You may or may not be aware, that if you own the worlds BEST wordpress plugin DIVI, that you ALSO get ALL the other Elegant Themes products included with the original cost of your license…in other words, NO ADDITIONAL CHARGE. Divi in itself, is completely worth the purchase price of the theme simply by itself, it does hundreds of times more than any other theme on the market, all without needing to know any coding at all to design your website. It will literally do anything you want it to.But to get all these other products included with it, just puts the icing on the cake. How can you NOT be working with this awesome website tool?
But now, in addition, you can also this amazing new plugin that allows you to customize the mobile menu…a new feature. (There are other amazing plugins as well, social network sharing, email account contact management connecting, and others) To check out the new plugin, go here: DIVI MOBILE PLUGIN
To check out DIVI, if you don’t know what it is yet perhaps…you should go here and play with the demo…it’s awesome! Check the links below…
DIVI INFORMATION PAGE
DIVI DEMO TO PLAY WITH
880 PREMADE LAYOUTS TO MAKE IT EVEN EASIER!
yes, Hacking is at an all time high right now, so it’s not a time to be slack on security at all…and being as Zoom is so popular right now, there are really good quality Zoom phishing attempt to get into your system and they are working.
How it works is you get a phishing email saying you ‘missed a scheduled Zoom meeting” that will contain a link that promises a video of the meeting and recording. If you click the link it will take you to a malicious website that dupes a Microsoft Login page, and if you login, guess what, they now have your Microsoft credentials which they can now use to log in to your computer. It is very effective. If you want to read more on how the attack works, read about it in more detail here: Phishing Campaign
The attack is successful because it will appear to have your legitimate information…it will have your real name in the email. These are TARGETED attacks usually for certain company employees.
Here is another article on ZOOMBOMBING which is an entirely different Zoom hack…read about that one also.
If you do get hacked, you can get a hold of us, and we can clean up your system pretty thoroughly. I’ve done 3 people in the last week, so don’t feel like you are the only one. These guys are sitting around in lockdown/quarantine with nothing better to do than improve their hacking skills, and wreak havoc. Don’t give them an open door, lock it down folks. 🙂
I just got a notice that the plugin
GDPR Cookie Consent
has a XSS vulnerability in it. Just released today:
This entry was posted in Vulnerabilities, WordPress Security on February 11, 2020 by Matt Barry 0 Replies
Improper Access Controls
GDPR Cookie Consent
If you are using this plugin, you will want to upgrade to version 1.8.3 immediately. If you want the details of the vulnerability and how it works, you can read the rest of the long post here:
or search it out on the WordFence blog.
Thanks for visiting. Share this information with your developer friends! 🙂
Do you have security on your email account? How much…a good password maybe? It’s not enough. And here is why…
Your email account gives access to ANY other account you may hold. If someone can access your email account, they can ‘verify’ and get into ANY of your online accounts. Maybe you think people don’t try? Well that would be a very bad mistake. Here is my account that someone has been trying to get in to unsuccessfully for 24 hours now. It’s been unsuccessful because #1 I have 2-step verification on my microsoft account. And #2, because I have 2-step verification on, you need another ‘special’ password to set up email, because the regular password won’t work in an email setup if you have 2-step security turned on.
If you look at the image, you will see the protocol they were trying to access was/is IMAP …which is email. When the request hit my phone today, I changed the password to make it even more difficult, now they have to start over if they want to continue…but somehow they got my email password, or I would have never got a request on my phone. So that should be proof to you that passwords alone are not enough.
There are certain accounts that need to be protected harder than other accounts…these are banking, hosting, and email accounts. Don’t take chances with them. You may never need it for 5 years…but if you have it in place and use it regularly…the 1 time you do need it, it will protect you.
Call Everything I.T. if you need help with security. We can help you.
Another WordPress CORE update came out yesterday, PASS IT ON! haha…
Seriously, they do come out regularly. Do you have yours set to “automatically” update. I don’t. It’s probably more work the way I do it, because I do full file and database backup before updating the core files, …and while I have never needed that backup yet, it’s just my luck that the second I stop backing up first, an update will surely bring down my site and I won’t have the means to restore it, so my “automatic” feature, is turned off. How about you? Do you do your own? Do you have someone else do them? Do you ignore them altogether? (We do have an annual service that is very reasonable if you want them done “for” you…with backups first. Just get a hold of me on the contact page, or chat, or voicemail, or however you like really.
Anyway, back to the update. This update fixes 28 bugs, and some major security updates.
WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:
- Don’t treat
localhost as same host by default.
- Use safe redirects when redirecting the login page if SSL is forced.
- Make sure the version string is correctly escaped for use in generator tags.
Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:
- The previous styles on caption shortcodes have been restored.
- Cropping on touch screen devices is now supported.
- A variety of strings such as error messages have been updated for better clarity.
- The position of an attachment placeholder during uploads has been fixed.
- Improved compatibility with PHP 7.2. (Aaron D. Campbell, 4-3-2018, “WordPress 4.9.5 Security and Maintenance Release” )
If you want to read the full Release Notes, you can read those here: https://make.wordpress.org/core/2018/04/03/wordpress-4-9-5/
If you subscribe to my blog, or my facebook page, I do try to put out a notice for all “important” WordPress updates and/or changes, so follow if it makes life easier for you. 🙂