Don’t Read Terms, Just Agree

Terms of Service Resulting in Spam is Quick Way to Get Your Site in Trouble

stack of dictionaries

Yes, we know they are long. Yes, it can be as exciting to read as reading the dictionary.

Yes, most of the time they are pretty standard. But what about when they aren’t?

We’re talking about Terms and Conditions or Terms of Service. You know, those things you have to click “I agree” to before proceeding–on just about everything on the internet these days.

It is easy to get lazy. Especially when you have read a bunch of them and they all seem to be the same. Pretty much verbatim the same, in fact.

But there are people who, whether intentionally or not, will provide you with a ‘service’ that can actually harm your website. Sometimes you won’t even know it. But Google and other search engine bots might. They might actually interpret it as spam or something else that is against their policies–and that is a big problem.

And that’s where the problem begins.

Case in point is the 404 to 301 Plugin, but it isn’t the only one. And to their credit, the authors of this plugin have theoretically already fixed the issue that was causing the main problem with Google.

So, read the terms of service or terms & conditions. If you don’t understand what it means or the implications, then wait before you install. Talk to someone you trust who can advise you.

Mistakes can happen, even when you are careful. So monitor your website’s health. Keep backups in case you need to “roll back” your site to an earlier date. Consider a security software.

This isn’t meant to scare you, just alert and educate. You can’t be expected to know everything about your business and the internet, too. That doesn’t mean you shouldn’t have a website. It just means sometimes we have to get help from someone else.

After all, just because I can watch a YouTube video on how to fix my car, paint my house, or trim the trees in my backyard, it doesn’t mean that it is necessarily a good idea. I might save myself some money–or I might make more money by focusing on my business and paying someone else to take care of these things.

Neither way is inherently right or wrong. Just be smart about it. Do you enjoy learning new things–go for it. But if you are frustrated or overwhelmed, or not having the success in your business that you want, and deserve, then focus on that.

Read the blog post by WordFence security for more info.

Did Plugin Result in Resignation of Iceland’s PM?

Could the Panama Papers Breach Been Avoided with Basic WordPress Security?

Read how a simple WordPress plugin may have enabled Panama Papers leak

Panama_Papers_Leak_photo_CNN

By now just about everyone has heard about the “Panama Papers Breach.” The fallout is still coming from this leak of over 11.5 million documents, but at the very least the Prime Minister of Iceland has been forced to resign as a result. Russian President Putin and British Prime Minister David Cameron are also caught up in the controversy.

The Panamanian law firm Mossack Fonseca is at the center of the swirl. Our friends at WordFence security have done some testing and they have made a shocking discovery:

The Panama Papers Breach may have been a result of an outdated WordPress Plugin!

Forbes has reported that Mossack Fonseca (abbreviated as MF…how appropriate!) provided a portal for their customers to access their data. This portal reportedly was using an old, vulnerable version of Drupal. WordFence did their own digging and found this:

The MF website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server.

Viewing this link on the current MF website to a Revolution Slider file reveals the version of revslider they are running is 2.1.7. Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.

MF has since put their website behind a firewall, but only within the last month did this happen.

On top of having an out of date plugin, and providing access to their website via an unprotected portal, it seems that MF also used the same server for their website as their email server.

While these hackers may have done the world a service by exposing corruption, learn a lesson from the failings of MF. Protect your business and your clients by securing your website.


Read more, or watch the video on CNN here

Read more about the possible plugin connection on WordFence’s blog here

Is Your Website Back Door Unlocked?

Over 300,000 Users May Have: Read Latest Website Security Update and Make Sure You are Locked Down

Website Security Updates from Internet Advertising that Works

The plugin User Role Editor has been reported to provide a backdoor way for your users to gain controls that you may not want them to have.

This popular plugin, which has more than 300,000 active installations has a serious vulnerability.

The vulnerability allows any registered user to gain administrator access. For sites that have open registration, this is a serious security hole.

As we mentioned in our post about Internet Security last month, it is important to keep your plugins current. Be sure to update your plugins immediately, and if you do have User Role Editor on your site be sure to upgrade to the latest version (currently that is 4.25.)


Read more of the technical bits on the WordFence blog post here