Another month has passed and we’re back with a new roundup of the web’s best ExpressionEngine, WordPress, and Magento content. July saw the release of both ExpressionEngine 2.9 and a new WordPress beta, as well as the official announcement that Magento Go and ProStores will be shut down. And, of course, Germany won the World Cup. Knowing it’s hard to keep up with all the great content around the web, we gathered up those stories and other relevant articles into one convenient location. If you’d like more great content on a day-to-day basis, follow us on Twitter, Facebook, and Google+. Enjoy and let us know if we missed anything important in the comment section. Otherwise, here’s the best from July.
If you have a WordPress blog, you will get comment spam. WordPress comment threads can become a mess of nonsense comments and link spam. Luckily there are tools available that will take care of the great majority of comment spam, although bloggers will still have to keep an eye out, both false positives and false negative can occur.
What’s The Point Of Comment Spam?
The most common motivation for comment spamming is black hat link building. Google and other search engines use the number of incoming links for a page or domain as a signal for ranking them in search engine results pages. More links is better. Comment spammers use automatic botnets to seek out open comment threads that they can use to create a link. This doesn’t really work; Google have become smarter at figuring out what’s spam and what’s not, and WordPress comment links have nofollow meta tags on by default — but that doesn’t stop spammers from trying.
We are publishing this post in the hope that all Magento users can utilize this information to determine if their site has been compromised and take the steps required to correct the problem.
We were recently contacted by a client regarding a Common Point of Purchase Investigation that was initiated by a credit card issuer. These investigations are used to pinpoint the source of fraudulent activity reported by card holders. Our security team immediately began a comprehensive internal investigation to pinpoint the root cause of the fraudulent activity on the client’s account. Our security team found evidence of Magento core files having been modified to skim credit card data during the checkout process. The skimmed data would then be logged to a fake image file (actually a text file) located in the media folder, then the attacker would download these text files from a remote server.
Next, our security team began a scan of our entire infrastructure to determine if any other client sites were affected by the same exploit. We found a total of 39 sites (out of 15,000 Community and 1,500 Enterprise Magento stores) hosted with us, were affected by the same exploit. We immediately contacted all of the affected clients before their credit card processing companies had even detected a problem.
We have since cleaned all of the sites that were exploited and contacted all of the affected clients about the exploit.
PLEASE NOTE: If you are hosted with us and have not been contacted by our security team regarding this issue, then we believe your site has not been affected by this exploit. We are committed to the safety and security of your data and we take these issues very seriously. As a precaution, we are running hourly scans of our infrastructure to detect any further compromises.
We’ve discussed WPtouch before — it’s a useful plugin for easily equipping a WordPress site with a mobile theme and touch functionality. It was recently reported by the folks over at Sucuri that the plugin contains a vulnerability that could be exploited by users without administrative privileges to upload PHP files to a server.
It’s a serious vulnerability that could allow the addition of PHP backdoors and other malware to a site — if a malicious party can add arbitrary code, they more or less own the site.
Users of 3.x versions lower than 3.4.3 of WPtouch are vulnerable. The fix is contained in versions 3.4.3 and later. WPtouch users should update immediately using the update functionality in the WordPress admin interface. Users of the 1.x and 2.x versions are not vulnerable to this particular exploit. Read more
We’ve written on a couple of occasions about Google Authorship, a semantic markup system that links an article with the Google Plus profile of its author. It had the benefit of enhancing the snippets that appear on search engine results pages with a photo, byline, and various other pieces of information drawn from a writer’s profile.
Even though the web is a global network, many businesses are happy to create an English-language site and leave it at that. In some cases, that’s fine. The burden of translation can be quite high, and if the market a site is addressing is fairly localized, then the ROI of internationalizing isn’t worth the effort. The US and Europe, most of the populations of which have at least a passing familiarity with English, have long dominated the online economy, but that’s rapidly changing.
South America, India, and China are quickly growing in online spending power, and companies that fail to address expanding markets are missing a trick. Sites that are targeted at the European market will generally find that their audiences speak English, but if they can find what they need on sites in their native languages, they’ll preferentially do business there, so the international nature of English shouldn’t be relied on.
Even within the US, providing multi-lingual sites is a good idea. The Spanish-speaking population is large, and with Mexico, and Central and South America close by, there’s much to be gained from providing at least bilingual content.
One of the perks of using WordPress is the large number of themes. There are themes that provide just about any aesthetic or function, with many thousands of free and premium themes available from the official repositories, theme marketplaces like ThemeForest, and direct from developers like Elmastudio — one of my personal favorites.
But, not all themes are equal. Because of WordPress’s popularity, theme developers can make a lot of money. That’s attracted many people to the market, both the talented and professional, and the under-skilled and slipshod. For a new WordPress user, it can be difficult to discriminate between the two — a theme that appears perfect in a showcase can disappoint after payment.
I’d like to offer a few simple guidelines that will help new WordPress users make a choice that they’ll be happy with.
With the start of the World Cup in June, eyes around the globe have been glued to televisions ever since. Instead of judging you for missing all the great content that was being created over the last month, we went ahead and rounded it all up into one convenient location. These are the best eCommerce, WordPress, and ExpressionEngine posts from June. If you’d like more great content on a day-to-day basis, follow us on Twitter, Facebook, and Google+. Enjoy and let us know if we missed anything important in the comment section! P.S. Make sure to get to the end of the roundup for Minions playing soccer. It’s worth it, we swear.
Unless you’ve been living under a rock, you’re probably aware that domain registrars and web hosting companies have started to offer a large number of new generic top-level domains. There is some confusion among web hosting clients as to the status of these new domains, so I thought it would be useful to explain what they are, why they were created, and the potential benefits to hosting clients.
What Is A Generic Top-Level Domain?
Top-level domains are the final part of a bare domain name; “.com”, “.net”, and “.me” are all common examples of TLDs. Domain names come in a couple of different varieties: generic domain names (gTLD) and country-code domain names (ccTLD). The latter are intended to be used for sites that have a relationship to a specific geographic area, “.fr” and “.jp”, for example, although that is somewhat complicated by the way Google regards some ccTLDs, such as “.me”, the ccTLD for Montenegro, which for SEO purposes are treated the same as a generic TLD. As the name suggests, gTLDs have no ties to specific regions, and can be used by anyone. There are other top-level domains with a slightly different status, like “.cat”, but for our purposes the distinction between gTLDs and ccTLDs is sufficient.
Over the last few years, crowdfunding has taken off in a big way. In 2011, a total of $1.5 billion was raised through crowdfunding. In 2012, that number increased to $2.7 billion. The most successful crowdfunding projects raise many millions of dollars, with prominent examples being Star Citizen, a video game that raised over $44 million dollars after having asked for $500,000; the Pebble smartwatch, which exceeded $10 million; and the Ubuntu Edge, which failed in its (somewhat over-optimistic) goal of raising $32 million, but was pledged almost $12 million dollars.
The leading crowdfunding platforms, Kickstarter, have had a huge impact on the opportunities available for makers, creatives, and anyone who has a great idea but lacks the capital and connections to turn it into reality. While there are obvious advantages to using established crowdfunding platforms, the most notable being a built-in audience, a platform designed for running crowdfunding projects, and experienced people handling the financial aspects of the process, there are also benefits to going it alone and building a platform over which you exert complete control.
Naturally, WordPress offers several solutions to the problem of home-grow, self-hosted crowd funding. But, I’m going to highlight what I consider to be one of the best WordPress crowdfunding plugins available.