As part of their Make Waves series, iThemes will be conducting a free webinar with Dre Armeda of Sucuri.net to discuss how to lock down a WordPress installation. In this webinar, viewers will learn how to reduce their risk of being attacked by hackers and malware threats. The webinar takes placed on Wednesday, April 25th at 1 P.M. CDT. I’ve linked to Sucuri a number of times during the year because these guys know what they’re talking about when it comes to website security.
By Jeffro on April 18, 2012
By Jeffro on April 9, 2012
For the second time in two years, Dan Tynans website, eSarcasm.com has been hacked, this time with code that redirected referrals from Google, Yahoo and other search engines to Viagra ad sites. After conducting a thorough security review with Code Garage.com, an online security scanning website similar to Securi, they discovered that the point of entry was with the zero-day Timthumb vulnerability discovered back in August of 2011.
Last August, a zero-day vulnerability affected TimThumb that allowed hackers to execute their PHP code on any site that was running it. As it turns out, the WordPress theme we bought for the site employs pieces of TimThumb code — including the flaws that were exploited.
Now we have to wait for the spammy search results to evaporate from Google’s cache before everything returns to normal.
Be sure to read the tips that Dan and his security adviser provides on protecting your site. Despite the vulnerability being patched soon after its discovery, sites are still becoming compromised. Because of the long tail effect and so many websites using WordPress these days, who knows when this point of entry will stop being taken advantage of.
By Jeffro on March 15, 2012
It was’nt long ago when Posterous looked poised to take a big chunk of market share away from WordPress and other sites such as Tumblr. But alas, Posterous will become yet another internet memory as they’ve announced that the talent behind the service will now be apart of Twitter. While Posterous will remain online for the foreseeable future, users have already started flocking to different services such as WordPress.com, who have experienced a 250% increase in imports from Posterous accounts since the announcement.
By Jeffro on March 13, 2012
As I mentioned about a month ago, Jane Wells has been working on a new venture called Jitterbug which aims to be a bakery with a cafe feel complete with WiFi. To help fund this venture and to purchase some equipment, Jane put together a project on KickStarter.com to generate crowd sourced capital. The monetary goal was $15,000.00 and that was reached just 4 days prior to the project expiring. One particular backer was able to pledge $5,000.00 and will have a muffin named after him. The backer was Michael Torbert, the author behind the All In One SEO Plugin.
Congratulations goes out to Jane Wells for a successful kickstarter project. I myself chipped in a hundred bucks but the best thing about it all is that I now have a really good reason to visit Tybee Island, Georgia.
By Jeffro on March 9, 2012
Sucuri has published more information regarding the compromising of at least 30,000 domains. Based on their research, they are ruling out the possibility that the attacks are taking advantage of a new vulnerability within the core of WordPress.
The first question is how are these sites getting hacked? On all the cases we analyzed, they either had outdated versions of WordPress, or of a plugin. We can safely rule out any new vulnerability on WordPress itself.
To stay on top of the latest malware threats on the web, you should subscribe to their RSS feed. Perhaps the more people that realize this stuff is happening on a daily basis, the more it will persuade them to keep sites, plugins, and themes updated.
By Jeffro on March 7, 2012
Once again, I want to tell you to not blindly trust theme authors when they say their theme is SEO friendly. “SEO friendly” is just a label they put on their theme and since most of their customers don’t know what to look for to see if it’s actually true, yet know that it’s important, it helps “sell” themes.
Sounds like he’s describing me and I bet a lot of other people as well. Overall, good advice from Joost de Valk with a little bit of self promotion at the end.