Monday, April 27, 2015

Your site has been updated automatically to the latest version of Wordpress

Wordpress software is quite user friendly. It even provides an automatic update feature, so you don't have to think abut it at all. Pretty cool, huh?! Or is it?

I received a call from a client today who had received one of those automatic update alert from her website, which is built on Wordpress. She had decided that her son was capable of handing the simple maintenance of her site, and she was working with on on her other internet marketing and presence. He son has set Wordpress to automatically update. In the last week alone, there has been three updates.

The problem is, that the update had a conflict something else that was installed on her website and now her website wasn't working. Some pages were goobly gook and others were totally crashed.

In a panic, she called and begged hoping there was a simple fix. The answer was maybe and sort of.

I asked a very important question - "When was the last time you did a full backup of your site?"  Her answer was the key to how easily (or not) her site could be restored.  Her website had been backed up only a month ago. Good.
However, since that time her son had made several updates to plugins, changed a few settings and then set Wordpress to automatically update. Not so good. In short, her update was outdated.

She was advised that it was still possible to restore her website to that previous backup, however, any changes her son had made since that date would not be included. And she would still have to  update Wordpress.

It's not uncommon for a conflict to occur between on outdated plug in and Wordpress. It's also not uncommon for two plugins to dislike each other. Some developers never update their plugin or offer support once it's been released.

Putting her site back online also meant she needed to troubleshoot what may have caused the conflict so it didn't happen again.

Fortunately for her we were able to get her back online in a few hours and our regular rush fee. The glitch was a conflict between an outdated plugin and the new version of Wordpress.  All it takes is one line of code to cause a conflict.  We found a few other questionable areas in the code of her old theme (we didn't design) that also prevent her site from converting well on mobile devices. That's an entirely different fix.

It's all good for her now. Her son now knows that although automatic updates can be convenient, they can also be costly.  He will be doing more backups now.

Your website is your brand online.  Regardless of how someone may have heard of your, they will attempt to learn more about you from your online presence.

 For assistance, training or consultation with your internet presence, call 800-569-8279



Wednesday, April 8, 2015

FBI warns, Wordpress sites are a target for malicious code and hackers

This is not a joke, but a serious warning for persons with Wordpress sites that are not being managed well. Like many modern software packages, WordPress is updated regularly to address new security issues that may arise, however some websites do not allow for automatic, or do not check often for necessary updates, and are left running old, potentially vulnerable versions.
WordPress hacking is not new. WordPress is attractive to hackers simply by virtue of being so popular. Studies show that over 60% of websites are build on a WordPress platform, and less than half of those are updated on any regular basis. Not only is it bad for marketing to have an old website, it is a security breech waiting to happen.
If you delegate the management of your website to a company or person outside of your organization, you may not be aware of how much protection you need, and if you are getting it. If you work on a WordPress platform, you are aware of how many times a plug in or theme needs an update. If you are running security software on your site, you may also see how many times an attempted hack has been thwarted. If you are not running security software on your site, you are simply opening yourself up to trouble.
Although you may think your site is too small or not important enough to hackers to be a target, you could find that some hackers get a kick out of hacking small sites for practice, fun and bragging rights. If you are hacked it is disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. 
Keeping your site secure may seem complex and tedious, however, it is important.
The solution:
1. Check your site daily and update themes, plug-ins and software..
2. Use an administrative log-in other than "Admin"
3. Use strong passwords and change them often
4. Install and keep updated security software on your computer and your website
5. Use a plug-in that limits the amount of log-ins
6. Keep all your plug-ins updated.
7. Be proactive about protecting your website
8. Use a security software/plug-in that alerts you when someone attempts to hack your site
9. Make sure the computers you use are free of spyware, malware, and virus infections.
10. Always keep your operating system and the software on it, especially your web browser, up to date to protect you from security vulnerabilities.
11. Make sure you are running secure, stable versions of your web server and the software on it.
12. Update the firewall rules on your home router
13. Be careful about what networks you work from, ie: free WIFi is NOT secure and neither are the passwords you use when on these free networks.
14. Work with a competent internet management person or firm who will stay on top of all this for you.
eCommerce sites need to be extra aware of potential hacks, so as not to lose customers and/or revenue.

Two recent vulnerabilities in shopping cart plugins/software were reported:
     X-Cart contains multiple vulnerabilities. Read the alert here
     In March a serious SQL injection vulnerability was discovered in WooCommerce. If you use WooCommerce, it should be updated ASAP.
strong recommendation: ecommerce sites should follow PCI compliance and always be https regardless of how many products and regardless of whether you are using a plug-in or special links directly to your payment processor.
If you don't know the status of the internal workings and code of your website, now is the time. Either consult with your webmaster for a full report, get educated and check for yourself or seek a consultation with a person or firm that can help you.
FYI: the link to the FBI press release: http://1.usa.gov/1NUgobq

If you think your internet presence or your website needs an checkup, let's talk. Click to email us. We'll listen first, look at your online presence and then offer our recommendations. One size does not fit all.The solution for you should be unique to your business and goals.