We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.

Your Digital Commerce Experts
Nexcess Logo

Nexcess Blog

|
Category : security
April 21, 2015

We’ve Brought Two-Factor Authentication To Magento!

We’re happy to announce that we’ve brought two-factor authentication to Magento in partnership with Magento development agency Human Element. This new plugin, named Sentry, will allow Magento retailers a solution for secured, two-factor authentication. Two-factor authentication offers enormously enhanced security for Magento eCommerce stores. Passwords alone have never been a great way to handle secure […]

December 17, 2014

Why Is It So Important To Keep A WordPress Site Updated?

If you don’t update your WordPress site, it may be vulnerable to hackers. Updating a WordPress site is one of those tedious tasks that has to be done, but doesn’t usually confer any obvious benefit. Sometimes you’ll get a new feature, but most of the time, you hit the update button, the site prints out […]

September 24, 2014

Protect Your WordPress Sites With Two-Factor Authentication

The Heartbleed bug was one of the worst online security vulnerabilities in recent memory, allowing an attacker to read chunks of a server’s memory that might contain private keys, authentication credentials, and other sensitive data. In the wake of Heartbleed, it’s a good time for WordPress site owners to audit their security procedures and implement […]

September 10, 2014

WordPress Users Should Ensure Theme-Bundled Slider Revolution Plugins Are Up-To-Date

Most WordPress users knows that WordPress plugins should be updated. Updates frequently include patches that fix security vulnerabilities. Part of every WordPress user’s routine should include regular plugin and core updates. But there’s another source of potential vulnerability that WordPress users may not be aware of: many themes include bundled plugins and those plugins are […]

July 25, 2014

Recent Exploit using Fake Magento Extensions

We are publishing this post in the hope that all Magento users can utilize this information to determine if their site has been compromised and take the steps required to correct the problem. We were recently contacted by a client regarding a Common Point of Purchase Investigation that was initiated by a credit card issuer. […]

July 25, 2014

WordPress Vulnerability: Update WPtouch As Soon As Possible

We’ve discussed WPtouch before — it’s a useful plugin for easily equipping a WordPress site with a mobile theme and touch functionality. It was recently reported by the folks over at Sucuri that the plugin contains a vulnerability that could be exploited by users without administrative privileges to upload PHP files to a server. It’s […]

June 06, 2014

Security Vulnerability: All In One SEO Pack WordPress Plugin Users Should Update Immediately

Vulnerabilities have been discovered in the popular All In One SEO Pack WordPress plugin that could allow privilege escalation and cross-site scripting attacks. The plugin has been patched and users should ensure that they immediately update to the most recent version or there is a real risk of their WordPress site being compromised. In a […]

June 05, 2013

More Tips To Keep Your WordPress Site Secure

Update, Update, Update! Everybody has seen this over and over again, and with good reason. WordPress is one of the most widely used Content Management Systems (CMS) for blogging and the security patches provided in their updates can help keep your site secure. The older your WordPress version is the more time there has been […]

July 05, 2012

Important Magento Security Update

Magento recently posted an important security update that affects all versions prior to CE 1.7.0.2 and EE 1.12.0.2. The vulnerability is specifically in the Zend Framework’s Zend_XmlRpc module, which means that any application built on the Zend Framework is potentially vulnerable. See: ZF2012-01 Nexcess implements a Web Application Firewall that should offer protection from this […]

March 30, 2012
By Brad

PCI, Magento, and Storing Credit Card Information

The question of whether you can store credit card information within Magento comes up a lot here at Nexcess. The answer to this question is unfortunately not very clear when looking for an answer elsewhere including on the Magento website. To clarify the answer to this question, there are a few things that need to […]