News

Like a good clown fish tending his anemone, we work tirelessly to keep our customers websites up to date and our systems running smoothly. But as everyone knows, bad things happen in the big ocean. Why? Let's talk about the mystery case of the re-written posts... Last month one of our customers had two posts defaced with a harmless message from the "White Hat Hacker" saying the site was insecure. Clearly done for sport, the White Hat Hacker thought this was funny, but we took it seriously. Within seconds the old posts were restored using WordPress's built-in revisions capability, then we ran full source-code repository scans using WordFence, which we discussed last month. Turns out, even though all code was up to date, a vulnerability had been introduced, and a second update resolved it. But still, our customer was one of 1.5 million sites hacked as part of this exploit. Hackers attack websites for sport and profit. A frequent strategy used by hackers that have cracked a site is to create an invisible window to the far left or right of the viewable screen with ads, and because those ads are displayed, they get a small piece of revenue. Cool, eh? No harm, no foul, except when Google comes along and scans your site, they notice this, and your site is designated a hacked site in their search engine. This process takes several weeks, and it may take several more weeks before a friendly person gives you a heads up. At which point, you freak out. BUT! If you have 90 day backups, just keep winding back in time till you find the unhacked code. This is something we pay a lot of [...]

Just as the Romans built Hadrian's Wall to keep out the marauding hordes, there are simple defenses you can put in place at no cost to protect your website and your business. The two recommendations below are essential for eCommerce sites, but may also be used for any WordPress website. A customer’s eCommerce site came under attack. It was a little unusual, because first, it was a live person that attempted an invalid transaction, and then they launched a BOT (script) that made another thousand attempts. Of course, the attempts failed, and our customer was charged a small transaction fee that was waived by the credit card gateway, but it forced us to study how we could stop or slow this type of attack. Our customer runs a boutique eCommerce site that uses WooCommerce for the shopping cart and Authorize.net as their credit card gateway. To connect the two they use Woo’s Authorize.net DPM Connector, which allows the transaction to be framed into their site, much like a Google map can be displayed in your website. First, a CAPTCHA is a test that makes sure that a real person, not a script or a bot, is submitting information to your website. To be more customer friendly we had not set up a CAPTCHA, but after the attack we decided it was necessary. Second, it's good to have a firewall running in your site that can monitor (and stop) attacks, and also allow you to individually block an IP address that is attacking. When we see highly scripted programs try to take down a customer, these types of attacks frequently come from a single IP. The easy ability to watch real-time attacks from [...]