Users of the popular Jetpack WordPress plugin collection should immediately update. A recently discovered cross-site scripting vulnerability may put Jetpack users at risk of having their site compromised. The vulnerability was present in Jetpack as far back as 2012. A patch that fixes the vulnerability has been released with version 4.0.3 of Jetpack. WordPress site owners who don’t update to the most recent version of Jetpack are at risk.
The vulnerability is in the Shortcode Embeds module of Jetpack. Shortcode embeds allow WordPress users to embed content from other sites into their site’s pages – they’re especially useful for quickly embedding video content. An attacker may be able to leverage a vulnerability in the way these shortcodes are handled to inject arbitrary code into WordPress pages via a carefully crafted comment. Read More »
With PHP 5.5 end-of-life (EOL) just over the horizon, it’s worthwhile to catalog the versions still living in the eCommerce wilderness. Ben Marks started a poll recentlyand the results, to put it kindly, were discouraging.
Also, Composer creator Jordi Boggiano, also known as @seldaek, released detailed stats that twisted the knife.
The chart below shows all PHP versions for all Composer users as of May 2016, when more than a third were still using PHP 5.5 or older. This confirms our experience as a web host, as we see plenty of sites running old versions of both PHP and Magento. These sites will be slow, and worse, they will stop receiving critical security updates.Refer to the PHP website for details on the shelf life of PHP 5.5 and other versions. Read More »
What is the difference between Apple and a generic PC manufacturer? Or the difference between Ralph Lauren and Target? It’s possible to make a list of the differences between a prestige brand and its market peers, but for the most part, they’re summed up by the nebulous concept of brand. Ask five people what “brand” means and you’ll get five different answers, but from a buyer’s perspective, a brand is a feeling about a company and the objects that elicit that feeling. The products sold by a prestige brand may not be superior to its competitors’ products, and the prices will almost certainly be higher, but the intangible quality of a well-regarded brand can override rational calculations. Read More »
Magento 2 aimed to augment the security of its predecessor. One such improvement set the default permissions on certain static files to be stricter than normal. This had the unintended side effect of preventing default versions of Magento 2 from functioning on some systems, some of which we host.
Before v. 2.0.6, Magento 2 set permissions of some files to 640 and some directories to 750. These permissions restrict read-access and write-access to the owner of those files and directories, meaning other users have no access. While this successfully tightens permissions, it is incompatible with systems that rely on a web server’s ability to read and write to these files.
For example, many Magento sites use Apache or Nginx with PHP-FPM. In this setup, PHP-FPM runs as the file-owning user, and Apache or Nginx function as separate users and therefore had no file access. This prevented these systems from functioning properly with default Magento 2 installations running versions older than 2.0.6. Read More »
If you’ve been using WordPress for a while, it’s possible you’ve experienced the white screen of death. When you or another visitor to your WordPress site tries to load a page, they get a blank screen instead of the content. It’s not a common occurrence, but it’s common enough that a WordPress user should know how to diagnose the cause.
First a little about how WordPress works. WordPress dynamically creates content when a page is loaded. The page doesn’t exist until it’s called into being by a browser request. Most of the content is stored in a database, and when the user requests a page, WordPress runs a series of PHP scripts that access the database, retrieve the content, and use the content and some templates to build a page. It’s a fairly complex process, and there’s plenty of room for something to go wrong. When it does go wrong — when a PHP function fails to do what it’s supposed to, for example — one possible result is the white screen of death. Read More »
In the early days of the web, every site’s domain name was prepended with “www”. It’s nowhere near as common today — many sites choose to simply use the naked domain, but I’m often asked whether there is any particular reason to choose one option over the other. Is there any advantage to having “www” in your site’s domain?
The most common reason to discard “www” is for branding. The naked domain is snappy, looks better on promotional material, and most brands don’t want something as important as their domain name cluttered with unnecessary and unrelated letters.
What exactly is the “www”? Technically, it’s a subdomain traditionally used to indicate that a site is part of the web, as opposed to some other part of the Internet like Gopher or FTP. This isn’t strictly necessary, but it is traditional to include an indication of the services offered by a server in the domain, and Tim Berners-Lee used “www” for the first web pages at CERN.
Read More »
Drag-and-drop page builders exist to reduce the difficulty of developing semi-bespoke WordPress themes, but they tend to be resource hogs, to say the least. The best option for users with a little web development knowledge who want to get started in the WordPress world is a tool likeTimber or a starter theme. One of the most popular starter themes isUnderscores, which is developed by Automattic. As Automattic puts it, Underscores gives developers a thousand-hour head start. Read More »
Magento is fast, but, each time a Magento page is built and loaded, billions of instructions are executed on the server’s CPU and memory resources are consumed. On a busy server, that can lead to slow page loads and insufficient resources to serve every page quickly.
The solution is caching. When pages — or parts of pages — are cached, instead of being recreated every time a user requests a new page, they are served from the cache. Caches save the product of earlier page builds, so that when a request for the same page is received, the cached version can be served. Caching both increases the speed at which pages can be sent to users, and reduces the load on the server.
While Magento has some advanced caching technology built in, it’s often better to move the overhead of caching to a separate dedicated application. In this article, I’d like to look at one option for external caching: the caching reverse proxy.
Read More »
Pricing is one of the most complex aspects of eCommerce. Price too high, and you lose sales. Price too low, and you miss out on potential profit. At least, that’s the conventional wisdom. Psychological studies have shown that the impact of pricing choices is a more complex than a simple dynamic of cheaper and more expensive.
Some pricing rules are downright counter-intuitive because shoppers use a host of value heuristics in their shopping decisions that produce behavior that doesn’t seem “rational” from the perspective of classical economics. Read More »