SSL

After more than a decade of development, WordPress powers nearly one-quarter of the Internet. Through its vibrant and passionate fan base of volunteer’s developers, WordPress provides power, security, stability, and convenience unrivaled by any other free blog platform.

What you may not realize is how few of the WordPress-powered sites are actually blogs. In fact, WordPress had been a go-to staple for website developers across the globe. Whether you’re building an e-commerce site, a portfolio, a niche forum, or a blog, WordPress will allow you to develop your online presence.

 

Themes

The WordPress community is what makes it so attractive to users. This CMS has a passionate community of developers at its core. One of the best ways for a website designer to build a following is by creating free themes. A well-crafted theme can mean exposure, as well as a significant number of back links, especially if the designer includes his or her site in the footer.

When searching WordPress’ theme database you will find thousands of results for free themes. No matter what style works best for your website, you will find dozens (or even hundreds) of high-quality options.

Furthermore, WordPress’ core programming means most themes are easily customizable through widgets, menus, and color selection items. As long as the designer does his or her due diligence, you’ll be able to choose how you want each page of your site to appear, even with no programming knowledge.

For small businesses, this means creating a website is relatively easy compared to the days of individually coding your own website. Designers can easily utilize a pre-built theme as the foundation and customize according to their client’s needs and preferences.

 

 

Plugins

WordPress has several plugins that can enhance a site’s functionality. Whether you are looking to start a blog, forum, e-commerce site, or a photo stream, there’s a WordPress plugin that will provide that functionality.

When making minor tweaks (or even major ones), there’s a 99% chance that a plugin can do it for you. Plugins can do anything from running SEO audits, generating XML sitemaps, to automatically resizing images and thumbnails. Did you know that there’s a WordPress plugin that allows you to include JSON information in every post?

 

 

Support

WordPress’s passionate community isn’t only helpful in providing themes and plugins, but also support. Developers are willing to help beginners master the ins and outs of the system. The platform is well documented with a large resource base to help troubleshoot almost any issue. One of the greatest parts of the WordPress community is that there is no shortage of helpful forums full of people who love to teach others how to use WordPress. To top it all off there are local meet ups for several communities worldwide that are led by passionate enthusiast who want to share their knowledge. You can find these meetings posted on WordPress.org under meetups.

 

 

Security

Since WordPress is so widely used, hackers will attempt to find security holes and exploits that will allow them to take gain access to vulnerable sites. Due to its open source nature, those exploits can be slightly easier to locate. However, there is a vested interest from the community to ensure that any security problem is patched up immediately.

Additionally, WordPress comes with a cluster of built-in and add-on security features to guarantee your site’s safety, including defense from bots, brute-force logins, cross-site scripting, and many other security holes.

WordPress continues to be an outstanding platform for bloggers around the world, but it can also be a powerful tool for building any website. If you take the time to master this platform, you can easily save time, money, and energy on the design and development of any project.

Read more

 

 

 

 

 

I am sure we can all relate to the gut wrenching feeling when working on your computer and all of sudden it needs to reboot in order to update the OS. It typically happens when you are in the midst of something very important and during the most inopportune time.

When this occurs we find ourselves frustrated and wanting to avoid the whole issue altogether by delaying the reboot. Hence why we wanted to share a nice solution which is through CloudLinux whom has a feature called KernelCare which happens to be an awesome application that allows for kernel patching without the hassle of reboots! Who could imagine that a simple single line of code could be so powerful and alleviate unwanted stress.

System administrators who are constantly monitoring their server for the latest security patch don’t have to wait around anymore. KernelCare is able to automatically check for the latest patches and apply them as quickly as possible. You also never have to worry about live patch updates slowing down your server either. KernelCare does not only promise superb server performance, but saves you time and money.

KernelCare ensures that you can seamlessly run your website 24/7 which we all know brings relief to many.

Read more

Stands for “Secure Sockets Layer.” SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to “log in” on a website, the resulting page is secured by SSL.

SSL encrypts the data being transmitted so that a third party cannot “eavesdrop” on the transmission and view the data being transmitted. Only the user’s computer and the secure server are able to recognize the data. SSL keeps your name, address, and credit card information between you and merchant to which you are providing it. Without this kind of encryption, online shopping would be far too insecure to be practical. When you visit a Web address starting with “https,” the “s” after the “http” indicates the website is secure. These websites often use SSL certificates to verify their authenticity.

While SSL is most commonly seen on the Web (HTTP), it is also used to secure other Internet protocols, such as SMTP for sending e-mail and NNTP for newsgroups. Early implementations of SSL were limited to 40-bit encryption, but now most SSL secured protocols use 128-bit encryption or higher.

Providers

Worldwide, the certificate authority business is fragmented, with national or regional providers dominating their home market. This is because many uses of digital certificates, such as for legally binding digital signatures, are linked to local law, regulations, and accreditation schemes for certificate authorities.

RankIssuerUsageMarket share
1Comodo8.1%40.6%
2Symantec5.2%26.0%
3GoDaddy2.4%11.8%
4GlobalSign1.9%9.7%
5IdenTrust0.7%3.5%
6DigiCert0.6%3.0%
7StartCom0.4%2.1%
8Entrust0.1%0.7%
9Trustwave0.1%0.5%
10Verizon0.1%0.5%
11Secom0.1%0.5%
12Unizeto0.1%0.4%
13QuoVadis< 0.1%0.1%
14Deutsche Telekom< 0.1%0.1%
15Network Solutions< 0.1%0.1%
16TWCA< 0.1%0.1%

 

 

 

There is a good news for all guys who are passionate about using SSL but don’t ant to spend money. Let’s give LetsEncrypt a try.

Each certificate is issued for 90 days and then you will have to reissue them, that too is free. 🙂

 

Just contact your provider for the same as they may have a cPanel/Plugin setup for you to get it in a click. 🙂

Read more

PCI standard or Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

Basics of getting PCI Compliant.
–+-
1) First of all, if is hardly possible of a Shared hosting environments as they will not mitigate certain threats coz others customers will have multiple issues connecting to the services.

2) If you own a Dedicated server/VPS you are good to go.

3) There are tonnes of companies who provide PCI scan reports and will finally get you the PCI Compliant seal that you can proudly put on on your site.

4) There are major three type of ratings that you will see, High >> Red, Normal >> yellow and Pass >> green.

High are potential threats and needs to be mitigated at the earliest.

Medium and pass can be ignored, as they don’t really matter.

5) There is a good point that you wanna keep in mind, if you are running Old CentOs versions or any other flavours like Ubuntu 12.x or below you should seriously upgrade first and then submit for the PCI scan.

For guys with CentOS servers 6.8 and above you really do not need to do anything special. Redhat and CentOS come in with a feature called backporting, and they down;load the patched on the current builds so no matter what comes out you are alwaye secured. You may want to call in your host and get them to check if all the CVE are backported.

Get the results that they give you and provide the same to the scanning commany so that they can whitelist the results oin the next scan. This way it may take a couple of scans but you will get the goal at hand. 🙂
—-

To whom does the PCI DSS apply?

The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data

Am I PCI compliant if I have an SSL certificate?

No. SSL certificates do not secure a web server from malicious attacks or intrusions. High assurance SSL certificates provide the first tier of customer security and reassurance such as the below, but there are other steps to achieve PCI compliance.

A secure connection between the customer’s browser and the web server
Validation that the website operators are a legitimate, legally accountable organization

What is a vulnerability scan?

A vulnerability scan involves an automated tool that checks a merchant or service provider’s systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and web applications based on the external-facing Internet protocol (IP) addresses provided by the merchant or service provider. The scan identifies vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company’s private network.

References:
[1]. https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
[2]. https://www.pcicomplianceguide.org/pci-faqs-2/#2

Read more