Since our last roundup, we were very honored to cut the ribbon on our new data center expansion in Southfield, Michigan. If you were unable to attend, check out the video of the ribbon cutting ceremony at the end of the post. In other news, Nexcess Magento Developer Miguel is well into Magento conference travel season, already having spoken at Meet Magento Indonesia and Mage Titans USA. Follow along with him on Twitter as he heads to Meet Magento Poland this month. And coming up next month, don’t forget to join us in Detroit for ExpressionEngine Conference 2016. Without further ado, get into our August roundup below, and if you’re looking for the same great articles the rest of the year, follow us on Twitter, Facebook, and Google+. Enjoy and let us know if we missed anything important in the comment section.

WordPress and Blogging

• NPR Website To Get Rid Of Comments – NPR is making an announcement today that is sure to upset a loyal core of its audience, those who comment online at NPR.org (including those who comment on this blog). As of Aug. 23, online comments, a feature of the site since 2008, will be disabled.
• Company Behind WordPress Opens .blog Domain to the Public – The company whose software helps to run a massive number of mainstream media sites and personal blogs alike, Automattic (the organization behind WordPress.com), has announced the rollout of its .blog domain.
• How to Implement Google AMP on Your WordPress Site as Easily as Possible – With the news that Google will be rolling out its accelerated mobile pages (AMP) to all organic listings beyond the ‘Top Stories’ you’ll be forgiven for getting a little bit anxious. Don’t worry. There are five solid reasons why you don’t need to panic….
• WordPress Maintenance: How To Handle Downtime The Smart Way – The last thing that anyone wants is for their site to be inaccessible to visitors, but sometimes it’s necessary. Taking a site offline is a serious step, but it’s often better than leaving it available while work is ongoing.
• Yoast: Your Complete WordPress SEO Toolkit – Driving your WordPress website toward a higher Google ranking involves constant tweaking, which can mean hours of detailed work. Enter Yoast SEO: the one WordPress plugin that can optimise your entire site.

ExpressionEngine

• 8 Reasons Anabliss is an ExpressionEngine Advocate – When it comes to delivering in the world of digital, how do you decide on the right solution in a such a dynamic marketplace? We make our choice by empathizing with our clients’ unique challenges.
• Performance Optimization: A Tale of Two EE Sites – Performance matters. Tune in to hear real-world examples on how Lea and Emily tackle their client site speed issues! From fixing emergencies to thoughtful rebuilds, we discuss the specific ways we manage client expectations, budgets and resources while isolating bottlenecks.
• SEO Case Study: Moving Keb’ Mo’s website from WordPress to ExpressionEngine – In late July we migrated Keb’ Mo’s website from WordPress to ExpressionEngine. This was not a redesign, but instead a mirror of the WordPress site. Aside from the mobile menu (which used a WordPress plugin), the only difference is the responsive framework which went from Skeleton to Bootstrap. Skeleton is actually a lighter weight (albeit outdated) framework.
• ExpressionEngine 3.4.2 Released – ExpressionEngine 3.4.2 is available today. This is a patch release with 21 bug fixes and a handful of small improvements: you can now squelch developer log alerts in production environments and your titles.
• ExpressionEngine Conference 2016 – We’re proud to be the presenting sponsor for this year’s ExpressionEngine Conference in Detroit. Check out the conference website for the speaker schedule and profiles.

Magento and eCommerce

• Getting Started with AMP for E-commerce – When the AMP Project first launched, the initial use cases and feature development focused on building AMP to support news and blog content. However, the AMP Project’s ambition has always been making the consumption of any type of mobile content vastly better and faster than we had seen before.
• Choosing a Hosting Company for Magento Store – One of the key elements of building a store on Magento is the right choice of the hosting company. No doubt, stable hosting plays a significant role in a store functioning. In most cases, hosting resources have a direct effect on a Magento web store performance, therefore it is critically important to choose a trusted Magento optimized solution when reviewing hosting offers for the website.
• Five Ways eCommerce Retailers Can Improve Product Page Conversions – Product pages are at the sharp end of the eCommerce sales funnel, and they should be lovingly crafted to reflect your brand and your customers needs.
• Magento eCommerce: History and Features of the Most Popular Online Store Platform – In this article we are going to review how Magento eCommerce was born, why it became popular so fast, when the different versions appeared and what functions the system has, following its path all the way until today, until the most modern developments.
• Magento 1 vs. Magento 2: Should I Stay or Should I Go – Back in November of the last year, when Magento 2 was launched, it garnered a lot of excitement. And, in the next couple of months, the popularity and awareness of it increased manifold.
• The Definitive Guide to Launching a Magento Website – This guide is designed for merchants of all sizes who are launching a Magento store, either as a new project, or as part of a replatforming effort. We will cover all considerations around the platform and will help you to get the most out of Magento’s out of the box feature set, as well as extending it further.

If you were unable to attend the ribbon cutting for the Nexcess data center expansion last month, don’t despair, we got video!

Posted in:
Monthly Roundups

One of the major motivations for the creation of the WordPress REST API is that it allows developers to easily — or more easily — build WordPress client applications. With the API, developers can build applications that can control most aspects of a WordPress site. However, great though the API is, authentication has been a perennial problem for developers. Until recently, the REST APIs authentication systems were “difficult and incomplete,” making it hard for developers to create applications that offered a compelling user experience. Applications would have to be individually registered with each site before they could be authenticated, putting a significant burden on the app’s users.

If a developer made an iOS app for WordPress that allowed for the easy uploading of photos — a sort of personal Instagram — that application would have to be registered on each site to which it would be authenticated to upload images. Ideally, a user should be able to install the app and then authenticate with their site and account, regardless of whether the app had previously been registered on the site.

For services like Facebook, this is not so much of a problem — an application that needs to authenticate with Facebook to access a user’s account need only register in one place — with Facebook.

There are millions of WordPress sites that an application may want to authenticate with, and registering on each of those sites is next to impossible — not to mention the terrible user experience it creates. That developers would have had to make such demands on their users was probably holding back the development of applications that made full use of the REST API.

The Authentication Broker — recently announced by WordPress — was created to make the process more straightforward. It is a central system with which individual WordPress sites register using a broker client.

Under this system, when a user wants to connect an application to their site or a site on which they have an account, the application communicates with the broker, which then asks the site to register the application and issue credentials, which are passed back to the application via the broker. Once that’s done, the application is able to authenticate with the WordPress site using the usual authentication process (OAuth 1 in this case).

Both the authentication server and client are open source, and it’s possible for an organization to use the broker application to set up an internal authentication broker, allowing companies to register their own sites and only allow specific applications to authenticate.

Authentication is a difficult problem, especially distributed authentication. The WordPress Authentication Broker is an excellent step towards the creation of a truly secure and distributed WordPress ecosystem.

Posted in:
WordPress

When most of us think of content management systems, we have in mind a tool that can be used for building websites and blogs. But content management systems — including WordPress — can be used for much more than web publishing. The ability to categorize, process, filter, display, and control access to information are the fundamental building blocks of many different types of software, including enterprise resource planning systems.

Enterprise resource planning tools are used to manage information about the business processes of a company and make that information available to the people who need it. In large corporations, ERP tools are used to manage complex processes that involve thousands of people in logistics, manufacturing, sales, marketing, human resource management, and dozens of other processes essential to business continuity and productivity. ERP is a billion dollar business, and dedicated ERP platforms come with a big price ticket, but many businesses don’t need the full spectrum of features that those platforms provide.

I’m not suggesting that a WordPress-based platform would be useful for the largest companies, but WordPress has everything many SMEs need for a enterprise resource planning.
Having the raw qualities required by ERP isn’t useful in itself, of course. Someone needs to build the tools on top of those capabilities.

For WordPress, there are any number of such tools; it’s possible to build a well-featured ERP system by bringing together the functionality offered by WordPress plugins, but it’d be much nicer to have all that functionality bundled together into one product.

WP ERP attempts to do just that. WP ERP is an open source modular enterprise resource planning tool for WordPress. The core plugin and its human resources and customer relationship management modules are free, and there’s a powerful project management plugin, WP Project Manager, that integrates well with the rest of the modules.

WP ERP is a well-designed system for small and medium companies. To take a closer look at just one of the modules, WP ERP’s human resource module includes features for managing the information of individual employees, employee performance evaluations, department management, employee performance evaluations, leave policy and request management, holiday management, and messaging tools for individual employees and groups. Additionally, the module makes a number of useful graphical reports available for human resources professionals.

Asset management is a key capability of enterprise resource management, and at the moment WP ERP hasn’t quite got that covered, but its asset management module is currently being developed, and with its release, WP ERP will be able to fulfil many of the functions of much more expensive proprietary enterprise resource management tools.

While I wouldn’t suggest that WordPress and WP ERP are the ideal solution for the largest companies, many smaller businesses are likely to find the capabilities they need in WP ERP.

Posted in:
Nexcess

A website is a network of interconnected pages. Links within the content bind the pages together into a single entity, but they aren’t the only — or the best — way to organize pages according to the content they contain. To do that, we need a taxonomy, a way of grouping pages according to their properties. WordPress makes available two fundamental taxonomies: categories and tags. It can be difficult to decide how to use categories and tags, so I want to take a look at how they can be used to efficiently organize the pages of a WordPress site.

Both taxonomies are flexible and can be used in various ways, but it’s important that a site owner implements a system early in the life of their site. Without an understanding of how content is to be organized in groups, there’s a risk that it won’t be organized at all or organized according to an inconsistent system, which is almost as bad.

Used properly, tags and categories form a framework that logically organizes everything that you publish on your site.

Categories

Categories are the foundational organizational tool of a WordPress site’s content, and that’s often reflected in the site’s navigation menus. Ideally, every piece of content will belong to only one category and all content within that category will be related in a clearly comprehensible way.

Suppose you want to publish content about woodworking tools — lathes, chisels, mallets, routers, planes, spokeshaves, saws, and the like. Each page will discuss a tool and include examples of how they are used and recommendations for which manufacturer’s tools are the best. How should you organize that content into related groups? The obvious way is to create a category for each class of tool: planes — of which there are many different types — would be published in the “planes” category, chisels in the “chisels” category, and so on. A user interested in chisels could click on the “chisels” category in the WordPress site’s navigation and be presented with all the articles on that topic.

Of course, that’s not the only way to organize the pages into categories: you might choose to use categories for vintage hand-tools and modern power tools. Or you might organize the pages according to manufacturer. I think organizing by tool-type is the best method because it reflects a clearly comprehensible grouping that’s likely to mesh well with the way visitors think about tools. Each category is clearly defined: it’s obvious which pages go in each category, and there’s never any need to put the same content in more than one category.

Tags

You might think that grouping by categories is enough, but — sticking with the tool example — there are lots of other ways that the pages are related. A particular manufacturer might make many different sorts of tools; some tools might be made of steel, some of iron, and some entirely out of wood; some are power tools and some are hand tools.

That’s where tags come in. Tags can be used to group pages according to a much looser set of criteria than categories. Each page can — and probably should — have multiple tags. A page discussing a specific model of drill might have tags for the manufacturer, the type of work it’s used for, its material, whether it’s a hand tool, and so on. When a visitor to your site wants to see all the pages related a particular manufacturer, they can choose the relevant tag and see every related page, regardless of the type of tool.

You can think of categories as boxes into which content is sorted and tags as labels on each piece of content — a tag list is an index of those labels so you can find related content no matter which box it’s stored in.

While it’s important that you decide early in the design process which categories your site will use, tags can be added on an ad hoc basis. As you publish content and find the need for new tags, you can simply tag the relevant articles. However, deciding on a basic set of tags during the site’s initial design helps ensure that all content gets the relevant tags.

Without categories and tags, a website is simply a loose collection of content. Designing a logical system of categories and tags before you begin publishing content will help you maintain a clear structure — your site will be easier to navigate and offer a coherent user experience.

Posted in:
WordPress

The popularity of WordPress nourishes a thriving ecosystem of plugin and theme developers and designers, as well as thousands of businesses that offer WordPress-related services. The WordPress economy is worth many millions of dollars. And, it’s largely an open playing field. With a little knowledge and hard-work, it’s relatively easy to get started as a professional offering WordPress services.

When professionals start a WordPress business, it’s in their interest to associate that business with the WordPress brand. When a potential client is looking for WordPress services, they will Google for “WordPress”. Businesses that can associate themselves with the WordPress name benefit from that association and the trust that Automattic and the WordPress community have built over more than a decade.

Including “WordPress” in the name and the web address of your business sounds like a no-brainer, but in fact it’s a very bad idea. The WordPress Foundation, which holds trademarks on the WordPress name and related logos has a clear policy where its trademarks are concerned: it will act to prevent any commercial entity from making use of its trademarks, up to and including legal action.

According to the WordPress Foundation trademark policy, businesses may not use WordPress’ trademarks in the name of their business. They can promote WordPress-related services using the WordPress name, but they can’t use “WordPress” anywhere in the name of their business.

That might seem rather harsh, and it’s certainly been a controversial policy within the WordPress community, a controversy that hit the headlines again recently when Automattic acted against organizations using the “Woo” trademark. But, from the perspective of the WordPress Foundation and Automattic, it makes perfect sense. The WordPress name is valuable. That value would be degraded if everyone — especially dishonest people — were able to do business under the name WordPress. WordPress doesn’t want to be associated with bad actors.

So, if you’re starting a WordPress business, what should it be called? You can call it anything you like, as long as it doesn’t infringe on a trademark owned by another organization, including the WordPress Foundation. You’ve probably noticed that a lot of WordPress-focused media outlets and software developers — WP Tavern, WPBeginner, WP Total Cache, WP-CLI — use the “WP” abbreviation. The WordPress Foundation explicitly states that using WP in a business name is allowed (and even encouraged).

Personally, I’d want to come up with something original and unique for my business — there are many permissible ways of associating a business with WordPress without putting it in the business name. But, if you do want to go that route, use “WP” and not WordPress, or you may well receive a letter from the WordPress Foundation’s lawyers.

Posted in:
Webmaster, WordPress

Recently, we’ve been looking at how WordPress users can contribute back to the WordPress community. We discussed the ways that non-programmers can contribute, including aiding in translation efforts. Today I’d like to take a look at how you can help make WordPress more accessible.

Accessibility testing is an important part of the WordPress development process. Many millions of WordPress users interact with their computers and software in ways that people without accessibility issues simply don’t consider: from keyboard navigation — which makes the web accessible to people with mobility and other issues— to screen readers for blind and partially sighted people. Accessibility can have an impact on visual design decisions too — color and contrast choices can impact the WordPress experience of users with color perception and vision issues.

Although WordPress’ developers understand accessibility and the related standards, it can be difficult for them to anticipate accessibility issues without real world testing from users with direct experience of those issues.

Among the areas that need testing are updates to WordPress Core and to official themes, new features, existing problem features, and tickets that have been reported under an accessibility tag in the WordPress bug tracker.

To take just one example of accessibility testing, WordPress’ Accessibility Team recently asked for help testing WordPress’s media management with speech recognition software. Many people are not able to easily interact with WordPress with a mouse. Speech recognition software like Dragon Naturally Speaking allows those users to control aspects of their interface with speech. The tests aim to discover how well WordPress’ media management capabilities — such as uploading and renaming files — work with voice control.

If you head on over to the WordPress Accessibility blog, you’ll see full details of exactly what the team need to be tested.

But you don’t have to wait for a specific announcement to help out with accessibility testing. Every area of WordPress — a constantly evolving piece of software — requires extensive testing to make sure it works well with assistive technologies and doesn’t hinder the usability of WordPress for people with accessibility issues.

WordPress aims to be compatible with its own accessibility guidelines and with the W3C Web Content Accessibility Guidelines 2.0.

If you’d like to contribute to WordPress by helping out with accessibility testing, take a look at the WordPress Accessibility Handbook, which explains what is tested and how. The Accessibility team is particularly interested in three sorts of volunteers: most importantly, those who use accessibility technology to access the internet; users who are knowledgeable about accessibility; and web developers who can help implement patches for issues impacting accessibility.

The testing process is managed via the WordPress #accessibility Slack channel, where the team meet on Mondays. New testers are welcome to join.

Posted in:
WordPress

OroCRM is a customer relationship management application from the original creators of the Magento eCommerce store. It’s an excellent addition to the sales workflow of eCommerce stores, enabling retailers to maximize the positive impact of customer data from numerous channels, including their Magento store. Ever since the 1.0 release of OroCRM, its developers have been hard at work on version 1.10, which was released on August 16.

If you want to know more about OroCRM, we discussed it in-depth in a recent article published when we announced the addition of OroCRM hosting to our lineup of performance optimized hosting plans.

OroCRM brings a number of new features and enhancements.

Improved API

Integrating with other applications and services is a key component of customer relationship management. With a solid API, companies can build custom integrations for inputting and extracting data from the OroCRM application.

Since the initial release of OroCRM 1, the API has been given a comprehensive facelift. The new JSON Rest API is significantly less complex than the previous versions, making it much easier for developers to write bug-free code to interact with entities.

Users of OroCRM should be aware that although the existing API will be supported for some time to come, its use will eventually be deprecated in favor of the new high-performance API.

“We decided to develop a completely new automated Oro Platform API that is based on entity metadata. This means that after you create an entity, all of its fields and relations become immediately available via API — so you can get their contents, create new records, and update and delete existing records immediately.”

New Leads And Opportunities Workflow

The Sales Process workflow has been completely re-engineered, and is now known as the Leads And Opportunities workflow. The changes to the workflow are intended to make managing leads and transitioning them to opportunities more efficient and intuitive.

Some of the most important changes include the ability to create leads without requiring a first and last name, something that’s essential when leads may be generated from sources that don’t provide that information — email subscription forms being an obvious example.

Furthermore, the sales flow can now be launched directly from the Opportunities interface, streamlining the process considerably.

And thirdly, the Opportunity workflow itself is now more flexible; retailers can choose to have no mandated workflow to give sales representatives complete flexibility, or a default workflow that helps maintain the integrity of customer data.

More Data Filters

OroCRM 1.10 includes several new data filters, allowing opportunities to be filtered by individual sales reps and teams. Data and time filters have been added to make it easy for retailers and sales teams to see the specific data they are interested in.

OroCRM 1.10 also includes numerous smaller tweaks and enhancements. To see the full list, take a look at the release announcement.

Posted in:
Nexcess

Sadly summer is coming to an end, but that simply means that we’re coming up on Fall conference season! EllisLab recently announced the speakers for ExpressionEngine Conference. We’re honored to be the Presenting Sponsor and hope to see you in our hometown of Detroit in October! Without further ado, we’ll let you jump right into the roundup of July’s best Magento, WordPress, and ExpressionEngine content. Check out the Summer’s best posts from around the web below. If you’re looking for the same great articles the rest of the year, follow us on Twitter, Facebook, and Google+. Enjoy and let us know if we missed anything important in the comment section.

WordPress and Blogging

• How To Make WordPress Hard For Clients To Mess Up – WordPress is a wonderfully powerful CMS that ships with many versatile features giving it the flexibility to work out of the box for a wide range of users. However, if you are a professional building custom themes and plugins, sometimes these features can be problematic.
• 10 Awesome WordPress Features That You Probably Didn’t Know Existed – WordPress comes with so many awesome features and is continuously changing. Some of these features may not get the attention they deserve and remain a little hidden. In this article, we will show you 10 awesome WordPress features that you probably didn’t know existed.
• 26 WordPress Plugins for Social Media Marketers – Do you want to improve your WordPress blog? Have you considered customizing WordPress with plugins? One of the biggest advantages of WordPress is the sheer number of easy-to-use plugins that help marketers add functions with little hassle.
• The Art of Scannable Content: How to Write for Today’s Online Readers – Here’s the truth: There’s no guarantee that anyone will actually read your writing online. You have to compel them to do that. And one way to do so is to create writing that’s effortless to consume.
• What Brand is Tops with Small Business Owners? WordPress, Alignable Index Says – Winning the trust of small businesses is not always easy, but one brand that seems to have succeeded is WordPress. According to the new SMB Trust Index, WordPress is the most trusted brand for small businesses, with a Net Promoter Score of 50 in Q2 2016.
• WordPress 4.6 “Pepper” – Version 4.6 of WordPress, named “Pepper” in honor of jazz baritone saxophonist Park Frederick “Pepper” Adams III, is available for download or update in your WordPress dashboard. New features in 4.6 help you to focus on the important things while feeling more at home.

ExpressionEngine

• ExpressionEngine 3.4.0 is Out! – We’re dropping another feature release on you, this one with some nice surprises. Grab it now and start playing or keep reading for the details.
• 4 Ways to Use HubSpot Forms with ExpressionEngine – ExpressionEngine meet HubSpot, a powerful Marketing Automation System. HubSpot meet ExpressionEngine, a flexible Content Management System. Now, play nice. If only it were that simple.
• Redesigning the ExpressionEngine Site – Prior to this week of meetings with the pMachine people, I had worked with Rick Ellis on a variety of smaller projects, and we had developed a very good working relationship. This paved the way for one of the largest projects that I’ve yet to take on in my career, and includes new website designs for pMachine (now EllisLab) and ExpressionEngine, as well as redesigns of CodeIgniter and pMachine Hosting (now EngineHosting).
• EEHUB – If you’re looking to keep up with the best ExpressionEngine content through the month, sign up for the EEHUB newsletter.

Magento and eCommerce

• Lessons From A $900 Million Company Sale – Magento is the archetype of the company whose products you use but you’ve never heard of: Their open-source platform is used by tens of thousands of e-commerce sites and corporate clients around the world, ranging from the biggest of the big box stores to corporate titans like Nike to small mom-and-pop retail stores.
• Smartphones Overtake Computers as Top E-Commerce Traffic Source/a> – For retailers at least, the most important screens are now the small ones. Smartphones accounted for 45.1 percent of web-shopping traffic in the first quarter of this year, edging out computers at 45 percent, according to a study from Demandware, an e-commerce software provider.
• The Future of ECommerce vs. Bricks & Mortar Retailing – For the last several years, the biggest question in retailing has been the competition between old-school bricks and mortar stores and the rise of ECommerce and online retailing. Here I extend the work done for my recently published report on retail trends to take a closer look at the future of the industry.
• Letter from the CEO to the Magento Community: Magento’s Evolving Role in Our Ecosystem – Today we announced the acquisition of RJMetrics, a powerful cloud-based analytics solution for digital commerce merchants. It is our first acquisition since becoming an independent company, and represents another milestone in this historic year of change for Magento.
• The Future of e-Commerce: What if Users Could Skip Your Site? – Have you taken a look at Google Shopping recently? Okay, so it isn’t quite the ecommerce monster that Amazon or eBay are, and yes, it’s only filled with sponsored posts. Playing around with it, however, proves that it provides a decent experience.
• Magento Conversion Rate Optimization Strategies – As a Magento Certified Solution Specialist at Creatuity, I help Magento merchants increase conversions. In this article I’ll share some of my proven strategies that anyone can implement.

To end this month, we leave you with what may be the best thing ever done in Excel.

Posted in:
Monthly Roundups, Nexcess

On July 26, TechCrunch, a popular WordPress-based technology business blog, was compromised by OurMine, a team of hackers responsible for a series of attacks targeting high-profile individuals and sites. The attackers accessed a user account and published a blog post announcing that TechCrunch’s security had been breached. In this case, the attackers were relatively benign; their aim was to advertise their security services rather than cause serious mischief, but there are lessons to be learned by publishers.

It appears the attack didn’t leverage a vulnerability in WordPress itself or a brute-force attack against user accounts. Instead, the attackers discovered that one of TechCrunch’s writers had used the same password on a number of different sites.

Presumably, OurMine were able to compromise one of those sites, discover the password, and use it to log into the writer’s account, giving them the access they needed to publish an article. When the article was published, posts were also automatically distributed on TechCrunch’s social media networks.

It’s impossible to maintain a secure password-based authentication system if users refuse to adhere to best practices. Even a long and random password is vulnerable to discovery if it’s used on lots of other sites. All it takes is for the same password to be used on an obscure forum with a known vulnerability.

Two-Factor Authentication

Two-factor authentication can help protect WordPress sites from this class of attack. By forcing users to demonstrate both their knowledge of a password and their possession of an authenticated device, attackers can be denied access even if they have discovered the password.

There are several TFA authentication plugins available for WordPress, of which Authy, Duo Security, and Google Authenticator are the best known.

Educate Users

Even with TFA, there’s no substitute for user education. Anyone with access to a high-profile publisher’s website should understand the following:

1. How to create secure passwords.
2. How to use a password locker like LastPass or 1Password.
3. Why they shouldn’t use the same password on multiple sites.

Force Secure Passwords

Unfortunately, many users understand the above advice perfectly well, but ignore it anyway. Having a theoretical understanding of password security is not the same as comprehending the risks. Users think it won’t happen to them.

That’s why it’s often necessary to force users to choose secure passwords. Recent versions of WordPress do a good job of guiding users to secure password choices, but they can ignore that guidance.

To ensure that users can’t take the easy path, use a plugin like Force Strong Passwords.

The attack against TechCrunch was a marketing stunt, but it could have been much more serious. Had OurMine wanted, they may have been able to breach an admin account and plant malware on the site, or publish news that impacted the stock price of a technology company.

High-profile publishers have a responsibility to ensure that their sites are protected — the consequences of a successful attack could have repercussions well beyond embarrassment.

Posted in:
Security