Nexcess Blog

ExpressionEngine vs. WordPress: Which Is Right For Your Site?

May 1, 2015 0 Comments

There is no shortage of powerful content management systems, many of which are capable of being used to build any type of site you can imagine. That does not, however, mean that every content management is the best fit for every site. I’d like to take a look at two content management systems in particular: ExpressionEngine and WordPress. Both are powerful and both have been used to build everything from blogs to the largest enterprise publishing operations, but each has particular strengths.

Read more

Posted in: Nexcess

Bring WordPress and Git Together With Revisr

April 29, 2015 0 Comments

RevisrOutside of the WordPress world, it’s common to use Git to manage a site’s version control. Of course, many theme and plugin developers use Git to manage their source files, but until fairly recently it’s been difficult to put a copy of a site — database and all — into a git repository.

If you’re familiar with Git, the advantages of version controlling a WordPress site will be obvious. If you’re not, let’s start with a brief explanation of what Git is and why it is so popular among developers. Git is a version control system. That means that when changes are made to a file, those changes are “committed” to a Git repository, which keeps a record of all the changes that have been made. One of the key benefits of version control is that it’s possible to roll back changes to a site to any of the existing commit points. If a developer makes a set of changes to a theme that are later revealed to break some of the theme’s functionality, they can simply roll back to a previous commit.

Read more

Posted in: Nexcess

Magento Shoplift Vulnerability – Download Patch Now

April 27, 2015 0 Comments

A patch has been released to fix a remote code execution vulnerability in both Magento Enterprise and Community Editions.

In February, Check Point researchers announced that they released details of the critical RCE (remote code execution) vulnerability in the Magento platform. Checkpoint originally found this exploit back in February and contacted Magento privately regarding the issue. Magento then released a patch (SUPEE-5344) and is available here. The vulnerability is being referred to as Magento Shoplift and could potentially allow an unauthenticated attacker to execute PHP code in an affected server.

Magento has been contacting its clients with details of this vulnerability to both Community and Enterprise versions. If you are running an un-patched vulnerable version of Magento, a message should also be displayed upon logging into your admin interface informing you that patching is needed. This security issue is specific to the Magento core and is unrelated to any specific plugins or themes that you may be running.

Read more

Posted in: Nexcess

Oasis Workflow Plugin Is A Powerful Editorial Workflow Manager For WordPress

April 24, 2015 0 Comments

Oasis Workflow PluginFor a small blog with only one writer, workflows are generally straightforward: write, proofread, publish. I often suggest that one-person blogs take advantage of an editorial calendar, but beyond that there isn’t much need for more advanced workflow management tools.

The situation is entirely different for blogs with multiple writers and editors dealing with a large volume of content. Workflows can quickly become complex as articles move their way through the editorial process: it’s not unusual for an article to be worked on by three or more people at different times, and with that many people involved, it’s all too easy for work to fall between the cracks and for deadlines to be missed. Multi-author and editor blogs need something with a bit more flexibility than a basic editorial calendar.

Read more

Posted in: Nexcess

Complying With EU Cookie Laws In Magento

April 22, 2015 0 Comments

EU Cookie LawsCookies are an essential part of the modern web. Without them we’d be unable to provide the interactive sites and web applications that modern users of the web have come to expect. The web was designed to be stateless — no information about a session was carried between page loads. Cookies are the thread that modern sites use to tie together sessions — they’re how we know who our users are and they’re how we combine a group of page loads into a coherent journey. They’re also how we track users across our sites and the wider web.

It’s the tracking aspect of cookies that has user privacy implications. There are a million reasons that site owners would want to track users, and most of them are benign, but the European Union feels that in the light of the potential for privacy violations, sites should be required to give specific permission for the use of cookies. The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, which was adopted into the laws of EU member countries made it compulsory to ask for permission when accessing information stored on user’s machines, which includes cookies.

Read more

Posted in: Nexcess

We’ve Brought Two-Factor Authentication To Magento!

April 21, 2015 0 Comments

Two-Factor AuthenticationWe’re happy to announce that we’ve brought two-factor authentication to Magento in partnership with Magento development agency Human Element. This new plugin, named Sentry, will allow Magento retailers a solution for secured, two-factor authentication. Two-factor authentication offers enormously enhanced security for Magento eCommerce stores.

Passwords alone have never been a great way to handle secure authentication and in the modern computing era, they can be a liability. Magento has very good password security capabilities, but this only goes so far. Magento passwords are already properly hashed and salted, but even that level of security depends on administrators having the security awareness to choose strong passwords in the first place and not to share those passwords.

Read more

Posted in: Nexcess

Three Plugins That Improve The WordPress Writing Experience

April 20, 2015 0 Comments

WordPress WritingOnce upon a time, I used to refuse point blank to write using the WordPress editor. I’d been burnt too many times by refreshing tabs and unreliable sites causing me to lose a big chunk of text, and, as a professional writer, I simply couldn’t afford to take the risk. On top of which, TinyMCE has never been the most pleasant environment in which to write; I much preferred using a simple text editor.

But, over the last year or so, the WordPress writing interface has improved leaps and bounds. Autosave has taken care of the risk of losing work, and the incremental improvements made to the editor — particularly the fullscreen no-distraction mode — have made working in WordPress a pleasure.

Read more

Posted in: Nexcess

How Do SEO Poisoning Attacks Impact WordPress Users?

April 17, 2015 0 Comments

SEO Poisoning AttacksThere are many reasons a hacker might want to gain access to a WordPress site, but one that seems particularly topical at the moment is the SEO poisoning attack — a black hat SEO technique to improve the search ranking of sites associated with the attacker or to use a site’s existing search engine optimization to introduce false results into search engine result pages.

A number of high-profile SEO poisoning attacks have been discovered over the last few months, involving thousands of WordPress sites, so it’s a good time to familiarize yourself with what an SEO poisoning attack is, what it looks like to webmasters, and what you can do to reduce the risk.

Read more

Posted in: Nexcess

Monetizing A WordPress Site With Memberships

April 15, 2015 0 Comments

Monetizing WordPressThere are many different ways to make money from a successful publishing venture, but the two most popular are advertising and subscriptions. Of these, advertising is by far the most popular. Web users expect to get content for free, which makes it difficult for publishers and writers to convince them to pay. Advertising is a more straightforward monetization model: content brings in the users, and the user’s attention is sold to advertisers — it’s the model that Internet was built on. But there are plenty of bloggers and larger publishers making money from subscriptions and memberships.

At the larger end of the spectrum there are the Financial Times and the New York Times, both of which have successful subscription models with a paywall. The obvious example of a superstar blogger that monetizes with subscriptions is Andrew Sullivan at the Dish. And folks like Ben Thompson at Stratechery and Shawn Blanc manage to generate a revenue with subscriptions in spite of a significantly smaller readership.

Read more

Posted in: Nexcess

eCommerce Drop Shipping With Magento

April 13, 2015 0 Comments

Drop ShippingSetting up an eCommerce store often requires significant capital investment for stock and warehouse space. That poses a barrier to entry for many who would like to start a small eCommerce business. Drop shipping is an alternative to the traditional eCommerce process where retailers purchase their products from a wholesaler and then sell items from their stock to customers. Instead, drop shipping allows retailers to have products shipped directly from the wholesaler to the customer.

Read more

Posted in: Nexcess