A2 Posting

  • Shellshock Lessons for Developers

    For anyone who doesn't know, Shellshock is the name of a particularly nasty vulnerability in Bash, the standard shell for most Linux distributions (and other Unix-like systems.) As of press time, new vulnerabilities due to this bug are still being discovered. Some distributions have only released patches that fix part of the problem, and a vast number of Internet connected computers are unpatched and vulnerable. There's bound to be some negative outcomes from a security problem like this, but let's see if we can scrape out some positive results.

    The first lesson to take from this problem is that no software, no matter how ubiquitous, is guaranteed free from vulnerabilities. The Shellshock bug in Bash has been there for a long time. It looks like over a decade. This isn't a result of an overwrought, unmaintainable mess receiving a poorly reviewed patch like the Heartbleed bug in OpenSSL. This is code that has been there for a long time, and everyone from Google to Facebook to Apple has been using Bash and not found it. Don't take for granted that because some program is standard and popular that it is safe. Because it isn't. That means, don't assume you can just stick with the version you have forever and not worry about updates down the road.

    It also means, don't trust software unnecessarily. Don't believe that any piece of software is a locked door, and you can be sloppy behind it assuming nobody will ever get past it. In the case of Shellshock, most people probably didn't even realize they were trusting Bash with their CGI setups, but they were. If you're using CGI to execute your web application, you're trusting Bash (or some other shell) to be free of vulnerabilities that would allow remote execution. It's not just CGI, though; any PHP script that uses shell_exec could be vulnerable. Or an application written in another language which uses a form of shell_exec. Remember when your paranoid, security-minded friend told you not to use shell_exec in your applications? This kind of thing is why.

    That's the third and final lesson I want to mention right now. When the security community says that a programming practice is bad (such as shel_exec or eval), believe them. You may think you know what you're doing, and you'd never allow your harmless use of shell_exec to cause a problem. But you're wrong, and it's not only up to you. We can all make mistakes, and we can all be the victim of others' mistakes. You can reduce the target on your own back by avoiding patterns that are prone to vulnerability.

  • A2 Optimized - 6X Faster WordPress Page Loads

    It shouldn't come as a surprise WordPress users really care about page load speed and website security. After all, page load speed impacts everything from your bounce rates, conversion rates, page views and Google rankings. On the security side, over 10 million websites are hacked each year and the total cost to fix those hacks are rapidly escalating.

     

    We understand your concerns! That's why our team of WordPress optimization experts developed A2 Optimized. A2 Optimized is a WordPress plugin, exclusive to A2 Hosting customers, providing auto-configuration for your site so you get the best WordPress performance. Thanks to months of testing multiple combinations of compression and caching solutions, we've ended the guesswork of how to get the fastest WordPress page loads.

     

    We don't want your site to become another hacked statistic.  That's why the plugin also helps to lock down your WordPress sites. With A2 Optimized, you automatically get:

     

    • Unique WordPress Login URL
    • Automatic A2 Optimized Updates
    • ReCaptcha on WordPress Login Page & Comments

     

    Automatically accelerate and harden your existing WordPress site with A2 Optimized in a few easy steps! Or are you a new customer who wants to give our A2 Optimized WordPress a try? Just visit our WordPress Hosting page and your A2 Optimized WordPress install will come pre-installed!

    4 Comments

  • Reviewing Your Pricing Strategy

    Imagine you're launching a new product you've been working on for months. It's perfect. Your creative ad copy is going to really hit home with your target market. You even have an affordable contract for product distribution. All you need to do is slap a price down and all your hard work will mean you'll get to see money rolling in. Out of the 4 P's of the Marketing Mix (price, product, promotion and place), doesn't it seem like pricing would be the easiest one to nail down?

     

    Then you start thinking about price and it's really not so easy. Is it a unique product with few competitors where you can afford to price it a little higher? Are your potential customers going to be turned off by the high price? Are you in a crowded market place where you need to price low? What if you price too low and you can't cover your costs.

     

    It's never a bad time to review your pricing strategy. Not every pricing strategy is the right one for every business and each business can utilize multiple strategies. Here is a quick look at 6 different pricing strategies for you to consider the next time you launch a new product or decide to re-consider your current pricing.

     

    Competitor Based Pricing

     

    Just as its name infers, this strategy focuses on your competitors. What are your competitors charging? Are you able to set a price without worrying about your own costs? What are your luxury and budget competitors charging?

     

    Value Based Pricing

     

    Pricing focused on determining on how much a customer is worth to you. This can be tricky to determine at first and may require you to put some customer lifetime models together.

     

    Cost Based Pricing

     

    Determine how much your product costs to make and marking it up by a percentage or flat amount.

     

    Promotional Pricing

     

    There are a number of techniques when using promotional pricing including offering special event pricing, comparison discounting (Was $100, Now Just $75) and offering pricing well above your competitors with heavy discounts on other items.

     

    Psychological Pricing

     

    Did you know you can influence your customers' perception of your product by making the price look more attractive? Consider that the next time you upgrade to a large pop for just $.25 more.

     

    New Product Pricing

     

    Gain the attention of your market by launching the product at a very high (or very low) price and gradually lowering it (or raising it) over time.

  • Staying Away From WordPress Security Plugins

    When searching through all of the potential plugins to install on your WordPress site, you may notice that many of the popular plugins have to do with security.  This may seem very tempting to let a plugin handle all of your security needs for your site but, security plugins forget one important fact about the web:  if your site is too slow for people to navigate it, people won’t visit your site.  

     

    Most Security plugins add lots and lots of rules into your .htaccess file which the web server has to parse for every page load (even for static .html files). The longer .htaccess gets, the slower the site will get.  I’ve seen as many as 900 rules in a single .htaccess file from WordPress security plugins: needless to say, this site was one of the slowest that I have ever seen.  There are better ways to secure a WordPress site.  When security plugins are not writing hundreds of .htaccess rules, many of them use large amounts of CPU power to search through lists of bots and IP addresses of potential hackers.  They also write to log files constantly, which clogs up the performance of your server.  If it has Security in the name, chances are that it will slow down your site.

     

    How do you secure our site without security plugins?

     

    The simplest and most affective way to secure your site is to use a strong admin username and password.  Most of the time, the username for the site admin is drumroll please…. “admin”.  Using the same admin username as everybody else makes it easy for botnets to hack your site, since all they need to do is figure out your password (which is probably “pass” or “password” J.K... right? ) and they’re in.  

     

    Moving your login page is the simplest way to prevent bots from attempting to log into your site.  You can use “Rename wp-login.php” to change the URL of your login page, then bots will have no idea where to go to even attempt logging in.  You can also name the login page anything you want by a setting in wp-admin (Settings > Permalinks > Login url) .  So if you really want, your login page can be http://example.com/BotsCanNeverFindMyLoginPage/.

     

    Try to stay away from plugins and themes that allow for arbitrary uploading of files.  Some themes allow PHP files to be uploaded and executed.  In general, be careful when choosing plugins and themes.  Also, visit our Knowledge Base to learn more about how to secure your WordPress Site, and check out how to optimize your WordPress site with A2 Optimized.  And if you really need to use a security plugin: check out our helpful Knowledge Base articles on configuring WordPress plugins.

     

    For more advanced options for securing your site visit http://codex.wordpress.org/WordPress_Housekeeping. And for more information about moving your WordPress page to A2 Hosting, please visit our WordPress Hosting page.  

    2 Comments

  • Bid Your First Page Estimate On Best Converting Keywords

    When it comes to your marketing efforts, it's impressive how often the 80/20 rule....rules. That is 80% of production comes from just 20% of the total source. This could mean 80% of your affiliate sales come from 20% of your affiliates or 80% of content views on your site are from only 20% of your pages.

     

    In my experience, the rule is often closer to a 95/5 rule. This is especially true from the AdWords campaigns I have run. You can have 1000's of optimized ad groups, but the reality is only a select few of your keywords are actually the ones converting. If this is the case for your AdWords campaign, and I bet it is, doesn't it make sense to spend the majority of your budget on those keywords? More importantly, doesn't it make sense to do everything you can to make sure that your ads are being triggered when your top converting keywords are searched?

     

    AdWords makes it simple to keep your most successful keywords above your competitors. Just go to your keyword tab and sort by Status. The keywords below the first page estimate will be sorted at the top. I highly recommend that you go through your keywords, especially your top converting keywords, and making sure that you are bidding them up to the first page estimate. In fact, if the cost per click and cost per conversion makes sense on a CPA basis, I would bid the amount AdWords recommends in their above the search results estimate.

     

    If you're running a campaign with numerous keywords, I also recommend placing your top converting ad groups into a separate campaign. That way it's even easier to keep track of your most successful keywords and to keep those bids at a level where your ads are showing up. Otherwise you're missing out on a number of conversion opportunities.

  • Older Entries