WordPress rolled out a new update today, 4.2.2, and it’s important that you update your WordPress websites as soon as possible. There are several security patches that are included in this update which you can read more about on the WordPress official website by Clicking Here.

In short, the update fixes a vulnerability with a popular font file which allowed hackers to gain access to WordPress accounts. It also fixes an issue where anonymous users could compromise a WordPress website.

As I’ve covered in previous posts, keeping your websites up to date is one of the easiest, but most effective ways of making sure they are secure. It also helps us do our jobs in keeping the servers more stable and secure, and helps us avoid StealRat and other spamming issues, which are generally caused by CMS exploits.

One of our admins also found a website that catalogs all known WordPress exploited plugins, themes, etc, as well as how to fix them. You can visit WordPressExplot.com to see the list. You’d be surprised at just how many things are on there.

If you’ve got any questions or need help update feel free to contact us at support@hostmetro.com or leave a comment below and we’ll help you out.

Today, March 31st, is world backup day. While most people tend not to back up their data as much as they should (myself included), today is an important reminder that at any time disaster can strike, and having a backup could mean the difference between an easy restore and hours, perhaps days of rebuilding a website.

Allow me to share a quick personal story. Last week, I was working on one of my personal websites. I was doing some account maintenance, which included deleting some old FTP accounts that I had created through cPanel. The problem was that I wasn’t paying close enough attention to what I was doing, and during the deleting process I selected the option for deleting the account AND all of the files in the folder for that account.

Oops. A whole website gone in the blink of an eye. The worst part is that I had no backup. Thankfully for me it’s a WordPress website and all of the posts and pages are stored in the database which remained on the account, but all of my template customization, images, plugin data, everything else was gone. It’s taken me over a week to recover and I’m still not there yet.

The moral of the story is if you value your website at all, I urge you to reconsider how often you take your backups. It’s also important to keep these backups off of your hosting account. Say, for example, multiple hard drives fail on a server. We have safe measures and redundancies in place on our servers to try and mitigate data loss, but sometimes there is no revering from hard drive failure. When this is the case, if you kept your backup on the same storage that failed, that backup is also gone.

To encourage everyone to partake in taking backups more regularly we are offering our backup on demand service for 50% off it’s regular price. If you order using the promo code backup50 you can get it for $9.97 for a year. Just Click Here to log in and order it on your account.

email spoofingWith the advances in email technology, spammers are finding more creative ways to get their messages in your inbox, and more importantly, to have you open these messages. One of the tricks that these spammers use is known as email spoofing.

What is email spoofing, exactly? Email spoofing is when a spammer changes the header so that the “from” address looks like a legitimate email address to trick both spam filters as well as the email recipients. These spammers send out legitimate looking emails posing as addresses you would recognize – either from friends, popular stores like Amazon.com, or even worse, a popular bank like Chase or Bank of America. All of this is in an attempt to get you to open the email and follow the instructions inside.

Opening emails from spoofers can lead to big time losses. These emails will try to trick you into clicking on a link or downloading an attachment. This, in turn, will install a malicious program on your computer that will easily allow hackers to steal your identity, credit card information, social security number, and other personal information without you ever knowing it.

These hackers can also spoof your email address to pose as you and send emails to people you know. People are more inclined to open emails from addresses they recognize, and the hackers rely on this to get their malware spread far and wide.

What can be done to protect yourself from email spoofing? The first, most important thing to do, is make sure you only open emails from addresses you trust. This minimizes your risk of downloading a malicious file. Even if you do open an email, be sure you carefully review any links and attachments that are sent, and download/visit the sites with caution.

MetroMail Secure Email will minimize your risk of even receiving these emails. This secure email system scans for malicious attachments and links that look like spam so that it never reaches your inbox. This allows you to look through your email worry free. To learn more about how HostMetro.com can protect you with their secure email, visit our secure email page by Clicking Here.

How to Stop Spam CommentsIf you have a successful blog, or are considering starting a blog, you are going to undoubtedly come across spam bots trying to post comments on your blog. Finding out how to stop spam comments can be frustrating, especially when you are getting more than you can handle. There are a few things you can do to easily handle the vast majority of comment spam to keep your blog clean and safe for your visitors.

1. Moderate the Comments

This is a relatively simple thing to do when you start noticing your blog getting comments. Simply hold them for moderation, and when you have recognized it as not being spam approve the comment so it is displayed on your website. This can obviously get tedious pretty quickly when you start getting a lot more traffic and comments, but it is a good place to start.

2. Blacklist Certain Words

All of us know the common words that seem to always be sent through spam. Things like “viagra” are easily blocked by adding the word to a blacklist. Any comment with this word in it will automatically be flagged as spam. You can also use this to keep your comments as PG as you’d like. That, of course, is all personal preference.

3. Don’t Allow Links in Comments

More often than not, spammers are attempting to get you and your visitors to click through a link to take you somewhere else. Where you will end up is anybody’s guess. Blocking posters from being able to comment hyperlinks is a quick and easy way to stop spam comments in most cases.

4. Require Registration

While this isn’t a sure-fire way to stop spam comments, it may dissuade some spammers. Forcing visitors to register before commenting will stop basic spam attempts. It’s also a great way to build a mailing list if your blog is for a business.

5. Use a Spam Block Plugin

If you use a blogging platform like WordPress then you can quickly and easily install a plugin that will help you automatically block out spam. This will help you stop spam comments when you start getting too many to go through yourself.

These things are relatively simple to do, and following them will help stop most of the incoming spam you see on your blog. This will give your visitors a much more pleasant experience because they won’t have to sift through spam to see the real comments. It also shows that you actively monitor and moderate your website, something that will keep visitors coming back.

Over the past month or so we’ve gotten a good number of questions about this, so I thought it would be best to post something here to help spread the word. Recently, a new domain registration scam has been going around from the “DOMAIN REGISTRATION SEO SERVICE Corp.” trying to get you to send them money.

If you receive an email from “Domain Services” or something similar that looks like the screenshot below, please ignore it. This is an attempt to get you to send them money. They do not hold the rights to your domain registration. If you read the email closely you will see that what they’re trying to have you pay for is actually “domain registration search engine submission” whatever that means.

domain scam(click image for full size)

This screenshot was sent to us by one of our customers (personal information has been removed) because he thought we had registered his domain name and was confused why this company was emailing them a renewal notice. As you can see, they try to trick you into thinking that it’s a renewal notice for your domain registration hoping that you’ll send them $54.00.

This company (and others like it) gathers as many email accounts as it can from WhoIs searches and sends this email out to any email address they can get. If you receive an email like this please disregard and delete it. It is nothing more than a scam trying to get you to send them money for essentially nothing.