Site: US UK AU |
Nexcess Blog

Posts by: Nexcess

Is A Passive Income WordPress Site A Realistic Goal?

August 27, 2015 0 Comments

Passive IncomeHere’s the dream scenario. You have a hobby about which you are enthusiastic and knowledgeable. You suspect there’s an audience of like minded hobbyists interested in what you have to say on the subject.

You start a blog. Hosting is inexpensive, social media promotion offers enormous reach. You write and publish a couple of dozen articles. To your surprise, the blog is a huge success, with traffic levels exceeding your wildest expectations. To monetize the blog, you add a few Google Ad units and some affiliate links. You write reviews of niche-relevant products so you can embed more affiliate links.

Read more

Posted in: Nexcess

Google Now Requires AdSense Users To Get Permission For Tracking Cookies

August 25, 2015 0 Comments

Tracking CookiesGoogle recently announced that publishers who serve ads with the company’s AdSense product must comply with EU regulations requiring publishers to seek permission from EU users before they can add tracking cookies to the user’s browser.

If you live in the EU, and possibly if you live elsewhere, cookie warnings will be part of your day-to-day life on the Internet. Within many EU countries, site owners are legally required to ask permission before setting tracking cookies. The regulations are implemented into law by EU member countries in various ways, and there’s no overarching interpretation, but the upshot is that if a site wants to track users with cookies, they have to, at the very least, inform them that they will do so, and in many cases get explicit permission.

Read more

Posted in: Nexcess

What Is A Web Application Firewall For WordPress?

August 18, 2015 0 Comments

Web Application FirewallWordPress is a relatively secure content management system. As we’ve discussed before, there is no such thing as completely secure software, but the WordPress development team do an excellent job of keeping WordPress users safe by introducing as few vulnerabilities as possible and fixing them when they arise. That said, WordPress is enormously popular, which makes it a prime target for those of our fellow online citizens who lack a moral compass.

It falls on WordPress hosts like Nexcess and WordPress site owners like you to make every effort to prevent online criminals from getting what they want — access to your WordPress site and its users. We do this by building secure networks, following security best practices, and keeping our sites updated.

Read more

Posted in: Nexcess

Reactor Can Turn Your WordPress Site Into A Mobile Application

August 13, 2015 0 Comments

ReactorReactor from AppPresser is a new tool that can create a native application for iOS and Android from your existing WordPress site.

As a platform for building mobile-friendly websites, WordPress is well ahead of the curve. Theme marketplaces are full of responsive themes that make it straightforward to build sites that play well with devices of all sizes.

In general, responsive design is the best way to go when you want to offer a good experience on mobile: it’s less expensive and time-consuming than a dedicated mobile site, and it’s certainly less work than developing a mobile application from scratch.

Read more

Posted in: Nexcess

Here’s Why Your Magento Store Needs Two-Factor Authentication

August 11, 2015 0 Comments

Two-Factor AuthenticationPasswords alone are not a good authentication mechanism. Too many things can go wrong with passwords for eCommerce retailers to entirely trust them. Users often choose weak passwords or accidentally allow them to fall into the hands of malicious individuals. Particularly in the eCommerce world, where sensitive data, money, and a business’s reputation are on the line, something more than the humble password is needed.

Two-factor authentication is the best way to supplement password logins to make them secure. The more factors of identification a user can present to an authentication system, the higher the chance that they are who they claim to be. When you apply for a bank account, the bank will ask you for several forms of identification: maybe your passport, driver’s license, and a utility bill with your address on it. It would be quite easy for a third-party to get hold of any one of those, but it’s unlikely they can get all three.

Read more

Posted in: Nexcess

Magento Security Advisory and Patch (SUPEE-6482)

August 10, 2015 0 Comments

Magento has just released patch SUPEE-6482, which addresses four different vulnerabilities affecting Magento Community and Enterprise editions. We strongly advise all Magento store administrators to update to the latest version to address these vulnerabilities ( for Community or for Enterprise). Those that do not want to update to the most current version of Magento must manually apply the SUPEE-6482 patch to fix these same vulnerabilities.

The first two vulnerabilities involve issues with input validation in the Magento API. In one of these, an attacker could remotely include arbitrary PHP code in an API request. This type of attack only works when used against specific server and PHP configurations and while logged in with valid API credentials. However, this still presents a risk in cases where a compromised API account has only limited access because attackers may exploit it to escalate their privileges. The other API vulnerability allows an attacker to probe internal network resources using a malformed API password.

The next two vulnerabilities addressed by SUPEE-6482 affect only Magento Enterprise users, but are much more severe. The worst of these involves cache poisoning, where attackers use unvalidated host headers to modify pages in a Magento store, though this will only work on specific server configurations. Finally, the patch addresses a cross-site-scripting vulnerability in the Magento’s gift registry search. This vulnerability allows attackers to steal cookies or impersonate Magento users, presumably by tricking those users into following a malicious link.

For more information about how to apply the patches to your Magento store, refer to the instructions on the Magento website.

For additional details about the SUPEE-6482 patch, refer to the Magento release notes.

Posted in: Nexcess

Six Must-Have Performance Optimizations For New WordPress Sites

August 6, 2015 0 Comments

WordPress Performance OptimizationsThe developers of WordPress have to strike a careful balance between performance and feature-set or complexity. WordPress is so easy to use because it’s a dynamic site generator: it builds pages on the fly from PHP scripts and MySQL database entries. That’s not an inherently slow process, but it’s slower than serving static HTML, CSS, and JavaScript. If we couple the performance hit introduced by WordPress with the trend towards image-heavy web design, the combination is likely to produce slower sites than we’d ideally like.

Slow sites are bad for any number of reasons, but the most important is that slow sites make for bad user experiences. No one likes to wait. That goes double for users on mobile with low-bandwidth connections and strict data caps.

Fortunately, there’s quite a lot we can do with a basic WordPress installation to improve its performance. In this article, I’m going to take a look at six techniques WordPress users can implement to improve their site’s performance.

Read more

Posted in: Nexcess

Magento Introduces Security Alert Registry

August 4, 2015 1 Comment

Security Alert RegistryIn the wake of a number of serious vulnerabilities — including the critical ShopLift vulnerability — Magento announced in May that it would be introducing the Magento Alert Registry to keep eCommerce retailers up-to-date about potential security problems. You can now sign up here.

“We are committed to platform security and are taking proactive steps intended to ensure this. In the coming weeks, we will be establishing the Magento Alert Registry to serve as a direct line of communications in future urgent situations, separate from any marketing communications. By being able to connect with both our Community and Enterprise Edition merchants directly via your preferred method – email, text or social – we will be able to more quickly inform you of steps to resolution.”

Read more

Posted in: Nexcess

Why Don’t More eCommerce Retailers Use Video?

July 30, 2015 0 Comments

eCommerce RetailersVideo is huge, yet the number of eCommerce retailers that take full advantage of video is vanishingly small. Even Amazon is tapping only a fraction of the potential of video for increased sales, conversions, and promotion.

Video is seen as being difficult and expensive, which partially explains the timidity of eCommerce retailers. In some cases that’s true, but it needn’t be, and the potential upside of a successful video strategy is more than worth the investment.

A recent article from EConsultancy gathered together case studies from six retailers who used video and found that conversion rates increased between 30 and 160%.

Read more

Posted in: Nexcess

Assess Your WordPress Theme’s Accessibility with Tota11y

July 28, 2015 0 Comments

Color CombinationsAccessibility is not often at the front of our minds when we are choosing or designing a WordPress theme. We’re more concerned with aesthetics, functionality, and conversion potential. But ignoring accessibility excludes a huge proportion of our potential users.

Worldwide there are 285 million people with visual impairments, 39 million of whom are legally blind. There are almost as many people with hearing impairments, and a huge number with movement problems that make navigating the web difficult. That’s a lot of people who won’t be able to enjoy your site unless you invest a little time and effort to make it compatible with tools like screen readers.

Read more

Posted in: Nexcess