CAll Us: +1 888-999-8231 Submit Ticket

What Is SEO Spam Malware And How Can It Hurt Your WordPress Site?

SEO Spam MalwareBlack Hat SEOs and hackers are keen to find resources to exploit. A badly secured WordPress site makes a juicy target, and criminals use such sites for nefarious activities ranging from botnets to ransomware distribution. Of late, there has been a rise in a different sort of attack: SEO Spam Malware.

What Is SEO Spam?

SEO spam, also known as spamdexing, is the attempt to manipulate search indexes so that they include content they otherwise wouldn’t. Black Hat SEOs want to spam search engine results with content that doesn’t deserve either to be included at all or included in a prominent position.

The familiar and old-fashioned technique of keyword stuffing is a form of SEO spam, as are link spamming comment threads and forums, doorway pages, and every other technique for giving web pages an undue prominence in search results.

The motivations are clear: search is responsible for a substantial proportion of valuable referrals. SEO spammers and their clients want a piece of the pie, but they don’t want to do the work it takes to legitimately secure a place in the SERPs.

SEO Spam And Malware

SEO malware is malicious software that, once in place on a server, modifies or creates web pages that serve the interest of a spammer. An unsophisticated example would be a simple script that adds hidden links to an eCommerce store to the footers of infected sites. More sophisticated examples might add thousands of new pages to a site.

In a recently prominent example, attackers took over WordPress sites and used malware to create brand-new sites in the root directory of the server. Those sites were made available at subdomains of the legitimate site.

Y

ou might think SEO spam would be easy to spot, but that isn’t always the case. Spammers go to great lengths to hide their work, and often the malware is coded so that the spam is only shown to search engine crawlers. Ordinary visitors — including the site’s owners — only see the legitimate content.

Is Your Site Infected With SEO Malware?

There are some obvious clues that a site has been infected with SEO malware. If you check incoming search referrals in Google Analytics and see clearly unrelated search terms, it’s a strong indicator. So, if your site is a blog about woodworking and you suddenly see an influx of traffic with search terms like “cheap gucci shoes”, you’ve got a problem.

It’s entirely possible Google will become aware a site has been compromised before its owners, so you may well find out about it when Google emails you or your users let you know that web browsers are throwing up a security warning.

Of course, if your site has been compromised with SEO spam, you want to know about it as soon as possible. A WordPress security plugin with malware scanning can help. Sucuri and WordFence are prominent examples.

Keep Malware Out

The best way to fight malware is to make sure your site can’t be compromised in the first place. There’s no such thing as a completely secure site, but if a site is kept up-to-date, uses long and random passwords, or, even better, 2-Factor Authentication, the chances of being compromised are substantially reduced.

Posted in:
Security

Source link

Upvato Débâcle Shows Why One Backup Is Never Enough

UpvatoWhat’s the one thing you expect a backup-as-a-service provider to do? I imagine most of you answered: keep the data entrusted to them safe. In what must be quite embarrassing for the service’s founder, backup provider Upvato did exactly the opposite. They lost all the data, and they lost it because they didn’t pay their hosting bill.

Upvato is (or was) a free service for backing up files purchased from Envato sites, which include sites like ThemeForest that are used by many WordPress professionals and site owners.

When Envato users purchase a product like a theme, the files are only available for as long as the creator and the platform keep them available. Often, a theme developer will withdraw a theme, which means they’ll no longer be available to the buyers.

Upvato was created to solve this problem, backing up the files so that they remain available even if they are removed by Envato’s sites.

All well and good, but when the creator of Upvato neglected to make an overdue payment to the storage provider on whose platform the files were actually stored, the service terminated his account and deleted the data.

This nicely illustrates the point that one backup is no backup. If valuable data exists in only one place, or even two, it’s always at risk of loss. It’s unlikely anyone considered “forgetting to pay the hosting bill” a possible cause of data loss, but that needn’t have been the cause. There’s no such thing as perfect data storage — bad things happen and when they do, data goes away.

That’s not much of a problem if the data is replicated elsewhere — if Upvato’s users had their data stored locally, they’re probably fine. If they had a copy with another backup provider, they’re fine. If their data only existed on Upvato and is no longer available from Envato sites, there’s really nothing they can do — the data is gone.

Keeping Your Data Safe

Any data you consider valuable should exist in at least three places. Consider your website: the files and databases associated with your site may well be crucial to the health of your business. If they only exist in one place, they’re at risk.

Smart site owners keep local backups of their site’s data and additional remote backups, perhaps using a service like VaultPress. All backups should be:

  • Updated regularly. An out-of-date backup won’t do you much good.
  • Tested regularly. I’ve frequently spoken to site owners who think they have backed up their site, only to find their backup scripts haven’t been running, that only half of the necessary data has been backed up, or that the data has become corrupted.
  • Archived. If you only keep the most recent backup, what happens if your site is hacked or infected with malware? A site with multiple backups going back several days or weeks can restore from a version before the attack.

If your data is important to you or your business, make sure it exists in more than one place.

All Hostdedi managed hosting plans include daily backups that are kept for 30 days. With our extended backup service, daily backups are kept for the last 90 days. Longer backup periods are also available.

Posted in:
Webmaster

Source link

WordPress 4.8 Will Arrive On June 8th

WordPress 4.8The WordPress development team has announced that WordPress 4.8 will be released on June 8th.

WordPress 4.8 will include editing enhancements with a focus on laying the groundwork for an improved text editing experience, but it won’t include the full version of Gutenberg, WordPress’s experimental editor, which is still being developed.

The release is on a much tighter schedule than previous releases, which typically have more than a month of lead-time. In fact, it’s somewhat surprising that there is a release at all, given the new project-based focus of WordPress development. It appears that some features are ready to go, and Matt Mullenweg – the release leader – wants to push out improvements that are already available without waiting for the larger project-based updates to be complete. Development on the larger block-based editor enhancements is likely to become the major focus after the release of WordPress 4.8.

Enhancements coming in WordPress 4.8 include better link handling, WYSIWYG features in text widgets, and new media widgets. The new media widgets were mooted for release some time ago. They’re intended to simplify the current multi-step process for adding media to pages and posts. The widgets are integrated with the Media Library, making it easier to drop images onto pages without having to go through the main Media Library interface.

The new image widgets are the first of a series of JavaScript-based widgets that are planned for release, including widgets for video, audio, slideshows, and galleries. All of these are part of the drive to improve the WordPress editing interface and bring it in line with modern user experience and interface design practices.

The Core Media Widgets are being developed as a plugin, so WordPress users can get a sneak peak of what’s in store.

All of the improvements are described as “low-hanging fruit” – features that are relatively easy to develop but will have a significant impact on the experience of WordPress users.

As I mentioned, the release schedule for WordPress 4.8 is substantially shorter than for typical releases. The first Beta will be available on May 12, followed by a second Beta on May 19, a release candidate on June 1, and the final release on June 8.

That gives WordPress site owners and plugin and theme developers about a month to test for compatibility issues. When Betas are released, the easiest way to test the new features is to use the WordPress Beta Tester plugin, which allows WordPress site owners to update to pre-release versions of WordPress. As always, it should be kept in mind that beta releases and release candidates are under active development and may contain bugs. It would be very unwise to upgrade your production site before the final release.

Posted in:
Content, WordPress

Source link

How Does Varnish Make Websites And eCommerce Stores Faster?

VarnishMost modern content management systems and eCommerce applications – including Magento, WordPress, ExpressionEngine, and Craft CMS – generate pages when they are requested by a user. On-the-fly server-side page generation is one the two main strategies for creating an interactive web page. Without that capability, web pages would be static documents. The other major strategy is client-side with JavaScript, but we aren’t going to talk about that today. Server-side page generation typically involves executing code that interacts with a database, building pages by combining templates and data. That page is then passed to the web server, which sends it to the user’s browser.

Although this process is essential, it’s also intrinsically slower than sending static assets and it uses more server resources. If every part of every page had to be unique, we’d have to live with those downsides, but, in reality, many requests are for pages that are essentially identical. It would be wasteful to generate an identical page every time it was requested by a browser, so we use caching. There are many different types of caching, but let’s focus on Varnish.

Varnish is a caching HTTP reverse proxy, which sounds more complex than it really is. Consider a typical web request to a newly published blog article. A browser sends a request to the web server, which initiates the process we mentioned above. The contents of the article are extracted from a database, combined with a template, processed in various ways, and returned to the web server, which sends the end result back to the browser.

The next time a user requests the same article, exactly the same process occurs. But, if we add the Varnish HTTP Cache in front of the web server, something different happens. This time, the initial request goes to Varnish. If it’s the first time Varnish has seen a request for this article, it just passes it on to the web server as before. But when the web server sends the response back, Varnish will remember it. It stores the page in the server’s memory. Next time a request for that article arrives, Varnish simply sends the copy it already has in memory. The web server, the database, and the code interpreter aren’t involved at all.

Varnish works on a simple principle: it’s a key-value store. It associates a chunk of data with a key, which is used to find that data. In many programming languages this type of key-value data structure is called a dictionary, because just like the familiar word dictionary, a key (the word) is used to look up some data (the definition). In the case of Varnish, the key is a URL, and the data is the web page. If Varnish is given a key that it doesn’t have data for, it just passes the key through to the web server, which generates the pages.

Sending a page from the cache is much faster than generating the page anew: how fast depends on various factors, but it’s not unusual for it to be 1,000-times faster. And because the server has less to work to do, its resources can be used more efficiently.

As you might imagine, I’ve simplified the explanation a bit here – caching, and cache invalidation in particular – is considered one of the hardest problems in computer science, but the basic principles we’ve talked about should help you understand why putting Varnish in front of your Magento store is a great performance optimization and why we developed the Turpentine Magento extension to improve the integration of Varnish with Magento.

Posted in:
eCommerce

Source link

WordPress 4.8 Will Not Support Internet Explorer 8, 9, or 10

WordPress 4.8Matt Mullenweg has announced that from WordPress 4.8, which is expected to be released later this year, WordPress will no longer support Internet Explorer versions older than IE 11. Microsoft only supports IE 11, but WordPress supports IE 8, 9, and 10 because a small proportion of its users remain on older versions. In March 2015, Microsoft announced that the modern Edge browser would replace Internet Explorer on newer versions of its operating systems.

For a project with as many users as WordPress, backward compatibility with older software is both necessary and problematic. Even though only a small proportion of WordPress users manage their websites on older browsers, that proportion may translate to millions of individual users. Corporate policy and government policy or a lack of access to up-to-date hardware and operating systems means people may not be able to use the newest versions of software even if they want to.

But supporting older browsers has a cost for developers and users alike. If features must be compatible with older browsers, developers are obliged to avoid modern tools, libraries, and language capabilities, which limits new features and constrains the experience developers can build.

It’s unsurprising that the ending of support for older versions of IE was met with universal praise in the WordPress developer community. If developers have to support older versions of IE, they can’t take advantage of the newer features available in more modern browsers.

“Depending on how you count it, those browsers combined are either around 3% or under 1% of total users, but either way they’ve fallen below the threshold where it’s helpful for WordPress to continue testing and developing against. (The numbers surprised me, as did how low IE market share overall has gone.)”

This issue came to a head with the planned changes to the WordPress Editor. To build the editing experience Mullenweg and the WordPress developers want, they need to be able to use modern web technologies that aren’t available on older browsers.

Internet Explorer 8 was introduced in 2009, followed by IE 9 in 2011, and IE 10 in 2012. Five years is a long time on the web, and the state of the art in web technology has advanced enormously in that time. Older versions of IE aren’t capable of offering the experience modern web applications aspire to. By dropping support for older versions, WordPress’ developers are free to make use of recent innovations without having to test every change for compatibility with legacy software.

It’s worth emphasizing that WordPress won’t stop working on older versions of IE: functionality that works now should continue to work, but new features will not. And over time, the experience offered by unsupported browsers will stagnate.

Posted in:
Content, WordPress

Source link