Web Hosting Blog

Sep 26

  • Created: Sep 26, 2014 4:36 PM

Addressing the Shellshock bug at Nexcess

All of our managed servers were patched for CVE-2014-6271 (the “shellshock” bug affecting the Bash shell used on most Linux- and Unix-based systems) on the September 24, 2014. As that was later found to be incomplete (resulting in bug CVE-2014-7169, or “Aftershock”), a second patch was applied today (September 26, 2014). If you’d like to read more about the bug, please see the Wikpedia entry at http://en.wikipedia.org/wiki/Shellshock_(software_bug).

As always, if you have any questions or concerns, feel free to contact us at support@nexcess.net.

Posted in: Nexcess
Sep 24

  • Created: Sep 24, 2014 2:00 PM

Protect Your WordPress Sites With Two-Factor Authentication

Two-Factor AuthenticationThe Heartbleed bug was one of the worst online security vulnerabilities in recent memory, allowing an attacker to read chunks of a server’s memory that might contain private keys, authentication credentials, and other sensitive data. In the wake of Heartbleed, it’s a good time for WordPress site owners to audit their security procedures and implement mechanisms for keeping their site and its users safe. Two-factor authentication is one easy-to-implement security strategy that makes life more difficult for hackers.

The normal username / password combination can be thought of as one-factor authentication. There is one secret token that will grant access to the site. Two-factor authentication adds another token, which can be generated in various ways: most commonly by using an application to provide a one-time password, a physical token like a Yubikey, or a biometric factor like a fingerprint.

Read more

Posted in: Nexcess
Sep 22

  • Created: Sep 22, 2014 1:52 PM

Roundup of August and September’s Best ExpressionEngine, WordPress, and Magento Content

August News RoundupKnowing it’s hard to keep up with all the great content around the web, each month we gather up the best Magento, ExpressionEngine, and WordPress articles for your convenience. If you’re new here, these posts feature a mix of news (i.e. the release of WordPress 4.0 “Benny”), helpful articles, and just generally interesting industry happenings. Looking ahead, this month we will be attending Meet Magento New York and well as ExpressionEngine Conference at the beginning of October. If you’re at either of these events, make sure to stop by and say hello. If you’d like more great content on a day-to-day basis, follow us on Twitter, Facebook, and Google+. Enjoy and let us know if we missed anything important in the comment section. Otherwise, here’s the best from August and September.

Read more

Posted in: Monthly Roundups
Sep 17

  • Created: Sep 17, 2014 2:00 PM

Using Nofollow Tags Correctly On WordPress

Nofollow Tag On WordPress
Nofollow tags are frequently misunderstood. In this article we look at nofollow tags, their rationale, and how to nofollow (or “dofollow”) links on WordPress.

Google’s success as a search engine was largely based on its founders’ development of an algorithm that used incoming links as a signal of a page’s quality. The idea is that the more people who choose to link to a page, the more valuable the page is likely to be to other people. Although Google and the other search engine operators have increased the complexity of their algorithms considerably since the early days, links still play a fundamental role in determining search engine ranking.

However, not all links are trustworthy for the purposes of determining a page’s quality and value. They are only useful if they are “editorial” links — links that are created because the value of the content is what motivated the link. Because there are various other reasons that a page might be linked to, Google decided to provide a mechanism to signal that links should not be followed by search engine crawlers. That mechanism is the nofollow meta tag, which looks like this:

Read more

Posted in: Nexcess
Sep 10

  • Created: Sep 10, 2014 1:44 PM

WordPress Users Should Ensure Theme-Bundled Slider Revolution Plugins Are Up-To-Date

WordPress PluginMost WordPress users knows that WordPress plugins should be updated. Updates frequently include patches that fix security vulnerabilities. Part of every WordPress user’s routine should include regular plugin and core updates. But there’s another source of potential vulnerability that WordPress users may not be aware of: many themes include bundled plugins and those plugins are not part of the WordPress update interface.

It was recently discovered that some versions of the Slider Revolution plugin contained a critical vulnerability. This vulnerability is a particular problem because Slider Revolution is included in hundreds of premium themes, which means WordPress users are reliant on theme developers to update the version included in their themes.

In fact, the vulnerability was fixed back in February and it only became widely publicized in the last few days. The plugin’s developers quietly patched the plugin, mentioned the fix briefly in their release notes, but didn’t disclose any details. Unfortunately, the vulnerability was known to hackers, but its seriousness was not revealed to theme developers or WordPress users. That result is that many WordPress sites using themes that bundled the plugin are vulnerable. WordPress users should check their themes and ensure that bundled versions of the Slider Revolution plugin have been updated to 4.2 or later.

Read more

Posted in: Nexcess
Sep 3

  • Created: Sep 3, 2014 1:21 PM

The Pros And Cons Of Implementing SSL / HTTPS


Google has ignited a storm of interest in HTTPS, but what are the advantages and disadvantages of offering SSL-encrypted HTTPS connections to your users.

Since Google announced that serving sites over HTTPS would become a search engine ranking signal, the number of people interested in purchasing SSL certificates has skyrocketed. Many webmasters who would never have considered using HTTPS are worried that competitors will have an SEO advantage should they continue to serve their sites in the open.

Whatever you think about Google’s attempt to shape the web’s security policy using SERP position as a carrot (and stick), it’s worth thinking about the potential advantages and disadvantages of implementing HTTPS.

Read more

Posted in: Nexcess
Aug 21

  • Created: Aug 21, 2014 2:28 PM

What Can Big Data Do For eCommerce?

Big Data and eCommerce

Big Data is something of a nebulous concept, and like many ideas without a clear definition, it’s been seized on by various writers and pundits as the next big thing. It’s easy to write endlessly about something when you aren’t forced to constrain yourself to practicalities.

The eCommerce industry is nothing if not pragmatic, ever eager to grasp new technology but only if it proves itself where it matters — on the bottom line. In spite of the hype, big data is having a significant impact on how eCommerce retailers are doing business.

Big data is exactly what it sounds like. Businesses have access to far more information than ever before. That data is drawn from numerous channels: social media, customer relationship management software, web analytics, tracking, logistics, and so on. But data itself is next to useless; it’s only of value if we can harness it in ways that increase sales, customer loyalty, and conversion rates.

Read more

Posted in: Nexcess / Tagged:
Aug 19

  • Created: Aug 19, 2014 11:20 AM

WordPress Misconceptions: Do You Need A Custom WordPress Design?

Custom WordPress Themes

I was recently talking to a friend who wants to create a site for his small business. He’s a landscaper, and needs a simple site — perhaps a few pages to describe his services, a contact form, and a blog. As someone who is fairly knowledgeable about WordPress web hosting, it’s difficult for me to put myself in the position of someone who doesn’t know anything about it, and so it came as something of a surprise that he believed he would need to pay a designer to create a custom WordPress theme for his site. His business is new, and it would be significant burden on his expenses to hire a designer. He didn’t know that buying a pre-made theme was an option and was somewhat incredulous about the idea of using one, worrying that his site would end up looking like millions of others.

First, I’d like to clear up exactly what a theme is. In a nutshell a theme is a set of files that can be installed on a WordPress site to change the way it looks, and in some cases, the way it functions. WordPress is a very flexible system and can be styled in many different ways — you probably have no idea that many of the sites you visit are based on WordPress at all.

The sets of files that constitute a theme are created by developers or designers; some are given away free, some you have to pay for (premium themes), and some are created for a particular site — a custom WordPress theme. The vast majority of WordPress sites use either free or premium themes.

Read more

Posted in: WordPress
Aug 15

  • Created: Aug 15, 2014 3:01 PM

Don’t Fall For ICANN Domain Protection Certificate Scam

ICANN scam

In a recent blog post, ICANN (Internet Corporation for Assigned Names and Numbers) revealed a scam in which registrants of top-level domains like .com and .net are approached by fraudsters and told that they need to buy a certificate to “protect their domain”. Although the certificates are well designed and incorporate official ICANN graphics, the scammers are not associated with ICANN, the certificates do nothing to protect domain ownership, and the offer is entirely spurious.

Web hosting clients and domain name registrants should not pay third-parties for this purported service. Nor should they pay money to any organization claiming to be or to represent ICANN, which does not sell services to domain name registrants (the individuals and organizations that use domain names).

ICANN is a non-profit organization that was created to manage the databases that allow the Domain Name System to translate the URLs we’re all familiar with into the IP numbers that machines use to route data around the Internet, as well as a number of other services connected with DNS and Internet namespace management.

Read more

Posted in: Nexcess, Security
Aug 12

  • Created: Aug 12, 2014 2:45 PM

WordPress 4.0 Beta Is Ready For Testing

WordPress Beta

Every few months the wizards who develop WordPress put out another release. It’s always an interesting time for WordPress users and watchers, who are eager to see what benefit the new features and enhancements will bring to their site (or, if you’re more pessimistic, what new annoyances they’ll have to deal with).

In this article I’d like to take a look at the highlights of the next major WordPress release, as well as how you can get it.

First a word of warning, beta releases are, by definition, under active development — there will be bugs, there may be security vulnerabilities. I’d strongly advise you not to upgrade your production sites to the beta version. There’s a possibility it’ll hose your site or break features.

Read more

Posted in: Nexcess, WordPress