We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.

Your Digital Commerce Experts
Nexcess Logo

Nexcess Blog

|
Category : security
August 18, 2015

What Is A Web Application Firewall For WordPress?

WordPress is a relatively secure content management system. As we’ve discussed before, there is no such thing as completely secure software, but the WordPress development team do an excellent job of keeping WordPress users safe by introducing as few vulnerabilities as possible and fixing them when they arise. That said, WordPress is enormously popular, which […]

August 11, 2015

Here's Why Your Magento Store Needs Two-Factor Authentication

Passwords alone are not a good authentication mechanism. Too many things can go wrong with passwords for eCommerce retailers to entirely trust them. Users often choose weak passwords or accidentally allow them to fall into the hands of malicious individuals. Particularly in the eCommerce world, where sensitive data, money, and a business’s reputation are on […]

August 10, 2015

Magento Security Advisory and Patch (SUPEE-6482)

Magento has just released patch SUPEE-6482, which addresses four different vulnerabilities affecting Magento Community and Enterprise editions. We strongly advise all Magento store administrators to update to the latest version to address these vulnerabilities (1.9.2.1 for Community or 1.14.2.1 for Enterprise). Those that do not want to update to the most current version of Magento […]

August 04, 2015

Magento Introduces Security Alert Registry

In the wake of a number of serious vulnerabilities — including the critical ShopLift vulnerability — Magento announced in May that it would be introducing the Magento Alert Registry to keep eCommerce retailers up-to-date about potential security problems. You can now sign up here. “We are committed to platform security and are taking proactive steps intended to […]

July 16, 2015

WordPress' New Security Czar Is Good News For The WordPress Community

WordPress is a complex software ecosystem. Its huge userbase and an active developer community numbering in the tens of thousands make for a potential security nightmare, but, in fact, it functions surprisingly smoothly. For users who hear only about the most recent security vulnerability, it might not appear so, but the widespread publicity of security […]

July 14, 2015

New Magento Community Edition Security Patch Released — Immediate Patching Is Advised

Magento has made available a new patch bundle that addresses several serious security vulnerabilities. Magento CE & EE users should update immediately to ensure that their eCommerce store and its users are not put at risk. Among the vulnerabilities addressed are the potential leaking of customer information and cross-site scripting vulnerabilities. The patch bundle — […]

May 22, 2015

Magento Releases New Patch Bundle To Address Multiple Security Vulnerabilities

Magento has released a bundle of patches that fix several vulnerabilities. The vulnerabilities addressed by the patch can be exploited by attackers to disclose confidential information and execute code remotely. The bundle (SUPEE-5994) can be downloaded here and should be applied as soon as possible by users of Magento Community Edition and Magento Enterprise Edition. […]

May 20, 2015

Backing Up Your WordPress Database The Right Way

One of the most heartbreaking experiences I’ve had when advising people about WordPress was with a friend of mine who had spent weeks setting up her site, writing content, and posting images, only to lose everything just as she was about to launch because she mistyped a command on her VPS’s command line. Of course, […]

April 27, 2015

Magento Shoplift Vulnerability – Download Patch Now

A patch has been released to fix a remote code execution vulnerability in both Magento Enterprise and Community Editions. In February, Check Point researchers announced that they released details of the critical RCE (remote code execution) vulnerability in the Magento platform. Checkpoint originally found this exploit back in February and contacted Magento privately regarding the […]

April 21, 2015

We’ve Brought Two-Factor Authentication To Magento!

We’re happy to announce that we’ve brought two-factor authentication to Magento in partnership with Magento development agency Human Element. This new plugin, named Sentry, will allow Magento retailers a solution for secured, two-factor authentication. Two-factor authentication offers enormously enhanced security for Magento eCommerce stores. Passwords alone have never been a great way to handle secure […]