WordPress Security Alert: WP Super Cache Exploit — update now!

We have recently learned of a known exploit in outdated versions of the WP Super Cache plugin which allows for malicious content/code injections to a vulnerable WordPress site.

You can update any and all installed plugins very quickly by logging into your WordPress Admin area and selecting “Plugins” from the Left hand menu. It’s as simple as clicking “Update”.

For additional information on the WP Super Cache exploit, please see this blog:
https://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html


Is your website mobile friendly? Google is about to make you care.

mobile-friendliness

Normally, I don’t start a blog post by quoting another blog, but here goes:

“Starting April 21, we will be expanding our use of mobile-friendliness as a ranking signal. This change will affect mobile searches in all languages worldwide and will have a significant impact in our search results. Consequently, users will find it easier to get relevant, high quality search results that are optimized for their devices. ”
Source:
http://googlewebmastercentral.blogspot.com/2015/02/finding-more-mobile-friendly-search.html

What does this mean? If your website isn’t “mobile friendly”, your search engine rankings will likely be penalized in favor of other websites that are optimized for mobile traffic. In other words, on April 21, you may start to see a big drop in traffic your website receives from mobile users directed there via Google search.

What’s more, Google’s indexing service will independently score every page of your website for mobile viewing, so even if your homepage is optimized with a responsive layout, lower-level pages that are not optimized could suffer in their own search engine ranking.

Google offers a mobile friendly test as part of their webmaster tools. A web form lets you provide a website URL, which Google will then analyze, report on its mobile friendliness, major issues or errors it is able to determine, and even render for you on-screen the way that website looks on a mobile device.

The test is not as detailed as a full website scan, but it can point out problems and help you understand whether your website is ready for the new indexing rules.

Google Webmaster tools / mobile readiness
https://www.google.com/webmasters/tools/mobile-friendly/

If your website was built using a popular CMS (content management system) platform such as WordPress, Joomla, or Drupal, the good news is that mobile friendliness may be as simple as changing your website’s theme (user interface template) and trimming down the length of some of the content on your website. Most CMS theme developers these days design with mobile responsiveness in mind, so a single theme may be capable of serving a traditional website layout for viewing on a desktop computer, and automatically scale and re-render the layout for table and mobile devices.

Our own website is a good example of a mobile responsive layout. To see this in action, try viewing our website in a full-screen browser window on your computer. Then, start to narrow the browser screen down to the size of a tablet. You’ll see the top, horizontal navigation bar turn into a mobile-optimized dropdown in the upper left corner. If you continue narrowing the size of the window, you’ll see images scale, and columns of information automatically stack vertically.

Additionally, many browsers, including Google Chrome and Firefox, contain built-in developer tools (or support free add-ons from the developer community) that let you simulate the appearance of your website on a variety of mobile devices.

With Google’s upcoming mobile indexing rules, the results are pretty straight forward:

mobile friendliness2
Which would you prefer?

Canvas Host can help you determine if your website is mobile ready, or if it needs some help. Please contact us if you’d like to learn about our CMS development and consulting services. We’ll help answer your questions and provide the information you need to ensure your website is ready for mobile visitors.


.COM Just Turned 30

Have you ever visited www.symbolics.com? Hmm. Until this week, neither had I.

30 years ago, symbolics.com was the very first .COM domain registered. To this day, the website offers a neat history of the dawn of the .COM domain space.

http://www.symbolics.com

The year was 1985. I was 10 years old. I wore awkward, banded-color shirts and corduroy trousers and large, shapeless framed glasses. I was just transitioning from the little G.I. Joe and Star Wars action figures over to a newfound love of Transformers toys. My family was about to purchase a Mac Plus computer and soon, I would be pushing its limits with an early edition of Microsoft Flight Simulator.

image

I had no idea what a domain name was back then, but someone at Symbolics, Inc. had just registered the first .COM of all time. In that year, a total of just six domain names would be registered. Apple Computer, Inc., founded in the late 70’s, would wait another two years after Symbolics to register apple.com, in February 1987.

In those days, I was still trying to grasp the philosophical implications of TRON and the idea of digital life. I knew computers would become an important part of my life. Playing Atari, then Nintendo and its successive gameboxes, I saw a future in which computers would be a daily thing to interact with, yet the Internet was still a bizarre concept. I’d call Nintendo’s phone hotline for secret codes, and I waited for magazines to arrive by mail. Back then, you couldn’t download cheat codes or email for Support.

In the mid-1980’s, my mother sent emails every day as part of her jobs. She worked for the Department of Justice in Eugene, Oregon, and the University of Oregon Registrar’s Office. She was well acquainted with the same Pine email system I would later use in my college years. But a website? Huh?

I can’t recall the exact year or place when I saw my first website. It may have been in 1988, on an old Apple 2GS in my middle school’s computer lab, and I was trying to look at clip art that was on “the Internet”. At the time, I was more interested in drawing pictures of the starship Enterprise, pixel by pixel, on the Apple’s art program.

30 years later, domain names and Internet service are integral to my business and my life. I still have my Transformers toys, albeit they get more play time from my son than me.

All this reminiscing makes me wonder… where were you when you first learned about the Internet? First heard about “.COM”? Tweet your replies to @canvashost — this could be fun. :)

Thank you,

David Anderson


Canvas Host has recertified as a B Corporation!

b-scoreCanvas Host just completed its 2015 B Corporation re-certification. As part of the certification process, we answered hundreds of questions in the B Impact Assessment (BIA). Questions were broken into five main categories covering our operations: Environment, Workers, Customers, Community, and Governance. A sampling of questions were randomly audited.

Upon completion of the assessment, we received a B Impact Report score on a scale of 0 to 200. To put it into perspective:

  • An average businesses score 50 points.
  • A certified B corporation is required to score a minimum of 80 points.
  • Canvas Host scored 109 points! We’re thrilled to have reached a new level of B performance in our business.

View our B Impact Report:
http://www.bcorporation.net/community/canvas-host

So… why are we a B?

Like other B corporations, we operate on triple bottom line principles (people, planet, profit), not just profit alone. Additionally, we embrace a philosophy of business with purpose that goes far beyond our mission statement and addresses how we benefit (or impact) our environment, community, employees, stakeholders, and customers. We’re held to a higher standard, with legal structures in their operating agreement requiring that we consider the impacts of our decisions. It’s a higher level of accountability, and certainly the challenge of a higher bar of performance that we have chosen to meet.

If every business was a B, the world would be very different. Imagine companies with purpose addressing concerns that effect others around them: Education, poverty, environmental responsibility, social justice, advocacy for underserved communities, a spirit of community service and volunteerism… the list is endless.

We want to see a world in which companies care just as much as you and I do about taking care of our planet, starting with our own decisions.

That’s why we’re a B.

How can you get involved?

Whether you’re a business or non-profit, a school or hotel, a freelancer or a mega-corporation, you and your colleagues can get involved in the B community. Whether you have the legal means to inact the B Corporation requirements, there are things you can do to help the B movement!

For more information on B Corporations, we invite you to visit B Labs’ website:
http://www.bcorporation.net/

B Labs’ website maintains a public directory of all certified B Corporations. If you want to support the B community, a great way is to connect with B Corporations or consider using their business for your needs:
http://www.bcorporation.net/community/find-a-b-corp

If you’re interested in taking the 20-minute Quick Impact Assessment, please visit this site:
http://bimpactassessment.net/quick

And to go for the full assessment, please visit:
http://bimpactassessment.net/

Canvas Host is also a registered Oregon Benefit Company, a legal state entity recognizing the qualifications we undertook as a B Corporation. Benefit companies in all 50 states, and every country worldwide, are the ultimate goal of B Labs’ efforts. If you have any questions about B Corporations, please contact us with your questions. Together, we can B the Change.

– David Anderson

p.s. B Corps get 25% off their first hosting order! Contact us for details. :)


On WordPress Plugins and Hosting Security

wordpress

As a hosting platform, Canvas Host’s network is home to thousands of WordPress websites. WordPress runs well in our environment and saves our customers tons of headaches and costs compared to building and maintaining a website from scratch.

In part, WordPress’ ease of publishing is due to its extensive, user-supported plugin library. With more than 100,000 ready-to-use WordPress plugins — many of which are completely free — it is increasingly possible to build a website customized to each customer’s individual need. You name it, there’s likely a plugin for it.

That said, plugins are also one of the top threats facing your website’s security. Not all plugins are rigorously tested. Sometimes they contain unknown weaknesses — known as vulnerabilities — which hackers and automated scripts can prey upon. In these instances, your website can be secretly hacked without any advance warning.

When we learn a website has been hacked, we often discover it is a website running an old version of WordPress, else it was using untested or new plugins that hackers have found a way to break. Regardless of the cause, a hacked website in our network presents a risk to all other customers on that server and it must be suspended immediately, without question. By “suspending” a website, we’re not ending your service, nor are we declining your business. Instead, a suspended website cannot serve web pages (which may contain phishing scripts or viruses), process PHP or CGI scripts (which may process stolen credit cards or send out spam), or send or receive email (which may contain viruses and other nefarious email contents. The domain is still accessible via web browsers with a message that it is “currently undergoing maintenance”.

While the website is suspended, our team communicates with you by opening a Support ticket, as well as first trying calling you directly to inform you as fast as possible that your website is having some problems and that we had to suspend it. We’ll do what we can to assist in determining the cause of the issue, including looking at server logs, and performing a quick scan of your website to try to pinpoint the issue. We’ll talk with your webmaster or webmistress to help them sort out the issue. If you do not have a web developer, we are available for immediate consulting work.

Here are some tips to protect your WordPress website:

  1. Keep WordPress updated
  2. Keep all WordPress plugins updated
  3. Research new WordPress plugins first to confirm they are safe and written by a trusted developer
  4. If in doubt, perform some basic research online or “Google” your plugin to see if there are known issues
  5. Ask your web host – we may already have an answer for you!

I recognize that anything impeding your business is costing you time and money. We want to deliver you reliable, secure hosting service with tools to ease you on your way. In order to ensure that reliability and security, we have to take a proactive approach to police our network, identify threats, and respond as quickly as possible.

As your web host, we are your partner and we’ll do whatever we can to help you succeed online. Please let us know if there’s anything we can do to help you more.

Thank you,

David Anderson