Education Center

Safe web browsing and internet security is more important today than it has ever been. Everyday we hear about another major website being hacked and their service going down, or customer data being compromised. It happens to the best of them, Amazon, Twitter, Facebook, they have all experienced these problems, and the sad truth is, it could happen to your website too.

We need to be diligent in protecting our website and data by ensuring the web server software is up-to-date, that your Content Management System and plugin software is up-to-date, that security monitoring is in place, and website backups are running daily. But there is another step we can take to help protect our website and visitors, and that’s using SSL and HTTPS.

SSL stands for Secure Sockets Layer, and is the standard security technology used to create an encrypted link between a web server and the user’s web browser. Think of this connection like a tunnel between your website and your users. There is only one way in and one way out and all data sent between them is kept private and secure.

To create this secure connection you first need to purchase and install an SSL Certificate on your web server. You will need to answer a few questions about the identity of your company and website and then two cryptographic keys will be generated, a Private Key and a Public Key.

The Public Key is placed into a data file called a Certificate Signing Request (CRS) and is submitted to the Certification Authority that will validate your details and issue the SSL Certificate. Your web server will then match your issued SSL Certificate to your Private Key establishing an encrypted connection to your user’s web browser.

The encrypted connection is made over HTTPS (Hyper Text Transfer Protocol Secure) and will display https in the website address bar along with a closed padlock symbol.

Why do you need SSL?

SSL data encryption secures your website visitor’s connection, an when people see that padlock icon in the web address bar, they feel a little safer and trust visiting and shopping on your site. It also helps to limit your security liability knowing that the connection isn’t being compromised by a hacker trying to capture sensitive data.

Google and other search engines like secure websites. They are recommending you just by displaying your website in their search results. If they know your site is secured by SSL, they will be more likely to rank you higher in the results than your competition who aren’t using SSL.

If you have an e-commerce site, membership site, or are collecting some form of sensitive data, SSL is a must!

In the past to purchase, configure and install an SSL certificate on a website could get pretty expensive. But with the different options available today, it’s never been more affordable to secure your site.

As part of Current Media Group’s Managed WordPress Hosting and Support, we offer basic SSL encryption for free.

Need help deciding what WordPress hosting plan and SSL certificate is right for you? Feel free to give us a call at 973-862-8687 for a free no obligation consultation.

WooCommerce is the most popular shopping cart plugin for WordPress powered websites and is used to sell everything from physical products, digital downloads, memberships, subscriptions, and much more.

Out of the box WooCommerce has five preinstalled payment gateways including PayPal, but with the additional Free Stripe Payments extension, you can accept credit card payments and now Apple Pay.

When a user visits your Apple Pay enabled store from their compatible device, they simply click the Buy with Apple Pay button and are then prompted to Pay with Touch ID. The system will automatically send the required shipping and billing information and process the payment, making the entire buying process much faster and easier. If the user’s device is not Apple Pay compatible, the Buy with Apple Pay button will not be displayed.

What about security?

We are firm believers that you should NOT store credit card and other sensitive information on your web server. PCI compliance is very difficult to maintain and the liability is great should the server ever become compromised. This is where a payment gateway like Stripe really shines. All of the sensitive data is passed securely through your website via HTTPS to the Stripe servers for processing and is never stored on your web server.

As Apple Pay and other tap and pay methods are gaining in popularity with tech users, there is still a perception of security risk with general consumers. Security and privacy is at the core of Apple Pay. When a credit or debit card is added to Apple Pay, the card numbers are not stored on the device or on the Apple servers, but instead a unique device-specific number is assigned, encrypted and securely stored on the user’s device. Then each transaction is authorized with a one-time dynamic security code.

Stripe’s Apple Pay feature is currently only available in 10 countries including Australia, Canada, Switzerland, Spain, United Kingdom, France, Hong Kong, New Zealand, Singapore, and the United States. If your country is not listed, sign up to be notified when it becomes available over on the Stripe Apple Pay website page.

If you need a new e-commerce website, or a shopping cart added to your existing WordPress website, contact Current Media Group today at 973-862-8687 for a free no obligation consultation to discuss your needs.

WordPress issued a security release, version 4.7.3, and is now available for update.

This update addresses six security issues;

1. Cross-site scripting (XSS) via media file metadata.
2. Control characters can trick redirect URL validation.
3. Unintended files can be deleted by administrators using the plugin deletion functionality.
4. Cross-site scripting (XSS) via video URL in YouTube embeds.
5. Cross-site scripting (XSS) via taxonomy term names.
6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

In addition to addressing the security vulnerabilities, WordPress 4.7.3 contains 39 maintenance fixes.

You can download this latest version from WordPress.org or update your existing install by going to your Dashboard > Updates, and clicking the link to update.

You can learn more about this security release here.

Since Current Media Group provides Managed WordPress Hosting, our clients don’t have to worry about upgrading their websites to version 4.7.3, because we take care of that for them. We backup the website files and database, run the core update, and then confirm the website is loading properly before going live. If we detect a problem, we’ll automatically roll it back to the state it was prior to the update and inform our clients of the issue. Automatic WordPress core updates is just one of the great features you get with our Hosting and Support plans.

A Content Management System or CMS, is a web-based application that enables users to create, edit, organize, and publish websites using their web browser. Content Management Systems are perfect for non-technical users and gives them the ability to update content on their website without knowing how to code or having to rely on a website developer.

Most content can be easily updated through the CMS Admin interface and can be done from anywhere in the world, all you need is a computer and internet connection.

There are many Content Management Systems available and among the most popular are Drupal, Joomla and WordPress. Each CMS platform has their own unique structure and method of doing things, and of course they all have their own strengths and weaknesses. Every CMS developer has their preferred platform and at Current Media Group we have chosen to use WordPress.

Why We Use WordPress

WordPress is the most popular CMS platform out there owning 50-60% of the global CMS market and it powers over 40% of all sites on the web. WordPress is very flexible and enables us to build just about any kind of website our clients can think of.

WordPress is also very client-friendly to use and gives them the ability to update content, manage files and documents, and even make tweaks to the design and functionality. As part of our WordPress Managed Hosting, we offer a full online WordPress Training video library to help get clients up and running quickly.

Check out our “What is WordPress?” article to learn more.

If you don’t have the time, or would rather someone else maintain your WordPress powered website, Current Media Group’s Support Service is for you. You’ll have peace of mind knowing that we’re keeping your website up-to-date, backed up, secure, and running fast.

If you need help deciding if WordPress is right for you, or if you want to learn more about our Hosting and Support options, feel free to give us a call at 973-862-8687 for a free no obligation consultation.

WordPress is an open-source, online publishing tool you can use to create your own website or blog. It was released in 2003 and initially used by a handful of people, but over the years it has grown to become the most popular website publishing platform in the world powering more than 42% of all sites on the web.

WordPress has always been thought of as “just a blogging tool”, but it’s so much more than that. It’s also a powerful Content Management System (CMS) that allows you to build and manage your own website and has the flexibility to change the design and add features through the use of Themes and Plugins.

Think of WordPress as an application that runs on a computer similar to Microsoft Word. But instead of it running on your local computer, it runs on a remote computer called a web server. Using your web browser, you access the WordPress application to build and display your site to the world.

What does “open-source” mean?

WordPress is an open-source platform, which means the source code used to create the application is made available to the public for free. Hundreds of volunteers from all around the world are constantly creating and improving the WordPress core, and there is a thriving community of developers creating both free and paid Themes and Plugins to expand the software’s capabilities.

The WordPress Foundation has committed to upholding the Open Source Initiative (OSI) mission and Open Source Definition through the OSI Affiliate Agreement. You can read more about the initiative here.

Themes and Plugins

Themes are software extensions that you install under the WordPress application to create the design of your website. They control the layout of your pages, colors and fonts, and some functionality.

Plugins are software extensions that add features like contact forms, social sharing buttons, shopping cart, etc., and extend the functionality of your website.

With the thousands of free and premium Themes and Plugins available, you can build just about any type of website you can think of.

Why You Should Consider Using WordPress

Open-source and Free – The WordPress software is open-source, which means it’s free!

Easy to Learn – If you can use software like Microsoft Word, then it will be easy for you to learn WordPress. As part of our WordPress Managed Hosting, we offer a full online WordPress Training video library to help get you started quickly.

You Own It – Most online website builder services use proprietary software. That means when you build your website using their service, they own the site, not you. If you should decide that you want to move to another provider, you’ll have to build your website all over again from scratch. WordPress is free, and many of the Themes and Plugins that you can use are free. That means you own it and can take it with you from one provider to another.

Search Engine Optimized – WordPress was designed to make it easy for search engines like Google and Bing to find and rank your website. Using available SEO Plugins, you can tweak and refine your content to help you rank higher in the search results and get discovered by your potential clients.

You’re Not Alone – WordPress owns 50-60% share of the global CMS market, no other CMS platform even comes close. Some of the biggest companies and news organizations out there trust in the power of WordPress including Sony Music, Adobe, New York Observer, New York Post, TED, USA Today, CNN, Fortune.com, TIME.com, National Post, Spotify, TechCrunch, Toyota, and NBC to name a few. But don’t let those big names scare you, WordPress is used by small companies and startups everyday to build their online presence, sell products, creative portfolios and membership sites, and so much more.

Check out the WordPress Showcase to see more examples of who’s using WordPress.

Need help deciding if WordPress is the right choice for you?
Feel free to give us a call at 973-862-8687 for a free no obligation consultation.

SUCURI, a leading WordPress security company, announced their finding of an SQL injection vulnerability in the popular NextGEN Gallery plugin.

This vulnerability can be exploited by attackers in at least two different scenarios:

1. If you use a NextGEN Basic TagCloud Gallery on your site.

2. If you allow your users to submit posts to be reviewed (contributors).

If you fit into any of these two cases, you’re definitely at risk.

This issue existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query; which is basically the same as adding user input inside a raw SQL query. Using this attack vector, an attacker could leak hashed passwords and WordPress secret keys in certain configurations.

SUCURI advises updating to the latest version of the NextGEN Gallery plugin now.

You can read more about the SQL injection vulnerability on the SUCURI Blog.

At Current Media Group we take security very seriously. With our Managed WordPress Hosting, we make sure that our client’s websites are backed up daily, and protected with multiple firewalls throughout our enterprise-grade infrastructure. Our real-time security threat detection, and security audits and code reviews help to keep client’s sites safe. Should a website become compromised, we will immediately take action to find the exploit, remove the malicious code, and have the site back up and running in no time.

WordPress issued a security release, version 4.7.2, and is now available for update.

This update addresses three security issues;

1. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

You can download this latest version from WordPress.org or update your existing install by going to your Dashboard > Updates, and clicking the link to update.

You can learn more about this security release here.

Since Current Media Group provides Managed WordPress Hosting, our clients don’t have to worry about upgrading their websites to version 4.7.2, because we take care of that for them. We backup the website files and database, run the core update, and then confirm the website is loading properly before going live. If we detect a problem, we’ll automatically roll it back to the state it was prior to the update and inform our clients of the issue. Automatic WordPress core updates is just one of the great features you get with our Hosting and Support plans.

Code name “Pepper” in honor of the jazz baritone saxophonist Park Frederick “Pepper” Adams III, WordPress version 4.6 is now available for download or update in the WP Admin.

The new features of 4.6 were designed to “help you to focus on the important things while feeling more at home”. For example, the Streamlined Updates feature keeps you on the same page while updating, installing, and deleting plugins and themes. The Admin Dashboard now uses the Native Fonts that you have on your computer rather than loading web fonts from the internet. This makes for faster Admin page load speeds which are always welcomed 😉

Editor improvements include an Inline Link Checker the will validate the URL is working properly, and the Content Recovery feature will save you progress in the browser so if you lose internet connectivity you won’t lose all your hard work.

You can read more about the geeky improvements under the hood on the WordPress blog.

We recommend confirming WordPress 4.6 compatibility with all of your plugin developers prior to updating your website. Also, be sure to run a full backup of your site’s files and database just incase there is a problem.

Since Current Media Group provides Managed WordPress Hosting, our clients don’t have to worry about upgrading their websites to version 4.6, because we take care of that for them. We backup the website files and database, run the core update, and then confirm the website is loading properly before going live. If we detect a problem, we’ll automatically roll it back to the state it was prior to the update and inform our clients of the issue. Automatic WordPress core updates is just one of the great features you get with our WordPress hosting plans.

SUCURI, a leading WordPress security company, announced their finding of an SQL injection vulnerability in the popular Ninja Forms plugin.

The Ninja Forms plugin is installed on over 600,000 WordPress websites, and SUCURI is giving this a risk rating of Dangerous and should be updated to version 2.9.55.2 (or later) which fixes the vulnerability.

The exploit requires the attacker to have an account on the WordPress website. The privilege level doesn’t matter, meaning even a Subscriber could exploit this vulnerability.

The attacker using this bug could acquire the site’s usernames and hashed passwords, the WordPress secret keys, and other data.

You can read more about the Ninja Form plugin exploit on the SUCURI blog.

At Current Media Group we take security very seriously. With our Managed WordPress Hosting, we make sure that our client’s websites are backed up daily, and protected with multiple firewalls throughout our enterprise-grade infrastructure. Our real-time security threat detection, and security audits and code reviews help to keep client’s sites safe. Should a website become compromised, we will immediately take action to find the exploit, remove the malicious code, and have the site back up and running in no time.

The WooCommerce team just announced version 2.6.4 of their plugin is available for download from WordPress.org or as an automatic update in the WP Admin.

This release squashes some bugs and addresses a few security issues, so if you’re using WooCommerce, be sure to backup your website files and database before running the update. You can learn more about the release here.

If you’re not familiar with WooCommerce, it’s probably the most popular e-commerce plugin for WordPress used today and has over 1 million installs. The base plugin is incredibly powerful out of the gate and gives you a ton of features to sell your products and services. Because of its extensibility and dedicated community of developers, there are a huge number of free and paid add-ons that you can install for even more features and functionality.

Many photographers are already using WooCommerce on their WordPress powered websites to sell digital downloads of their photos and even printed products. They are also using it to manage their event photography viewing and purchasing process through one streamlined interface.

If you’re looking for a solution to sell your products on your own website, WooCommerce is definitely worth a look. If you’re new to WooCommerce and need a little help getting started, Current Media Group has an entire video training series available as part of our Advanced WordPress Training library.