Nexcess
Nexcess Blog Logo
Category : Security
July 19, 2016

WP Hammer Is A Data Privacy Tool For WordPress Developers

WordPress professionals often find they need to work on a copy of a client’s site. It’s almost never a good idea to work on a live site — too many things can go wrong. When changes are needed, it’s better to copy the client’s site, make the necessary changes, test them, and then integrate any […]

June 02, 2016

Is Amber The Solution To Link Rot For WordPress Site Owners?

The web has come a long way since the days in the early nineties when Tim Berners-Lee first published his ideas about a new way to organize information. But the web as we know it would be recognizable — if astonishing — to its early users because the core technology of the web, the link, […]

April 20, 2016

Clef Brings No-Hassle Two-Factor Authentication To WordPress

Passwords are not a great authentication method — a point that’s been made many times, not least by me on this blog. Passwords are great in theory, but in practice, when users are asked to choose and manage strong passwords, they don’t. They choose easy-to-remember and hence easy-to-guess passwords. And they use the same password […]

February 03, 2016

Stop Brute Force Bots Wasting Your WordPress Site’s Resources

A brute force attack is the least sophisticated technique online criminals have to compromise WordPress sites. It doesn’t take advantage of obscure coding errors or advanced social engineering techniques. Rather, a brute force attacker simply tries lots of username and password combinations until they find one that works. The execution may be more or less […]

October 29, 2015

Magento Security Advisory: Patch Bundle SUPEE-6788 Includes Fixes For Multiple Vulnerabilities

The SUPEE-6788 patch for Magento Community Edition and Magento Enterprise Edition includes fixes for potential SQL injection, remote code execution, and cross site scripting vulnerabilities. On 27th October, Magento released the SUPEE-6788 bundle of patches, which can be downloaded here. The bundle includes patches for a number of critical vulnerabilities. Magento users running versions of […]

October 20, 2015

WordPress Users Should Update The Akismet Plugin To Avoid Cross-Site Scripting Vulnerability

WordPress site owners who use the Akismet comment spam filtering plugin should update to version 3.1.5 of the plugin as soon as possible. Older versions of the plugin are vulnerable to a cross-site scripting attack that could put WordPress sites and users at risk of compromise. Sites with automatic updates activated should already be running […]

August 18, 2015

What Is A Web Application Firewall For WordPress?

WordPress is a relatively secure content management system. As we’ve discussed before, there is no such thing as completely secure software, but the WordPress development team do an excellent job of keeping WordPress users safe by introducing as few vulnerabilities as possible and fixing them when they arise. That said, WordPress is enormously popular, which […]

August 11, 2015

Here's Why Your Magento Store Needs Two-Factor Authentication

Passwords alone are not a good authentication mechanism. Too many things can go wrong with passwords for eCommerce retailers to entirely trust them. Users often choose weak passwords or accidentally allow them to fall into the hands of malicious individuals. Particularly in the eCommerce world, where sensitive data, money, and a business’s reputation are on […]

August 10, 2015

Magento Security Advisory and Patch (SUPEE-6482)

Magento has just released patch SUPEE-6482, which addresses four different vulnerabilities affecting Magento Community and Enterprise editions. We strongly advise all Magento store administrators to update to the latest version to address these vulnerabilities (1.9.2.1 for Community or 1.14.2.1 for Enterprise). Those that do not want to update to the most current version of Magento […]

August 04, 2015

Magento Introduces Security Alert Registry

In the wake of a number of serious vulnerabilities — including the critical ShopLift vulnerability — Magento announced in May that it would be introducing the Magento Alert Registry to keep eCommerce retailers up-to-date about potential security problems. You can now sign up here. “We are committed to platform security and are taking proactive steps intended to […]