We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.

Your Digital Commerce Experts
Nexcess Logo

Nexcess Blog

|
Category : security
March 29, 2017

When Is It Right To Keep WordPress Vulnerabilities Secret?

Bugs are an inevitable part of the software development process. As hard as developers try to avoid them — and they try very hard indeed — mistakes will be made and some of those mistakes will cause security vulnerabilities. What’s important is how developers handle vulnerabilities when they do occur, including how they communicate about […]

January 25, 2017

WordPress Update Fixes Critical PHPMailer Vulnerability

WordPress 4.7 was released towards the end of last year and brought with it a host of new features, including a new default theme, theme starter content, and REST API content endpoints. As is usually the case with a major new WordPress version, WordPress 4.7 was closely followed by a minor release with bugfixes. WordPress […]

October 25, 2016

Magento eCommerce Merchants Should Be Vigilant For Credential And Credit Card Swipers

Magento eCommerce stores are high value targets for online criminals. Thousands of dollars a month pass through even small stores, and although the vast majority of those stores use external payment processors, malware embedded in the store’s pages could still be used to steal data as the user enters it. Using an external payment processor […]

August 18, 2016

The OurMine TechCrunch Hack Shows The Danger Of Poor Password Management On High-Profile WordPress Sites

On July 26, TechCrunch, a popular WordPress-based technology business blog, was compromised by OurMine, a team of hackers responsible for a series of attacks targeting high-profile individuals and sites. The attackers accessed a user account and published a blog post announcing that TechCrunch’s security had been breached. In this case, the attackers were relatively benign; […]

July 19, 2016

WP Hammer Is A Data Privacy Tool For WordPress Developers

WordPress professionals often find they need to work on a copy of a client’s site. It’s almost never a good idea to work on a live site — too many things can go wrong. When changes are needed, it’s better to copy the client’s site, make the necessary changes, test them, and then integrate any […]

June 02, 2016

Is Amber The Solution To Link Rot For WordPress Site Owners?

The web has come a long way since the days in the early nineties when Tim Berners-Lee first published his ideas about a new way to organize information. But the web as we know it would be recognizable — if astonishing — to its early users because the core technology of the web, the link, […]

April 20, 2016

Clef Brings No-Hassle Two-Factor Authentication To WordPress

Passwords are not a great authentication method — a point that’s been made many times, not least by me on this blog. Passwords are great in theory, but in practice, when users are asked to choose and manage strong passwords, they don’t. They choose easy-to-remember and hence easy-to-guess passwords. And they use the same password […]

February 03, 2016

Stop Brute Force Bots Wasting Your WordPress Site’s Resources

A brute force attack is the least sophisticated technique online criminals have to compromise WordPress sites. It doesn’t take advantage of obscure coding errors or advanced social engineering techniques. Rather, a brute force attacker simply tries lots of username and password combinations until they find one that works. The execution may be more or less […]

October 29, 2015

Magento Security Advisory: Patch Bundle SUPEE-6788 Includes Fixes For Multiple Vulnerabilities

The SUPEE-6788 patch for Magento Community Edition and Magento Enterprise Edition includes fixes for potential SQL injection, remote code execution, and cross site scripting vulnerabilities. On 27th October, Magento released the SUPEE-6788 bundle of patches, which can be downloaded here. The bundle includes patches for a number of critical vulnerabilities. Magento users running versions of […]

October 20, 2015

WordPress Users Should Update The Akismet Plugin To Avoid Cross-Site Scripting Vulnerability

WordPress site owners who use the Akismet comment spam filtering plugin should update to version 3.1.5 of the plugin as soon as possible. Older versions of the plugin are vulnerable to a cross-site scripting attack that could put WordPress sites and users at risk of compromise. Sites with automatic updates activated should already be running […]