Archive for blogging

Check These WordPress In’s and Out’s

Have You Checked These Out

Working on the Weekends

There’s no rest for the wicked, as the old saying goes. Have you tried any of our quick Weekend WordPress Projects?

Free WordPress Ecommerce Ebooks

Free WordPress Ecommerce Ebooks

 

Whether you’re totally new to using WordPress for ecommerce or a freelancer developing WordPress ecommerce websites for clients, we have a library of free ebooks to help. These ebooks cover everything from digital product ideas to how to scope and price ecommerce projects.

Download all 5 WordPress Ecommerce Ebooks: 

 

The WordPress Ecommerce Opportunity

Ecommerce for Everybody

How to Create Your First Ebook

WordPress & Ecommerce: A Simple Guide for Selling Products Online

Join the Club: How to Create a Membership Site

“Heartbleed Bug” OpenSSL Vulnerability Affecting Internet Community

“Heartbleed Bug” OpenSSL Vulnerability Affecting Internet Community

hbapril10.png

Summary

The Heartbleed bug (http://en.wikipedia.org/wiki/Heartbleed_bug) is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1.f.

This vulnerability allows an attacker to read chunks of memory from servers and clients that connect using SSL through a flaw in OpenSSL’s implementation of the heartbeat extension.

OpenSSL provides critical functionality in the internet ecosystem, and therefore vulnerabilities, such as Heartbleed, have a significant impact on digital communications and their integrity.

What does this mean for WHMCS installations?

SSL is an important protocol for securing web traffic, and thus securing web requests for logins, order transactions, etc.. WHMCS, like all web applications, must rely on web servers to correctly implement the SSL protocol. WHMCS as a web application cannot patch the Heartbleed vulnerability, nor can we mitigate its effects. However as a member of the internet community, we feel it’s important to raise awareness of the risk and ensure that our users check that their server is protected.

How do I check if my server is protected?

Essentially, there are three ways you can verify if your server is protected:

1) You can open a support ticket with your hosting provider.

2) You can leverage a third party scanning tool via the web.

Below are three such sites that the community deems reputable and trustworthy. You simply enter your website and it will let you know:

3) You can run a scanning tool locally on your server. One such tool is:

https://github.com/n8whnp/ssltest-stls/blob/master/ssltest-stls.py

What do I do if my server is not protected?

Contact your local system administrator or hosting provider immediately! They will have the technical expertise to update the OpenSSL libraries on your server to protect your SSL communications going forward.

Once I have patched my server, is there anything else I need to do?

Due to the nature of the vulnerability it is not possible to immediately know what information, including private keys, passwords, or session ID’s, may have been compromised. Attacks that leverage the Heartbleed bug occur very early in an information exchange process, before a full connection has been made, and thus leaves no log history that an attack has occurred.

We recommend that you take precautionary action and regenerate all SSH keys as well as reissue all SSL certificates in use.

If you have purchased SSL certificates directly from WHMCS or resell SSL certificates through Enom, you can find more information on how you and the SSL provider can reissue your certificates here: http://docs.whmcs.com/Reissueing_Enom_SSL_Certificates

We also recommend that you take precautionary action concerning passwords used to authenticate against your WHMCS installation. This would include resetting administrative passwords as well as contacting your customers and asking them to reset their passwords. A step by step guide and sample email template are provided here: http://go.whmcs.com/386/heartbleed-pw-reset-email-tutorial

How has WHMCS servers and my account been affected by Heartbleed?

The WHMCS website, our public servers, and the whmcs.com SSL certificate end point were not vulnerable to the Heartbleed bug when it was publicly disclosed on April 7th 2014.

Any secure communication with our servers, such as logging into the members area, would not be affected by any attacks following the public disclosure of the Heartbleed bug.

The Heartbleed bug has had a profound impact on the transmission of secure data throughout the Internet. It is for that reason that we are encouraging our customers to reset their member area passwords at their earliest convenience as a matter of common password maintenance. Please remember to always make your passwords unique, random, and periodically rotate them.

WHMCS is in the process of emailing all active clients to inform them of this blog post. That email also contains a direct link to the whmcs.com password reset function as a precautionary measure.
Posted by Matt on Friday, April 11th, 2014 at http://blog.whmcs.com/?t=88022


Bloggy Goodness

Bloggy Goodness

How To Ease The Load Of Sending Email From WordPress

Building WordPress Awesomeness

We’ve Got All Kinds of Awesomeness On Our Blog

Each and every day we update our blog with all you need to know to build your business around WordPress.

Weekend WordPress Projects

If you’ve got a hour spare, why not give one of our Saturday or Sunday projects a go?

How to Turn Off Post Revisions

There’s Lots More On the Blog!

There’s Lots More On the Blog!

Our Blog

We’ve Got All Kinds of Awesomeness On Our Blog

Each and every day we update our blog with all you need to know to build your business around WordPress.

Top Blog Posts of the Year 2013

Top Blog Posts of the Year 2013

A New Years email wouldn’t be complete without a ‘top 10’ list!

Be sure you have read, shared and bookmarked all of these.

*List was created from stats of most visited posts of the year…

Targeting Your Site

Aiming at two groups of people

The most successful websites are those designed with their target audience clearly in mind. Your target audience is simply those people who you hope to attract to your site. Good church websites are hard to create because they must reach two target audiences, not just one. The key to ensuring that your website works well is to design according to the different needs of these two audiences. Your first and most important audience is those people who are not yet Christians but who are considering coming to your church (perhaps because they have a friend or neighbor who goes, but they want to find out more). The church website offers them an ideal way to find out about the church and the Christian faith in an anonymous way before taking the plunge and coming along in person. Your website’s second audience is your existing church members. This group is less important than the first, simply because there is probably little which you can place on the website that they don’t already know, or can’t easily find out from another source. So do provide information relevant to church members, but not at the expense of making the site inaccessible to your main audience of non-churchgoers.

Providing relevant content

The key to good design is to ask yourself what the members of each target audience are looking for when they visit your website. Potential visitors to your church probably want to know:

  • ·         Is this church weird, or do normal people go as well?
  • ·         What do Christians believe?
  • ·          Why do people go to church?
  • ·         Where is the church?
  • ·         How do I get in touch?
  • ·         What times are the services?
  • ·         Which service should I go to?
  • ·         Are there facilities for children?

Many church websites do not answer these sorts of questions. We often come across sites which look good, but which don’t rate very highly because they are not focused on the needs of non-churchgoers. By contrast, a good church website is aimed primarily at those who do not yet come to church.

The sort of information which church members may look for on the website is very different. They are more likely to ask questions like:

  • ·         Who is preaching next Sunday?
  • ·          When is the next WELCA/Council meeting?
  • ·          Is the prayer meeting on Tuesday or Wednesday?

Since the questions which church members are asking is so very different from that asked by other visitors, it is almost impossible to write one page which is interesting to both sets of visitors. Either you end up giving church members information they already know, in which case they won’t bother looking at the website very much, or you confuse potential church visitors. The solution is to have different pages for different audiences. For example, to tell people about the Sunday services create one page containing the basic information which an enquirer might need to know (e.g. service times), and then provide a link to a second page which contains detailed information for church members (e.g. who is preaching). If this is done throughout the site then you will achieve your aim of providing a website which is welcoming and informative for both your casual visitors and your church members.

An additional audience

There is a third group of people who will visit your site, namely those people who are already Christians but who don’t go to your church. Perhaps they go to another local church and came across your website, or perhaps they recently moved into the area and are looking for a church. Whoever they are, there is no need to design your website to reach these people. If you have followed the advice given above, your site will already welcome them and provide all the information they need to know.

Defend our freedom to share …

On the web for the past several weeks and months, the Stop Online Piracy Act and Protect IP Act currently before Congress, if passed, would have serious consequences for the internet and would change the landscape drasticly.

The real question is how should society best balance the needs of the copyright holders and the  public using the internet, when sharing content is increasingly becoming the status quo. There are no easy answers.  We all need to be concerned about how this develops. Wikipedia’s FAQ provides a lot of information.

In a talk, Clay Shirky provides some background and brings forth the real issues.