In our series on managing WordPress updates, we’ve discussed how crappy it is when your website breaks, and examined lots of solutions to avoid it ever happening. One of the things we strongly recommend is having a good backup process in place.
Page 13 of 62
Welcome to the second article in our Making Security Makes Sense to Clients series.
In our first post, I talked about the importance of securing your own site first, and what can happen if you don’t. If you’ll recall, a website hack ruined my first internet business and I want to make sure you’re doing all you can to mitigate the risks to your own website, and those of your clients.
Let’s assume your own site is secured. Great. Now, what about your client sites? Are you actively implementing basic security best practices on the sites you hand over? This post will talk about why securing your clients’ websites is important to your immediate and long-term business.
The Equifax breach dominated headlines in September 2017, and is once again making news. Last week former Equifax CIO, Jun Ying, was found guilty of selling all of his company stock, knowing it would soon be worthless, before the 2017 security breach was made public. In other cybersecurity news, your Decoding Security hosts also discuss the recently disclosed RyzenFall vulnerability, which could allow cybercriminals to copy data from secure areas of millions of computers.
Returning to WordCamp Miami this weekend was like a homecoming for me. I first attended in 2013 where I met many of the people I now call my friends and colleagues. These connections also eventually led to my current Open Source Community Manager position with SiteLock. Although I’ve been in the WordPress space since 2005, these past five years have seen massive growth in both the software we all know and love, and for me professionally.
We know updates are important! We also know updates can potentially break your site. When your LIVE SITE breaks, it’s a huge deal and can be time consuming and costly to fix – both in terms of technical support, and lost revenue. A much better solution is to first do your updates on a version of your site that ISN’T live, a site that is an exact duplicate of your live site. A site that can break without causing pandemonium in your life. This site is called a Staging Site, and it’s the recommended way to make updates and changes before doing them on Live.
On March 13, 2018, Joomla! released a security update in version 3.8.6. This update addresses a SQLi vulnerability found in the User Notes component. The notes section allowed for malicious code to be passed to the database. The update released by Joomla! limits input into the notes field to plain text and disallowing code. It is highly recommended that Joomla! users update their applications as soon as possible to address this vulnerability and avoid possible compromises. Thanks to its included continuous scanning, SiteLock Infinity users will have their applications patched quickly and automatically.
In addition to the SQLi vulnerability fix, version 3.8.6 included 60 other bug fixes and feature updates including:
- Session management improvements
- Hide configuration and system information from non-super users
- Delete existing passwords when user passwords are changed
- PHP 7.2 compatibility fixes
In order to take advantage of bug fixes and improved features, users must complete the full version upgrade even if they have patching services.
If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock Infinity. We are available 24/7 at 855.378.6200.
Hello from SiteLock, your website security experts. We keep websites like yours safe and secure from cybercriminals.
We understand that when a website attack occurs, it can feel confusing, overwhelming, and sometimes catastrophic. Don’t worry, we’re here to help! SiteLock partners with hundreds of web hosts and will fix your website fast and make sure it’s protected from future cyberattacks.
Let us walk you through the SiteLock experience and show you why over 12 million websites trust SiteLock.
If you’re someone who builds websites for clients, you’ve probably learned that offering (or requiring) monthly maintenance contracts is smart business. This ensures a steady income stream you can rely on and helps with financial forecasting. It’s likely you’re including core software, plugin and theme updates as part of your maintenance plan, but are you including website security as part of your project proposal and scope?
Updates to your WordPress site become available all the time, whether these are updates to Core, Themes, or Plugins. Since many updates build off each other, the longer you wait to update, the greater the risk of something going wrong. Smaller incremental updates makes it easier to identify and fix an issue if there is one.