[SOLVED] Updating WordPress themes and plugins in an organized way for your customers

Challenge: When working with WordPress themes and plugins we’ve noticed that some customers would like to have their own “private” versions of them. This can be a theme created for a customer that the customer paid for or a custom plugin. Obviously a customer who paid for a custom job will not want their product to be available to public for free.

In a lot of cases when doing custom job one will not start from scratch but will have some framework or code to start with. Eventually, you might accumulate a number of plugins and themes that you will be providing to your customers without any or with some slight changes. It can become pretty difficult to keep all these up-to-date. Normally a WordPress repository would be used to keep everything up-to-date but since it’s not an option for the reasons described above a private repository is needed. WordPress doesn’t offer that and code repositories can be difficult and not all of them are free.

We have found a simple way to have a private repository for your customers. Here’s how it will work. You will install a special plugin on your company’s  main website or your development site. You will upload all your custom plugins and themes via the plugin’s interface. You will also need to add some short code to each of your custom plugins and themes (this should only be done once). After that all custom plugins and themes that you installed on your customers’ sites will request updates from your private repository. This way you will have all your custom work organized and always up-to-date on your customers’ sites.  There will be no manual work to do on each site which in conjunction with our WordPress site management system (which we give to our partners as part of our service) will cover all the bases! Also with that you will not need to give your developers access to your customers’ sites which will create even more security.

Here are the features:

  • Good documentation
  • Add very short code to your theme or plugin
  • Keep your custom updates on your site in secure location
  • Work with unlimited versions
  • Updates look and feel like WordPress.org updates
  • No monthly fees
  • Our assistance to get things working and running

Let us know if you’d like to have such a plugin for your setup.

[SOLVED] Solution to a hacked WordPress site

It’s very easy for a WordPress site to get infected with a virus (get hacked). Here are some of the symptoms:

  • Some of the pages will redirect to a malware site and cause your site’s reputation to go down
  • A large amount of SPAM will be sent from your site and therefore blacklisting your server’s IP address
  • Defacement of  your site can happen or some content will get removed.
  • Some plugins might stop working or will get deactivated
  • Lots of PHP errors like: “Cannot add header information – headers already sent”
  • Back-end might stop working or the entire site will display a blank page

Tracking these down and fixing them can be a very time consuming venture and in a lot of cases a restore from a backup is needed but the problem with that is that you will still be vulnerable and have no idea how the virus got in.

So, is there a way to combat these effectively or even eradicate them completely? The answer is yes but let’s first take a look at some issues with current antiviruses and scanners.

All currently existing scanners only look for viruses and not protect against getting infected. Also, not all viruses or threats are detected as they go by signatures and it’s impossible to always have a complete list of those. For example a virus can be inserted in this format: “eval($_POST[‘any_php_code’])” and an security scanner will not see it as this is very similar to regular WordPress PHP code. All these point to how imperfect the scanners are just because it’s nearly impossible to account for all possible variations of infections.

The solution we created prevents any further viruses from being introduced as well as current ones spreading. Once that’s done any scanner can be used to identify and remove the infected files but even if anything gets missed, it’s not a big deal as the viruses will not spread and will be under control.

Our solution is by means of a plugin that works securely within our environment and allows to lock/unlock various parts of WordPress site. The screenshot below shows the settings of the plugin.

Secure Lockdown WordPress 2015-08-28 20-16-27

After the protection is in place no future infections will happen and you can safely scan your site and remove any virus-like files. When moving to one of our annual packages we will be happy to assist you with your infected site and get it cleaned and protected. Happy sailing!

 

2by2 BLOG Creating A Strong Password & Avoiding Weak Ones

Creating A Strong Password & Avoiding Weak Ones

Just like a metal vault is the only thing protecting a banks on site financial reserves, the only thing between you and cyber criminals on the internet is a strong password. You want a drawbridge, moat and a preferably few dozen hungry crocodiles to keep your site safe. But all too often people choose weak passwords because they are easy for them to remember. The problem with this is, they are also easy for someone with malicious intent to guess or crack with password programs.

What is a weak password? In the Mel Brooks Film “Spaceballs”, President Skroob had the combination of his luggage as 1,2,3,4 and they joked that only an idiot would use such. This qualifies as a bad example as even a chimpanzee could crack this combination.

Have a strong password and change passwords regularly
A strong password is long, not predictable, and has numbers and symbols included in it.

How do I create a strong password?
Have it be at least 8 characters in length or longer
Use a combination of upper and lower case letter
Use numbers and punctuation marks
Use one or more of special characters:
! @ # $ % * ( ) – + = , < > : : “ ‘ .
Try to think of something you can remember but would be impossible for a hacker to guess.

Hackers can find information about you especially in the era of social media where people voluntarily openly share information about themselves like on Facebook.

Avoiding Weak Passwords
DO NOT use any personal information in your password: Name, address, phone number, birth date, social security number, names of friends, relatives or pets. Including any of these constitutes a weak password. Just like the 3 little pigs, the hacker wolves will blow your house down if it isn’t made of brick.

You do not want your personal and financial information getting into the wrong hands!!

Using Password Management Software
This is software that helps generate strong passwords. By using this, you would simply need to remember the password for this software. A word of caution however: Avoid accessing password management software on public networks as your data can still be captured at any time. Having your passwords written down in a secure location is another way of maintaining “real world” distance between you and cyber criminals. They’d have to break into your home or apartment and find the password written down then later hack you online. You can see how this is highly unlikely since this is too much work and too risky. Hackers would get caught more easily if they did so which is why they prefer trying to crack passwords from the distance the internet provides.

Remember, when it comes to passwords for your email and website, lock the gate and throw away the key. Then don’t forget to repeat these steps by changing the lock periodically, in case a hacker finds one of your former keys.

The 2by2host Team

Google Favors HTTPS

The Google Tiger Changes It’s Stripes Yet Again

Google has announced they will now favor HTTPS sites higher in their search engine rankings.

What’s the S stand for? Secure. That’s Hypertext Transfer Protocol SECURE. Here sensitive data is encrypted over a Secure Socket Layer (SSL) where it cannot be seen by anyone but the recipient. This is a common practice in personal banking online and customer purchasing information with web based retail shopping carts. Incidentally, you should NEVER type in any personal information like your name, age, address, phone, credit card & social security number on a web page that doesn’t start with https. Otherwise your information is not secure and can be seen by others thus increasing the risk of being a victim of identity theft.

ssl-no-ssl

Search engines function like a skilled cyber librarian. You type in the information you’re looking for at the “reception desk”, the search engine keyword bar, and they retrieve a relevant list of information from their library which is the entire World Wide Web. Websites, and web pages here being analogous to books and specific pages in books.

Anyhow, back to Google’s announcement. The giant search engine sauropod that it is: Googlesaurus. It’s latin species nomenclature being Searchenginus Algorithmus Morpheus. It’s the modern day Holy Grail of internet commerce as pertaining to website and page rankings. It’s simple: if you come up on the first page (or better yet, on the TOP half of the first page) of an internet keyword search, you’ll get more hits, views, sales and so on. Search Engine Optimization (SEO) consultants, companies and specialists study this very thing to do the online equivalent of “Stacking the Deck” in your website’s favor.

Why does this blue and white tech tiger change it’s stripes like this? Is it because they’re great like Tony the Tiger? Are they becoming the HAL for our times?

“Sorry Dave, your website isn’t ranked high enough anymore and I can’t tell you our formula for improving that. Have a nice day.”

Google does this because they can. They’re the proverbial 800 pound gorilla that can sit wherever it wants. They’re also a moving target, and you know it’s more difficult to hit a moving target than a stationary one–or in this case, understand them for that matter, their classified magical algorithm for web site rankings performed during a Google search for results you type in from keywords.

The Google tiger has also been seen flashing the gang sign colors of Milton Bradley’s Twister and true to form, Google does play Twister. Their own variation being search engine Twister, and when they spin “right foot green”, it’s a good idea to get your web site planted on that spot or moving in that direction ASAP. Normally they just spin and don’t announce where the needle lands giving secret hand signals only to their inner circle. This time they have announced “right foot green” and everybody who isn’t there soon won’t make it to the next round–disqualified in some way via their search engine rankings.

What’s interesting about this recent announcement is that they made a change known publicly when they aren’t obligated to do so. They could have kept it a secret like other aspects of their search engine algorithm. One may hypothesize here that they made this public because they want more websites to adopt the https protocol. The 800 pound gorilla is telling you where to sit now.

We go deeper down the Google rabbit hole when we realize that not only do you have to hit this moving target, THEY are the target that determines the hits. Put another way, they just threw another curve ball at the all the SEO companies, teams and experts. In the ballpark of the internet, Google is always the home team as well as the Coach that determines the web site lineup and the strategic formula for the batting order. Everyone else can just try to get a crack at that algorithm just so much before it changes once again–and hope their best “at bat” strategy can get a decent hit high enough to “knock it out of the park” in their search engine rankings.

Way back in 1919, if you said the word “Google” to somebody, people would chuckle or smile thinking you were referring to the American comic strip “Barney Google and Snuffy Smith.” A few years later in 1923, there was a hit pop song about Barney where the lyrics went “Barney Google with the Goo-Goo Googly Eyes. The word Google has gone from a old pop song lyric to now one of the most widely recognized words and companies on the planet. It’s been a last name, adjective, and with the Google juggernaut continuing its momentum into the new millenium, it’s now even a verb: Google it.

Not surprisingly, Barney Google made a reappearance into his own comic strip in 2012. Snuffy Smith “took over” for years as the main character and focus while Barney was an infrequent sideline character. Since the word Google itself has major pull and high keyword currency value these days, that may have had something to do with Barney’s decision to come out of seclusion. His last name is now online royalty, like being knighted by the Queen of Search Engines.

The why Google has done this is simple enough to understand. Websites with additional security protocols will be ranked higher in their search engine algorithm. What this means for your website is another matter. What can you do improve your rankings now? We’ll save you a trip to the Oracle of Delphi or a call to 1-900 NOSTRADAMUS to figure this out. The starting point is we know Google now chooses to see sites that have the additional https security measure as more important in their search engine rankings: this criteria alone now has increased search engine currency value according to the International Bank of Google. It’s currency rate has just been changed, the “stock” value on this feature has just gone up. You’re either going to cash in on it now to some degree or have to buy that stock for your web site portfolio if needed in the near future.

Web sites can acquire the their https status by getting a dedicated IP (Internet Protocol) address and a SSL (Secure Socket Layer) Certificate. We provide both of these options: A dedicated IP address at $2 a month and the SSL Certificate at $50 a month. What the “s” does besides encryption is it validates the site and the company. The SSL Certificate can be viewed by clicking on the lock icon and it will display some information about the site. However, adding SSL to make a site more secure, it does slow down the site loading time.

SHA-1 certificates will cause a warning in the new edition of Chrome browser

Google is working on phasing out support for all SSL certificates that were issued using SHA-1 hashing algorithm. It will do so by displaying a warning in the new Chrome(TM) browser. These changes are expected to take place in November 2014.  Here’s more information directly from Google’s blog.

To help you identify if your site needs a certificate reissued used this tool.

Please keep in mind that SHA-1 root certificates will not be affected by this.

For cPanel/WHM users. There’s currently no way to generate a SHA-2 request unless done from shell. Here’s how to do it from SSH:

openssl req -new -newkey rsa:2048 -nodes -sha256 -out www.mydomain.com.sha256.csr -keyout www.mydomain.key -subj “/C=US/ST=TX/L=USA/O=SOMETHING/CN=www.moydomain.com

Be sure to replace the values in that with the correct ones.

C = 2 character country code
ST = State/Province
L = City/Locality
O = Organization
CN = Common Name (domain name)

 

Science & Technology

Google, stock photos, chrome, internet, various, computers, stock photos

FrontPage Extensions – 2by2host.com

FrontPage Server Extensions allow applications like Microsoft FrontPage, Microsoft Expression Web or Microsoft Office SharePoint Designer to communicate with your hosting account. These programs are HTML editors and allow you to create a site locally on your computer and then upload them to your web hosting account.  They also allow you to make changes to you live site directly but this is not a good practice as it will create errors on your live site.

All this sounds interesting until the stuff behind the scenes is revealed.

  • They use HTTP protocol for communications which is open text and is not secure at all
  • Microsoft stopped supporting them in 2006

These two reasons should be good enough to not use them, especially that there are very good alternatives like WebDAV (Web Distributed Authoring and Versioning) which is an extension of HTTP or FTP (File Transfer Protocol). Although, these are still insecure but they are much more stable alternatives to FronPage Extensions. We recommend using FTP as it’s fast, reliable and should be available with any hosting account.

Here’s what one of our customers had to say after switching to FTP.

“This is great, Expressions Web is just as good as FrontPage if not better, ftp is just as good as http if not better, and I can now retire the old computer.”

Using HTML editors is still an old way of doing things. If you want to have an easy and secure secure way to manage your site, there are online site manager applications like WordPress that are much more powerful and have a lot of different features.

FrontPage Extensions

How to create cpanel database

It’s a matter of a few clicks to create a database in hosting cpanel. (This article only applies if your hosting provider is using cPanel).

Follow these simple steps:

  • Log in to cPanel for your web site (Normally located at yoursite.com/cpanel)
  • Locate the “MySQL Databases” icon and click on it
  • Under Create New Database type in the name for your database (it can be something simple like db or more concrete like wpdblive)
  • Click the “Create Database” button
  • All done!

This will add an empty database to your account which you can now populate with data which is normally done while installing software or importing particular records.

 

Science & Technology

This is how a database feels when no user has been assigned to it!

SquareSpace or not?

SquareSpace can be a good solution for a personal website. Their platform has a lot of options for building your site, weather it’s for blogging or just a regular site.  Those tools however come at a high price: and that’s not being able to have complete control over your environment and being stuck with their hosting. If their system doesn’t have something you need to have, chances are you will never get it. For example, if you need a widget that does certain things, there’s no way to get it on SquareSpace. You are also stuck with their analytics and other similar tools. Oh, did I mention? “You have to learn how to use their tools”. People constantly look for developers who can assist with building their SquareSpace site. This makes you wonder how it can be different from any other website builder. Some people however do like website builders a lot and are willing to suck up the limitations they impose. In either case SquareSpace is not a perfect solution and should be considered very carefully.

 

Business & Finance

PHOTOS: Squarespace Office Tour