your best protection is to make sure you maintain your WordPress installation at the latest release version and to ensure that you use a complex password that is not easily guessed. 

Why this update? 

Criminals are inventive and resourceful. Right now they are using the longstandingpingback feature in WordPress to create distributed denial of service attacks (DDOS) against third party websites. There is a high probability that your website might be used for such an attack unless you take specific action to disable pingbacks

What should you do? 

The recommended action is to simply install install this plugin if you use version 3.5 or later. 

More information can be found about this sort of attack on Brian Kreb’s web site

Or by visiting Sucuri Security’s blog posting on the subject: More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack

I am not an expert, where do I get help? 

If you aren’t technical (and most of us aren’t) then we would suggest you contact the person responsible for building your WordPress blog and ask them for assistance. Alternatively, you could contact NS customer service team who would be glad to assist you. 

Do you need SSL “SSL Certificate” for your online store?

Do you need SSL "SSL Certificate" for your online store?

Ecommerce is a very complex business and every business owner needs to know at least the very basics of ecommerce website design in order to fully understand the complexity. So lets say you have your ecommerce website ready to launch and your web developer tells you to get a SSL Certificate.

Do you really need it? The answer depends whether you will be processing credit card payments on your website or a third party website. Lets look at both scenarios.

Accept payments on your site: This requires you to encrypt all the transactions so that all the data that gets transferred is being securely transmitted. In this case you must get a SSL certificate since you are liable for processing these payments.

Process payments on a third party website: This option will send your customers on another website e.g and after the payment is fully processed they will be re-directed back to your website. In this case you do not need to buy an SSL certificate since you are not liable for encrypting this transactions. All you are doing is sending the user to the merchant who processes credit cards securely.

So where you need an SSL certificate or not it depends on what kind of ecommerce system you end up using.

Facebook Adds Page Admin Roles

Facebook has finally added admin roles to manage pages. Not sure why it took them so long maybe it has to do with the IPO who know but its great to page management. Now business can set permissions on what users can post, view or interact. This is a long waited feature that almost any blog offers so for Facebook to add this new feature is a great addition. Below is a graph that shows the user/admin roles.

Facebook Adds Page Admin Roles

Pages admins can now have different roles, each with different capabilities — manager, content creator, moderator, advertiser and insights analyst, in order of descending permissions.

Top admins or Facebook Managers 
Who can create pages posts, respond to and delete comments and create ads. Each administrator must be tied to a different person’s Facebook page.

Did your WordPress website get hacked ?

WordPress is an extremely popular open source content management system which is for blogging but also as a core business website. WordPress is a great CMS and has tons of features and plugins but being open source it also means that anyone can download it and view the source code including hackers. Most people install WordPress through their hosting company which may be offered as a “one-click-install” using Fantastico or Simple Scripts which makes it very easy. However, what most of people dont know is that that WordPress is such a targeted platform by hackers who know all the security vulnerabilities and can explore them. Most people are not tech savy when it comes to dealing with WordPress as it was installed from a third party website so they get stuck and end up with only headaches.

Most common hacking problems:

  • Weak Passwords
  • Outdated WP version
  • Being on a shared hosting
  • Incorrect File Permissions
  • Untested or Buggy Plugin-ins
  • MySQL Injections
  • FTP hacking

And the list goes on and on as hackers always find loopholes to dig in. The funny thing is that these hackers do it for the fun of the game not to really do any harm but its embarrassing to a business when a customer goes to the homepage to find a hackers message.

So what to do if your WordPress is hacked ?

First, this to do is change all of your passwords including server and FTP not only your WordPress. Second, take your site down and put a simple html “under maintaince” page so people dont see the hacked message. Third, go to your backups(assuming you have backups) and restore everything back to normal starting with WP files as well as database files. If this fails then you have to ask for professional programmer or WordPress expert to fix the issue.

Installing WordPress is one thing but keeping it safe its a whole different animal and appropriate security patches need to be added for future prevention. Hope this helps and if you need any help with WordPress let us know!