Website Butlers http://www.schecherconsulting.com Arizona Website Development and Design Tue, 05 May 2020 01:49:26 +0000 en-US hourly 1 https://wordpress.org/?v=5.5.1 http://www.schecherconsulting.com/wp-content/uploads/2019/08/cropped-FAVArtboard-1@2x-32x32.png Website Butlers http://www.schecherconsulting.com 32 32 How to: Make Your Own N95 Mask – Save Lives & Money http://www.schecherconsulting.com/how-to-make-your-own-n95-mask-save-lives-money/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-make-your-own-n95-mask-save-lives-money Sun, 03 May 2020 21:13:49 +0000 http://www.schecherconsulting.com/?p=6631 How to make Your Own N95 Mask – Easy Tutorials for Everyone.? I’m sure you’ve heard the news by now, large chain stores like Wal Mart, Costco & Lowes are starting to turn people away at the door, specifically turning away those who aren’t wearing masks. Since we’re in the middle of a worldwide crisis, [...]

The post How to: Make Your Own N95 Mask – Save Lives & Money appeared first on Website Butlers.

]]>
How to make Your Own N95 Mask – Easy Tutorials for Everyone.?

I’m sure you’ve heard the news by now, large chain stores like Wal Mart, Costco & Lowes are starting to turn people away at the door, specifically turning away those who aren’t wearing masks. Since we’re in the middle of a worldwide crisis, sometimes finding a mask is a lot harder than you would think.

Suppliers all over the world are running out of products and materials to keep up with demand. Front line helpers like: Nurses, Physicians, Fire Fighters, and Police Officers are reusing the same disposable masks for days at a time. We think this is unacceptable. And we want to do whatever we can to help.

That’s why Website Butlers has teamed up with Nationwide Medical Supplies. We are helping Nationwide not only distribute N95/KN95 masks, but we are also educating people who may not have the financial means (due to job loss or income reduction) to keep their families safe.

>> Click Here to Order Your N95/KN95 Masks from Nationwide Medical Supplies Now

We have curated a few of our favorite tutorials on how to make N95 Masks for you and your family. All of these tutorials are very easy to follow and can be a fun activity to do with your family during lockdown.

First thing’s first: Do you need to order FDA/CE Approved N95/KN95 Masks?

Nationwide Medical Supplies has masks in stock, and they ship same day. They also carry electronic thermometers, gloves, gowns, and various other medical supply products. They have everything your family needs to weather this storm.

>> Click Here to Order Your N95/KN95 Masks from Nationwide Medical Supplies Now

Nationwide Medical Supplies donates a portion of their proceed to help feed families in need, and also to get masks into the hands of the medical professionals who need them. Their prices are great, and their customer service is unmatched.

ProperFit Clothing (Video Tutorial): How to Make N95 Face Mask

ThomasNet (Article Tutorial): How to Make N95 Masks

There are two basic types of respirators: air filtering and air-supplying. Air filtering respirators (such as an N95 respirator, or mask) stop contaminants, bacteria, and other matter from reaching your nose and mouth. Air supplying respirators supply the user with clean air from a tank or other uncontaminated source (for example an SCBA). N95 respirators are one of the products most in demand as healthcare workers across the U.S. are dealing with shortages while treating COVID-19 infected patients.

In this article, we’ll be covering the basics around manufacturing N95 respirators, including what they’re used for, how they’re made, and what testing methods are used on them…

Read the Full Article Here

Reuters: How to Make a Face Mask – 5 Different Ways

As we said in the beginning of this article, our partner Nationwide Medical Supplies has masks in stock and ready to ship today, and more masks on the way. If you need FDA/CE certified masks, please contact Nationwide today.

>> Click Here to Order Your N95/KN95 Masks from Nationwide Medical Supplies Now

We hope you found this article helpful. As always, please feel free to call us if you have any questions or suggestions.

 

The post How to: Make Your Own N95 Mask – Save Lives & Money appeared first on Website Butlers.

]]>
Metro Meds is Now Jars Cannabis http://www.schecherconsulting.com/metro-meds-is-now-jars-cannabis/?utm_source=rss&utm_medium=rss&utm_campaign=metro-meds-is-now-jars-cannabis Sun, 16 Feb 2020 03:48:17 +0000 http://www.schecherconsulting.com/?p=5668 Metro Meds is now Jars Cannabis. One of Arizona’s largest dispensaries has rebranded, and Website Butlers helped them get there. Over the past year, we’ve been working with Metro Meds (now Jars Cannabis) helping to bring their vision to life. We’ve worked with branding professionals, digital strategists, marketing experts, and a whole slew of Jars [...]

The post Metro Meds is Now Jars Cannabis appeared first on Website Butlers.

]]>
Metro Meds is now Jars Cannabis. One of Arizona’s largest dispensaries has rebranded, and Website Butlers helped them get there.

Over the past year, we’ve been working with Metro Meds (now Jars Cannabis) helping to bring their vision to life. We’ve worked with branding professionals, digital strategists, marketing experts, and a whole slew of Jars employees, and carefully mapped out a successful launch strategy. Well, we’re happy to announce that phase one is done, and their company website is up.

Jars Cannabis currently has 4 open locations in Arizona and Michigan: Jars Metrocenter, Jars New River, District 3 Detroit, and Green Culture Flint. They are in the process of opening 18 more stores across Michigan, but something tells me that this is only the beginning of their journey.

Jars Cannabis Website Features

We created the Jars Cannabis website with a “mobile first” approach. Around 84% of metro meds visitors were using mobile devices. Part of our mobile first strategy was making their website as accessible as possible. With this in mind, we implemented a PWA (progressive web app), and a dummy-proof UI. By using bold calls to action, we were able to guide their users around the site in a way that feels natural and effortless.

We also created a store locator that will easily scale as they open up their next 28 stores. The locator uses the user’s GPS coordinates and searches within a 100 mile radius. At that point the user can choose between pick up and delivery (as applicable) and order their MMJ online, without ever stepping foot into a physical store.

We pride ourselves in helping dispensaries with MMJ Web Design. We understand the unique needs of every dispensary, and we understand how to meet those needs. If you know a dispensary that would benefit from expert web development, please send them our way. We’re happy to help.

 

The post Metro Meds is Now Jars Cannabis appeared first on Website Butlers.

]]>
What is Dropshipping? Making Money in 2020 http://www.schecherconsulting.com/what-is-dropshipping-making-money-in-2020/?utm_source=rss&utm_medium=rss&utm_campaign=what-is-dropshipping-making-money-in-2020 Fri, 07 Feb 2020 17:30:04 +0000 http://www.schecherconsulting.com/?p=5442 What is dropshipping? That’s a great question! Watch this video to learn more about how you can start your own dropshipping business. Shopify describes dropshippinglike this: “Dropshipping is a retail fulfillment method where a store doesn’t keep the products it sells in stock. Instead, when a store sells a product using the dropshipping model, it [...]

The post What is Dropshipping? Making Money in 2020 appeared first on Website Butlers.

]]>
What is dropshipping? That’s a great question! Watch this video to learn more about how you can start your own dropshipping business.

Shopify describes dropshippinglike this:

“Dropshipping is a retail fulfillment method where a store doesn’t keep the products it sells in stock. Instead, when a store sells a product using the dropshipping model, it purchases the item from a third party and has it shipped directly to the customer. As a result, the seller doesn’t have to handle the product directly.

The biggest difference between dropshipping and the standard retail model is that the selling merchant doesn’t stock or own inventory. Instead, the seller purchases inventory as needed from a third party—usually a wholesaler or manufacturer—to fulfill orders.”

Website Butlers builds dropshipping stores for clients who want to start a business, but may not have the financial resources to manufacture their own products.

What are my dropshipping options?

We make it very simple to get started with a very low cost-to-market. All of our dropship sites start at $99, and that includes installation and the initial inventory load. We source all of our products from highly rated sellers on Ali Express, so there are no additional fees from the distributor.

We will create your site using any niche you want; however, for the fastest turnaround, you can choose from any of our existing product lines.

We do not typically choose highly competitive verticals. We look specifically for product categories that have low-competition, yet high sales volume. For example, one of our sites makes over $3,500/mo selling Arduino and IOT devices and kits. There are not a lot of sellers out there banking on Arduino kits, in fact, not many sellers know that Arduino kits exist. But we do. And so do buyers.

Do you want to learn more about our dropshipping websites? Please contact us today: support@www.schecherconsulting.com or 877-WEB-FIXR.

The post What is Dropshipping? Making Money in 2020 appeared first on Website Butlers.

]]>
Website Giveaway for #WebsiteWednesday – SockStyle.co http://www.schecherconsulting.com/website-giveaway-for-websitewednesday-2/?utm_source=rss&utm_medium=rss&utm_campaign=website-giveaway-for-websitewednesday-2 Wed, 11 Sep 2019 03:58:30 +0000 http://www.schecherconsulting.com/?p=2179 In this week’s #WebsiteWednesday giveaway, we have an amazing website! This week, we’re giving away one of our favorite dropship sites called “Sock Styleo” – A Silly Sock dropship site. All of the products are shipped directly from the manufacturer using Ali Express. Selling socks online has made budding entrepreneurs millionaires virtually overnight! Some competitor [...]

The post Website Giveaway for #WebsiteWednesday – SockStyle.co appeared first on Website Butlers.

]]>
In this week’s #WebsiteWednesday giveaway, we have an amazing website! This week, we’re giving away one of our favorite dropship sites called “Sock Styleo” – A Silly Sock dropship site. All of the products are shipped directly from the manufacturer using Ali Express.

Selling socks online has made budding entrepreneurs millionaires virtually overnight! Some competitor sites ring in 2 orders every minute, all day, every day. With a little bit of social media TLC, you can start making some serious money selling socks. Over the past 4 years, unique sales of socks has more than quadrupled in popularity, and it’s only getting better.

Website Features:

  • Responsive Design
  • WooCommerce Shopping Cart
  • Full Dropship Inventory with hundreds of products
  • PayPal/Stripe Ready
  • SEO Friendly
  • Fast Loading
  • Automatic Pricing and Inventory Updates
  • sockstyle.co domain INCLUDED!

Why are we doing this Website Giveaway?

We want everybody to have the opportunity to own their own business, and running a dropship site is the perfect entry point for budding entrepreneurs.

Website Giveaway Rules:

  1. Visit one of our social media pages: Twitter, Facebook, Instagram, or LinkedIn.
  2. Like our page / Follow us
  3. Share our post (or download an repost) using the hashtag #WebsiteWednesday
  4. Winner will be announced on Thursday at noon (MST timezone) on all social platforms

You can do share as many times as you’d like, each share is an entry into our website giveaway. If you do not already have a hosting account, we recommend getting something setup through Godaddy or another great service provider. Otherwise, we will host your site for you for free!

Let’s sock up and get going!

So, now that you know the rules, let’s get started! REMEMBER: You get extra points for tagging your friends, so tag away! If you don’t know about selling socks, that doesn’t matter, this is a perfect entry-level website!

The post Website Giveaway for #WebsiteWednesday – SockStyle.co appeared first on Website Butlers.

]]>
Geofencing vs Beacons – Which option is best for you? http://www.schecherconsulting.com/geofencing-vs-beacons-which-option/?utm_source=rss&utm_medium=rss&utm_campaign=geofencing-vs-beacons-which-option Thu, 29 Aug 2019 19:53:29 +0000 http://www.schecherconsulting.com/?p=1857 Geofencing vs Beacons – Which one is right for your business??It seems like more and more of our clients are asking us about proximity based marketing, so I wanted to put together this quick post that outlines some of the benefits of each option. Geofencing and Beacons each have specific use cases that benefit each [...]

The post Geofencing vs Beacons – Which option is best for you? appeared first on Website Butlers.

]]>
Geofencing vs Beacons – Which one is right for your business??It seems like more and more of our clients are asking us about proximity based marketing, so I wanted to put together this quick post that outlines some of the benefits of each option. Geofencing and Beacons each have specific use cases that benefit each business differently. Hopefully this post will help you decide which direction is right for your business. As always, feel free to contact us with any questions.

Geofencing vs Beacons – The Breakdown

What is your objective?

Before deciding on which proximity based marketing method to use, you should have a good idea of what you are trying to accomplish. For example, are you a restaurant that wants to notify patrons about menu specials or happy hour deals? Or, are you a realtor who needs clients to get specific information while visiting a property. Always create a strategy before implementing your plan.

Do you understand the infrastructure?

One of the common misconceptions of using proximity based tech is how proximity interacts with the your potential and existing clients. How is your message going to be delivered to your users?

Mobile App: The most surefire way to ensure your clients will receive your proximity based content is via a mobile application. This way you can build the entire user experience from top-to-bottom without relying on any piggybacking or unnecessary 3rd parties. (our recommendation for fast mobile app deployment with proximity based features is BuildFire).

Advertising Channels: Services like GroundTruth and Propellant are 2 of my favorite advertising channels, as they work within existing apps, to provide an integrated solution by serving specific ads to people within a defined geofenced area. Both companies work with hundreds of thousands of apps and websites.

Beacons:

Beacons are physical NFC devices that communicate wirelessly with mobile devices. They communicate by transmitting a signal that your phone receives, triggering a notification via mobile app. Most companies use NearBee app to communicate with beacons, considering there are already millions of NearBee users; however, over the past couple of years, beacon marketing’s limitations have proven to be their downfall. Popularity of beacon advertising is shrinking due to Google Nearby being decommissioned and geofencing’s rising popularity.

Geofencing:

Geofencing uses your phones specific location and does not require any hardware beacons, and can be combined with existing apps, new custom apps, marketing platforms, and even peer-to-peer (think: friends near me). We believe that geofencing is the ideal solution for companies that are trying to target potential clients from various locations that they may not have access to place hardware (for example, Grocery Store A might want to tell Grocery Store B customers about their special weekend deal, OR, the Sandwich shop across the street from the college may want to advertise their lunch special to local students).

The fact is, geofencing has risen in popularity due to the ease of use and scalability.

Our Recommendations:

We have been loyal users of Beaconstac for a while now. Not only because they have a robust API that easily integrates into mobile apps, but because they work with both geofencing AND with beacons. We set up beacons for one of our retail clients last year and they loved it.

Our clients were able to send a welcome message when customers entered their lobby, and another notification of “Today’s Deals,” and finally a “See ya next time!” alert when they left.

Impending Issues: The only issue we’ve had is the beacon batteries running out, and when they do, they’re somewhat difficult to replace. Also, there’s no alert when a beacon goes offline for any reason. We intermittently faced issues with notifications being sent multiple times during a single visit, etc. Now, we’re rolling out a geofencing option that works even better.

 

The post Geofencing vs Beacons – Which option is best for you? appeared first on Website Butlers.

]]>
Website Giveaway for #WebsiteWednesday http://www.schecherconsulting.com/website-giveaway-for-websitewednesday/?utm_source=rss&utm_medium=rss&utm_campaign=website-giveaway-for-websitewednesday Wed, 28 Aug 2019 18:14:20 +0000 http://www.schecherconsulting.com/?p=1826 We’re starting a new weekly website giveaway called #WebsiteWednesday! This week, we’re giving away one of our favorite dropship sites called “Wubba Lubba Co” – A Rick & Morty themed dropship site. All of the products are shipped directly from the manufacturer using Ali Express. Rick & Morty is a cartoon from Adult Swim, and [...]

The post Website Giveaway for #WebsiteWednesday appeared first on Website Butlers.

]]>
We’re starting a new weekly website giveaway called #WebsiteWednesday! This week, we’re giving away one of our favorite dropship sites called “Wubba Lubba Co” – A Rick & Morty themed dropship site. All of the products are shipped directly from the manufacturer using Ali Express.

Rick & Morty is a cartoon from Adult Swim, and is insanely popular worldwide, with a die-hard fanbase always looking to get some cool Rick & Morty Merch! Now, you can have a piece of the pie! Sell posters, shirts, hoodies, hats, Funko Pop toys, plushies, keychains, lanyards, board games, and so much more!

Website Features:

  • Responsive Design
  • WooCommerce Shopping Cart
  • Full Dropship Inventory with hundreds of products
  • PayPal/Stripe Ready
  • SEO Friendly
  • Fast Loading
  • Automatic Pricing and Inventory Updates
  • wubbalubba.co domain INCLUDED!

Why are we doing this Website Giveaway?

We want everybody to have the opportunity to own their own business, and running a dropship site is the perfect entry point for budding entrepreneurs.

Website Giveaway Rules:

  1. Visit one of our social media pages: Twitter, Facebook, Instagram, or LinkedIn.
  2. Like our page / Follow us
  3. Share our post (or download an repost) using the hashtag #WebsiteWednesday
  4. Winner will be announced on Thursday at noon (MST timezone) on all social platforms

You can do share as many times as you’d like, each share is an entry into our website giveaway. If you do not already have a hosting account, we recommend getting something setup through Godaddy or another great service provider. Otherwise, we will host your site for you for free!

Let’s get schwifty!

So, now that you know the rules, let’s get started! REMEMBER: You get extra points for tagging your friends, so tag away! If you don’t know about Rick & Morty, you better go jump on Hulu and start binge watching every episode before the new season starts!

The post Website Giveaway for #WebsiteWednesday appeared first on Website Butlers.

]]>
WordPress Plugins that will Save Your Life: Helpful Tips http://www.schecherconsulting.com/wordpress-plugins-that-will-save-your-life-helpful-tips/?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-plugins-that-will-save-your-life-helpful-tips Fri, 16 Aug 2019 21:40:59 +0000 http://www.schecherconsulting.com/?p=1437 Have you ever tried to find a WordPress plugin to solve a problem, and you end up installing (and uninstalling) 20 different plugins before you find the right one? I like to call that Plugin Fatigue, and it’s one of the realest issues facing the novice WordPress user. In this post, I will share 3 [...]

The post WordPress Plugins that will Save Your Life: Helpful Tips appeared first on Website Butlers.

]]>
Have you ever tried to find a WordPress plugin to solve a problem, and you end up installing (and uninstalling) 20 different plugins before you find the right one? I like to call that Plugin Fatigue, and it’s one of the realest issues facing the novice WordPress user.

In this post, I will share 3 plugins that I use on every website I build. These plugins are life savers in every sense of the word. All 3 of these plugins will improve your website’s performance, security, and overall searchability.

Wordfence Security – Firewall & Malware Scan

Wordfence Security – Firewall & Malware Scan

This plugin has a free version, and a premium version. I use the free version on all of my client sites, and it’s more than enough protection.

What does it do? As simply as I can put it – it protects your website from malware and hackers. You can block traffic by region, country, even down to a more granular level. This WordPress Plugin protects your login pages, provides 2 factor authentication, scans for malware, and sets up a nice firewall that will keep your site safe and operational.

From Wordfence:?

Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.

Spam protection, AntiSpam, FireWall by CleanTalk

Spam protection, AntiSpam, FireWall by CleanTalk

Every WordPress site faces a barrage of spam. Some plugins work, others don’t. Well, CleanTalk created a WordPress Plugin that works, all the time, every time.

This plugin is not free, unfortunately, but the $8/year you spend will be well worth the small investment. There’s a free trial period you can take advantage of, but one you see the power of this plugin, you won’t want to use anything else.

From CleanTalk:

Supports: Contact Form 7, Contact Form by WPForms, Ninja Forms, Gravity Forms, MailChimp, Formidable forms, WooCommerce, JetPack comments and contact form, BuddyPress, bbPress, Fast Secure Contact form, S2Member, MailPoet, wpDiscuz, any WordPress registrations & contact forms and themes. Just setup and forget the spam!

No CAPTCHA, no questions, no animal counting, no puzzles, no math and no spam bots. Universal AntiSpam plugin.

WP Fastest Cache

WP Fastest Cache

There’s a lot of debate out there about which WP Cache WordPress Plugin is the best, and based on over 10 years of WordPress development experience, I can tell you that WP Fastest Cache is hands-down my favorite.

WP Fastest Cache is so easy to use, it doesn’t have any confusing settings, and if you want to upgrade for advanced features, the option is there for you to do so. The free version is adequate for any average WordPress website.

From WP Fastest Cache:

This plugin creates static html files from your dynamic WordPress blog. When a page is rendered, php and mysql are used. Therefore, system needs RAM and CPU. If many visitors come to a site, system uses lots of RAM and CPU so page is rendered so slowly. In this case, you need a cache system not to render page again and again. Cache system generates a static html file and saves. Other users reach to static html page.

In addition, the site speed is used in Google’s search ranking algorithm so cache plugins that can improve your page load time will also improve your SEO ranking.

Setup of this plugin is so easy. You don’t need to modify the .htacces file. It will be modified automatically.

In Conclusion

Please keep in mind that there are other solutions out there that other developers may recommend. These recommendations are based on my experience and working with clients who want simple solutions.

If you have any questions, please feel free to contact me directly: support@www.schecherconsulting.com or use our contact page.

The post WordPress Plugins that will Save Your Life: Helpful Tips appeared first on Website Butlers.

]]>
Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin http://www.schecherconsulting.com/trends-emerging-following-vulnerability-in-wp-gdpr-compliance-plugin/?utm_source=rss&utm_medium=rss&utm_campaign=trends-emerging-following-vulnerability-in-wp-gdpr-compliance-plugin Fri, 09 Nov 2018 16:55:20 +0000 http://www.schecherconsulting.com/?p=712 Earlier this week the?WP GDPR Compliance?plugin was briefly removed from the WordPress.org repository after the discovery of critical security issues impacting its users. In?yesterday’s post, we provided some details regarding these issues and illustrated their severity. In the hours since that post was published, our team has continued tracking the adversaries seeking to exploit this [...]

The post Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin appeared first on Website Butlers.

]]>
Earlier this week the?WP GDPR Compliance?plugin was briefly removed from the WordPress.org repository after the discovery of critical security issues impacting its users. In?yesterday’s post, we provided some details regarding these issues and illustrated their severity. In the hours since that post was published, our team has continued tracking the adversaries seeking to exploit this new attack vector. Today, we’re sharing the findings of this extended research. This post is technical in nature and will be helpful for network defenders, developers and security researchers.

Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin

For details regarding the vulnerability and its scope be sure to read yesterday’s post,?Privilege Escalation Flaw In WP GDPR Compliance Plugin Exploited In The Wild,?before proceeding.

If you run a WordPress site and use this plugin, you should update to the newest version which fixes the vulnerability, or remove the old version of the plugin. The newest version of?WP GDPR Compliance is version 1.4.3.

Two Notable Exploits

The data gathered by our malware scans, firewall activity, and site cleaning reports has revealed two primary types of exploit taking place. The first case, identified early in our research and mentioned in yesterday’s post, involves modifying user registration settings. The second case, caught and logged by the new firewall rule for this vulnerability, injects malicious scheduled actions to be executed by WP-Cron. Examples we have seen of both attack types have made use of backdoor scripts named?wp-cache.php, though the contents of these backdoor files differ between the two methods.

Administrator Access via Modified Settings

The most common attempted attacks against this flaw at the time of this writing directly exploit the ability to modify arbitrary settings on affected sites. By enabling new user registration and changing the default role of new users to Administrator, attackers are able to simply create a new privileged user, then log in and take any actions on the newly compromised site.

Interestingly, automated attempts to perform this activity are also?reversing?the settings modifications being made. The following screenshot contains relevant access log entries for one such attack.

Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin

In this log, we first see a GET request to the site’s homepage. This first request is necessary to produce the “ajaxSecurity” nonce required by the plugin to perform AJAX actions. Next, two POST requests are made to?/wp-admin/admin-ajax.php. Data stored in POST bodies is not seen in access logs, however in the course of our research we have been able to acquire samples of this data. The first two AJAX requests contain the following data:

action=wpgdprc_process_action&data={“type”:”save_setting”,”append”:false,”option”:”users_can_register”,”value”:”1″}&security=[redacted]

action=wpgdprc_process_action&data={“type”:”save_setting”,”append”:false,”option”:”default_role”,”value”:”administrator”}&security=[redacted]

In the first action,?we see the attacker enabling the?users_can_register?option, which adds functionality to a site’s?wp-login.php?page allowing users to create new accounts. Next, the?default_role?option is set to ‘administrator’, meaning any new user registered to the site is automatically given full administrative access.

The next items in the access log show the attacker making a POST request to?/wp-login.php?action=register, and the subsequent redirect to the “Registration complete. Please check your email” dialog.

Lastly, two more AJAX requests are made, containing the following instructions:

action=wpgdprc_process_action&data={“type”:”save_setting”,”append”:false,”option”:”users_can_register”,”value”:”0″}&security=[redacted]

action=wpgdprc_process_action&data={“type”:”save_setting”,”append”:false,”option”:”default_role”,”value”:”subscriber”}&security=[redacted]

Here we can see the attacker actually reversing the configuration changes that allowed them to create an administrator account, first by disabling user registration then setting the default user role to “subscriber”. This serves to help prevent other attackers from creating their own administrator accounts, as well as reducing the likelihood that a site’s administrator will notice a problem. It closes the door behind the attacker.

Several hours after the new user is created, the attacker logs in to their new administrator account and can begin installing further backdoors. In our sample cases, we’ve seen attackers uploading a robust PHP webshell in a file named?wp-cache.php. The image below is a screenshot of the shell user interface.

Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin

With a file manager, terminal emulator, and PHP eval features, a script like this on a site can allow an attacker to deploy further payloads at will.

Backdoor Installation via Injected Cron

The second type of exploit we’re seeing is less straightforward, and more difficult to identify at a glance. By injecting malicious actions into a site’s WP-Cron schedule, these attackers are able to install a persistent backdoor that can replace itself if removed. While a variety of malicious actions can be stored and executed via WP-Cron, the cases we have seen so far rely on the presence of another popular WordPress plugin,?WooCommerce.

The following line contains a portion of an AJAX request body blocked by the Wordfence firewall for attempting to insert a malicious WP-Cron task:

“woocommerce_plugin_background_installer”:{“[redacted]”:{“schedule”:”hourly”,”args”:[“2mb-autocode”,{“repo-slug”:”2mb-autocode”}],”interval”:3600}}

This cron task attempts to use WooCommerce’s built-in?woocommerce_plugin_background_installer?action to install the?2MB Autocode?plugin, which allows the injection of arbitrary PHP code into all posts on a site. The code to be injected is stored by 2MB Autocode as an option in the database, so the next step is to modify that setting using the same vulnerability:

{“type”:”save_setting”,”option”:”2mb_autocode_topstring”,”value”:”[malicious_php]”}

The?[malicious_php]?placeholder in the above example contains a PHP backdoor script which performs the following actions in sequence:

  1. Receive encoded input stored in the attacker’s request as an “HTTP_X_AUTH” header, which declares the locations used in the following steps.
  2. Make a request to http://pornmam[.]com/wp.php
  3. Decode the response and save the resulting PHP backdoor as?wp-cache.php
  4. Include the core file?/wp-admin/includes/file.php
  5. Deactivate and delete the 2MB Autocode plugin
  6. Clear the WP-Cron event associated with the attack
  7. Delete the?2mb_autocode_topstring?option containing this code.

While the backdoor script seen in these cases shares the name?wp-cache.php?with other methods, the contents are much different. Instead of a self-contained web shell, this script contains some decoding functions and some execution syntax, but none of the executed payload is stored in the file. Instead, the payload to be decoded and executed is stored as a POST variable or in a cookie.

Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin

Without any captured requests to this script, we can’t know exactly what the intended behavior is. However, given the nature of the script and its eventual call to?eval(), it’s to be expected that any arbitrary code can be executed by way of this backdoor.

No Mobilization Yet

In most infections, there will be one or more active methods in place to bring value of some form to the attacker. Whether an infected site is serving spam emails, hosting a phishing scam, or any other direct or indirect monetization, there’s often a clear goal identified as part of the triage process. However, despite the rapid occurrence of these identified cases, so far our research has only turned up backdoor scripts on sites impacted by this issue. No “end-stage” payloads intended to directly benefit an attacker have yet been associated with these attacks.

This behavior can mean a number of different things. It’s possible that these attackers are stockpiling infected hosts to be packaged and sold wholesale to another actor who has their own intentions. There’s also the chance that these attackers do have their own goals in mind, but haven’t launched that phase of the attack yet. In either case, sites impacted by these attacks should immediately work to identify and remove any backdoors present.

Indicators Of Compromise

The following section contains a series of IOCs (Indicators of Compromise) that can be used to assist in identifying and triaging cases similar to the ones in this report. Be advised that any common methods may be changed by the malicious actor at any time, especially as more attackers begin exploiting this vulnerability.

Most Prevalent Attacking IP Addresses

  • Admin Creation Method:
    • 109.234.39.250
    • 109.234.37.214
  • Cron Injection Method
    • 46.39.65.176
    • 195.123.213.91

Outbound Domains Accessed

  • pornmam.com

Malware Hashes

  • Admin Creation Method Backdoor
    • MD5:?b6eba59622630b18235ba2d0ce4fcb65
    • SHA1:?577293e035cce3083f2fc68f684e014bf100faf3
  • Cron Injection Method Backdoor
    • MD5:?c62180f0d626d92e29e83778605dd8be
    • SHA1:?83d9688605a948943b05df5c548bea6e1a7fe8da

Database Indicators

  • The presence of unauthorized accounts in your site’s users table, including but not limited to the following examples:
    • t2trollherten
    • t3trollherten
  • An entry in your site’s options table with an option_name starting with?2mb_autocode?(If not used intentionally)
  • The option?default_role?set to anything other than “subscriber” unless directly intentional.
  • The option?users_can_register?enabled unintentionally.

Installed Plugins

  • 2MB Autocode (If not used intentionally)

Conclusion

It is our hope that the details revealed by this research can be used to assist others in the security sphere to track and prevent these exploits. However, the attacks first seen following an impactful security disclosure can be considerably different than those seen in the weeks and months after. Given the scope of the vulnerability in question, it’s likely that more unique and sophisticated attack methods will be seen in the wild before long.

As always, we stress the importance of performing regular plugin updates to prevent these attacks from succeeding in the first place. The Wordfence plugin notifies administrators of outdated plugins automatically in order to help facilitate a quick response to potential vulnerabilities. In addition, the Wordfence Threat Intelligence team has released firewall rules and malware signatures to our premium customers in real-time to protect against this exploit and detect the indicators of compromise associated with the attack.

The post Trends Emerging Following Vulnerability In WP GDPR Compliance Plugin appeared first on Website Butlers.

]]>
PHP 5 Will Reach End-of-Life in 2 Months – Time to Upgrade http://www.schecherconsulting.com/php-5-will-reach-end-of-life-in-2-months-time-to-upgrade/?utm_source=rss&utm_medium=rss&utm_campaign=php-5-will-reach-end-of-life-in-2-months-time-to-upgrade Tue, 30 Oct 2018 18:07:04 +0000 http://www.schecherconsulting.com/?p=708 WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, [...]

The post PHP 5 Will Reach End-of-Life in 2 Months – Time to Upgrade appeared first on Website Butlers.

]]>
WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, these sites are in a precarious position and will become exploitable as new PHP 5 vulnerabilities emerge without security updates.

This post is in a FAQ format and describes why PHP 5 is reaching end-of-life, what the timeline is and what to do about it. The Wordfence team is working to create awareness of this issue in the WordPress and broader PHP community. You can help by sharing this post with your colleagues that manage PHP websites or use WordPress.

PHP 5 Will Reach End-of-Life in 2 Months - Time to Upgrade

What is End-Of-Life or ‘EOL’ in Software?

When a software product reaches EOL, it is no longer supported by software developers. That means that, even if someone finds a security hole in the software, the developers will not fix it.

If a development team is productive, they will release many versions of the software they work on over time. It becomes impractical to support every version of the code ever released. So a compromise needs to be made.

This compromise is that the development team will only support their software for a certain amount of time. After that time has elapsed, the development team suggests that the user community upgrade to a newer version of the same software, which usually does things better than the old versions and is fully supported.

Is PHP Version 5? going to be EOL soon?

Yes. PHP version 5 will be declared End-Of-Life on January 1st, 2019. That is, in approximately two months at the time of writing.

The PHP development team’s policy with regards to end-of-life is as follows: each release of PHP is fully supported for two years from the date of release. Then it is supported for an additional year for critical security issues only. Once three years has elapsed from the date of release, the version of PHP is no longer supported.

PHP 7.0, the very first PHP 7 release, was released on 3 December, 2015, almost three years ago.?PHP version 5 is rapidly approaching end-of-life and will no longer be supported starting on 1 January, 2019.

The final branch of PHP version 5 that is still supported is PHP 5.6. Because this is the final PHP 5 branch, the PHP team chose to extend the security fix period from the usual one years, to two years. That extended security support will end on 1 January 2019.

The following table includes the important dates for PHP 5 and PHP 7 branches. You can find this table on?this page on the PHP website.

PHP 5 Will Reach End-of-Life in 2 Months - Time to Upgrade

Why Should I Upgrade to PHP 7?

As mentioned above, PHP 5 will no longer be supported with security fixes, starting on 1 January 2019. That means that even if a vulnerability is discovered, it won’t be fixed, leaving your website vulnerable.

PHP 7 has many improvements over PHP version 5. These include performance improvements. PHP 5 has many known bugs that relate to performance, memory usage and more. PHP 7 is actively supported and developers are therefore able to implement those improvements and make your website run faster, be more stable and use your expensive resources more efficiently.

As an added benefit, PHP 7 also allows the use of more modern programming structures, which is a nice benefit for software developers.

How can I find out my PHP version?

If you are using WordPress and running the Wordfence security plugin, simply go to “Tools”, then click on the “Diagnostics” tab at the top right. Scroll down to the “PHP Environment” section and you will be able to see your PHP version on the right side of the page.

Alternatively you can install?this extremely basic plugin on your WordPress site?which will display your PHP version. Please note that this plugin is not produced by the Wordfence team and we do not endorse it.

If you have FTP access to your website, you can create a file with a name that is hard to guess. Then add the following two lines:

<?php

phpinfo();

Save the file in your web root directory and then visit the file in your web browser. Your PHP version will be displayed at the top of the screen. Don’t forget to delete your temporary file once you’re done.

Which specific version of PHP 7 should I upgrade to?

Ideally, you should upgrade to PHP 7.2 which is the newest version of PHP. This version will be fully supported for another year and will receive security updates for a year after that.

If you are unable to upgrade to 7.2, then at a minimum you should upgrade to PHP 7.1. Full support for PHP 7.1 will end in 1 month. However, you will continue to receive security updates for another year after that.

Do not upgrade to PHP 7.0. This version will also become end-of-life in one month.

Does PHP 5 have any vulnerabilities?

Security vulnerabilities are continuously reported in PHP. Some of these are serious.?Viewing this page on CVEDetails.com?will give you an idea of the volume and severity of PHP vulnerabilities that have recently been reported.

Many of the vulnerabilities reported in PHP were discovered this year. Many more will be discovered in PHP version 5 next year, after security support for all versions of PHP 5 have ended. That is why it is critically important that you upgrade to a version of PHP 7 that is supported and is receiving security updates.

Will anything break if I update to PHP 7.2?

You may discover incompatibilities that need to be fixed by a developer if you update to PHP 7.2. PHP has undergone some changes since version 5 which has improved the language and made it more secure, but may result in warnings or errors for code that has not been made compatible with PHP 7.

If you are a WordPress user,?WordPress core is fully compatible with PHP 7.2 and greater.

However, it is very important that you make sure that your themes and plugins are also compatible with PHP 7.2. If you are using an unmaintained theme or plugin, you may encounter warnings or errors due to incompatibilities. For this reason, we recommend you test your website on a hosting account or server that is running PHP 7.2. If you encounter any problems, contact the developer of the theme or plugin and ask them for an urgent fix. Remind them that PHP 5.6 reaches end-of-life in just two months and that you must update to PHP 7.2 by then.

This page has a migration guide for PHP developers who are migrating code from PHP 5.6 to PHP 7.

This page has a list of deprecated functions under PHP 7.2?and will be helpful to a developer that is migrating code from PHP 5 to PHP 7.

What if my hosting company does not support PHP 7?

Your hosting account should include some kind of control panel or options and settings page. If you’re not seeing an option to upgrade to PHP 7, you should contact your hosting company’s support team to see what your options are. If none are available, we recommend you transition to new hosting before the end of the year.

What if my developer does not support PHP 7?

PHP 7.0 was released two years and 10 months ago. If your developer’s plugin, theme, or other PHP product does not support PHP 7 at this point, it is quite likely that the project is unmaintained. If the project was being maintained, then they would have had users who are using PHP 7 report problems within the last 2 years and 10 months, which they would have fixed.

Using unmaintained software is a bad idea because it means that security vulnerabilities are not being fixed. So if you do encounter incompatibilities when upgrading to PHP 7.2, this may be a red flag and may indicate you should move on to using an alternative product that is being actively maintained.

What is the easiest way to upgrade to PHP 7.2?

Many hosting providers offer a one click PHP version change in CPanel. This allows you to switch to PHP 7 and check your site for problems. If something doesn’t work, you can switch back and create a plan for addressing the issues you found.

If you can’t find where to update your PHP version, your hosting provider can advise you how to update PHP in their environment. It may mean them making a change on their end or even moving your site to another server.

Remind me again why I need to update to PHP 7.2?

The really good news is that you are probably going to see a nice performance improvement when you update your site. Sure, you may need to deal with a few, hopefully minor incompatibilities. But once you have updated to PHP 7.2, you can rest assured that you will continue to receive security updates until November 30, 2020.

If you remain on PHP 5.6, you may find yourself dealing with a hacked site some time next year when a vulnerability is released for PHP 5.6 and no fix is released by the PHP team because PHP 5.6 is end-of-life.

How can I help?

This deadline is coming up fast. All versions of PHP 5 will stop receiving security updates in 2 months. There are a huge number of websites that are still on PHP 5. As soon as security updates end, attackers will be highly motivated to find vulnerabilities that they can exploit, because those vulnerabilities will not be fixed and will be exploitable for a long time.

To help transition the global web community to PHP 7, please spread the word by sharing this post and helping create awareness about this tight deadline and how to transition to PHP 7.

The post PHP 5 Will Reach End-of-Life in 2 Months – Time to Upgrade appeared first on Website Butlers.

]]>
Weekend Specials (October 25th – 29th, 2018) http://www.schecherconsulting.com/weekend-specials-october-25th-29th-2018/?utm_source=rss&utm_medium=rss&utm_campaign=weekend-specials-october-25th-29th-2018 Thu, 25 Oct 2018 19:06:37 +0000 http://www.schecherconsulting.com/?p=700 The post Weekend Specials (October 25th – 29th, 2018) appeared first on Website Butlers.

]]>

As a small business owner, the cost of website development can get very costly, sometimes preventing you from ever being able to get your website off the ground. This weekend’s special will help you get online without destroying your budget. Plus, this week, we’ve added in some extra goodies!

Specials for this weekend!

  • Website Design / Redesign (starting at $300)
    • Up to 7 pages
    • Up to 3 different contact forms
    • Done within 48 hours
  • Logo Design ($150)
    • Up to 5 revisions
    • Up to 3 variations
  • Website Security Protection (starting at $39/mo for life)
    • Malware protection
    • Malware removal
    • Monthly security reporting
    • Upgrades available for real-time reporting
  • Landing Page Design (starting at $250)
    • Includes main landing page & checkout page
    • Integrate with Stripe / PayPal / Square / Auth.net
    • Full Google Analytics available (upon request)
  • Free Website Audit & Security Scan
    • Free SEO and page optimization report
    • Free security scan (malware/virus/malicious scripts)
    • Free blacklist checker
    • Free SSL checker

Feel free to share this post with anyone who may need our services. These prices are only good until Monday, so you will need to contact us right away!

To get started, please either use the form below, or call (877) WEB-FIXR.

Please fill out the form below:

We will get back to you as soon as possible. We’re limiting the $300 web design to the first 5 websites. Add ecommerce for $50.

[contact-form-7]

The post Weekend Specials (October 25th – 29th, 2018) appeared first on Website Butlers.

]]>
一本大道香蕉中文在线视频-一本大道香蕉高清视频-一本大道香蕉视频