Tag Archives: WordPress

Watch Out for WordPress Vulnerabilities

At SWCP, we love our WordPress. This site is run on WordPress, we support the platform and strive to make it as easy and safe to use as possible, and we even host meetings at Ideas and Coffee to discuss how to use it most effectively. After all, WordPress is now used by up to a quarter of all sites on the Web, and there are thousands of themes and plug-ins to make it look and behave pretty much any way you want. But all that success brings with it a downside, which is that now the bad guys have begun to target it. The latest attack is both frightening and dangerous. Somehow – the means is still unknown – hackers have been able to inject code that sends visitors to a fake ad site. These sites are loaded with evil ransomware that can take over the user’s machine. More information can be found here. Before freaking out, note that: The redirect only attacks first-time visitors. Regular visitors and the site administrators will therefore be unaware of this and unaffected by it. Apparently, only users with out-of-date versions of Adobe Flash Player (yet again), Adobe Reader, Microsoft Silverlight and Internet Explorer are vulnerable. For some reason, the flaw is not detectable by most anti-virus programs yet. So users need to be alert. If you visit a site and are redirected to another, do not click on anything. Instead close your … Continue reading

Posted in News, Security, Warnings | Tagged , , , , , , , , | Leave a comment

Stop Worrying About Your WordPress Site

Here at SWCP, we love WordPress, the planet’s most popular and versatile open-source blogging and Content Management System. This very blog is a WordPress site, our Basic Web-Hosting package is tailored to support WordPress websites, and we even hold frequent WordPress meet-ups and working sessions at our Ideas & Coffee coworking suite next door. So, when news recently came of a serious bug potentially affecting all out-of-date WordPress sites, we were deeply concerned. This latest security threat, a “critical unpatched 0-day vulnerability affecting WordPress’ comment mechanisms“, should not be ignored. It would allow an attacker to manipulate post comments to infect visitors with malware, spam, or even install backdoors on your site. The first thing to do is to disable comments, check to make sure no bad actors have commented or become members and eliminate them. Then you should immediately backup and upgrade the WordPress platform to version 4.2.1, which is now patched. If you already updated to 4.2.1 a while ago, you may have to do so again. For someone who is not technically-minded, or just wants a simple, safe platform on which to do their thing, this can be asking a lot. Though the process of updating has become much easier over the years, many people still put off site updates as long as possible, unfortunately all-too-often not until the site breaks or is compromised. Site maintenance is nowhere near as fun as posting, after all, and to … Continue reading

Posted in Resources, Warnings | Tagged , , , , | Comments Off on Stop Worrying About Your WordPress Site

Important Updates for Web-Publishers

If you own or run a website, there are a few new wrinkles you should know about. In the first place, the powers that be at ICANN who run the World Wide Web’s all-important Domain Name System have instituted a new hoop for domain owners to jump through. Since January 1 of this year, all new domains, any that get transferred or have any owner or contact information changed, must have the domain owner’s email address verified – or else. The domain’s administrative contact will be sent an email from the registrar with an activation link to be clicked or ICANN will disable the domain. If the message is not replied to within 15 days, the site will not be usable at at all until fixed – not even including email. This whole procedure violates just about every safety tip SWCP has issued to users to help everyone stay safe online. So Southwest Cyberport will do all we can to track the process, make it easy, prevent shutdowns, and keep it secure. We apologize in advance for any inconvenience. It can be expected that bad guys will try to take full advantage of this situation. Remember that no legitimate message will ever ask for your username or password. If you have any doubts, please call or email Tech Support. But whatever you do, please don’t ignore it. Note that this validation message will be sent only to that email address … Continue reading

Posted in News, Resources, Tips and Tricks | Tagged , , , , , , | Leave a comment