Make It So
A significant number of my clients are entrepreneurs who are in the early stages of coming to grips with “I can do anything but I can no longer do everything.” They are torn between wanting to maintain their website themselves…
An Emerging Threat to Your WordPress Website
I want to alert you to an emerging threat to your WordPress website and what you need to do about it. For lack of a better term, this threat is being called WordPress Plugin Supply Chain Attack. It goes something…
How Many Ticking Time Bombs Are In Your Website?
We received notification this morning that one of the WordPress plugins used by several of our clients had been updated. A quick review of the plugin’s release notes revealed that a cross-site scripting (XSS) security vulnerability had been discovered and…
How I Stopped a Website Hacker in Mid Hack
I recently received an email from a friend. He fortunately has the free version of Wordfence installed on his website. Wordfence sent him this alert: An admin user with the username backup was created outside of WordPress. He forwarded the…
WordPress 4.8’s Updated Text Widget Contains a Trap for the Unwary
Short-But-Technical Version: If you have elements like onmouseover, onmouseout, and onclick in IMG tags in your text widgets they will get stripped out when you update your WordPress to version 4.8. Long Version: In WordPress version 4.8, the text widget…
A Website Owner’s Worst Nightmare
Imagine getting a call from one of your customers. She tells you that your website infected her computer with a virus and now the virus is holding her files for ransom. The answer is a good firewall and daily scans…
So You Want to Add a Members-Only Area to Your WordPress Website
This week I’ve been asked by two clients to add password-protected membership areas to their websites. In one case, the client wants to create a members-only area containing paid content. In the other case, the client wants a highly secure…
Google Docs Phishing – BEWARE!!
An evil phishing worm masquerading as "Google Docs" is roaming the internet. It sends you an e-mail claiming to be from a friend or relative who wants to share a document with you. Clicking on the "Open in Docs" button asked you…
I’m a Preventer
I’m a ‘Preventer’ As I get off the phone with another person with a busted website, I’m reminded of Liam Neeson’s line in the movie ‘Taken’ when he’s explaining what his government job was. I’m a Preventer. I prevent bad…
How Your Website Gets Hacked, Reason #472
This morning during our daily scan of a client's website, we noted a plugin needed an update. Sometime in the past few hours, the author released a new version. It is our normal practice to review the release notes of…