Home » WordPress

Tag: WordPress

Don’t panic just update WordPress to Version 3.6.1

From the announcement post, this maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

  • Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE pending.
  • Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij. CVE pending.
  • Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE pending.

Additional security hardening:

  • Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

A full log of the changes made for 3.6.1 can be found at http://core.trac.wordpress.org/log/branches/3.6?stop_rev=24972&rev=25345.

http://codex.wordpress.org/Version_3.6.1

WordPress Maintenance Plan

The WordPress maintenance service bundles premium WordPress services into one affordable WordPress Maintenance Package.

Greenville web is offering the following WordPress Maintenance Plan

  • Malware Monitoring, we scan your site up to 4 times a day
  • Malware Cleanup & and website restoration
  • Daily Off-site Backups
  • Website restoration in case of data loss due to hack or server failure
  • Weekly plugin updates
  • WordPress security updates within 24 hours of release date
  • Major WordPress updates tested on a development server for compatibility*
  • Rollback of plugins or WordPress CMS software if an update breaks your theme
  • Discounted development fees

Consultation time, web development, hosting migration and content changes would be a separate service, quoted & billed for as needed.

*dependant on the level of support.

Sucuri comes free

Kudos for Greenville Web – the story of the $100 website

Hi Andrew,
Wow! I was impressed with the quality that you provided for such remarkable turn-around time, and the miniscule amount of time you needed to complete this project. In my failed attempt to produce my primitive version of this website, I read over 100 pages of instructions, completed tutorials on the internet, viewed “how-to-do-it” videos, skimmed two books, “published” (uploaded) each webpage countless times, and spent well over 40 hours failing to produce what you accomplished in minutes. Good for you (and of course, good for me to have found you)!

Steven Heller

overlook-wordpress-websiteSteven had called up the office because he was having a hard time building his website using Adobe Contribute. Greenville Web had an old article on building websites using Adobe Contribute and that’s how Steven found us.

After a quick consultation I could see that Contribute was not the right solution and about an hour after I had received the copy and images for Steven’s website I had him set up at WordPress.com with free hosting and a great looking website.

I don’t normally pat myself on the back but after reading what Steven wrote (above) I felt that I wanted to share it.

Give maybe a call at 864-735-8378 and maybe I can save you a lot of time and money too!

WordPress Security – The Weak link is YOU!

WordPress, as a Content Management System, is a secure platform. The Weak link is YOU!

Yup it’s your password the one that you use for every website from bank accounts to email. It could be your dog’s name, wife’s middle name and birthday, it’s something that no-one who didn’t know you would ever guess.

The problem is that Software can guess it

WPScan is a “WordPress Security Scanner” Sponsored by the RandomStorm Open Source Initiative *. WPScan like a scalpel is a great tool in the right hands, it’s just destructive when used by the malicious or the criminal.
WPScan is free and available to anyone with an internet connection.

Using WPScan a bad player can attack your login using the aptly named Brute Force Attack **.

A Brute Force Attack is when software like WPScan is used to figure out your website’s username, easy if it is admin, once it has that it will try every possible password until it succeeds.

If your password is letmein or jesus ***, God help you! You’ll be owned in a few hours.

This is where common sense can save you

  1. Don’t ever use a password like the two above! Shame on you!
  2. Don’t ever use admin as your username, if you do call me so I can come over and slap you. And YES you deserve it.
  3. Update WordPress when a patch is released.
    1. This is because any security fixes addressed by that patch are also common knowledge soon after the patch is pushed to you.
    2. The major feature updates are normally released as point upgrades. As in 3.4 to 3.5. These updates you can wait on if your worried about a Theme or Plugin breaking.
  4. Hire a professional to manage your site.
    1. If you make money off your website and it is a crucial part of your business treat it with the respect it deserves. You’re not a web developer you’re a Lawyer, an Innkeeper, a fill in the blank. And  your nephew with a computer is… well… you get it.
  5. Install the Limit Login Attempts **** plugin.
    1. This plugin will block software like WPScan from Brute Forcing your password. It works by blocking an IP address of a user after X amount of login attempts.
    2. You can set the length in hours of the block and the number of failed attempts before the block kicks in.
    3. If you forget your own password just remember to reset it before you get blocked.
* http://wpscan.org/ a black box WordPress vulnerability scanner.
** http://en.wikipedia.org/wiki/Password_cracking
*** #7 and # 21 on CBS list of most common passwords for 2012 http://www.cbsnews.com/8301-205_162-57539366/the-25-most-common-passwords-of-2012
**** Limit Login Attempts

Video introducing WordPress 3.3

This is the official, very quick, video introducing WordPress 3.3.

The video covers:

  • The new Welcome Screen
  • New Feature Pointers
  • Contextual Help
  • The new simplified media system featuring Drag and Drop uploads
  • The new admin menu system with fly outs eliminating that extra click
  • Admin header and the tool bar has merged into one
  • WordPress’s admin now supports iPad’s touch interface

 

WordPress 3.3 is available! Please Don’t update now.

WordPress 3.3 is available and trust me it’s incredibly cool.

Compatible
Compatibility Box

But don’t be tempted to update before you back up your current installation.

The not so quick and easy  method is to:

  1. Download all the files on your website
    • You’ll need to jump in to your ftp client to do this
  2. Download a copy of your DataBase
    1. Login into your website hosting account’s Control Panel
    2. Some hosts like Godaddy have a built in system to set up a database backup. BUT
    3. I recommend connecting to your database via phpMyAdmin and downloading a copy of your database to your desktop
      • If you don’t have or don’t know what phpMyAdmin is call your host and ask them how to use it
  3. Now please check that your plugins are compatible with the new wordpress 3.x install
    1. If all of your plugins are free go to http://wordpress.org/extend/plugins/ and search for your plugins by name
    2. Go to the plugin’s page and check in the right side column for a box called “Compatibility”
      • If it works for 3.3 your good to go
    3. For your premium plugins go to your plugin developers website to find out the status of your plugin
Once you have taken these three major steps feel free to press that Update Button and enjoy this great free software.
Code truly is Poetry – Thank you the WordPress Team and all the many contributors to this wonderful community!
You guys ROCK!