Web Hosting Blog

Oct 29

  • Created: Oct 29, 2014 10:45 AM

SSLv3 Support to be Disabled due to CVE-2014-3566 (POODLE)

We have been following the recently discovered vulnerability known by CVE-2014-3566 (popularly referred to as POODLE). This specific vulnerability has affected the SSLv3 protocol which is supported by most Nexcess servers. SSLv3 (also known as SSL 3.0), is an old and outdated Internet cryptographic protocol that was designed to ensure secure connections for various services including HTTPS. While more modern protocols such as Transport Layer Security (TLS) have generally replaced it, SSLv3 has remained available on most systems to allow fallback compatibility to older legacy software.

POODLE itself is a man-in-the-middle type of attack. This type of attack is difficult to exploit and we have seen no cases or evidence of it affecting any of our systems. Regardless, we have chosen to disable SSLv3 on all of our systems within the coming few weeks. Unfortunately, this necessary step may cause compatibility problems to users using old browsers (specifically Internet Explorer 6 on Windows XP). Any clients using IE6 attempting to connect to a site with SSLv3 disabled will not be able to do so.

Read more

Posted in: Nexcess
Oct 22

  • Created: Oct 22, 2014 2:00 PM

Roundup of October’s Best ExpressionEngine, WordPress, and Magento Content

Lego USBSince our last roundup, we’ve had the pleasure of attending ExpressionEngine Conference and meeting up with all of our friends, old and new alike, in the EE Community. We were also proud to have the opportunity to speak at this year’s event, slides of which we have shared at the bottom of this post. Now, if you follow us on Twitter, Facebook, and Google+, you’ll you know that in addition to ExpressionEngine content, we also like to share the best Magento and WordPress articles that we find each month. Here are the best from September and October. Enjoy and let us know if we missed anything important in the comment section.

Read more

Posted in: Monthly Roundups
Oct 21

  • Created: Oct 21, 2014 1:27 PM

We Asked: What’s your biggest WordPress secret?

WordPress professionals work with the world’s favorite content management system every day and develop an intimate knowledge of the best way to build and manage WordPress sites. We wanted to understand how the most sophisticated WordPress users approach creating a great experience for their clients, so we asked some of our favorite WordPress professionals about their secret formula for creating the ideal WordPress experience.

The answers were varied: some focused on the technology, some on creating an elegant user experience, and some on the finer details of content management. In this article, we’d like to share a collection of the most insightful responses we received.

Read more

Posted in: Nexcess
Oct 15

  • Created: Oct 15, 2014 2:00 PM

File Lock Contention

File LockI’m sure that we’ve all experienced issues that deal with file lock (flock) contention. More often than not, within the Nexcess tech community, we see this occuring in Magento (typically the sessions files). As such, I figured I’d put throw together something that will allow you to troubleshooting what’s going on more efficiently. Firstly, lets review the two basic types of locks:

Read more

Posted in: Nexcess
Oct 8

  • Created: Oct 8, 2014 12:09 PM

Three Of The Best Data Visualization Tools For WordPress

Data Visualization ToolsData visualization and data journalism are becoming increasingly important to the modern media landscape. More data is available for public analysis than ever before. Data-focused journalists like Nate Silver and Ezra Klein have made a name for themselves with reporting based on hard-nosed analysis of empirical data sets. Both are in the early stages of establishing new media outlets, FiveThirtyEight and Vox respectively, that promise to take a different approach to reporting from traditional media.

The massive availability of data is a great opportunity for bloggers and businesses to delve into serious analysis, but making the most of data journalism involves data visualization. No one want to pore through massive tables of data and walls of dry text.

Read more

Posted in: Nexcess
Oct 1

  • Created: Oct 1, 2014 4:20 PM

Is WordPress Right For Legal Blogs?

Two-Factor AuthenticationLaw offices tend to be fairly conservative when it comes to technology. I know some who haven’t changed their content management system for years. “If it works, don’t fix it” is a great philosophy, but wrestling with ancient content management systems is a frustrating and unrewarding task — it certainly doens’t encourage busy lawyers to keep their sites’ fresh with new content.

Many lawyers see the advantage of writing a legal blog. It’s a powerful way to demonstrate expertise and understanding of client issues, as well as build a loyal audience, particularly among potential clients with interests that correspond to a lawyer’s area of specialization. Legal blogs are also, of course, an excellent way to capture search traffic — those who don’t blog are putting themselves at a disadvantage and failing to exploit the full potential of their website.

WordPress is without a doubt the most popular content management system. But that doesn’t necessarily mean that WordPress is the right solution for lawyers. In this article, I’d like to explain why I advise lawyers who seek my advice to use self-hosted WordPress.

Read more

Posted in: Nexcess
Sep 26

  • Created: Sep 26, 2014 4:36 PM

Addressing the Shellshock bug at Nexcess

All of our managed servers were patched for CVE-2014-6271 (the “shellshock” bug affecting the Bash shell used on most Linux- and Unix-based systems) on the September 24, 2014. As that was later found to be incomplete (resulting in bug CVE-2014-7169, or “Aftershock”), a second patch was applied today (September 26, 2014). If you’d like to read more about the bug, please see the Wikpedia entry at http://en.wikipedia.org/wiki/Shellshock_(software_bug).

As always, if you have any questions or concerns, feel free to contact us at support@nexcess.net.

Posted in: Nexcess
Sep 24

  • Created: Sep 24, 2014 2:00 PM

Protect Your WordPress Sites With Two-Factor Authentication

Two-Factor AuthenticationThe Heartbleed bug was one of the worst online security vulnerabilities in recent memory, allowing an attacker to read chunks of a server’s memory that might contain private keys, authentication credentials, and other sensitive data. In the wake of Heartbleed, it’s a good time for WordPress site owners to audit their security procedures and implement mechanisms for keeping their site and its users safe. Two-factor authentication is one easy-to-implement security strategy that makes life more difficult for hackers.

The normal username / password combination can be thought of as one-factor authentication. There is one secret token that will grant access to the site. Two-factor authentication adds another token, which can be generated in various ways: most commonly by using an application to provide a one-time password, a physical token like a Yubikey, or a biometric factor like a fingerprint.

Read more

Posted in: Nexcess
Sep 22

  • Created: Sep 22, 2014 1:52 PM

Roundup of August and September’s Best ExpressionEngine, WordPress, and Magento Content

August News RoundupKnowing it’s hard to keep up with all the great content around the web, each month we gather up the best Magento, ExpressionEngine, and WordPress articles for your convenience. If you’re new here, these posts feature a mix of news (i.e. the release of WordPress 4.0 “Benny”), helpful articles, and just generally interesting industry happenings. Looking ahead, this month we will be attending Meet Magento New York and well as ExpressionEngine Conference at the beginning of October. If you’re at either of these events, make sure to stop by and say hello. If you’d like more great content on a day-to-day basis, follow us on Twitter, Facebook, and Google+. Enjoy and let us know if we missed anything important in the comment section. Otherwise, here’s the best from August and September.

Read more

Posted in: Monthly Roundups
Sep 17

  • Created: Sep 17, 2014 2:00 PM

Using Nofollow Tags Correctly On WordPress

Nofollow Tag On WordPress
Nofollow tags are frequently misunderstood. In this article we look at nofollow tags, their rationale, and how to nofollow (or “dofollow”) links on WordPress.

Google’s success as a search engine was largely based on its founders’ development of an algorithm that used incoming links as a signal of a page’s quality. The idea is that the more people who choose to link to a page, the more valuable the page is likely to be to other people. Although Google and the other search engine operators have increased the complexity of their algorithms considerably since the early days, links still play a fundamental role in determining search engine ranking.

However, not all links are trustworthy for the purposes of determining a page’s quality and value. They are only useful if they are “editorial” links — links that are created because the value of the content is what motivated the link. Because there are various other reasons that a page might be linked to, Google decided to provide a mechanism to signal that links should not be followed by search engine crawlers. That mechanism is the nofollow meta tag, which looks like this:

Read more

Posted in: Nexcess