We’re happy to announce that we’ve brought two-factor authentication to Magento in partnership with Magento development agency Human Element. This new plugin, named Sentry, will allow Magento retailers a solution for secured, two-factor authentication. Two-factor authentication offers enormously enhanced security for Magento eCommerce stores. Passwords alone have never been a great way to handle secure […]
If you don’t update your WordPress site, it may be vulnerable to hackers. Updating a WordPress site is one of those tedious tasks that has to be done, but doesn’t usually confer any obvious benefit. Sometimes you’ll get a new feature, but most of the time, you hit the update button, the site prints out […]
The Heartbleed bug was one of the worst online security vulnerabilities in recent memory, allowing an attacker to read chunks of a server’s memory that might contain private keys, authentication credentials, and other sensitive data. In the wake of Heartbleed, it’s a good time for WordPress site owners to audit their security procedures and implement […]
Most WordPress users knows that WordPress plugins should be updated. Updates frequently include patches that fix security vulnerabilities. Part of every WordPress user’s routine should include regular plugin and core updates. But there’s another source of potential vulnerability that WordPress users may not be aware of: many themes include bundled plugins and those plugins are […]
We are publishing this post in the hope that all Magento users can utilize this information to determine if their site has been compromised and take the steps required to correct the problem. We were recently contacted by a client regarding a Common Point of Purchase Investigation that was initiated by a credit card issuer. […]
We’ve discussed WPtouch before — it’s a useful plugin for easily equipping a WordPress site with a mobile theme and touch functionality. It was recently reported by the folks over at Sucuri that the plugin contains a vulnerability that could be exploited by users without administrative privileges to upload PHP files to a server. It’s […]
Vulnerabilities have been discovered in the popular All In One SEO Pack WordPress plugin that could allow privilege escalation and cross-site scripting attacks. The plugin has been patched and users should ensure that they immediately update to the most recent version or there is a real risk of their WordPress site being compromised. In a […]
Update, Update, Update! Everybody has seen this over and over again, and with good reason. WordPress is one of the most widely used Content Management Systems (CMS) for blogging and the security patches provided in their updates can help keep your site secure. The older your WordPress version is the more time there has been […]
Magento recently posted an important security update that affects all versions prior to CE 1.7.0.2 and EE 1.12.0.2. The vulnerability is specifically in the Zend Framework’s Zend_XmlRpc module, which means that any application built on the Zend Framework is potentially vulnerable. See: ZF2012-01 Nexcess implements a Web Application Firewall that should offer protection from this […]
The question of whether you can store credit card information within Magento comes up a lot here at Nexcess. The answer to this question is unfortunately not very clear when looking for an answer elsewhere including on the Magento website. To clarify the answer to this question, there are a few things that need to […]
Your inbox needs more Nexcess
Grow your online business faster with news, tips, strategies, and inspiration.
