Web Hosting Blog

Jul 25

  • Created: Jul 25, 2014 2:15 PM

Recent Exploit using Fake Magento Extensions

We are publishing this post in the hope that all Magento users can utilize this information to determine if their site has been compromised and take the steps required to correct the problem.

We were recently contacted by a client regarding a Common Point of Purchase Investigation that was initiated by a credit card issuer. These investigations are used to pinpoint the source of fraudulent activity reported by card holders. Our security team immediately began a comprehensive internal investigation to pinpoint the root cause of the fraudulent activity on the client’s account. Our security team found evidence of Magento core files having been modified to skim credit card data during the checkout process. The skimmed data would then be logged to a fake image file (actually a text file) located in the media folder, then the attacker would download these text files from a remote server.

Next, our security team began a scan of our entire infrastructure to determine if any other client sites were affected by the same exploit. We found a total of 39 sites (out of 15,000 Community and 1,500 Enterprise Magento stores) hosted with us, were affected by the same exploit. We immediately contacted all of the affected clients before their credit card processing companies had even detected a problem.

We have since cleaned all of the sites that were exploited and contacted all of the affected clients about the exploit.

PLEASE NOTE: If you are hosted with us and have not been contacted by our security team regarding this issue, then we believe your site has not been affected by this exploit. We are committed to the safety and security of your data and we take these issues very seriously. As a precaution, we are running hourly scans of our infrastructure to detect any further compromises.

Read more

Posted in: Nexcess
Jul 25

  • Created: Jul 25, 2014 1:25 PM

WordPress Vulnerability: Update WPtouch As Soon As Possible

Wordpress Plugin vulnerability

We’ve discussed WPtouch before — it’s a useful plugin for easily equipping a WordPress site with a mobile theme and touch functionality. It was recently reported by the folks over at Sucuri that the plugin contains a vulnerability that could be exploited by users without administrative privileges to upload PHP files to a server.

It’s a serious vulnerability that could allow the addition of PHP backdoors and other malware to a site — if a malicious party can add arbitrary code, they more or less own the site.

Users of 3.x versions lower than 3.4.3 of WPtouch are vulnerable. The fix is contained in versions 3.4.3 and later. WPtouch users should update immediately using the update functionality in the WordPress admin interface. Users of the 1.x and 2.x versions are not vulnerable to this particular exploit. Read more

Posted in: Security, WordPress
Jul 15

  • Created: Jul 15, 2014 4:43 PM

Creating Multilingual WordPress Sites

Multilingual WordPress

Even though the web is a global network, many businesses are happy to create an English-language site and leave it at that. In some cases, that’s fine. The burden of translation can be quite high, and if the market a site is addressing is fairly localized, then the ROI of internationalizing isn’t worth the effort. The US and Europe, most of the populations of which have at least a passing familiarity with English, have long dominated the online economy, but that’s rapidly changing.

South America, India, and China are quickly growing in online spending power, and companies that fail to address expanding markets are missing a trick. Sites that are targeted at the European market will generally find that their audiences speak English, but if they can find what they need on sites in their native languages, they’ll preferentially do business there, so the international nature of English shouldn’t be relied on.

Even within the US, providing multi-lingual sites is a good idea. The Spanish-speaking population is large, and with Mexico, and Central and South America close by, there’s much to be gained from providing at least bilingual content.

Read more

Posted in: Nexcess
Jul 10

  • Created: Jul 10, 2014 1:58 PM

Choosing The Right WordPress Theme For Your Site

One of the perks of using WordPress is the large number of themes. There are themes that provide just about any aesthetic or function, with many thousands of free and premium themes available from the official repositories, theme marketplaces like ThemeForest, and direct from developers like Elmastudio — one of my personal favorites.

But, not all themes are equal. Because of WordPress’s popularity, theme developers can make a lot of money. That’s attracted many people to the market, both the talented and professional, and the under-skilled and slipshod. For a new WordPress user, it can be difficult to discriminate between the two — a theme that appears perfect in a showcase can disappoint after payment.

I’d like to offer a few simple guidelines that will help new WordPress users make a choice that they’ll be happy with.

Read more

Posted in: Nexcess, WordPress
Jul 8

  • Created: Jul 8, 2014 2:32 PM

Roundup of June’s Best ExpressionEngine, WordPress, and Magento Content

June 2014 RoundupWith the start of the World Cup in June, eyes around the globe have been glued to televisions ever since. Instead of judging you for missing all the great content that was being created over the last month, we went ahead and rounded it all up into one convenient location. These are the best eCommerce, WordPress, and ExpressionEngine posts from June. If you’d like more great content on a day-to-day basis, follow us on Twitter, Facebook, and Google+. Enjoy and let us know if we missed anything important in the comment section! P.S. Make sure to get to the end of the roundup for Minions playing soccer. It’s worth it, we swear.

Read more

Posted in: Monthly Roundups
Jun 27

  • Created: Jun 27, 2014 2:00 PM

What Do The New Generic Top-Level Domains Mean For Webmasters?

New Top Level Domains and SEO for webmasters

Unless you’ve been living under a rock, you’re probably aware that domain registrars and web hosting companies have started to offer a large number of new generic top-level domains. There is some confusion among web hosting clients as to the status of these new domains, so I thought it would be useful to explain what they are, why they were created, and the potential benefits to hosting clients.

What Is A Generic Top-Level Domain?

Top-level domains are the final part of a bare domain name; “.com”, “.net”, and “.me” are all common examples of TLDs. Domain names come in a couple of different varieties: generic domain names (gTLD) and country-code domain names (ccTLD). The latter are intended to be used for sites that have a relationship to a specific geographic area, “.fr” and “.jp”, for example, although that is somewhat complicated by the way Google regards some ccTLDs, such as “.me”, the ccTLD for Montenegro, which for SEO purposes are treated the same as a generic TLD. As the name suggests, gTLDs have no ties to specific regions, and can be used by anyone. There are other top-level domains with a slightly different status, like “.cat”, but for our purposes the distinction between gTLDs and ccTLDs is sufficient.

Read more

Posted in: Nexcess
Jun 25

  • Created: Jun 25, 2014 3:03 PM

Using WordPress As A Crowdfunding Platform

Over the last few years, crowdfunding has taken off in a big way. In 2011, a total of $1.5 billion was raised through crowdfunding. In 2012, that number increased to $2.7 billion. The most successful crowdfunding projects raise many millions of dollars, with prominent examples being Star Citizen, a video game that raised over $44 million dollars after having asked for $500,000; the Pebble smartwatch, which exceeded $10 million; and the Ubuntu Edge, which failed in its (somewhat over-optimistic) goal of raising $32 million, but was pledged almost $12 million dollars.

The leading crowdfunding platforms, Kickstarter, have had a huge impact on the opportunities available for makers, creatives, and anyone who has a great idea but lacks the capital and connections to turn it into reality. While there are obvious advantages to using established crowdfunding platforms, the most notable being a built-in audience, a platform designed for running crowdfunding projects, and experienced people handling the financial aspects of the process, there are also benefits to going it alone and building a platform over which you exert complete control.

Naturally, WordPress offers several solutions to the problem of home-grow, self-hosted crowd funding. But, I’m going to highlight what I consider to be one of the best WordPress crowdfunding plugins available.

Read more

Posted in: Nexcess, WordPress
Jun 19

  • Created: Jun 19, 2014 5:08 PM

How To Get Help From WordPress Plugin Developers (And How Not To)

Getting WordPress Plugin Help

If you’re a WordPress user, the chances are that you’ll have to interact with plugin developers at some point. It can be frustrating and anxiety-inducing when a plugin goes awry, especially if it has a significant impact on your site’s functionality or even stops it working altogether. On many occasions, I’ve seen WordPress users vent that frustration at plugin developers. As satisfying as that might be in the short-term, it’s not helpful.

Developers work on free plugins for a variety of different reasons: to give back to a community from which they have benefitted, to publicize a premium version of their plugin or some other service, or simply as a hobby. If you’re using a free plugin on your WordPress site, you’re getting something for nothing from a developer who is probably very busy putting food on their table with a full-time job in addition to working on the plugin. Developers don’t have the time or the inclination to deal with rude, demanding, or uninformative users.

To help you deal with plugin developers in a way that’s likely to have a positive result for both you and the developer, it is helpful to keep a few simple guidelines in mind.

Read more

Posted in: Nexcess, WordPress
Jun 17

  • Created: Jun 17, 2014 4:18 PM

Alternative Payment Methods To Outstrip Credit Cards For Global eCommerce

eCommerce and alternative payments

US eCommerce was built on the back of secure credit card data handling and a population of which the majority own a credit cards. In the US, and much of the rest of the world, credit cards are still the primary method of payment, but the proportion of people choosing to use alternative payment methods is set to reach half of the global eCommerce market, which is surprising when you consider that Amazon, the biggest fish in the eCommerce pond, doesn’t accept alternative payment methods on its main eCommerce store, in spite of offering its own spin on alternative payments.

In fact, the number of companies offering alternative payment methods is rapidly growing, with a particular focus on mobile payments. Amazon, Google, and others offer digital wallets, and Apple and Facebook are expected to jump on board in the near future. It’s likely that the battle for the wallets of eCommerce shoppers will be fought and won on mobile platforms, an area in which both Google and Apple are well placed to dominate.

But across the alternative payment market as a whole, the more established players continue to rule the roost, with PayPal and AliPay being the most prominent. AliPay, which is China’s leading online payment solution, processed over €100 Billion worth of transactions, making it world’s third largest mobile payment provider.

Read more

Posted in: Nexcess