Web Hosting and Digital Marketing Blog .


Announcement: New Wide Breakthroughs
posted by: in Announcements

This month we have big announcements to make to improve the level of services.

A Dedicated Server Control Panel

For all users based in our Paris Datacenter, you have now a full control over your dedicated server.
The panel comes with a load of new exciting features to make your hosting life far easier.

Please find the changes listed down below:

  • Reboot the Dedicated Server
  • Find the Server Location on a Map
  • Change Boot Mode and boot it in mode Rescue for a critical access
  • Installation / Reinstallation of the OS.
  • IPMI Access (Dedicated Servers Sensors Access, JAVA SSH Console)
  • MAC Address for Advanced Networking

We have taken this opportunity and took a leap forward by enabling the IP failover feature.

You are now able to move your IPs from one server to another in the same location within a click and a couple of minutes.

An Automated Monitoring System

We have also released a full monitoring allowing to see the ping response time graph from 3 different Location. (Paris, New York, Singapore).

The feature is now set in Beta mode and is available to all Dedicated Servers in our Paris location.


You may now see the response time and the packet loss in a graph so you can troubleshoot any issue your server


Windows Panel Upgrade: Easier Than Ever


We have rolled a full update of the Windows VPS panel to create and manage the VPS.

Windows VPS Control Panel

Here are the features list being added:

  • Reinstallation directly from the panel
  • Progress Bar During Installation
  • Better Snapshots Restoration Management
  • Bios Choice Removal (Automatic with OS choice)


One last thing…

The most waited location for the Windows VPS is now available. The king location for all internet marketing activities.

Windows VPS in the West Coast USA

After, long and dedicated hard work, we were finally able to keep up with the uncompromised services quality meaning space grade hardware and stunning network performances.

Actually, we did even better by selecting Intel SSD NVMe which triples the performances you would expect on a regular SSD Drive.

These max enhanced drives are combined with the latest Intel Xeon E5 High End Generation which would take your experience to a whole new level.

This initial release will come with a limited quantity and can be ordered directly from our Windows VPS page.

For this new launch, we offer an unique coupon for the first users to grab with a 50% over 2 months for your Windows VPS.


A new era has begun for us, and we want you to be part of it.



Make WordPress Redirect to HTTPS the right way

Do you want WordPress to redirect to HTTPS? This guide is made for you. It will teach you everything you need to know to make WordPress redirect to HTTPS and not only the technicalities.

Google made it clear that SSL is what they want for the web, it is also a crucial SEO factor.

The HTTPS protocol works with an asymetrical encrypted key which set an handshake between your browsers and the web server. It allows to authentify a visitor session and protect him from a man in the middle type of attack.

Enabling a SSL certificate for the website will bring its load of benefits such as

  • Increased Website Security
  • Reduce the Bounce Rate
  • Increase the Sales Conversion
  • Boost of Rankings in SERPS


This guide suggests that you already have a SSL installed on your web hosting account. If not you may refer to the guide below:


Once your SSL certificate is installed, there are there are a few extra steps to make WordPress redirect to HTTPS properly and without any issue.


A SSL certificate requires all your content to be served through HTTPS to avoid a mixed content SSL error. WordPress will automatically serve the elements in https of your website such as:

  • Videos / Images / Audio
  • JS Assets (Adsense, Facebook Tracking Pixel, Adwords, Google Tag Manager, Analytics, Jquery Libraries etc..)
  • CSS Assets
  • Web Fonts

Also, your internet net linking should be referring to an https:// URL to avoid an unnecessary redirection.

Throughout this guide, we will teach you how to quickly make the change and verifications, force wordpress to load with HTTPS and the couple of extra steps required to make sure the swap is efficient.


I) How to Force WordPress to load through HTTPS ?

a. In WordPress redirect to HTTPS

The first step to do is to change the default URL of your WordPress website. It is a very powerful first step as all your images calls, pages links, posts links made through the WordPress Visual Editor would be redirected automatically to HTTPS without you having to correct it all.


So, you would need to go to your WordPress Admin dashboard and click on Settings, General and correct both of the input field by replacing http by https as shown in the screenshot below:

Wordpress Redirect to HTTPS

b. Force all the traffic to be redirected to the HTTPS version of your website.

For all the traffic coming to your website, you would need to instruct the web server to exclusively serve your website content through HTTPS in which case. This steps goes through editing the .htaccess file of your website.


If you aren’t using cPanel, you would need to use a FTP client to access the files of your website and at the root of your wordpress folders you should see the .htaccess file.


If you are a customer of our services, you should have the cPanel access in which case, it will be more convenient and you would need to go to File Manager, click at the top right on Settings, tick display hidden files, go to the public_html directory and you will see your .htaccess file which you can select and edit.


On the web you’ll find a lot of htaccess snippets for this redirection but most of excludes some basic instructions which are required to optimise your SEO and instruct Google that it isn’t a fresh new website.

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


It will instruct to apply the rewriting rules only for http calls to your website and also give the signal it is a 301 redirection which would keep all the off site SEO efforts you already benefit from. This step will make sure that WordPress redirect to https.


This code has been tested on all our lines of services and is working properly. However, if you are from another provider you may try these codes if you are facing the slightest issue:

RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteEngine on
RewriteCond %{REQUEST_SCHEME} =http
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteEngine on
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

II) How to Fix the Mixed Content Warning on WordPress?

a. Fix Automatically the Mixed Content Warning

This is the most common issue you can face when enabling a SSL certificate and the HTTPS protocol.

The reason was stated earlier and you would need to replace all http:// calls you make throughout the whole website. Fortunately, there is a plugin for that.

You punctually install this plugin to search and replace as all the content you are after is located in your MySQL database.

Search & Replace

Once, you have installed the plugin you would need to go to its interface and search the string http:// and replace it with https://.

b. Test your website HTTPS and seek for errors

Once, you have replaced all the iterations of http on all  your website you shouldn’t have the Mixed Content Warning. Yet, if you still face the error, it could be because of an inclusion you did before. But you may refer to this page in order to crawl and scan your website for any SSL related errors:


For the custom inclusion you may hard coded in your theme, you would need to alter it from the WordPress Code Editor (Menu Appearance / Editor). Please use this editor wisely and always perform a full backup before altering it as you could risk to break your website.


III) Enhance the SEO impact of the SSL installation

Now it is time to make sure you aren’t loosing your SEO juice, and optimise the whole.

You may experience a temporary set back in the search engines but it is only temporary since you have performed a 301 redirection and the following steps will also insure that Google is made aware of the change.

Since, you changed your URL structure, the search engines will see it as a new website. Therefore, you would need to perform these easy steps to maximise the return of the operation

  1. Create a new property in the Google Webmaster Tools and Bing Webmaster Tools
  2. Send your Website Sitemap to both and update it on your website
  3. Update the website property in Google Analytics if you are using it. (Admin -> Property Settings -> Default URL)
  4. Transfer your Social Share Counts to your website using the following WordPress plugins.


WordPress Social Sharing Plugin – Social Warfare


Let’s Wrap it Up!

You have learned how to make WordPress redirect to HTTPS. This guide was exhaustive and could be a lot digest but it will make sure you aren’t facing the slightest issue to benefit from a fairly easy SEO factor to increase your website success.

Of course, before diving in such operation, it is important to perform a full website backup.

If you are one of our customer, you would need to go to cPanel and generate your backup in 2 clicks.



Your current host isn’t including FREE SSL ? Try our shared web hosting packages and issue SSLs for free for all your websites

You want the green bar for your website! Get an Extended Validation SSL for your business with $10 immediate discount using this coupon: EV4WP.

Shared Web Hosting Servers Major Upgrade

We have recently upgraded our whole shared web hosting web servers. The upgrade has been applied to all our shared web hosting users and concerns the implementation of a new set of features. The features are mainly focused around speed while enhancing the user experience and also supporting emerging new technologies as listed below

  • Automatic Firewall Check Upon login to the client-area and Unban
  • PHP 7.2 Support
  • cPanel Website Cache Management Plugin
  • Improved GZIP Management: Automatic GZIP Activation for Cached Content
  • TLS 1.3 Support
  • GeoIP2 Lookup Support
  • GoogleQUIC v43 Support
  • Google BROTLI Compression Support for Static / Dynamic Content
  • PHP CRIU Support
CVE-2018-0886: Microsoft Security Update CredSSP affecting RDP Access

On the 8th of May, Microsoft finalized an update which started in March 13th by changing the authentification protrocol of the remote desktop sessions.

They rolled the final update by disabling the former CREDSSP protocol since an exploit was discovered. (CVE-2018-0886)

The exploit allowed to execute remote code a remote system through the logins details provided in a regular remote desktop session.

A hacker could therefore gain access to the remote desktop data, programs or even create/ disable new accounts.

Since, yesterday the patch not only patched the security issue by completely changed the authentification protocol and disabled the CREDSSP one by default.

The issue is that if you haven’t updated your Windows VPS (remote desktop server), you wouldn’t be able to access your VPS any longer and you should see the following message:

An Authentification error has occurred.

The Function requested is not supported

Remote computer: *IP ADDRESS*

This could be due to CredSSP encryption oracle remediation.

For more information, see https://go.microsoft.com/fwlink/?linkid=866660

Remote Desktop Connection CredSSP Error

In order to retrieve the usual access to your Windows VPS / Remote Desktop Access you would need to follow the steps below:

  1. Open a Command Prompt using Administrator Rights (right click on the cmd.exe, select execute as administrator)
  2. Paste the following commands into your command prompt and hit enter

reg add “HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters” /f /v AllowEncryptionOracle /t REG_DWORD /d 2


It will revert the modification made automatically with the latest automatic Windows Update and you should be able to access your remote desktop again.

Giving how critical this vulnerability is, we warmly invite you to perform all the Windows updates in order to patch the current security issue which is considered as highly critical and put your Windows VPS at risk.

Once you have run the update and your Windows VPS has been restarted, your VPS is patched and if you allow a remote desktop access to your computer, you would need to revert the change made by typing in the command prompt with elevated privileges the following:

reg add “HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters” /f /v AllowEncryptionOracle /t REG_DWORD /d 1

Hit enter.

Payza Logo
Payza Gateway Updated
posted by: in Announcements

We are publishing this news to let you know that we have updated the Payza gateway which is now operational.
Payza.com was seized by the US department of Justice  because of money laundering charges regarding the crypto currencies purchasing business.

Payza has now migrated their structure over Europe and now is under the website payza.eu

We have therefore updated the billing gateway after verification on our end to insure its integrity.

Google: HTTPS Swap is now Overdue

In 2014 Google made a statement on their webmaster central blog mentioning that Google would start to give a slight ranking boost to secured HTTPS websites using a SSL relying on a 2048 Bit key.

In January 2017 Google mentioned on their Google Security Blog that they had introduced with Chrome Version 56, a “Not Secure” mention in the address bar for website transmitting password or credit cards information.


Address Bar Google Chrome


While being announced in April 2017  in this official blog post, we notice that a significant amount of our users isn’t yet using a SSL certificate.

If your website isn’t using a SSL certificate as of now, it is now the time to get in and set one up for your website.

As a matter of fact, Google will push their effort further by introducing a dynamic warning to unsecured websites as soon as an user is entering data or even all HTTP pages browsed in Incognito Mode.



This update will come with the Chrome version 62 expected to be released in October 2017.





While not being a drastic penalty, it may still result in a loss in your conversion rates especially on non Tech Savvy markets.

Google makes consecutive move toward a full secured web even giving a slight google rankings boost using a SSL certificate which is a factor you should absolutely play with considering it is now at everyone’s reach.

Now, how would you approach the SSL migration, it can seem overwhelming and complicated. We are going to recapitulate a checklist for your to migrate to the HTTPS protocol without any inconvenience.


I) Backup Your Web Hosting Account


It is very important before proceeding to the SSL installations to back up your website in full, database included. You may refer to the backup section of your cPanel Account if you are running cPanel and then download it on your computer. This step is even recommended to do every once in a while in spite of our nightly backup for your shared web hosting account.


II) Check your CDN SSL Specifications


If you are using a Content Delivery Network (such as cloud flare or maxCDN), read about the specifications and whether they support the HTTPS protocol. It generally involves extra steps in order to make it work.

As a partner of Cloudflare, some of our users are based on this CDN. Cloudflare provides SSL certificate along with their CDN for which you would need to refer to this guide

If you are using Cloudflare SSLs you can refer directly to the step 3.



III) Install your SSL certificate


At HostStage, if you are running a shared web hosting account, you can refer to this guide, if you are under a managed linux VPS or a cPanel unmanaged VPS, or a cPanel dedicated server you can open a support ticket to have us install this module and you’ll be able to issue a SSL within a few clicks as shown in our knowledgebase article : How to Generate and Install a Free SSL Certificate with Let’s Encrypt


You can also benefit from premium SSL certificate which we provide or using a third party provider of course. Their benefits over Let’s Encrypt are multiple such as Issuance Speed, extended trust signals in browser (especially with EV SSL), all browsers compatible (Old Androids distributions, Blackberry, Sony PS3 / PS4)..) , Yearly renewal.


IV) Update the references in your content


All javascript, CSS, or absolute URL for images must be called in https and check whether the https version is working in your browser.

For example, let’s say assume you are using a Google fonts through the Google library.

In your website headers, you may have the following link to load your font :


You would need to change it to :


It would basically load your font using the Google SSL which is required for your own HTTPS otherwise, your page will displays warnings.

The references non-exhaustive list to check for is :

  • Update Images references in absolute URL
  • Update Social Media Javascripts references (Facebook, Twitter, G +)
  • Update External Javascripts and Libraries references (jQuery)
  • Update External or Absolute CSS Pages references
  • Update References in content (which could be in the database, WordPress plugins exists for this purpose)
  • Update Hreflang Tags
  • Update Canonical Tags

The only exception would of course remains the external links which doesn’t need to be in https as they are loaded along with your website.

It could be indeed a tedious work and they are way to automate the process either through SSH, or even using the bulk find and replace function of Notepad ++ on Windows, Atom on MacOS X. Please note, you would still need to check whether the HTTPS version of your resources is available manually in a web browser in order to be on the safe side.


V) Let’s not Forget your On Site SEO !


After all, you are also here to benefit from a ranking boost from the SSL so it is also important to not neglect the others side of your On Site SEO.

  • Update your Sitemap URLs with the HTTPS version
  • Update your Disavow file in Google Webmaster if any
  • Update your robots.txt to include your new sitemap(s)
  • Add a new property in Google, Bing Webmaster Tools and Google Analytics, and add in GWT and BWT the sitemap URL (no need to use the change address tool)
  • Update your social Share Count (some wordpress plugins and guides online are available)
  • Update your media campaign to use the https version
  • Update your old 301 redirects if any to redirect directly to the https version of your website

You can also enable HSTS (HTTP Strict Transport Security) which would optimize your website loading time by forcing the browser to make all its future requests in HTTPS rather than first querying over the HTTP protocol and then be redirected.

To do so, you would just need to add the following in your .htaccess file in your public directory.

Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS

If your website includes subdomains, you may also directly enable HSTS for them as well with the code below instead of the first one:

Header set Strict-Transport-Security: "max-age=31536000 ; includeSubDomains ;" env=HTTPS




VI) Let’s Put This ONLINE and Fire your HTTPS

If you are using wordpress, you would need to change your Base Url from the admin area :

  • Click On Settings
  • Select General Sub Menu
  • Update WordPress Address (URL)
  • Update Site Address (URL)

If you are using another CMS such as Joomla, Drupal, Prestashop the steps while similar would differ.

You would need to refer to their online guide in order to update the website main URL

Then, you would need to 301 redirect the HTTP version over the HTTPS version for which you would need to update your .htaccess and use the code quoted below :

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


Section : I have heard !?


1) “I have heard that running a https website is slower than http!

It is indeed a valid concern since the server would be stressed a little more to encrypt the data of your web page. Now, if you are using our services, you wouldn’t need to worry at all on this matter. We saw it coming and we have taken silent steps to prevent any overload or significant performance loss. All our linux VPS nodes are SSD RAID 10 Hardware, using latest CPU generation. Our shared web hosting servers have all been migrated to Litespeed which is a better performing Apache replacement. Litespeed is also available on your Linux VPS servers.

2) “I have heard that Let’s Encrypt needs to be renewed every 3 months!

Correct here again! Except that in HostStage, Let’s Encrypt renewals will be done automatically in due time without any SSL downtime. So it would be a worryless situation for you. 

3) “I have heard that I must pay for SSL!

Yes, that used to be the case, and you can still do if you opt for a premium SSL certificate (starting from $14,99 per year). But the Let’s Encrypt initiative remains completely free and we do not charge anything for you to benefit from it. On your web hosting account, the feature is already there.

The 8 Absolute Commandments for Internet Marketers Success

Working online is unquestionably a new growing trend over the last decade. It became a goal for many people. We estimated 2 millions person in the world working as internet marketers and it is growing.

The core goals are generally to be financially independent while working under your own terms. In others words being completely free.

Yet, being entirely free can be confusing or even overwhelming and here are some concrete and actionable tips for you to be successful in your online ventures




That’s the rule number one, as we had many users or seen many posts about the requirement to make X amount of money under X days.

Such thinking process is demanding for a one permanent failure as failures being part of the game, there is no room for them.

It is best to start aside of a day job without any financial stress and even having some little money to start with. (at least for a domain and a web hosting account)

Just don’t expect, to get a large sum of money overnight, it might happen but shall not be expected as it is exceptional.




Enthusiasm is tricky feeling which turns you in a working machine able to concretize an idea which is great to pull you out a procrastination circle but it comes with a side effect where you want to get immediate success to arouse the hype and often you don’t find the expected return and eventually the enthusiasm fade away as fast as it came, leaving a failure taste.

Yet, it remains a powerful weapon in your arsenal and using enthusiasm in a structured manner is key to your success. If you brainstorm over an idea (mind map / whiteboards) and then strategize the action plan, you would be on fire on the right area rather than shortcutting your way to success than very few meet anyhow. Consistency prevails over a burst fire.




This one is also a big one and it can be applied on all type of work. Working hard is very important of course and a key factor of your online success but smart work primes over anything else.

Working a dead amount of hours on a tedious outsourceable task is pointless and makes you loose focus or quality on the essential.

This can even be extended with the Paretto Principle mentioning that a typical day is made of 80% of non profitable tasks and the 20 remaining % is what makes you earn the most.

In most case, the 80% is either required or perceived as required so it needs to be done but focusing on how to optimize the 80% to become the new 20% of your working schedule is what you should be doing. So, you can then focus on what really matters.




Again, some internet marketers thinks that’s starting by limping huge amount of money over a non proven method would work. While it is a start up spirit, it is always recommended to proof test a method on a lower scale or test the water at least before trying it out. You might face issues in your process, (issues many would love to face, but can end in a devastating way), and you can even discover your method is flawed right from the start.

To illustrate this point, let’s say you are after Instagram marketing which is a great trend to make money online. You have no clue how instagram is working but you read about this method. Rather than purchasing Followliker and many Windows VPS right away, it is best to first start a bit manually to learn about how things are working to then automate it in the most efficient way adding your own twist.




Another big one! So you have seen a working method, you are all hyped about and you get started. After a certain time, you open back your favorite forums / social network / skype and read / hear about this other new way so much better method that makes you want nothing else than to hop on it. Repeat that, and you have a ton of unaccomplished projects than makes no earnings.

Or even worse, you are conducting your method but even before finishing a task you start another following your irrational thinking process, you feel smart but you achieve very little. You can also end up filling up your to do list manager, which pressures you over all the things you haven’t done yet. As the author and online worker, I went through these stages and develop a specific schedule flow where I have the concrete to do list, a notebook where all fantaisies can be written on and considered later on, a mind map where it isn’t due but organized, a white board to brainstorm and finally




Far from being a financial advice, this tip remains very important. When you earn money you didn’t have, a common instinct is to want to spend it to feel rich which is how you got it all wrong.

Your hard earned money should last for as long as you can while enjoying the process, invest it wisely and treat it as it should; as a very hard resources to obtain. It should also be used to make your earning stream sustainable and it should be planned to allow you scale up.  Warren Buffet didn’t become Warren Buffet by having a spending sheet as high as his incomes.

We have read many stories about one month successful internet marketers making poor decisions about their finance disappearing overnight.




Google Updates, Terms of services change, ban hammers, declining trend or market, copycats, saturation and so on are your ultimate ennemies that no one can be protected from and it can wipe any income stream you duly acquired. A classic business point of view is to innovate in order to prevent some of those scenarios but as an Internet Marketer diversifying is a strong and more likely the most viable solution. Diversifying require an organization in order to keep up with the main income steam.




Now, it is time for you if you haven’t already to take actions right now ! Whether you have done already, or trying to do but taking a break, or dreaming about a potential IM Lifestyle, right now is the right time. If you took the time to read this post, it means you have the time so go for it and make things happen for you!




Wanna Cryptor
World Wide Ransomware Outbreak using the NSA ToolKit
posted by: in Security | tagged:

Yesterday a massive world wide event took place with a ransomware worm attacking hundreds of thousands of computers and self replicating.

How did the Ransomware spread ?

The ransomware WannaCry (aka : WCry, WanaCryptor, WannaCrypt, Wanna Decryptor)has been seeded first through a campaign of emails phishing and spread to governments services (NHS, Russian Ministries..) and also many corporations (FedEx, Renault, Dacia, Nissan…) and throughout different countries.

After the initial mailing campaign, the ransomware was self distributing by SMB network scan using shared folders.



The ransomware was using the NSA Toolkit (Eternal BlueExploit of the toolkit) released for free by a group of hackers called the Shadow Brokers in April allowing anyone to gain access to any Windows based computers within a few minutes. (SMB v1/ RDP protocol).

The malware spreading was contained through a “kill switch” which simply involved a domain registration which was a condition for the malware to keep spreading. If the domain wasn’t resolving then, it would keep attacking. If it resolves then it would stop.

You can find a more detailed and technical approach from a security analyst :


What Can I do to protect myself and avoid being infected ?

In order to protect yourself, you would simply and urgently need to run all Windows updates for your server.

The backdoors were patched by a Windows updates for all Windows version and even the unsupported (End of Life) Windows XP.

It is recommended to run the windows updates every now and then and in those times more than ever.
It is indeed not quite convenient to have your VPS restarted but it is important to have them set.

You also need to keep a backup of your data not tied to your computer / VPS. (offline hard drive that you plug to back your data up) or an USB key for a lesser amount of data).

For a Windows VPS, if you are using our services, you can simply open a support ticket requesting us to take a backup of your VPS. You can also specify if you would like to be part of the monthly backup or keep a recovery point.

Otherwise, you would need to use a backup system not tied / mounted to your VPS such as a FTP server through a 3rd party client, a cloud based storage with a drag and drop web page for instance.

If you are in a hurry you can also run the commands to patch your servers quicker as introduced by Microsoft :


Can a Ransomware affect Dropbox ?

First and foremost, there is an important disclaimer, a common thinking process if you were using a Windows VPS is to use Dropbox as a backup platform. However, if you aren’t a Dropbox Premium users then you are exposed to have your dropbox encrypted. As a premium you would be able to recover your encrypted files by restoring a previous version but not in the free version.

One safe behavior while using dropbox which remains extremely convenient to transfer files from your computer, would be to use the selective synchronization (as explained here ) in order to only synchronize one exchange folder and hide the rest of your files from any Ransomware hitting a VPS.


Security Issue : Leaks of 68 Millions Dropbox Accounts

There is a current rumor of a leak of over 60 millions accounts details of dropbox users.

It is recommended to change the dropbox password as soon as possible to be on the cautious side.

We know how online marketers are loving the dropbox feature hence this post post to inform about a critical situation. It remains a solid way to transfer files from your computer to your Windows VPS for instance.

Dropbox is currently asking users to reset their passwords following a leak in 2012 as per a public statement this week.

However, some websites have analyzed a few data out of the breach and it sounds as the new encryption system they deployed in 2012 (bcrypt) has been breached.

Source : https://www.troyhunt.com/the-dropbox-hack-is-real/

Security Issue : WordPress Plugin All in One SEO Pack v2.3.6.1 exploit
posted by: in Security

All in One SEO pack is a widely spread plugins used to set the meta description, keywords and titles for the WordPress posts.

A XSS exploit has been discovered on the plugin All in One SEO pack plugin for the version and before.

You can immediately check the version from the plugin page and the current version should be v2.3.8.

The XSS has been discovered in the bad bot blocker feature and involve an exploit allowing to steal the administrator tokens through an altered user agent.

The vulnerability has been patched and a plugin update is strongly advised.



Result 1 - 10 of 35

Join Us on Facebook

Our Latest Tweets

  • 5 months ago

    @Galukxy  What is the reason of your website suspension? It could be something we could help you with actually

  • 8 months ago

    The Ultimate List: 57 Online Local Business Directories https://t.co/HATo96qXrw #localseo #Leadgeneration… https://t.co/HUz7sXscHz

  • 8 months ago

    21 of the Best #Facebook Pages We've Ever Seen https://t.co/Kz0o3jhuWS #FacebookMarketing #SMM #socialmedia https://t.co/nFOwpvtGMs

  • 8 months ago

    How to Make the Right Landing Page Rank: A Complete #SEO Checklist https://t.co/PaAye3CJCd #DigitalMarketing https://t.co/vTsj6sXEpu

  • 8 months ago

    30 Crazy #SocialMedia Facts That Might Change How You Think About Marketing https://t.co/hmEK7QuAnM #SMM #marketing https://t.co/mUlSRX8itV