Connect with us

WORDPRESS

WordPress: Bugs Detected in Ninja Forms Plugin, 1M Sites Affected

Published

on

wordpress:-bugs-detected-in-ninja-forms-plugin,-1m-sites-affected

Four major bugs in the Ninja Forms plugin for WordPress have been detected.

Immediate update is recommended.

Exploits detected in the Ninja Forms plugin for WordPress, installed on over a million sites, can lead to a complete site takeover if not patched.

Wordfence detected a total of four vulnerabilities in the Ninja Forms WordPress plugin that could allow attackers to:

  • Redirect site administrators to random locations.
  • Install a plugin that could be used to intercept all mail traffic.
  • Retrieve the Ninja Form OAuth Connection Key used to establish a connection with the Ninja Forms central management dashboard.
  • Trick a site administrators into performing an action that could disconnect a site’s OAuth Connection.

Those vulnerabilities could lead to attackers taking control of a site and performing any number of malicious actions.

Due to the severity of the exploits, an immediate update of the plugin is recommended. As of February 8 all vulnerabilities are patched in version 3.4.34.1 of the Ninja Forms plugin.

Ninja Forms is a popular plugin that allows site owners to build contact forms using an uncomplicated drag and drop interface.

It currently has over 1 million active installations. If you have a contact form on your site, and you’re not sure which plugin it’s built with, it’s worth checking to see if you’re using Ninja Forms.

A quick update of the plugin will protect your site from all the above listed vulnerabilities.

The speed at which these vulnerabilities were patched shows how committed the plugin’s developers are to keeping it safe.

Wordfence reports it made the Ninja Forms developers aware of the vulnerabilities on January 20, and they were all patched by February 8.

Vulnerability Exploits – The 3rd Greatest Threat to WordPress Sites

Vulnerability exploits are a significant threat to WordPress sites. It’s important to update your plugins regularly so you have the latest security patches.

A report published last month lists vulnerability exploits as third among the top 3 threats to WordPress sites.

In total there were 4.3 billion attempts to exploit vulnerabilities from over 9.7 million unique IP addresses in 2020.

It’s such a common attack that out of 4 million sites analyzed in the report, every one of them experienced at least one vulnerability exploit attempt last year.

Adding a firewall to your WordPress site is another way to keep it safe, as it can prevent attackers from abusing plugin vulnerabilities even if they haven’t been patched yet.

When adding a new plugin to your site it’s a good practice to check when it was last updated. It’s a good sign when plugins have been updated within recent weeks or months.

Abandoned plugins are a greater threat to sites because they may contain unpatched vulnerabilities.

For more tips on keeping your site safe, see: How to Protect a WordPress Site from Hackers.

Avoid Pirated Plugins

Avoid using pirated versions of paid plugins at all costs, as they’re the source of most widespread threat to WordPress security.

Malware from pirated themes and plugins is the number one threat to WordPress sites. Over 17% of all infected sites in 2020 had malware from a pirated plugin or theme.

Until recently it was possible to download pirated plugins from official WordPress repositories, but as of this week they have been removed.

Source: Wordfence

Read More

WORDPRESS

Shopmatey – Create a web store on your phone. Built on WooCommerce

Published

on

Shopmatey - Create a web store on your phone. Built on WooCommerce

Free Options

Embed

Shopmatey is a social commerce platform that combines shopping and social media. Discover new products, sell your own, or combine your products sold on other marketplaces into a single link. Join the future of shopping with Shopmatey today.

Launched in Android, iOS, E-Commerce by

Source link

Continue Reading

WORDPRESS

How to Prevent Fraud and Fake Orders in WooCommerce

Published

on

How to Prevent Fraud and Fake Orders in WooCommerce

Do you want to prevent fraud and fake orders on your WooCommerce store? Fraud and fake orders can cause serious losses for an online store. Luckily, …

Source link

Continue Reading

WORDPRESS

If Shopify Passes This Test, the Stock Could Soar

Published

on

If Shopify Passes This Test, the Stock Could Soar

For the first time in 12 years, Shopify (SHOP -4.37%) is raising prices.

The e-commerce software peddler hiked rates on its Basic, Shopify, and Advanced tiers by about 33%, leaving the most expensive Shopify Plus plan untouched at $2,000 a month.

The move comes after Shopify has been rocked by the pandemic hangover as e-commerce growth slowed dramatically last year after booming in 2020 and 2021. That was true not just for Shopify, but also peers like Amazon and Etsy.

The company has taken steps to reel in costs, issuing layoffs and finding other ways to trim expenses. As it looks for ways to grow and reinvest in the business, raising prices seems to make sense.

At a time when the stock is still down roughly 70% from the 2021 peak, the price hikes pose a major test for Shopify — one investors should pay close attention to.

Image source: Getty Images.

How wide is your moat?

Shopify has been a top-performing stock for most of its history thanks to its turbocharged revenue growth, but the company has also earned a high valuation from the market because of its perceived economic moat.

The company dominates the e-commerce software sector, serving a wide range of businesses from sole proprietors to Fortune 500 enterprises, and its customers generate roughly $200 billion in gross merchandise volume on its platform. The company fended off a challenge from Amazon, which closed its competing Amazon Webstore product several years ago, and is much larger than direct competitors like BigCommerce and WooCommerce.

That large base of customers and significant lead over its competition offers evidence for the company’s competitive advantage, and its product comes with high switching costs. Once you get set up selling, it’s costly, both in time and money, to switch to another provider.

Another way Shopify can demonstrate its competitive advantage is with pricing power. Great companies often have the ability to raise prices without significant customer loss. This might be due to a powerful brand or the sense among customers that there’s no equal substitute for the original company’s product or service. So, they simply accent a higher price when it gets passed down to them. 

Shopify was a much smaller company 12 years ago, and therefore has never really tested its pricing power before.

What Shopify merchants are saying

Unsurprisingly, the Shopify price hike sparked a lively debate on Reddit’s Shopify channel, with merchants airing different opinions on the matter. Some were frustrated with the price hike, especially coming at a time when online retailers are already struggling and facing higher costs through inflation.

However, others dismissed those concerns, essentially saying that the value of Shopify was worth paying an extra $10 or $20 a month. One commenter said, “As a web dev myself with years of experience in e-commerce, I can tell you there are so many Shopify features I take for granted now as a store owner that I know were mammoth tasks in our own platforms. You won’t get a shop for that price with the same functionality and ease of use.” They also added, “I do agree the app subscriptions are a bloody rip-off though!”

A handful of commenters said they planned to switch to Block‘s Square, and others discussed alternatives like BigCommerce and WooCommerce, but most didn’t seem to consider switching in response to the price hikes. A number of commenters also seemed to defend the move, saying that Shopify’s business has been struggling and it needs more money.

Will the price hikes pay off?

It’s unclear how much Shopify’s revenue stands to increase from the move. Subscriptions made up 28% of revenue in the most recent quarter, but close to half of its gross profit. However, this isn’t a straight 33% price increase as current merchants can keep the old monthly rate by switching to a yearly plan, and they also have three months before the price hikes are implemented. New merchants will have to pay the higher prices immediately.

Still, these price increases could add at least a mid-single-digit bump to revenue, but more important is that that extra income will flow straight to the bottom line since there are no extra costs associated with it.

That will give Shopify more money to reinvest in the business and could also give the stock a boost by padding the bottom line. 

Investors will learn more about the price hike’s impact over the coming quarters, but if the move is successful, Shopify could start increasing prices more regularly, possibly every few years, giving it an additional lever to pull as it grows the bottom line.

If the company can clearly demonstrate its pricing power and give a jolt to the bottom line at the same time, the stock could soar in response.

John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool’s board of directors. Jeremy Bowman has positions in Amazon.com, Block, Etsy, and Shopify. The Motley Fool has positions in and recommends Amazon.com, BigCommerce, Block, Etsy, and Shopify. The Motley Fool recommends the following options: long January 2023 $1,140 calls on Shopify and short January 2023 $1,160 calls on Shopify. The Motley Fool has a disclosure policy.

Source link

Continue Reading

Trending

en_USEnglish