03 Mar Online Security Continues to be a Concern
Do not think that you are not vulnerable just because you don’t use NextGEN Gallery or WordPress – the fact is that ALL software can be hacked. If the US government and major corporations can get hacked, be assured that you are a much easier target. If you have an ecommerce website you must take responsibility for it. Here are a couple of recent issues you need to be aware of.
Researchers find “severe” flaw in WordPress plugin with 1 million installs
Per ARS Technica:
More than 1 million websites running the WordPress content management system may be vulnerable to hacks that allow visitors to snatch password data and secret keys out of databases, at least under certain conditions.
The vulnerability stems from a “severe” SQL injection bug in NextGEN Gallery, a WordPress plugin with more than 1 million installations. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries. Under certain conditions, attackers can exploit the weakness to pipe powerful commands to a Web server’s backend database.
My recommendation: Update your software and plugins on a regular basis – outdated software is the simplest way for hackers to get in and create havoc on your site and make you liable for password breaches, even if you don’t store credit card data on your site.
Compliance Updates for E-Commerce Sites
Are you an e-commerce business, or do you supplement your in-person sales with an e-commerce site? If so, there are important updated regulations for 2017 from Visa and Mastercard you need to know about.
To avoid non-compliance fees, make sure you disclose your business location on your site based on these guidelines:
- Visa requires that your address be displayed either on the checkout screen that shows the final transaction amount, or within the sequence of screens your customers sees throughout the checkout process.
- Mastercard requires that your address appear on your site before your customer is prompted to enter their card information.
Security concerns weigh on online shoppers