Month: October 2017

Heads Up: WordPress 4.8.3 Security Release

WordPress released version 4.8.3 today, which includes a critical security patch. WordPress is advising that all versions 4.8.2 and earlier are vulnerable to SQL injection attack, and that all sites using WordPress should be updated immediately.  The vulnerability in question is related to the $wpdb object where $wpdb->prepare() can create queries that allow attackers to inject malicious code into the MySQL database that powers the site. WordPress is reporting that the vulnerability does not impact core application files, but may impact plugins and themes that use WPDB. The security team has added hardening to prevent these add-ons from inadvertently creating the vulnerability.

We are recommending that all WordPress sites be updated immediately. If you have enabled automatic updates, these should complete within the next 24 hours. Additionally, all plugins and themes associated with your WordPress sites should be updated to their latest vendor provided versions. This will help to ensure your site is not compromised.
It is also recommended that you utilize a malware and vulnerability scanner, such as those provided with SiteLock INFINITY to prevent infections on your site.

endpoint security

Decoding Security Episode 104: Endpoint Security

In this week’s episode, we’re celebrating Halloween and National Cybersecurity Awareness Month with a scary question: what happens when cybercriminals attack the technology we rely on? Recent cyberattacks have targeted power grids and  Wi-Fi networks, but everyone, from organizations to individuals, can fight back with a complete cybersecurity suite that includes both website and endpoint security.

In our latest Decoding Security podcast, Website Security Research Analysts Jessica Ortega and Michael Veenstra share how to complete your security portfolio by protecting your business’s physical workstations and website applications with both endpoint and website security solutions. They also discuss recent Bad Rabbit infections and last week’s WordCamp Phoenix event. 

Missed our last episode: Securing Your Website? Don’t worry, you can now subscribe to Decoding Security on YouTube, as well as  your preferred podcasting service, including iTunes and Google Play!

And if you’re looking to complete your own cybersecurity suite, check out SiteLock INFINITY for a complete website scanning package!

SiteLock Digital Kids Fund Campaign 2017

‘Tis the season to give back, and at SiteLock we are extremely passionate about giving back to the communities where we live and work. We are especially dedicated to supporting STEM (Science, Technology, Engineering and Math) programs for schools in need, and helping to inspire the next generation of technology innovators and pioneers!

According to the U.S. Department of Commerce, in the last decade employment in STEM jobs has grown 24.4%, making it vital that children in school today have access to the necessary tools to keep up with and continue growth in this field.  However, most states provide less support per student for elementary and secondary schools than before the Great Recession. In an effort to bring continued awareness to this ongoing issue, SiteLock established a Digital Kids Fund in 2015 to help fund technology-based projects at local schools in Arizona. For every SiteLock product purchased by WordPress customers, SiteLock donates $1 to the fund.

In 2016, SiteLock partnered with DonorsChoose.org, an organization that makes it easy for anyone to help a classroom in need, to fund STEM-related projects in schools in the Phoenix, Arizona and Jacksonville, Florida areas. Through their donation, SiteLock was able to support 198 projects benefitting 19,992 students at 141 schools.

This year, SiteLock has once again joined forces with DonorsChoose.org to fund STEM projects for schools in the Phoenix and Jacksonville areas. To help drive additional advocacy and internal support, SiteLock is allocating additional funds to employees so they can individually choose a STEM-related project to fund.

At SiteLock we are reminded every day of the importance technology plays in our lives and work. Unfortunately, kids go to school every day without the necessary tools to be successful. Through our partnership with DonorsChoose.org and the Digital Kids Fund, we are excited to play our part in helping inspire the next generation of technology experts in our local communities.

As we enter the season of giving, here are some ways you can help too!

  • Share this post
  • Donate to one of the SiteLock match donation programs
  • Donate to projects of your choice at DonorsChoose.org

 

 

 

$1 of the purchase price from the sale of every SiteLock product purchased by WordPress customers from 10/1/17-10/1/18 will be donated to the fund* to support classroom projects on DonorsChoose.org.
*Up to $50,000 annually. This contribution is not tax deductible by purchasers and sales must be made through SiteLock.com or a SiteLock representative.
security research

What is Cybersecurity?

As high-profile data breaches, such as Equifax, continue to dominate headlines,  the topic of cybersecurity – or lack thereof – has commanded greater attention. The word ‘cybersecurity’ has become the media’s latest buzzword…and for good reason. New research reveals that websites experience 63 attacks per day, per website on average – this is an upsurge from the reported 22 attacks per day in 2016.

It has become clear that regardless of a company’s size or industry, data breaches are inevitable. That said, it’s important to fully understand what cybersecurity is, as well as the different types of cybersecurity, so you can protect your business, personal information, and stay informed with what’s happening in the industry.

Read More

Decoding Security Episode 103: Internet of Things

Internet-connected devices can make our lives easier, from home assistants like Amazon Echo, to interactive toys like CloudPets. However, they’re also inherently insecure and easily hacked, a factor many overlook in favor of convenience.  In our latest Decoding Security podcast, Website Security Research Analysts Jessica Ortega and Michael Veenstra discuss the risks of using internet-connected  devices in our everyday lives, and the costs of security versus convenience.

Missed our last episode: Securing Your Website? Don’t worry, you can now subscribe to Decoding Security on YouTube, as well as  your preferred podcasting service, including iTunes and Google Play!

A Short History of the WordPress Plugin

WordPress plugins allow users to completely customize their website features and experience for visitors, and  also serve as a mainstay of the WordPress experience. It’s safe to say that without them, WordPress wouldn’t have grown to power over 28% of the internet. But did you know that WordPress used to exist without plugins? In this post, I’ll give you a short history of when and why plugins came to be and what the future holds for WordPress because of them.

Read More

SiteLock Website Security Insider

Introducing the SiteLock Website Security Insider

SiteLock is excited to announce the publication of its first quarterly website security report, The SiteLock Website Security Insider Q2 2017!

The SiteLock Website Security Insider Q2 2017 includes analysis and trends based on proprietary data from over 6 million websites. The report delivers exclusive insight into the most common threats website owners faced in Q2 2017, including:

Read More

WordCamp Portland 2017 – Not Weird at All

The SiteLock team recently traveled to Oregon for WordCamp Portland where we had a sponsor table and met  many (if not most) of the attendees. It was a busy camp morning for me because I also presented a session titled “5 Steps to Personal and Website Security“. I’m happy to report that my session was received very well among the WordCampers.

The Sponsor Experience

First and foremost, I want to give a shout-out to the #WCPDX organizers. They did an excellent job ensuring the sponsor tables were placed in a room that received steady traffic. The tables were set up between the session rooms, also conveniently located next to the coffee, water, and other refreshments.

The Talks

As with most WordCamps, the session topics were relevant to all types of WordPress users, and the session times were 35 minutes, plus 10 minutes at the end for Q&A. However, there were also lightning talks of 10-15 minutes, which were informative and entertaining.

Ethan Clevenger’s lightning talk discussed how to succeed as a freelancer, and in particular, the reasoning behind raising your prices and how to avoid the fear of making less money. Not only did his talk give valid advice on increasing your revenue while reducing your need to “constantly chase new clients,” but Ethan was also pretty hilarious in the delivery of his content.

In Praise of the Side Project: Learn New Skills, Make Money, and Have Fun.

Rachel Cherry is a Senior Software Engineer at The Walt Disney Company and delivered a unique and inspiring talk to those in attendance. She showed proof that side projects can lead to bigger things like Apple, Twitter, and even Gmail. The point she made though, was that they don’t always have to, sometimes side projects can simply be for testing the waters. This could include learning a new software package, drafting a blog about your favorite food to improve your writing skills, or building websites to razz your friends (#hiroy). Judging by the comments after, her talk made those in attendance feel at ease and less worried about their half-done projects.

Automating Your Workflow

Andrew Taylor’s talk about automation was great. Specifically, automating as much of your daily workflow as possible in order to put processes in place that you can rely on. This also allows you to be more productive. Even though it was a lightning talk, he packed in both the philosophy behind continuous integration and some actual methods he uses in his day-to-day routine.

Don’t Waste Your Content: Repurpose and Keep It Alive

Bob Dunn, more commonly known as BobWP online, delivered a great talk on why and how to repurpose any content you’ve created. He’s been blogging for ten years and produces three successful podcasts. How does he do it? You guessed it, repurposing content in order to save time and meet the needs of his different audiences.

A Little Fun and Frustration with Our Raffle

We always try to do something a little special at WordCamps, in addition to giving out webcam covers and t-shirts. In Portland, we raffled off an Amazon gift card, which was a fun experience. When reading the winning ticket numbers, we had to go through A LOT of them before we finally had a winner. It actually turned out to be pretty entertaining and helped build anticipation.

By all accounts, WordCamp Portland was a great event and one I know we’ll be back to next year. If you weren’t able to attend and you’d like to know more about SiteLock, I encourage you to read more about our company and products, like malware scanning and auto-removal, as well as our web application firewall options.

See you next year!

secure your website

Decoding Security Episode 102: Securing Your Website

In light of the recent Equifax breach, you may be wondering how you can secure your website and prevent a similar event from happening to you. Join Web Security Research Analysts, Michael Veenstra and Jessica Ortega, for a refresher course on the basic steps every website owner should take to protect their website from hackers and cybercriminals.

If you found this week’s episode helpful, visit Decoding Security on your preferred podcasting service, including iTunes and Google Play, to leave a review and subscribe so that you don’t miss future episodes!

Powered by WordPress & Theme by Anders Norén