A2 Posting

  • Where Did My WordPress Plugins Go?

    From time to time, our support team receives the following question:

     

    I installed a security plugin and some of my other plugins disappeared. What happened?

     

    If you have plugins unexpectedly disappear when you are updating, deleting or adding plugins, your site has likely been compromised.  This does not mean the new plugin you just added was the cause of the compromise; this simply means by modifying your plugins, Wordpress has performed a basic check on all plugins that are installed and has removed any plugins that had code injected above the meta data for the plugin.


     

    So what’s really going on when the plugins disappear?  

     

    When the plugins disappear, WordPress is just ignoring the files for missing metadata.  This is usually caused by code injection near the top of the file.  This is not a security feature of WordPress;  Instead, it is a byproduct of WordPress requiring a specific comment at the beginning of each plugin describing things like the plugin’s name, author, copyright, and version.  WordPress no longer recognizes the plugin so it effectively disappears from the wp-admin; however, the files are still in the plugin directory.  


     

    What is code injection?

     

    Many exploits to plugins and themes in WordPress will take advantage of the fact that WordPress executes the code present in the main file of each active plugin on every page load. When infected files are executed, they will also seek out other files to compromise and very quickly every PHP file on a site will have several new lines of code in them for any number of evil reasons.  The lines of code that are copied into each php file are known as injected code.


     

    Why do hackers inject code?

     

    Code injection is a common way hackers use WordPress to send SPAM, advertise their hacker group or to even perform a Distributed Denial of Service (DDoS) attack.  The code is executed at least once on every page view of your site, causing the hack to perform its task

    over and over again.  If the purpose of the hack is to send spam from your account: SPAM will be sent out from your site every time a user visits a page.


     

    Why did I not know I was hacked until now?

     

    If a hacker is using your site for evil, they generally do not want you to know that they have compromised your site.  The longer a hacker can have control over your site without you knowing, the more money they can make off of having your site compromised.

     

    Bottom Line; when you discover this problem of one or more plugin disappearing, you need to quarantine and clean the files by installing a virus scanner like 6scan.

  • Affordable PPC With Remarketing For Search

    About 4 years ago we saw the birth of a new tactic to target potential customers called remarketing (also referred to as retargeting). You may not be familiar with this term, but I would be very surprised if you haven't seen remarketing in practice. Remarketing is when you visit a website and then you start seeing banner ads and even ads in Facebook promoting the website you visited.

     

    It's a very targeted marketing tactic because you are spending your marketing budget on customers who have at least shown interest in your website and product. That is instead of advertising to the giant pool of potential customers who may or may not be interested in you. Unless your conversion rate is 100% (I would love to speak with you to learn some pointers if that's the case), you should consider using remarketing. After all, a 2% conversion rate means 98% of customers didn't purchase from you.

     

    Most of us have been using the Internet long enough that banner ads don't always grab our attention. Instead you may want to consider remarketing for search via PPC bidding. In your average PPC campaign, your bids, ads and keywords are identical for each searcher. However if you know that someone has already shown interest in your product, you can bid more for broader keywords and write more targeted ads.

     

    For example, let's say you're a shoe retailer that specifically sells blue basketball shoes. A normal keyword you would bid on would probably be 'blue basketball shoes'.That's a very specific keyword that may not get a ton of searches, but it describes your product perfectly. By using remarketing for search, you know you're only advertising to previous site visitors who have shown interest in your product. Since this is the case, you don't have to be so defined with your keyword selection. You can choose a keyword like 'shoe'. Bidding on 'shoe' probably wouldn't be the best strategy without retargeting because it's likely a highly competitive keyword, therefore it would be extremely expensive to get clicks for.

     

    Go ahead and give remarketing for search a try! I could run through the steps on how to actually start a Remarketing campaign, but it is a bit out of the scope of this blog post and Google has already laid out the information quite nicely:

     

  • Shellshock Lessons for Developers

    For anyone who doesn't know, Shellshock is the name of a particularly nasty vulnerability in Bash, the standard shell for most Linux distributions (and other Unix-like systems.) As of press time, new vulnerabilities due to this bug are still being discovered. Some distributions have only released patches that fix part of the problem, and a vast number of Internet connected computers are unpatched and vulnerable. There's bound to be some negative outcomes from a security problem like this, but let's see if we can scrape out some positive results.

    The first lesson to take from this problem is that no software, no matter how ubiquitous, is guaranteed free from vulnerabilities. The Shellshock bug in Bash has been there for a long time. It looks like over a decade. This isn't a result of an overwrought, unmaintainable mess receiving a poorly reviewed patch like the Heartbleed bug in OpenSSL. This is code that has been there for a long time, and everyone from Google to Facebook to Apple has been using Bash and not found it. Don't take for granted that because some program is standard and popular that it is safe. Because it isn't. That means, don't assume you can just stick with the version you have forever and not worry about updates down the road.

    It also means, don't trust software unnecessarily. Don't believe that any piece of software is a locked door, and you can be sloppy behind it assuming nobody will ever get past it. In the case of Shellshock, most people probably didn't even realize they were trusting Bash with their CGI setups, but they were. If you're using CGI to execute your web application, you're trusting Bash (or some other shell) to be free of vulnerabilities that would allow remote execution. It's not just CGI, though; any PHP script that uses shell_exec could be vulnerable. Or an application written in another language which uses a form of shell_exec. Remember when your paranoid, security-minded friend told you not to use shell_exec in your applications? This kind of thing is why.

    That's the third and final lesson I want to mention right now. When the security community says that a programming practice is bad (such as shel_exec or eval), believe them. You may think you know what you're doing, and you'd never allow your harmless use of shell_exec to cause a problem. But you're wrong, and it's not only up to you. We can all make mistakes, and we can all be the victim of others' mistakes. You can reduce the target on your own back by avoiding patterns that are prone to vulnerability.

  • A2 Optimized - 6X Faster WordPress Page Loads

    It shouldn't come as a surprise WordPress users really care about page load speed and website security. After all, page load speed impacts everything from your bounce rates, conversion rates, page views and Google rankings. On the security side, over 10 million websites are hacked each year and the total cost to fix those hacks are rapidly escalating.

     

    We understand your concerns! That's why our team of WordPress optimization experts developed A2 Optimized. A2 Optimized is a WordPress plugin, exclusive to A2 Hosting customers, providing auto-configuration for your site so you get the best WordPress performance. Thanks to months of testing multiple combinations of compression and caching solutions, we've ended the guesswork of how to get the fastest WordPress page loads.

     

    We don't want your site to become another hacked statistic.  That's why the plugin also helps to lock down your WordPress sites. With A2 Optimized, you automatically get:

     

    • Unique WordPress Login URL
    • Automatic A2 Optimized Updates
    • ReCaptcha on WordPress Login Page & Comments

     

    Automatically accelerate and harden your existing WordPress site with A2 Optimized in a few easy steps! Or are you a new customer who wants to give our A2 Optimized WordPress a try? Just visit our WordPress Hosting page and your A2 Optimized WordPress install will come pre-installed!

    4 Comments

  • Reviewing Your Pricing Strategy

    Imagine you're launching a new product you've been working on for months. It's perfect. Your creative ad copy is going to really hit home with your target market. You even have an affordable contract for product distribution. All you need to do is slap a price down and all your hard work will mean you'll get to see money rolling in. Out of the 4 P's of the Marketing Mix (price, product, promotion and place), doesn't it seem like pricing would be the easiest one to nail down?

     

    Then you start thinking about price and it's really not so easy. Is it a unique product with few competitors where you can afford to price it a little higher? Are your potential customers going to be turned off by the high price? Are you in a crowded market place where you need to price low? What if you price too low and you can't cover your costs?

     

    It's never a bad time to review your pricing strategy. Not every pricing strategy is the right one for every business and each business can utilize multiple strategies. Here is a quick look at 6 different pricing strategies for you to consider the next time you launch a new product or decide to re-consider your current pricing.

     

    Competitor Based Pricing

     

    Just as its name infers, this strategy focuses on your competitors. What are your competitors charging? Are you able to set a price without worrying about your own costs? What are your luxury and budget competitors charging?

     

    Value Based Pricing

     

    Pricing focused on determining on how much a customer is worth to you. This can be tricky to determine at first and may require you to put some customer lifetime models together.

     

    Cost Based Pricing

     

    Determine how much your product costs to make and marking it up by a percentage or flat amount.

     

    Promotional Pricing

     

    There are a number of techniques when using promotional pricing including offering special event pricing, comparison discounting (Was $100, Now Just $75) and offering pricing well above your competitors with heavy discounts on other items.

     

    Psychological Pricing

     

    Did you know you can influence your customers' perception of your product by making the price look more attractive? Consider that the next time you upgrade to a large pop for just $.25 more.

     

    New Product Pricing

     

    Gain the attention of your market by launching the product at a very high (or very low) price and gradually lowering it (or raising it) over time.

    1 Comment

  • Older Entries