WordPress News

sitelock reviews

How a Self-Published Author Turned to SiteLock to Save His Website [Case Study]

By Stacey Todd

Overview

Bill Kasal is a retired award-winning TV, video and radio producer. With over 25 years of experience, he has held many impressive roles including; Program Director and co-host for the Coachella Valley’s highest rated morning radio show, Executive Marketing Director for another, and Executive Producer for a seven-part PBS Series. After winning countless awards for television programs for nonprofit organizations, Kasal has turned his focus to writing books.

Kasal is the author of seven self-published books on Amazon. His writings cover a wide range of topics, including observations on daily life, family, recipes, humor, and his experiences as a reserve police officer. To share his stories and promote his books, Kasal relies heavily on his WordPress blog, billkasal.com.

Kasal started his blog in 2010, and not only uses it as an outlet for his writing, but also as a way for his site visitors to find his Amazon Author Page. “My blog has an active following, and my visitors reference it regularly to stay updated on my upcoming book launches,” Kasal says.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  SiteLock Reviews
the best part of a wordcamp

This is the Best Part of a WordCamp

By Adam Warner

When I attended my first WordCamp in 2011, I instantly fell in love with these events. Over the past year and a half, I’ve been fortunate to attend 29 different WordCamps around the world, and have learned so much from each and every one. In this time, I’ve realized what the absolute best part about any WordCamp is, and it’s my pleasure to share that with you.

Although there is a “best thing” about WordCamps (in my opinion), there are so many great things that should also be included here.

An Inexpensive Opportunity to Learn

the best part of a wordcamp

WordCamps are volunteer led and locally organized events. Each one is created by the community, for the community. The WordPress community is like no other I’ve been involved with. It’s open and collaborative with the goal to openly share knowledge in order to elevate attendee skills and understanding of the web publishing space.

WordCamps are in part funded by sponsors. There are global sponsors (SiteLock included), and many sponsors who are local to the event location. It’s an opportunity for companies and individuals to get their brand in front of attendees, but more than that, it’s a great way to give back to the WordPress project in a meaningful way.

Because sponsors donate their time and money, that means WordCamps can keep ticket costs low, usually in the $35 to $40 range. The affordable price tag makes these events accessible to more people than a traditional trade show or event where admission can cost hundreds and even thousands of dollars.

Shared Knowledge, Experience and Partnerships

the best part of a wordcamp

If you went to a trade show that included mostly local businesses, many with competing products and services, would you expect that they would share their best advice for acquiring and managing their customers? Probably not. But this is exactly what happens at a WordCamp.

I’ve seen premium plugin business owners discussing their revenue details. I’ve seen hosting companies commiserating on technical challenges and how they have approached a solution. I’ve seen two real estate website development agencies sharing how they acquire customers.

Similar to the mission of WordPress, Democratizing Publishing, the official WordCamp mission statement might as well be Elevating Each Other. Of course, it’s not all altruistic either. There are business partnership opportunities to be explored and agreed upon during WordCamps too, and this happens regularly. Whether it’s between two developers who team up to start an agency, or between larger companies finding a mutually beneficial subject to offer together.

The Session Topics

the best part of a wordcamp

And now we’re getting closer to the meaning behind the title of this post. Every WordCamp session I’ve attended has been something useful, relevant and actionable. No matter whether you’re a blogger, designer, developer, business owner or a combination of these, there is always useful insight being shared by speakers that attendees can take away and implement for their own WordPress journeys.

Not only are the scheduled sessions always packed with useful information, but so are the conversations you have with others in the Hallway Track. If you’re not familiar, the Hallway Track is a term used to describe the conversations and knowledge sharing that occur during and after WordCamp sessions. All of this leads me to the best part of a WordCamp…

The People

the best part of a wordcamp

The individual people that plan, organize, sponsor, and attend are the best part of any WordCamp. For the most part, there is a similarity between people who are involved in WordPress, and especially so with people who get involved with WordCamps. The common denominator is that they are all genuinely nice people.

I have no scientific data to prove this niceness, of course, it’s my own generalization. Even more than this, people at WordCamps are eager to learn and are even more eager to connect deeply with others who share the same passion for building the web that creates real and lasting relationships.

Follow the District for more information about and recaps of WordCamp events from around the world.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  WordCamp
Password Zero Day Vulnerability

Zero Day Vulnerability in WordPress Password Reset

By Wyatt Morgan

This week an unpatched vulnerability in WordPress was disclosed by security researcher Dawid Golunski that could potentially allow an attacker to reset admin passwords. This vulnerability impacts most versions of WordPress, including the current release 4.7.4.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  WordPress security
sitelock dashboard

How to Keep Your SiteLock Dashboard Green

By Logan Kipp

The SiteLock Dashboard is designed to deliver a concise report of your website security status at-a-glance. We’ve incorporated a color-coded light system that is so easy to understand; your eyes won’t need more than two tenths of a second to discern the color of your SiteLock status light. If you’re not familiar with the definitions of the three traffic light settings, I sometimes like to explain these using what I call the beach martini rule. I tend to picture our customers relaxing on the beach, unwinding and sipping a martini because they know SiteLock has their back. At about the point where it’s a good time to reapply your sunscreen, you also take a quick glance at your site status before sinking back into your lounge chair.

SiteLock Dashboard Green LightGreen – The coast is clear, no action is required at this time. Re-apply your sunscreen and order yourself another martini.

SiteLock Dashboard Yellow LightYellow – Action is required to resolve a non-critical item. When you’re done soaking up the rays for the day, go ahead and take a look at what needs your attention.

SiteLock Dashboard Red LightRed – Action is required on a critical item. Let’s go ahead and set that martini down and take a look at what’s going on.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  WordPress security
threat intercept

Threat Intercept: Passwords Publicly Exposed by Malware

By Ramuel Gall
This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

High Threat
WordPress website security threat level
Learn More

Category: Shell / Information Disclosure

Trend Identified: 4/20/2017

CVE ID: N/A

Trend Name: Trend Tusayan

Vector: Application Vulnerability, Multiple

The threat rating was determined using the following metrics:

Complexity:

LOW: The vectors used to infect websites appear to be well-documented vulnerabilities in older versions of website platforms.

Confidentiality Impact:

HIGH: This infection provides complete control of the target website, including credential disclosure and database contents.

Integrity Impact:

HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.

The SiteLock team has discovered a dangerous malware trend that not only provides website administrator level access to the bad actors involved, but exposes sensitive website credentials publicly over the internet.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  WordPress security
ask a security professional

Ask a Security Pro: What Is Encryption?

By Logan Kipp

Over the last year I’ve led a multitude of security workshops aimed to educate entry-level WordPress users about website security. Some of the questions I regularly field in these workshops are related to the mechanics of SSL certificates, and their role in protecting website data from prying eyes. As you may know, the installation of an SSL certificate on a web server allows the server to accept traffic on the hypertext transfer protocol (secure), or simply ‘HTTPS,’ the primary form of encrypted data transfer between websites and visitors. I’d like to share the answers to some of the most frequently asked questions I’ve had on the subject.

HTTPS and SSL Certificates

SSL is the Armored Truck

The first thing I’d like to clarify on the subject of HTTPS and SSL certificates specifically is that the use of SSL certificates and HTTPS do not in any way, shape, or form protect the data on your website itself. HTTPS encrypts data in transit only. Neither does it protect data resting on visitors’ computers. You should consider HTTPS the armored truck of websites, not the bank vault. It acts as the protection against adversaries while data travels from point ‘A’ to point ‘B’.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  Ask a Security Pro
pressnomics 2017

PressNomics 2017 – Remaining Steadfast

By Adam Warner

Last week the SiteLock team gathered at the Tempe Mission Palms to attend and sponsor PressNomics. If you’re not familiar, PressNomics is a conference focused squarely on entrepreneurs and influencers who are committed to the WordPress community.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  Community, WordCamp
obfuscated code

WordPress Auto Login and Obfuscated Code

By Michael Veenstra

Malware comes in a great deal of unique shapes and sizes.  Most people know someone who has had the misfortune of an infected computer at some point. Ransomware, trojans, and viruses that affect consumers’ physical devices are generally built with compiled code, which means you can’t easily “take a look under the hood” to get a solid idea of how it works.

The types of malware we work with at SiteLock behave a little differently, however. The web-ready files we encounter most frequently are written in Interpreted Languages like PHP and JavaScript. This means that the files involved contain plain, human-readable code, allowing anyone who understands the language to see what the files do.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  WordPress security
wordcamp san diego

WordCamp San Diego – Kind of a Big Deal

By Adam Warner

This past weekend we found ourselves at WordCamp San Diego… and it was classy. This came as no surprise as the WordCamp theme was “Stay Classy,” a line taken from the comedy gem Anchorman set in the same city. SiteLock was a Gold sponsor (classy!) and along with our seasoned WordCamp goer Adam Warner, our own Web Security Consultant Managers, JC Bustillos and Evan Richardson, also attended the event.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  WordCamp
threat intercept

Fake WordPress SEO Plugin Provides Backdoor Access

By Jessica Ortega

We recently discussed a particularly sneaky piece of malware that’s been disguising itself as fake plugin and targeting Joomla! users. While this phenomenon is not unique to the Joomla! content management system, SiteLock has discovered a recent trending fake plugin for WordPress, one of the world’s largest open source applications.

Tags:   WordPress blog, WordPress security blog, WordCamps, WordPress news, WordPress hacks
Categories:  SiteLock News, WordPress security