With 4 months to switch on HTTPS, are web hosting companies ready?

Like it or not, if your website isn’t using HTTPS (the encrypted version of the web’s HTTP protocol) by July then you’re likely to lose traffic.

That’s because in July 2018 Google Chrome, the world’s most popular browser, will start warning users that web pages served over HTTP are not secure (they aren’t).

This isn’t an empty threat, Chrome has been turning the screw on HTTP for a number of years and Google Search already gives sites with HTTPS a boost in its search rankings. You should expect other browsers to follow Chrome’s lead.

As Mark Stockley explains, if you’re buying web hosting you’re going to want HTTPS.

WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a maintenance and security release for all WordPress versions since 3.7, and you need to update your websites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.9.1 Security Release

WordPress 4.9.1 is now available. This is a security release for all previous versions since WordPress 3.7, and it is strongly recommended that you update your websites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.8.3 Security Release

WordPress 4.8.3 is now available. This is a security release for all previous versions, and you must update your websites immediately.

WordPress versions 4.8.2 and earlier are affected by an issue where unexpected and unsafe queries can lead to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but special hardening has been added to prevent plugins and themes from accidentally causing a vulnerability.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

Do You Have Permission to Use That Image?

Finding images for your website or brochure can be tricky. There are confusing stock sites, tempting free collections, there is also a Google image search that may look like an easiest option. How to make sure you don’t have to regret your choice later? Theresa Jennings can help with a clear, to the point presentation.

Not a fan of presentations? A downloadable PDF is also available.

Cloudflare now offers unmetered DDoS attack mitigation

Cloudflare turns seven this week and it wants to give your network a present. Should your website come under Distributed Denial of Service (DDoS) attack, it will never charge you additional fees, or (and this is important) kick you off the network.

Cloudflare CEO Matthew Prince has pledged unmetered DDoS mitigation, regardless of the size of the attack and no matter what level of service you have from the free tier all the way up to the enterprise level.

This is wonderful news for small business owners. Take advantage of it if you haven’t done so yet.

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 became available today. This is a security release for all previous versions, and you need to update your websites immediately. The update fixes 9 security issues.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 became available today. The new version addresses 6 security issues affecting WordPress 4.7.4 and earlier releases. It also includes 3 maintenance fixes to the 4.7 release series.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

There is a phishing attack that is receiving much attention today in the security community.

A phishing attack happens when an attacker sends you an email with a link to a malicious website. You click on the link because it appears to be trusted and may either infect your computer or be tricked into signing into the malicious site with credentials from the real website. The attacker then has access to your username, password and any other sensitive information you may inadvertently provide.

This particular phishing attack uses malicious registered domains that look identical to real domains in your browser.

WordFence, the force behind of one of the best WordPress security plugins set up a test case to demonstrate how this attack works in case you are interested in technicalities, but the most important thing to do if you are using Chrome or Firefox is staying safe, and the easiest thing to do when you are about to log into a website you trust is this.

Copy the URL in the location bar and paste it into any program on your device that allows to paste as plain text.

A fake domain will appear as starting with https://xn--. A real website will look exactly as in your browser’s location bar.

In Chrome, you can even copy the domain and paste it right back into the location bar and the fake website’s domain will reveal itself.

WordPress 4.7.3 Security and Maintenance Release

WordPress 4.7.3 became available today. This is a security release for all previous versions and it’s strongly recommended to update your sites immediately. The new version addresses six security issues that may put your website at risk of being hacked.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.