WordPress 4.9 Released

WORDPRESS VERSION 4.9 UPDATE RELEASED

Be sure to update your WordPress sites and keep them secure. (and get all the wonderful additional features they add in major version releases). Today version 4.9, nick-named “Tipton” was released. It has a lot of new features, new widgets, a lot of customizer improvements, coding enhancements, and much more, GO READ ABOUT IT if you are interested. It is sitting there on your dashboard, waiting for you to run the update, so take the 5 minutes and go do it. Don’t forget to backup both the files and the database first, so if something on your site for some reason is not compatible, you can restore it to the prior configuration.

GET HELP

If you need any help, Everything I.T. has wonderfully affordable WordPress annual maintenance packages that cover updating and backups, and in some cases restoration from a successful hack. (If someone hacks your site, we’ll put it back for you, a feature of the advanced maintenance package) We can also install SSL on your site for around $75, and we also have a full security configuration as well that covers putting a firewall, setting blocking of known blacklists, and about 30 other deterrent features that are wonderful, and entirely worth the price. CALL TODAY!

WordPress Plugin Removed From Repository for Crypto Mining Script

So I haven’t posted in a while. And I’m not sure how this type of formatted post will display on Facebook, so it’s kind of test.

Anyway, today I found some information that is kind of different, and I think you will find it very interesting. Today, WordFence (a security plugin authoring company) blogger wrote about a plugin that was taken down from the WordPress repository. It was a plugin called “Animated Weather Widget by weatherfor.us ” and what it did on the website frontend where it was installed, I don’t really know. But it’s what it did in the background/backend that is very interesting. Apparently this plugin ran a script that installed an iframe script that basically turned the whole PC into a crypto currency mining computer, using ALL the resources of any client computer that visited a website that had the plugin installed. Now you should understand that the website owners themselves had no knowledge of this, so you can’t really fault them. Eventually they will discover (hopefully) that the plugin no longer exists (or hopefully they will test their own site) and will remove it from their site, but if you ever go a website, and your computer fan starts running like crazy, then you are going to want to leave that website immediately.

If you want to go read the whole amazing story, you can go here and read it on the WordFence website, but I downloaded the amazing story on video for you : WordPress Plugin Banned for Crypto Mining

Everything I.T. is concerned about your safety on the internet, and we post discoveries like this often on our blog. Please register, please comment, and/or please share.

 

Black Monday for Wifi

Today is BLACK MONDAY: WiFi is No Longer Secure”

Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability has also emerged today. This is a bad day for security. 

There is a lot of very technical information, which most of you won’t understand, but if you techies want to read the full article, WordFence wrote it much better than I ever could. You can catch that post here: WORDFENCE WPA2 ENCRYPTION CRACKED!  

Just to show you how quickly a hacker can now get onto a wifi network, and get passwords, and much, much more, I’ll add the Video here so you don’t have to click to watch the video. 

 I will follow up this post, as soon as I learn how to secure wifi again. As it is, everyone is using WPA2, it was supposed to be the unbreakable security method. But I’m sure they will tell us quickly how to block these kind of attacks, and I will pass it on to you as soon as I find out myself. (because information should be shared) 

WordPress Update

WordPress 4.8.2 is released. Time to update core files again. Keep them current, and stay secure out there!

If you would like to know what the changes are (and they are always good…WordPress is one program that doesn’t send out updates unless they actually accomplish something, and it’s typically quite a bit!) …you can read about them here: [su_permalink target=”blank”]https://codex.wordpress.org/Version_4.8.2[/su_permalink]  Just for a highlight, I will say that on the SECURITY side, there are 5, (not 1, but FIVE) cross-site scripting (XSS) vulnerabilities plugged in this update. So for security reasons alone, you should update. Not to mention that there are typically great functionality upgrades as well. Don’t forget to backup first, before doing any CORE updates (and themes also usually) …the FILES AND THE DATABASE! …just in case something doesn’t work right with your server. The one time you don’t do a backup, you will probably  need it, because that’s just how life works. 🙂

Sign up for email updates and get valuable posts in your inbox if you like. It’s not like we write 10 a day…sometimes not even 1 a week, but we do try to post the important stuff.

Free Programming Tutorials!!

October Deadline: Non-SSL sites will be flagged INSECURE

HTTPS-Secure[edsanimate_start entry_animation_type= “rollIn” entry_delay= “0.5” entry_duration= “1.5” entry_timing= “ease” exit_animation_type= “” exit_delay= “” exit_duration= “” exit_timing= “” animation_repeat= “1” keep= “yes” animate_on= “load” scroll_offset= “” custom_css_class= “”][edsanimate_end]You probably heard about this, but probably thought what happened was already done and over with. It’s not. There is an October deadline when all Google (I.E. CHROME) browsers will flag all non-SSL sites as insecure. In order to not be flagged you will need to have a certificate installed, activated, and configured so your site redirects to a HTTPS:// URL prefix instead of HTTP. If you want to read an article about it, here’s one (you can Google it and find more I’m sure) google-reminds-website-owners-to-move-to-https-before-october . It is supposed to only flag websites that have password or credit card form fields on the site.

But, it is also important to recognize that even if you don’t have password or credit card form data fields on your website, it is still beneficial to install SSL on your site for the SEO benefit alone. If Google is penalizing the page rank for non-encrypted sites, and they are, you really can not afford to not install it, can you? Do you want to be on page 4 or 5 when people search for your type of business on Google? Because if you don’t put SSL, your website will go to the end of the list. Sorry. Don’t shoot the messenger.

There are many different types of SSL certificates out there that you can get for a whole range of prices, ranging from $10 to $500, depending on your need. The ones that come from your host tend to cost more. If you just want a cheap one, you can get one here: https://www.ssls.com/ . The $4.99/yr one is only if you purchase that cert for 3 years, for around $15 total. If you just get it for one year, it’s $8.95 I think.

Everything I.T. will install one for $75.