The Best Reason to use a Professional WordPress Developer

wordpress-locked

Thousands of WordPress sites backdoored with malicious code

Malicious code redirects users to tech support scams, some of which use new “evil cursor” Chrome bug.

 


Thousands of WordPress sites have been hacked and compromised with malicious code this month, according to security researchers at Sucuri and Malwarebytes.

All compromises seem to follow a similar pattern –to load malicious code from a known threat actor– although the entry vector for all these incidents appears to be different.

Researchers believe intruders are gaining access to these sites not by exploiting flaws in the WordPress CMS itself, but vulnerabilities in outdated themes and plugins.

Also: Access to over 3,000 backdoored sites sold on Russian hacking forum

When they gain access to a site, they plant a backdoor for future access and make modifications to the site’s code.

In most cases, they modify PHP or JavaScript files to load malicious code, although some users have reported seeing modifications made to database tables as well.

Malwarebytes security researcher Jérôme Segura said this malicious code filters users visiting the compromised sites and redirects some to tech support scams.

CNET: How to avoid tech support scams

He says some of the traffic patterns seen during the redirection process match the patterns of a well-known traffic distribution system used by several malware distribution campaigns.

Segura also said that some of tech support scams that users are landing on are using the “evil cursor” Chrome bug to prevent users from closing the malicious site’s tab, a trick that the researcher first spotted last week.

TechRepublic: Why that email from your boss could be a scam waiting to happen

This WordPress site hijacking campaign appears to have started this month, according to Sucuri, and has intensified in recent days, according to Segura.

Googling just one of the pieces of the malicious JavaScript code added to the hacked WordPress sites reveals just a small portion of the total number of hacked sites. In this case, this string search yielded over 2,500 results, including a corporate site belonging to Expedia Group, the parent company behind the Expedia portal.

wp-spam-campaign.png

Last week, ZDNet revealed that attackers had been scanning the Internet in an attempt to exploit a recent vulnerability in a popular WordPress plugin.

While Sucuri did not find confirm that this vulnerability was now being used in this recent wave of site hacks, the company did confirm our initial report, based on WordFence’s telemetry.

Mobile-First Indexing: Your Guide to Google’s Big Shift

Google-mobile-indexing

Mobile-First Indexing: Your Guide to Google’s Big Shift

 By 

As Google makes the big change to mobile-first indexing, it’s important that your site is ready for the shift. Are you fully prepared?

Let’s start at the beginning.

What Is Mobile-First Indexing?

The mobile-first initiative is an effort to address the growing percentage of mobile-users in today’s search landscape.

Back in March, on their Webmaster Central Blog, Google announced that they are rolling out their mobile-first indexing initiative more broadly which is a big change to how Google crawls and indexes your site. The push is on now and Mobile Indexing is being fully implemented.

What’s Changing about Google’s Rankings?

Per Google, “Mobile-first indexing means Google will predominantly use the mobile version of your websites content for indexing and ranking.”

But what does that mean?

Currently, Google crawls and indexes your site based on the desktop version of your site and the content that exists there.  With this change, Google will be looking at your mobile site first and the content on that version to determine how your site is ranked.

For example:

Desktop vs. mobile versions of your site; Google will now index the mobile version of your site.

Over the course of the last year, Google has been slowly experimenting with a small percentage of sites to make the switch to crawling, indexing, and ultimately ranking sites based on their mobile experience, not their desktop as they always have.

This doesn’t mean your desktop site isn’t important anymore, it just means that they will be looking at it as a secondary source, not the primary one for crawling, indexing, and ranking as it has been in the past.  But even if your site is doing well organically, if it’s not responsive (mobile friendly), your ranking will drop substantially.  Don’t lose those years of building your search engine position, contact us today.

How Mobile-First Indexing May Impact Your Site

Depending on how you handle mobile, this change may or may not directly affect your site.

  • If your site is built in responsive design, you will see no impact, as your site adapts to all devices.
  • If you have a separate m. site (or something similar) and your primary content does not exist on it, then you are at risk of seeing a negative impact as Google will no longer be looking at your desktop version.
  • If you do not have a mobile site/experience then this change will negatively impact you.  Also, it’s 2018: if you don’t have a mobile-friendly site then you have much larger issues that this change.

What Mobile-First Best Practices Can I Follow To Ensure I Maximize My Opportunity?

Google has published an entire list of best practices for mobile-first indexing on their developers’ blog.

While there are many things to consider and you should read through the entire list above, two major points are ensuring you have mobile-friendly content and that your site loads as fast as possible.  Site speed is becoming an increasingly important ranking factor, which coincides with users’ needs to get everything as quickly and seamlessly as possible.  With the rapid adoption of AMP (accelerated mobile pages) and the popularity of Progressive Web Apps (PWA’s) growing, it’s not surprising to see Google pushing site owners in this direction.

How Do I Know If Google is Using Mobile-First Indexing for My Site?

Google will be notifying site owners that their sites are migrating to mobile-first indexing through Search Console.  The message will look like this:

Example of Google's notification of mobile first indexation

So you need to make sure that if you have an m. version of your site, it is verified in Search Console.

You will also see a significant increase in the Smartphone Googlebot crawl rate and Google will show the mobile version of pages in search results and cached pages.

What Do We Think About This?

This is a major change in how Google interacts with our websites and makes sense as more and more traffic continues to move to mobile.  While your desktop site will certainly remain important and Google will not be ignoring it, users have been trending towards mobile usage for years and this is the natural progression of our industry.

Companies need to take notice of this change.  Thinking mobile-first should not be something that is kicked down the road and moved down on priority lists, from a search perspective this should be top of mind for all organizations large and small.

Should you be concerned?  If you haven’t been paying attention to how your site functions on a mobile device, this probably isn’t going to pan out for you.  The good news is that all websites are living documents and can be changed and updated.  If you are coming in a little late to the game on mobile, then now is the time to improve that experience and ensure your site is set up to provide value to mobile users.

This is yet another banner that Google is waving to signal the importance of your mobile experience.  If you have been neglecting it, now is the time to rectify that and putting people and resources behind it.

If you think your site is not mobile friendly or have tested it and know, contact us for advice to bring your website up to speed with the current technologies.


Google just updated text messaging for Android, and it completely changed the way I text

 

Google just updated text messaging for Android, and it completely changed the way I text

So I was pretty excited to hear that Messages for Android now has its own web client, accessible from any web browser. It’s called Messages for web, naturally:

Messages for Web (Messages for Android)Google

In short, Messages for web lets Android users text message seamlessly from any computer with a web browser. It’s super easy to set up, and even syncs in real time between phone and computer.

I’ve been using it for nearly a week at this point, and it’s fundamentally changed how I communicate.

Here’s why:

First, setting it up: It’s a snap!


Ben Gilbert / Business Insider / Google

Here’s how you set up Android text messaging on the web:

Step 1: Open Messages on your (Android) phone.
Step 2: Tap the three dots in the upper right corner, and select “Messages for web.”
Step 3: Navigate to the Messages for website on your favorite web browser.
Step 4: Scan the QR code using your phone.

And you’re in.

If you want the computer you’re using to remember your phone, there’s an option to select that from the web browser window.

If you’re not seeing the Messages for web option in Messages just yet, check back in a few days — Google is rolling out the update over time.

I’ve stopped knee-jerk responding to every text message buzz in my pocket.

I’ve begun ignoring the buzzes in my pocket, and it’s been a massive relief.

As someone who spends most of my time at a computer, I feel especially silly holding up a smartphone screen in front of that computer.

Eventually, I click over to the Messages for web tab in my browser and see what I’ve been missing: group texts with friends to get back to, messages from my partner, an alert from Verizon that my autopay went through successfully.

Important stuff, no doubt, but stuff that doesn’t require an immediate, “Stop everything!” response. Instead, I ignore the buzzes, find a natural end point to whatever I’m doing, then catch up on messages I’ve been missing.

It’s a subtle change with massive implications — I’ve been knee-jerk responding to text message pocket vibrations for over 10 years now.

But there’s something about having all my text messages in a browser window, waiting for me, that changed how I look at them: They’re just instant message windows now, nothing more than the AOL Instant Messengers and Facebook Messengers of the world.

It’s obvious, I realize. They’re all just messaging software in the broadest sense. But text messages have maintained the top spot in my personal hierarchy of prioritization. Messages for web is helping me put the space between myself and text messages that I didn’t even realize I needed.

Not having to switch between phone and computer while working is a huge time saver.

Not having to switch between phone and computer while working is a huge time saver.
Since I write about technology at a major publication in 2018, I use a MacBook Air with my phone sitting next to it. I don’t wear a name tag.
 Jacques Brinon/AP Images

Switching between a phone and a keyboard is massively disruptive. Moreover, as stated previously, it makes me feel ridiculous to pick up a smartphone solely for one type of messaging while I’m sitting at a powerful computer.

Having Messages for web makes text message communication a part of my workflow.

I’m free to ignore the buzzes in my pocket specifically because I know the messages they represent are easily tackled in a browser tab. Why bother looking?

Messages for web seamlessly syncs between phone and computer, instantly.

Ben Gilbert / Business Insider / Google

The way that Messages for Android works is identical to the way Messages for web works. You can send images, and emoji, and links, and GIFs, and there are even a handful of silly secret commands.

If someone sends you media, you can download it locally to your computer (and vice versa — it’s super easy to send your friends all the dumb GIFs you found before they woke up).

Messages for web works exactly as well as Google’s many other excellent services, like Google Docs, Calendar, Mail, and Keep. It is genuinely impressive how quick and easy it is to use Messages for web.

And yes, you can text message anyone with Messages for web, just like you would with your phone normally. It actually uses your phone to send the messages — there’s no way to use Messages for web without your phone close by.

5 Reasons Your Business Needs HTTPS

ssl

5 Reasons Your Business Needs HTTPS

The rules have changed about what good website security means—starting with a new minimum requirement for all website pages to support encrypted connections. The good news is you’ll gain other valuable benefits by adhering to this new standard. First, let’s get on the same page by reviewing a few basics.

What’s HTTPS?

When your customers land on a web page that’s not protected by any type of SSL Certificate they’ll see http:// at the beginning of the website address in the browser bar. This used to be perfectly fine unless your webpage involved a login ID, password, form or payments. Enter the era of mega cybercrime.

HTTP has one glaring flaw—it’s not secure. Any information transmitted via an HTTP connection is vulnerable to being tampered with, misused or stolen. Your visitors deserve to know any data they share with you is safe from prying eyes.

Installing an SSL Certificate changes the browser bar address to https:// to clearly show visitors the connection is encrypted, meaning the server is authenticated and data is protected in transit. No wonder web browsers have made HTTPS the new standard for website security.

HTTPS Is Good for Your Bottom Line

Enabling encrypted connections is one great reason to protect your website with an SSL Certificate.  But, it’s not the only reason. Here are some other ways HTTPS brings value to your business:

  1. Speeds Up Performance—Being the slow kid on the block and the last one picked for dodgeball is a bummer. Being slow online could cost you everything. HTTP is being replaced by a newer faster version—HTTP/2. Encrypted connections are required to unlock the latest speed and security features.
  2. Increases Search Engine Traffic—Google includes SSL as a ranking factor. How’d you like to boost your search visibility up to 5%? Be found above the competition by encrypting every page of your website.
  3. Enables Mobile Options—Salesforce reports 71% of marketers believe mobile is core to their business. Mobile’s most popular features—geolocation, motion orientation, microphone, fullscreen and camera access—require HTTPS to be enabled by most browsers
  4. Protects Your Brand Reputation—A recent CA Security Council Report shows a mere 2% of customers would proceed past the “Not Secure” warnings that are due to kick in July 1 for all web pages without HTTPS connections. Show visitors your brand values their security by protecting your website with an SSL Certificate.
  5. Delivers a Seamless Experience—Don’t let visitors engage with several pages on your site only to be get broadsided with a “Not Secure” warning on pages you haven’t protected. They’ll reward you for taking the extra steps to give them an end-to-end encrypted experience.

 

Identity Validation Matters, Too

HTTPS is no longer optional if you want to build relationships and a business online. The good news it adds a lot of value to your business. But, SSL Certificates do more than enable HTTPS.
They also authenticate or validate your identity so visitors know it’s really you on the other end of their connection. We’re here to help you find the right level of validation based on your goals.

Click here to learn more and request pricing for the purchase and installation of your SSL Certificate.

Font Resize