Devin Maeztri, a campaigner from Indonesia talks about the difference WordPress makes in her life and her work.
Archive for security
Join Our cPanel SEO Beta Testing Program
Are you an SEM enthusiast? If you enjoy trying and testing new and exciting tech, join our cPanel SEO Beta Testing Program and help improve our tools, service, and solutions. We ask that you don’t publicize or share the features you’re testing until they’re officially launched. (Including comments on social) By beta testing, you’ll become an important part of our product development. Your participation and feedback will help us release a better version of our tool as …
The post Join Our cPanel SEO Beta Testing Program first appeared on cPanel Blog.
WP Briefing: Episode 21: All Things Block Themes!
In episode 21 of the WordPress Briefing, Executive Director, Josepha Haden Chomphosy, talks all things block themes with developers and theme specialists Maggie Cabrera and Jeff Ong. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless […]
The other victims of FluBot: How cybercriminals exploit WordPress to distribute malware
Netcraft has to date identified nearly 10,000 websites used in the distribution of the FluBot family of Android malware. As detailed in our previous articles on FluBot, these sites are unwittingly hosting a PHP script that acts as a proxy to a further backend server, allowing otherwise legitimate sites to deliver Android malware to victims. When visited by the intended victim, a “lure” is displayed that implores them to download and install the FluBot malware.
The most common lure themes are parcel delivery and voicemail messages, where the user is told to install the malicious app to track a parcel or listen to a voicemail message. One particularly interesting lure took advantage of FluBot’s infamy, by offering a fake “Android security update” that claimed to protect against the malware family. Users installing this “security update” would instead be infected with FluBot.
Most sites distributing FluBot malware also host legitimate content, suggesting they were compromised by the operators of this malware distribution network, without the knowledge of the site operator. While the use of unrelated domains makes the lures less convincing, as compared to domains specifically registered for fraud, it allows the malware distribution network to operate at a much larger scale.
These affected sites all have one factor in common: they run self-hosted WordPress instances. Netcraft believes the operators of this malware distribution network are actively exploiting well-known vulnerabilities in WordPress plugins and themes to upload malicious content onto insecure sites, joining a growing list of threat actors doing the same.
Watch State of the Word at a Watch Party with your WordPress Friends
State of the Word 2021 is just around the corner! Although attending State of the Word in person would be ideal, not all WordPress community members get to enjoy the experience of attending the speech live with friends. This year, as State of the Word is streamed live for the second time, we want to […]
Take Our Survey For A Chance To Win $100!
As we near the end of 2021, we’re looking forward and feeling excited about all the changes and improvements we’re making, much of which is a direct result of feedback we’ve received from our customers. We’ve reached out via multiple channels throughout this year to get as much feedback from you as we can… some of which has even already been implemented into our products! We wanted to take one last opportunity to hear from …
The post
Chance To Win $100!
WordPress 5.9 is expected to be a ground-breaking release. It will introduce the next generation of themes with Twenty Twenty-Two joining the fun and over 30 theme blocks to build all parts of your site. In anticipation of the January 25th release, we hope you enjoy this sneak peek of 5.9. New design tools will […]
Join us for State of the Word 2021, in person or online!
As previously announced, State of the Word will be livestreamed from New York City. That means that you can join the fun either online or in person, on December 14, 2021, between 5 and 7 pm EST! To join State of the Word 2021 online, check your Meetup chapter for a local watch party, or […]
WP Briefing: Episode 20: WordPress=Blogging+
In this episode, WordPress’s Executive Director, Josepha Haden Chomphosy, answers two recently asked questions. Tune in to hear what those questions were and her response, in addition to this week’s small list of big things. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits […]
Howdy, World! Mark your calendars; it’s almost time for State of the Word 2021! State of the Word is the annual keynote address delivered by the WordPress project’s co-founder, Matt Mullenweg. Every year, the event allows us to reflect on the project’s progress and the future of open source. This year will include that and […]
Take the 2021 WordPress Annual Survey (and view the 2020 results)!
Each year, members of the WordPress community (users, site builders, extenders, and contributors) provide their valuable feedback through an annual survey. Key takeaways and trends that emerge from this survey often find their way into the annual State of the Word address, are shared in the public project blogs, and can influence the direction and […]
WordPress 5.8.2 Security and Maintenance Release
WordPress 5.8.2 is now available! This security and maintenance release features 2 bug fixes in addition to 1 security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.2 have also been updated. WordPress 5.8.2 is a small focus security and maintenance release. The next […]
How To Increase the PHP Max Upload Size in cPanel®?
PHP protects server performance by limiting file upload sizes, but the default limit is too low for many modern web applications. You’re likely to encounter this issue when a PHP application displays an error message asking you to increase the PHP max upload file size. There are various ways to increase the upload limit, including editing PHP configuration files directly. In this article, we’ll show you how to adjust PHP upload limits in cPanel & …
The post How To Increase the PHP Max Upload Size in cPanel®? first appeared on cPanel Blog.
Eswatini Government’s gov.sz website is running a cryptojacker
The Government of Eswatini’s website, www.gov.sz
, is running a
cryptojacker. Cryptojackers
use website visitors’ CPU power to mine cryptocurrency, most often without their knowledge or permission.
Data from archive.org suggests the JavaScript snippet was added to the site’s HTML source between
28th September and
6th October.
WebMinePool cryptojacker injection on www.gov[.]sz
.
While sites that are kept open for long periods of time are often the most lucrative – the longer
the victim’s browser tab is open, the more cryptocurrency can be mined — criminals are typically
not fussy when deploying cryptojackers. Criminals can target large swathes of sites at once, including
those using vulnerable or out-of-date software, compromised third-party JavaScript, or with easily guessable
administrator credentials.
When you’re building a database for a web application, one of the most impactful decisions is the data type you choose for text data fields. MySQL provides multiple string data types, each with unique characteristics and trade-offs. The data type you choose affects how much data you can store, where it’s stored, the functionality available to you, and the performance of everyday database operations. In this article, we’ll look at one frequently asked question concerning …
The post VARCHAR vs. TEXT for MySQL Databases first appeared on cPanel Blog.
What Are the Best Shopify® Alternatives in 2021?
U.S. ecommerce sales rose by over 44% last year, the most significant single-year increase since ecommerce became a serious player in the retail space at the beginning of the century. As COVID-19 closed brick-and-mortar stores and kept customers at home, shopping moved online and retailers rapidly expanded ecommerce operations. Shopify, the cloud ecommerce platform, is one of the biggest beneficiaries. Shopify aims to lower ecommerce’s technical barriers and simplify store management. That …
The post What Are the Best Shopify® Alternatives in 2021? first appeared on cPanel Blog.
With the introduction of the Jupiter theme in version 98, you may have wondered about the fate of Paper Lantern. Today we officially announce Paper Lantern’s deprecation and its eventual removal from the product. What does this mean for you? If you are already using Jupiter, relax; you are good for all future updates. If you are using Paper Lantern, why not give Jupiter a try? You can continue using Paper Lantern for the short term, but eventually, we will stop supporting this theme. How much …
The post A Farewell To Paper Lantern first appeared on cPanel Blog.
How To Use Cookie-Free Domains for Faster Website Performance
Cookies are how websites remember. Without them, they forget you as soon as a page finishes loading. This ability to remember allows you to log in to a content management system or put products in an ecommerce shopping cart. It’s what allows a dynamic CMS like WordPress to personalize web pages. But sites don’t need to include a cookie with every file they serve, and needless cookies increase latency and generate unnecessary network traffic. Cookie-free …
The post How To Use Cookie-Free Domains for Faster Website Performance first appeared on cPanel Blog.
How to Change the Main Shared IP Address on cPanel®
cPanel & WHM’s main shared IP address is used by new shared hosting accounts created on a server. This allows web hosts to create new accounts easily and automates the otherwise complex and time-consuming domain and web server configuration process. But what if you want to change the main shared IP address on your cPanel server? In this article, we outline a three-step process for changing a server’s shared IP address. Changing the main shared …
The post How to Change the Main Shared IP Address on cPanel® first appeared on cPanel Blog.
How to Configure and Manage Let’s Encrypt in cPanel
It’s super easy to install and manage SSL certificates in cPanel & WHM. Certificate requests and installations happen automatically with AutoSSL and an integration such as the cPanel Let’s Encrypt™ plugin. SSL automation saves web hosting providers time and eliminates the deluge of support requests that traditionally accompany SSL certificate issues. AutoSSL includes a default certificate provider, which we chose for its reliability, usability, and generous domain and rate limits. However, we also made it …
The post How to Configure and Manage Let’s Encrypt in cPanel first appeared on cPanel Blog.
How to Back Up and Restore MySQL® Databases in cPanel
Data that exist in one place barely exists at all. It’s a hardware failure or mistyped command away from disappearing completely. That’s a scary thought, considering business’ most valuable assets include data. Imagine recreating everything in your database from scratch! Regular database backups are essential because that’s where your most important data are stored, whether it’s customer details, email addresses, product catalogs, content, or the hundreds of other types of information businesses need to function. …
The post How to Back Up and Restore MySQL® Databases in cPanel first appeared on cPanel Blog.
Setting Up and Troubleshooting SMTP in cPanel
When you host your email on your domain with an SMTP server, you are in control. You can choose an email address to suit your business or personal brand. All the data is stored privately on a server or hosting account only you can access. If you want to move to a different hosting provider, there’s nothing to stop you because you aren’t locked-in to a hosted service. So why don’t more people host their …
The post Setting Up and Troubleshooting SMTP in cPanel first appeared on cPanel Blog.
Using CalDAV Calendars and CardDAV Contacts in cPanel
In our increasingly busy world, we’d be lost without email, calendar, and contacts apps to communicate, collaborate, and manage our time. Unfortunately, getting all these apps to work with each other can be a frustrating challenge. There are so many incompatible platforms that we often struggle to make our calendar and contact hosting services talk to our preferred devices and applications. That’s why, in addition to web and email hosting features, cPanel & WHM includes …
The post Using CalDAV Calendars and CardDAV Contacts in cPanel first appeared on cPanel Blog.
Key Reasons Why You Should Upgrade Your Email Security Today – A Plesk Email Security Walkthrough
The post Key Reasons Why You Should Upgrade Your Email Security Today – A Plesk Email Security Walkthrough appeared first on Plesk.
WordPress 5.5.1 is now available! This maintenance release features 34 bug fixes, 5 enhancements, and 5 bug fixes for the block editor. These bugs affect WordPress version 5.5, so you’ll want to upgrade. You can download WordPress 5.5.1 directly, or visit the Dashboard → Updates screen and click Update Now. If your sites support automatic background updates, they’ve already started the update process. […]
August was special for WordPress lovers, as one of the most anticipated releases, WordPress 5.5, was launched. The month also saw several updates from various contributor teams, including the soft-launch of the Learn WordPress project and updates to Gutenberg. Read on to find out about the latest updates from the WordPress world. WordPress 5.5 Launch […]
Distributed Denial of Services (DDoS) attacks can take any website offline. Even Google and GitHub, with their immense resources, struggle to stay online during a large attack. Even worse, anyone with a few dollars can launch one. If you host websites, you and your users could be hit with a denial of service attack big enough to take sites down for hours or even days. However, the worst effects of DDoS attacks can be avoided …
The post How To Survive a DDoS Attack first appeared on cPanel Blog.
Netcraft Extension adds credential leak detection
The Netcraft Browser Extension now
offers credential leak detection for extra protection against
shopping site skimmers.
With brick-and-mortar shops around the world closed due to COVID-19, consumers turned to online businesses to fulfil their shopping needs. According to Adobe’s Digital Economy Index report, US online spending in June was $73 billion, up 76% from $42 billion last year. Even with restrictions lifted, research commissioned by Visa suggests that 74% of Britons who shopped online more often during the lockdown will continue to do so.
Now more than ever it is important to protect against JavaScript skimmers. These are snippets of malicious code which criminals upload to compromised shops. Unbeknownst to the store owner or the user, they transmit entered card details directly to the criminal. Unlike scams such as phishing, which can often be avoided by a vigilant internet user, skimmers are invisible to the human eye without a tool such as the Netcraft Extension to expose them.
Netcraft currently blocks over 6,000 shopping sites which contain skimmers, and even large companies such as British Airways, Ticketmaster and Puma have fallen prey to these attacks in the past.
The Netcraft Extension identifying and blocking a skimmer on an online shop
When you visit a shopping site, the Netcraft extension will
evaluate all requests made by the web page. If a request is found to
be sending credentials to a different domain, the extension
will block the request to prevent your data from being stolen. A block
screen will notify you about the request and provide
information about the malicious behaviour that was detected. Only
card number leaks are currently blocked, but other types of
credentials may be enabled in future updates.
For example, if you check out using your credit card on
exampleshoppingsite.com but your card details are sent to
examplebadsite.com, the extension will block the request. This
checking is done locally and securely in your browser – no sensitive
information is sent to Netcraft.
The extension will also block pages which make requests to
malicious domains that are part of JavaScript attacks.
In addition to shopping site skimmers, the Netcraft Extension also protects against other malicious JavaScript, phishing and fake shops, including those related to coronavirus. The extension is available for Chrome, Firefox, Opera and the new Microsoft Edge based on Chromium.
If you already have the Netcraft Extension installed, your browser
will update it automatically.
cPanel & WHM Server Monitoring: Tools for better control
An influential IBM® engineer once said that measurement is the first step towards control and improvement. He was talking about business systems, but it’s just as valid for servers. You can’t control or improve web hosting operations without monitoring, which is why cPanel & WHM is packed with tools to give you insight into your server’s hardware and software. This article will show you how cPanel & WHM’s server monitoring tools make it easy to …
The post cPanel & WHM Server Monitoring: Tools for better control first appeared on cPanel Blog.
Internet Governance Forum USA 2020 Recap
As freedom of speech and fake news take center stage in the international dialogue, The Internet Governance Forum USA 2020 took these subjects and who is responsible head-on. cPanel’s General Counsel, David Snead, was part of the online panel discussion on “Should online platforms moderate and be accountable for user-created content?”. Other panelists included Former U.S. Congressman Chris Cox, Berkley Professor Hany Farid, Syd Terry – the Legislative Director …
The post Internet Governance Forum USA 2020 Recap first appeared on cPanel Blog.