Holiday Days and Hours Update

Holiday Days and Hours Update

The office will be closed from December 22nd until Jan 2nd, although I could be available as early as December 30th. Leaving town for Christmas. Although ALL remote services will still be available. I’m just not taking any jobs that require me “physically” being there, or any equipment/laptop drop-offs. I will however have a computer with me, and will answer all emails and texts, and will be able to perform any remote services, like Windows issues, Website issues, etc. …any of the things I would normally do remotely. So please don’t hesitate to call just because the hours say closed, there was no field to add an explanation on Yelp or Facebook. 

FROM EVERYTHING I.T.!

Website Technology Changes for Video Playback, Important!

If you have a website, or you are involved in web development, you know that things are constantly changing, right? Do you remember not too long ago before HTML 5 and CSS 3 came out and brought along all the wonderful responsive website technology that made things so nice for cell phones and tablets? Do you remember that once upon a time, we had to have a .mobile TLD (top level domain) for your URL so you could have an entire separate website for cell phones? And then came along HTML5 and CSS3 and all this wonderful new stuff that removed the scroll bar from the bottom of the webpage, and now things just AUTOMATICALLY resize depending on screen size? It seems like ages ago, but really it wasn’t that many years ago. Things change rapidly when it comes to internet technology. Sometimes, for those of us who work in it, it’s difficult to keep up with.

Anyway, today I have some information about the WebKit engine. WebKit engine is the technology used for Safari browsers, and the Kindle browser. (why can’t they just use the same HTML as everyone else, right?) Anyway, there are some new changes that have to do how AUTOPLAY on videos works. So if you have video on your website, you are probably going to want to study this issue. I have read that the changes that Apple made, Chrome will also be making in early 2018. The main thing is that AUDIO will not autoplay any more. If you want sound, you have to have controls enabled. Only videos without sound will autoplay. If you want to read about the OSX and iOS Webkit changes, you can read about them here: https://webkit.org/blog/7734/auto-play-policy-changes-for-macos/

WordPress ANOTHER update!

UPGRADE to WordPress 4.9.1

This update is a Security and Maintenance release, fixing 11 bugs and 4 security holes, so go get it now. If you want to read what the specific changes are, read the changlog: https://make.wordpress.org/core/2017/11/28/wordpress-4-9-1-scheduled-for-november-29th/ basically, this is the list:

  • #42573: File caching affecting users’ ability to use the plugin and theme file editors.
  • #42574: MediaElement upgrade causing JS errors when certain languages are in use.
  • #42579: Incorrect logic in extract_from_markers().
  • #42454: Unable to translate Codex URL in theme editor.
  • #42609: Theme editor cannot edit files when running on a Windows server.
  • #42628flatten_dirlist() doesn’t play nice with folders with numeric names.
  • #42634DB_HOST socket paths with colons not parsed correctly.
  • #42641: On multisite upgrade the wp_blog_versions table doesn’t get updated
  • #42673: Themes page throws console error when there is only one installed theme.

In addition, one fix for a bug introduced in WordPress 4.7 will be included in 4.9.1:

  • #42242lang attribute in the admin area doesn’t reflect a user’s language setting.
Holiday Days and Hours Update

SSL Setup, 20% Off CYBER MONDAY!

HTTPS-Secure

GET SSL INSTALLED ON YOUR WEBSITE FOR 20% DISCOUNT ON CYBER MONDAY!

If there is another service you need, mention this ad, and see what other kind of specials are available this one day only! 

WordPress 4.9 Released

WORDPRESS VERSION 4.9 UPDATE RELEASED

Be sure to update your WordPress sites and keep them secure. (and get all the wonderful additional features they add in major version releases). Today version 4.9, nick-named “Tipton” was released. It has a lot of new features, new widgets, a lot of customizer improvements, coding enhancements, and much more, GO READ ABOUT IT if you are interested. It is sitting there on your dashboard, waiting for you to run the update, so take the 5 minutes and go do it. Don’t forget to backup both the files and the database first, so if something on your site for some reason is not compatible, you can restore it to the prior configuration.

GET HELP

If you need any help, Everything I.T. has wonderfully affordable WordPress annual maintenance packages that cover updating and backups, and in some cases restoration from a successful hack. (If someone hacks your site, we’ll put it back for you, a feature of the advanced maintenance package) We can also install SSL on your site for around $75, and we also have a full security configuration as well that covers putting a firewall, setting blocking of known blacklists, and about 30 other deterrent features that are wonderful, and entirely worth the price. CALL TODAY!

WordPress Plugin Removed From Repository for Crypto Mining Script

So I haven’t posted in a while. And I’m not sure how this type of formatted post will display on Facebook, so it’s kind of test.

Anyway, today I found some information that is kind of different, and I think you will find it very interesting. Today, WordFence (a security plugin authoring company) blogger wrote about a plugin that was taken down from the WordPress repository. It was a plugin called “Animated Weather Widget by weatherfor.us ” and what it did on the website frontend where it was installed, I don’t really know. But it’s what it did in the background/backend that is very interesting. Apparently this plugin ran a script that installed an iframe script that basically turned the whole PC into a crypto currency mining computer, using ALL the resources of any client computer that visited a website that had the plugin installed. Now you should understand that the website owners themselves had no knowledge of this, so you can’t really fault them. Eventually they will discover (hopefully) that the plugin no longer exists (or hopefully they will test their own site) and will remove it from their site, but if you ever go a website, and your computer fan starts running like crazy, then you are going to want to leave that website immediately.

If you want to go read the whole amazing story, you can go here and read it on the WordFence website, but I downloaded the amazing story on video for you : WordPress Plugin Banned for Crypto Mining

Everything I.T. is concerned about your safety on the internet, and we post discoveries like this often on our blog. Please register, please comment, and/or please share.

 

Equifax Breach, did it end there?

Most of you have heard about the equifax breach by now. But did you know that Equifax has another website that is an employment income verification site, that has all of most your employment data, employment dates, SALARY INFORMATION, and much more, and shows how it can be accessed, sometimes with a simple email address? This is information that has already been breached, the realistically could allow someone to fake a tax return (the should belong to you)

October is national security month. And you should really read this article, it’s quite alarming, and people need to be aware. https://krebsonsecurity.com/2017/10/equifax-breach-fallout-your-salary-history/ Krebs on Security is a great source of security, and breach information, and is usually very timely in reporting as well. The only good thing is The Work Number site doesn’t seem to work real well, and either crashes, or fails to retrieve what’s there.

Black Monday for Wifi

Today is BLACK MONDAY: WiFi is No Longer Secure”

Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability has also emerged today. This is a bad day for security. 

There is a lot of very technical information, which most of you won’t understand, but if you techies want to read the full article, WordFence wrote it much better than I ever could. You can catch that post here: WORDFENCE WPA2 ENCRYPTION CRACKED!  

Just to show you how quickly a hacker can now get onto a wifi network, and get passwords, and much, much more, I’ll add the Video here so you don’t have to click to watch the video. 

 I will follow up this post, as soon as I learn how to secure wifi again. As it is, everyone is using WPA2, it was supposed to be the unbreakable security method. But I’m sure they will tell us quickly how to block these kind of attacks, and I will pass it on to you as soon as I find out myself. (because information should be shared) 

YouTube Shortcuts! (Windows)

YouTube Keyboard Shortcuts – Windows

A valuable table of video shortcut keys. Ever want to pause that video at a certain spot, and can’t get the mouse fast enough? This is better!

ACTION SHORTCUT
play/pause spacebar, or “k”/td>
rewind 5 seconds left arrow
rewind 10 seconds “j”
advance 5 seconds right arrow
advance 10 seconds “l” (little ‘L’ )
skip to a division of video (middle, 1/4, etc) numbers 1-9; 5=.5=50% or half-way
(top, not 10-key pad)
restart zero (top, not 10-key pad)
fullscreen f / Esc
go to beginning/end HOME / END
volume up/down arrow
increase speed Shift+> or Shift+.
decrease speed Shift+< or Shift+,
adv. 1 frame (when paused) period
back 1 frame comma
mute m
captions c
captions background b
prev vid in playlist shift + p
next video shift + n

WordPress Update

WordPress 4.8.2 is released. Time to update core files again. Keep them current, and stay secure out there!

If you would like to know what the changes are (and they are always good…WordPress is one program that doesn’t send out updates unless they actually accomplish something, and it’s typically quite a bit!) …you can read about them here: [su_permalink target=”blank”]https://codex.wordpress.org/Version_4.8.2[/su_permalink]  Just for a highlight, I will say that on the SECURITY side, there are 5, (not 1, but FIVE) cross-site scripting (XSS) vulnerabilities plugged in this update. So for security reasons alone, you should update. Not to mention that there are typically great functionality upgrades as well. Don’t forget to backup first, before doing any CORE updates (and themes also usually) …the FILES AND THE DATABASE! …just in case something doesn’t work right with your server. The one time you don’t do a backup, you will probably  need it, because that’s just how life works. 🙂

Sign up for email updates and get valuable posts in your inbox if you like. It’s not like we write 10 a day…sometimes not even 1 a week, but we do try to post the important stuff.

October Deadline: Non-SSL sites will be flagged INSECURE

October Deadline: Non-SSL sites will be flagged INSECURE

HTTPS-Secure[edsanimate_start entry_animation_type= “rollIn” entry_delay= “0.5” entry_duration= “1.5” entry_timing= “ease” exit_animation_type= “” exit_delay= “” exit_duration= “” exit_timing= “” animation_repeat= “1” keep= “yes” animate_on= “load” scroll_offset= “” custom_css_class= “”][edsanimate_end]You probably heard about this, but probably thought what happened was already done and over with. It’s not. There is an October deadline when all Google (I.E. CHROME) browsers will flag all non-SSL sites as insecure. In order to not be flagged you will need to have a certificate installed, activated, and configured so your site redirects to a HTTPS:// URL prefix instead of HTTP. If you want to read an article about it, here’s one (you can Google it and find more I’m sure) google-reminds-website-owners-to-move-to-https-before-october . It is supposed to only flag websites that have password or credit card form fields on the site.

But, it is also important to recognize that even if you don’t have password or credit card form data fields on your website, it is still beneficial to install SSL on your site for the SEO benefit alone. If Google is penalizing the page rank for non-encrypted sites, and they are, you really can not afford to not install it, can you? Do you want to be on page 4 or 5 when people search for your type of business on Google? Because if you don’t put SSL, your website will go to the end of the list. Sorry. Don’t shoot the messenger.

There are many different types of SSL certificates out there that you can get for a whole range of prices, ranging from $10 to $500, depending on your need. The ones that come from your host tend to cost more. If you just want a cheap one, you can get one here: https://www.ssls.com/ . The $4.99/yr one is only if you purchase that cert for 3 years, for around $15 total. If you just get it for one year, it’s $8.95 I think.

Everything I.T. will install one for $75.

It’s Finally Here! iOS Sceensharing!

It has been a long time gripe that Tech Support has been able to jump on and help anyone, anywhere, …-as long as they were not on an iPhone or iPad. It was a limitation of Apple, not the apps or programs that provide screen-sharing abilities. Apple wasn’t willing to break that security, no matter how secure the app. But I guess Teamviewer, which is fully encrypted, and the only HIPAA compliant app/program, somehow got through to them finally. And Teamviewer notified us that has changed today. Supposedly Teamviewer now fully supports iOS devices. I’m dying to test it out and see if it’s fully functional. So if you have an iOS device and want to do a quick test with me, LET’S DO IT. Give me a call, or just let me know in a post, comment, or whatever floats your boat. 🙂 Here is the link to the new version of the Teamviewer app (or just get it from Apple on your device) https://itunes.apple.com/us/app/teamviewer-quicksupport/id661649585

I KNOW who a couple of you are, by the way…not all, but I do know some of you who I haven’t been able to help on your mobile apple devices…hopefully, this is a new era. Yay!

XSS (cross-site scripting) Vulnerability in Woocommerce plugin!

As always, Everything I.T. is doing our best to keep you informed and secure so you can protect your websites from vulnerabilities on the web. The NEWEST ONE: There has been a new woocommerce vulnerability found in a WooCommerce plugin called Product Venders     If you want to read the whole article, where the vulnerability occurs, the workaround, etc, then you can read it on WordFence here: XSS VULNERABILITY FOUND ON WOOCOMMERCE