tl;dr – We have some new eCommerce reports, we weren’t affected by the SoakSoak attack, and we’ll offer free SSL if it ever becomes possible.
For web developers, December is less about taking time off for the holidays and more about taking calls from business owners full of eggnog and grand plans for the New Year! In other words, we’ve been getting a lot of new projects. A lot of these have focused on eCommerce, but we haven’t forgotten about keeping all our clients safe from all the hackers out there! This month’s miscellany focuses on three topics:
We Have Some New eCommerce Features!
We regularly improve our network and make new features available to our clients, but this winter has seen more than the usual volume of updates focusing on our eCommerce clients. Our new features are detailed below.
- Customer & Product Import/Export: This plugin allows users to import or export lists of customers and products in .CSV or .XML format. You might use this to create offline records or provide data for your accounting tools.
- Customer History: This feature creates a record of each page visited, time per page, and a lifetime value for each customer.
- Cart Reports: Since we introduced eCommerce, we’ve gotten a lot of requests to report on shopping cart engagement and abandonment. This feature tracks and reports on these statistics.
- Cost Of Goods: Clients can use this feature to track the expenses and profitability associated with each product or product category.
- Zapier Integration: We’ve been so impressed with their Gravity Forms integration that we’ve decided to connect WooCommerce to Zapier. This tool dramatically extends the ways you can be notified of eCommerce activity, communicate with your customers, and archive your business data.
- Gravity Forms Integration: Speaking of Gravity Forms, we’ve also introduced
- Segment.io Integration: We don’t have any Segment.io users yet, but it’s such a cool idea we just had to set up an integration! This integration collects data from your PureNyx eCommerce site, stores it on Segment.io’s third party data warehouse, and makes it available to their partner applications for various marketing and analytics.
- Catalog Visibility Options: The Catalog toolset enables our users to segment their products into security groups, for instance keeping certain products hidden from all but premium customers or wholesalers.
- Custom User Roles: While we added this feature to create special client types for eCommerce sites, it’s usable by any of our clients. Custom User Roles allow you to grant access to any site feature while protecting other content.
What’s Up With The SoakSoak Attack?
Back in September, a major vulnerability was discovered in an extremely popular WordPress plugin – RevSlider. The RevSlider plugin is commonly used to add an interactive feature image to the homepage of commercial themes and can be found on tens of thousands of sites. This vulnerability allowed hackers to insert malicious code and the plugin makers immediately issued a major update. Unfortunately, it’s particularly popular with developers that build inexpensive sites, turn them over to the client, and don’t contract to apply these updates. That meant a lot of sites were left open to attack long after the problem was known. Big problem!!!
That came to a head this month when WordPress security firm Sucuri broke the news of a major attack they dubbed SoakSoak, after the URL of a Russian site used by the hackers. Their report made a big splash since it revealed that more than 100,000 sites had been compromised. The SoakSoak infection was particularly damaging for site owners because Google aggressively blacklisted domains hosting the malware, in order to protect their users. This pretty much blocked these sites from receiving everyday traffic, even after the infection was removed.
Of course, this didn’t affect our clients. We were made aware of the issue immediately after it was discovered and checked for vulnerability that day. None of our sites were using RevSlider in the first place and we would have updated it in a timely fashion if we had been. That’s what our ongoing support is all about!
We’ve Got Our Eye On Encryption
Since PureNyx started offering options for SSL/TLS secured sites we’ve decreased our prices more than five-fold, decreased the timeframe for implementing encryption from weeks to days, and increased the features we can protect… but we’re still not happy. We’d really like to find a way to encrypt every part of every site we support… for free. For a small business like PureNyx to do that, the SSL Certificate industry would have to be turned on its head. It would require massive reduction in cost, improved methods for issuing certificates, and an entirely new way for web hosts to apply them. Luckily, it just so happens that a few serious projects are looking to make this happen.
We’re most excited about the Let’s Encrypt initiative supported by leading organizations like Mozilla, the EFF, and Cisco. The project’s goal is to offer a free, fully automated certificate authority starting summer 2015 and couple it with a software toolkit for web hosts to automatically apply the credentials to new domains. We’ve tested their initial software kits and things are looking good, but only time will tell whether it’s possible to meet the rather lofty goals they’ve set. Either way, PureNyx is actively seeking a solution of this sort and we’ll keep you informed!