Nexcess Blog

Posts by: Nexcess

Magento Shoplift Vulnerability – Download Patch Now

April 27, 2015 0 Comments

A patch has been released to fix a remote code execution vulnerability in both Magento Enterprise and Community Editions.

In February, Check Point researchers announced that they released details of the critical RCE (remote code execution) vulnerability in the Magento platform. Checkpoint originally found this exploit back in February and contacted Magento privately regarding the issue. Magento then released a patch (SUPEE-5344) and is available here. The vulnerability is being referred to as Magento Shoplift and could potentially allow an unauthenticated attacker to execute PHP code in an affected server.

Magento has been contacting its clients with details of this vulnerability to both Community and Enterprise versions. If you are running an un-patched vulnerable version of Magento, a message should also be displayed upon logging into your admin interface informing you that patching is needed. This security issue is specific to the Magento core and is unrelated to any specific plugins or themes that you may be running.

Read more

Posted in: Nexcess

Oasis Workflow Plugin Is A Powerful Editorial Workflow Manager For WordPress

April 24, 2015 0 Comments

Oasis Workflow PluginFor a small blog with only one writer, workflows are generally straightforward: write, proofread, publish. I often suggest that one-person blogs take advantage of an editorial calendar, but beyond that there isn’t much need for more advanced workflow management tools.

The situation is entirely different for blogs with multiple writers and editors dealing with a large volume of content. Workflows can quickly become complex as articles move their way through the editorial process: it’s not unusual for an article to be worked on by three or more people at different times, and with that many people involved, it’s all too easy for work to fall between the cracks and for deadlines to be missed. Multi-author and editor blogs need something with a bit more flexibility than a basic editorial calendar.

Read more

Posted in: Nexcess

Complying With EU Cookie Laws In Magento

April 22, 2015 0 Comments

EU Cookie LawsCookies are an essential part of the modern web. Without them we’d be unable to provide the interactive sites and web applications that modern users of the web have come to expect. The web was designed to be stateless — no information about a session was carried between page loads. Cookies are the thread that modern sites use to tie together sessions — they’re how we know who our users are and they’re how we combine a group of page loads into a coherent journey. They’re also how we track users across our sites and the wider web.

It’s the tracking aspect of cookies that has user privacy implications. There are a million reasons that site owners would want to track users, and most of them are benign, but the European Union feels that in the light of the potential for privacy violations, sites should be required to give specific permission for the use of cookies. The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, which was adopted into the laws of EU member countries made it compulsory to ask for permission when accessing information stored on user’s machines, which includes cookies.

Read more

Posted in: Nexcess

We’ve Brought Two-Factor Authentication To Magento!

April 21, 2015 0 Comments

Two-Factor AuthenticationWe’re happy to announce that we’ve brought two-factor authentication to Magento in partnership with Magento development agency Human Element. This new plugin, named Sentry, will allow Magento retailers a solution for secured, two-factor authentication. Two-factor authentication offers enormously enhanced security for Magento eCommerce stores.

Passwords alone have never been a great way to handle secure authentication and in the modern computing era, they can be a liability. Magento has very good password security capabilities, but this only goes so far. Magento passwords are already properly hashed and salted, but even that level of security depends on administrators having the security awareness to choose strong passwords in the first place and not to share those passwords.

Read more

Posted in: Nexcess

Three Plugins That Improve The WordPress Writing Experience

April 20, 2015 0 Comments

WordPress WritingOnce upon a time, I used to refuse point blank to write using the WordPress editor. I’d been burnt too many times by refreshing tabs and unreliable sites causing me to lose a big chunk of text, and, as a professional writer, I simply couldn’t afford to take the risk. On top of which, TinyMCE has never been the most pleasant environment in which to write; I much preferred using a simple text editor.

But, over the last year or so, the WordPress writing interface has improved leaps and bounds. Autosave has taken care of the risk of losing work, and the incremental improvements made to the editor — particularly the fullscreen no-distraction mode — have made working in WordPress a pleasure.

Read more

Posted in: Nexcess

How Do SEO Poisoning Attacks Impact WordPress Users?

April 17, 2015 0 Comments

SEO Poisoning AttacksThere are many reasons a hacker might want to gain access to a WordPress site, but one that seems particularly topical at the moment is the SEO poisoning attack — a black hat SEO technique to improve the search ranking of sites associated with the attacker or to use a site’s existing search engine optimization to introduce false results into search engine result pages.

A number of high-profile SEO poisoning attacks have been discovered over the last few months, involving thousands of WordPress sites, so it’s a good time to familiarize yourself with what an SEO poisoning attack is, what it looks like to webmasters, and what you can do to reduce the risk.

Read more

Posted in: Nexcess

Monetizing A WordPress Site With Memberships

April 15, 2015 0 Comments

Monetizing WordPressThere are many different ways to make money from a successful publishing venture, but the two most popular are advertising and subscriptions. Of these, advertising is by far the most popular. Web users expect to get content for free, which makes it difficult for publishers and writers to convince them to pay. Advertising is a more straightforward monetization model: content brings in the users, and the user’s attention is sold to advertisers — it’s the model that Internet was built on. But there are plenty of bloggers and larger publishers making money from subscriptions and memberships.

At the larger end of the spectrum there are the Financial Times and the New York Times, both of which have successful subscription models with a paywall. The obvious example of a superstar blogger that monetizes with subscriptions is Andrew Sullivan at the Dish. And folks like Ben Thompson at Stratechery and Shawn Blanc manage to generate a revenue with subscriptions in spite of a significantly smaller readership.

Read more

Posted in: Nexcess

eCommerce Drop Shipping With Magento

April 13, 2015 0 Comments

Drop ShippingSetting up an eCommerce store often requires significant capital investment for stock and warehouse space. That poses a barrier to entry for many who would like to start a small eCommerce business. Drop shipping is an alternative to the traditional eCommerce process where retailers purchase their products from a wholesaler and then sell items from their stock to customers. Instead, drop shipping allows retailers to have products shipped directly from the wholesaler to the customer.

Read more

Posted in: Nexcess

White Labeling WordPress For Cohesive Branding And Improved User Experience

April 10, 2015 0 Comments

White Labeling WordPressMost WordPress users don’t care about WordPress. The name of the content management system, the majority of its functionality, its community, and the underlying framework don’t matter one whit to them. They care deeply about publishing content, about making sales, about generating leads — WordPress is just the tool they use achieve those goals. The details of WordPress matter about as much to them as the mechanism that makes their laptop’s keyboard work.

To most WordPress users, their site isn’t a WordPress site, it’s simply my site.

As our recent survey revealed, successful WordPress professionals understand that their clients don’t want to think much about WordPress; they want to run their businesses and write their blogs, which is why many of the best developers offer a site that hides most of the WordPress branding and some of its functionality.

Read more

Posted in: Nexcess

Four Powerful WordPress Theme Frameworks You Should Know About

April 9, 2015 0 Comments

WordPress Theme FrameworksIf you have some development experience and you want to create a unique WordPress site, a theme framework is often the best way to go. When you buy a theme from a theme marketplace or download one from a free theme repository, many design decisions are made for you. Frameworks offer more opportunity to make your own choices.

Most themes come with some degree of customizability, and some promise a great deal of flexibility (often at the cost of slowing down your WordPress site), and if you consider getting up and running quickly of more importance than rolling up your sleeves and digging into the PHP and CSS that constitute a WordPress theme, a traditional theme is probably the best choice. But if you’re willing to put some work in, theme frameworks are a great option.

Read more

Posted in: Nexcess