On February 6, I had written a blog post regarding a possible security breach at BlogVault. Since then we have been conducting a thorough investigation into the issue. We have concluded the investigations. This post outlines its results.

 

No Data Breached

In our previous communication with you, we had mentioned that there had been a data breach. After detailed investigations, we found that the issue was a vulnerability in the BlogVault plugin, and none of the data on our servers were exposed.

We have ensured to cover every aspect of our system in our investigations, which involved inspecting the logs for our system as well as that of affected and unaffected sites. We also reviewed the attack payload with great detail.

 

BlogVault Plugin Vulnerability Fixed in Version 1.45

On Feb 4, we learned that we were using ‘unserialize’ PHP function on unverified data in BlogVault plugin versions 1.40 to version 1.44. We fixed it on the same day (Feb 4) with plugin version 1.45.

However, we had assumed the worst, and communicated with our customers the same day about the security issue. Following this, we also made a public announcement about it via a blog post.

Since then, we have thoroughly investigated the issue and analyzed our entire system. We have found that the the above mentioned vulnerability was the only entry point that allowed malware to be injected into sites on which the BlogVault plugin was reachable.

The BlogVault plugin has been secure ever since the updates on version 1.45.

However, we have continued to strengthen the security of our plugin and as of the date on which this post is published, the latest version of the BlogVault plugin is 1.46. If your BlogVault plugin is older than 1.46, we request you to update to the latest version available in the WordPress repository (https://wordpress.org/plugins/blogvault-real-time-backup/ ).

 

Your data and backups are safe

As mentioned in our previous communication, your backups and data were safe and continue to be safe. They were never at risk. This includes:

  • Your backups
  • Your passwords
  • Your payment details

Please find below the details of the measures we have taken during the investigation to bolster the security of our service:

 

Preventive Security Measures Implemented

As a reflection of our commitment to security best practices, we have taken a list of preventive security measures during the investigation to ensure that this incident doesn’t repeat itself.

  • Updates made with versions 1.45, and 1.46 of the BlogVault plugin were a part of the measures to strengthen the security of the plugin.
  • We have actively scanned all sites to identify websites affected by this issue and to get them cleaned and secure.
  • We have also pushed an automatic update to the BlogVault plugin on most sites.
  • Moreover, we have taken and continue to take measures to ensure that neither the BlogVault plugin nor the servers can be exploited.

 

Your Trust Continues to Be Important to Us

During this period, many of you who have reached out to us via our chat channels, email or even Twitter. We realize that you have not received the level of service on which we pride ourselves, and for this we apologize.

At BlogVault we are committed to being transparent and accountable to you. I know that we had received some questions about details regarding the issue. We were unable to respond to them because we had prioritized the security of the affected sites of our customers. We also wanted to ensure that we would refrain from adding to any speculations and only communicate facts.

We have set up an FAQs page that addresses some of the questions you might have regarding the security issue (these are different from the FAQs we received at first), and address the measures we have taken to secure sites. Please find the link to this page here. https://blogvault.net/security-updates-faqs/

The security of your sites and your trust is of utmost importance to us at BlogVault. Please reach out to us with any further queries you might have.

 

Thank You

You have been extremely understanding and generous to me and my entire team over this period; and we want to personally thank you for that.

Security is an ongoing process and we remain committed to making our service more robust.

 

We recently discovered a security breach at BlogVault which led to some data being exposed. Here are some details about the issue. We are currently in the middle of an extensive investigation and we will share updates with more detail as and when we learn more about the issue.

 

Update to The Latest Version

To mitigate risks from the data exposure we have updated our plugin with additional security measures. If you are learning about this for the first time and you are a BlogVault user then please update to BlogVault plugin version 1.45 from the WordPress plugin repository.

 

An ‘Updates Page’ for Clear Communication

We have reached out to all our customers informing them about the situation. We have also set up a ‘Security Updates’ page to be communicative throughout the process. The page also has some FAQs and contact details. Please follow this link for more details: https://blogvault.net/help/info

 

We understand that it can be frustrating for you; as it is for us, to not have all the information. We aim to be comprehensive in our response to the issue. Once we have safeguarded our customers’ data, and our investigation is complete we will be able to share more details.

 

Lastly, we have reached out all BlogVault customers and we are deeply moved by the patience and understanding displayed by many of them. We are working round the clock and have prioritized safeguarding your data.

We at blogvault arrived at a situation where we needed to convert some of our pages into posts. One’s common sense will tell to create a new post – copy everything from content to title as in page to the new post – delete the old page and finally publish the post! This should work great is your permalink is set to wordpress default (or you have some custom setting that handles it somehow using the id). But in our case our permalink setting was:

 

Post namehttp://127.0.0.1/wordpress/sample-post/

 

So when we visited the new (post) link after deleting the old page, we got 404 – Page not found!

 

Understanding the issue

As you can see the same thing works for a particular permalink setting but fails for another. This can be explained as – wordpress maintains a common (database) table for both post and page under the name ‘wp_posts’. As each entry in the table has its own unique id, when we try to locate them using id in permalink (as wordpress default) we face no problem.

However its not the same with our permalink setting. Due to some reason, on deleting a page (or post) from admin panel, wordpress does not immediately remove their corresponding entry from the database. So when resolving the address by post name, wordpress finds the earlier entry (page in our case) which is marked deleted, hence giving the 404 not found error.

 

Solution

One simple solution is using plugins exclusively made for this purpose. Some of them are:

http://wordpress.org/plugins/convert-post-types/

http://wordpress.org/plugins/vice-versa/

 

However incase you don’t mind getting your hands dirty and saving your site with the load of extra plugin, you can follow these steps (with extreme precautions).

  • Get access to your wordpress database. You may use phpmyadmin for that.
  • Open the wp_posts table.
  • Locate your post entry and replace its ‘post_type’ from ‘page’ to ‘post’ or vice versa.

OR

Incase you already created a new post as in our case and are now getting the 404 error, simply delete your earlier (deprecated) entry.

SQL query for same will be:

Post to page

UPDATE wp_posts SET post_type=’page’ WHERE id=<your_post_id>;

Page to post

UPDATE wp_posts SET post_type=’post’ WHERE id=<your_post_id>;

 

What are WordPress security Keys?

WordPress manages login sessions by storing the information in cookies instead of using PHP sessions. These cookies are secured by calculating a special hash of the username, password and “a long random string”. These “long random strings” used to calculate the cookie hash are called WordPress Security Keys. They are configured in the wp-config.php files. When a fresh WordPress site is setup the security keys look like this:


define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

Why should you set them on your site?

These keys play a big role in securing the cookies of a site. Without them it will be relatively easy for anyone to enter a WordPress site. Hence, while setting up a new site, it is recommended that the above default keys are replaced with a randomly generated one. The keys should be very long and very difficult to guess to be most effective.

How do they work?

The following article describes the process of calculating cookies using Secret Keys in detail.

https://api.wordpress.org/secret-key/1.1/salt/

You can copy the keys from the link above and replace them in your wp-config.php file. For example:

 


define('AUTH_KEY', 'g<z98-8lX|(5.DTVVFC*G O&G:R<code>utiR%B#,N8l7G:E2]+#n-{i?%yisDf_UIK(7');
define('SECURE_AUTH_KEY', '}UH1y+&Qqf]]@6&|/W,9}mTtF<F{|xzaVakp>9UvlwH$ .6&Yn[<q/W$+6?i*zKU');
define('LOGGED_IN_KEY', 'TJBE.sz{QNLl>c-oU{^G!xj%{t-ab+h{;|a@m#n7w0iNL-dp9OCV4AWucLQz3+z/');
define('NONCE_KEY', 'k?}x=cwsif@rb[Sc,-f5=33R$J|Qh}cJOpEA</code>Bm9!G|-P]}K<code>=EbDTw.k/wbcQ+-');
define('AUTH_SALT', '{nU:W(cOx+fRY+zhHXZ|l<1R?Edp$)v|QZ su6r++Ln3eisWq<Zi{QKS&x,DRfA+');
define('SECURE_AUTH_SALT', '~kX[L4;|O(A% _gQ_*TXHPlE@6f^Z~-pE#T}N?tBzKwYL-,.q5{L|p9<V+S</code>-RG]');
define('LOGGED_IN_SALT', '-:Bs5&X(/+(.|f(:GfcU+w/kbq2_o%W{{bbS%&|JIGR5I1sWwD-Y3Frko>yMn*$<');
define('NONCE_SALT', 'Lo%|>Ai6gS7[NqgVcW.mtq-4O0s^b|} ;c9nRXdf/jQ[n!> OSQc^Kmo-kk+aw{!');

What if I don’t set random Security Keys?

Given the importance of security keys, failing to replace these keys with random values can end up being a major security issue. In such situations, WordPress will generate its own keys, and store it in the options table in the database. If the keys are placed in the wp-config.php file at a later point, WordPress will override the values present in the database.

If WordPress auto-generates them, then why do it manually?

Inserting your own secret key is better for security. The cookies are created by combining the password hash and the secret keys. The password hash is stored in the database. Consider a situation where a hacker is able to access the contents of your database but not the files. In such a situation both the password hash and the secret key will be visible to the hacker. This will make it very easy for the hacker to get complete access to your site.

However, by storing the secret keys into the config file, they will need access to both the database and the files to be able to gain admin access for your site. Hence it is a good practice to keep the keys in the config file.

Do I have to remember these Security Keys?

No, once you place them in wp-config.php file, you do not need to remember them any more. You can change these values at any time, without having a major impact on your site.

What happens if you change them? Is it safe? Will it reset your passwords?

It is perfectly safe to change the Security Keys. They can be changed by replacing the existing values in the config file with a newly generated set of keys. When the keys are changed all cookies will be invalidated. All existing login sessions will be discarded, and the users will need to login again.

The security keys are also used to create nonces used in WordPress. Hence these too will be invalidated.

Finally, changing the security keys will not affect the user passwords in any way.

Why should you change them when your site gets hacked?

When a site gets hacked all data within the site can be considered to be compromised. One of the first recommendations is to change all passwords. However, as mentioned above, the security keys are even more important. If the hackers have the security keys, they can regain access to the site even if the passwords have been changed.

Hence it is important to change the security keys along with the passwords when a site gets hacked.

 

What are SECRET_SALT/SECRET_KEY?

The older versions of WordPress had only a single key called SECRET_KEY. In the 2.5 release the newer keys were added. However for sake of backward compatibility the SECRET_KEY is still honoured. If only SECRET_KEY is defined then, it is used to calculate the hash.

Why are there both Keys and Salts?

Keys and salts are both combined to create the final hash.

Most of the popular free and paid WordPress backup plugins such as Backup Buddy or Updraft Plus come with the ability to store the backups on a cloud service like Amazon S3. Offsite storage of the backup is a critical requirement for any good backup solution. If you are not using offsite backups, do so right away – sign up for our 7 day trial now.

The way these plugins implement this important feature however creates a security hole in your system. Your backups may not be as safe as you think.

Leaving the key in the open

Consider a scenario, where you have valuables that you would like to protect. You get a bank locker to safely store the valuables. Ideally you would like to keep the key to this locker in a safe place. Instead, just imagine if you keep these keys at your home, and not only that, you also put a nice, big label on the keys.

The above is obviously not a very smart thing to do. When someone breaks into your home they will not only get the stuff in your home, but they will also get the keys to the safe. Your locker will no longer protect you.

Hackers can steal your Amazon S3 key

The same problem exists with the free and paid backup plugins. While they will help you upload the data to your S3 account, they store the S3 key, which is used to copy your backups, on your site itself.

WordPress sites are often targeted by hackers. If your site gets hacked, the hackers will get the keys to your S3 account. The hackers will not only ruin your site, but they can also destroy your backups.

Robbing the whole neighborhood

WordPress Security

This problem is further exacerbated in the following situation. Imagine a scenario, where everyone in your neighborhood has a master key, which can be used to access every home in the neighborhood. You might trust your neighbors, and have no problem with such an arrangement. If you are away on a holiday, you can ask any of the neighbors to check that the gas is turned off at your home. There are other benefits with such an arrangement. However the downside is also very obvious. Even if one of the master keys is lost, the entire neighborhood will be vulnerable.

One key to rule them all

The above situation is exactly what happens when you use the same S3 or Dropbox account to back up multiple sites. This is a very common practice among designers or those with many websites. To backup multiple sites, it is economical to buy a developers license of any of the backup plugins. The big mistake will be to use the same S3 account to backup all the sites. Even if one of the sites is hacked, all the other sites will be compromised too.

Solution – Separate the backup from the original data

We recommend evaluating these plugins very carefully. A good WordPress backup service, will completely separate the backups from the original data. Losing the actual site should in no way compromise the backups. We at blogVault follow the best practices, and completely separate the backup from the actual site.

We keep copies of the data on 2 of our servers. Further we backup all of this data again onto our own S3 account. Finally, our servers are kept completely independent of the actual sites. Even if a site is hacked, there is no way for the hacker to access our servers or the backups.

Try out blogVault – sign up for our 7 day trial now.

Takeaways

  • Offsite storage is critical to any backup solution

  • Backup plugins store the S3 key in the WordPress site itself

  • The S3 key needs to be kept safely. If the site gets hacked the key will be stolen.

  • Use a complete WordPress backup service which separates backups from the original site.

EDIT: David from UpdraftPlus has mentioned that there are advanced settings in S3 which can reduce the risk associated with the S3 key being exposed. While these security measures do alleviate the problems a bit, and we do recommend them, they come at a cost. They lead to dramatically poorer user experience. They also can be further exploited by hackers to make it much more difficult to restore the site. The hackers can even exploit the hack to increase your S3 storage charges. We hence continue to advice against sharing using your S3 key in your backup plugins.

On your WordPress site, you may want to change the name of an existing category for your posts. This will affect the urls of all the posts belonging to the category(assuming you use Pretty Permalinks) as follows:

Earlier: www.example.com/category/some-post

Now: www.example.com/new-category/some-post

While your WordPress will now use these new URLs and everything will work, you will lose SEO benefits for the URLs using the older category. All links to the older URLs will now stop working leading to a terrible user experience and will affect your Google ranking. You may not want to lose that either!

There is a simple solution to that. You can easily redirect those no-more-valid urls to your new-category-urls.

 

Here’s how:

  • Go to your root wordpress folder and look for .htaccess file. Incase you don’t find one, create a new .htacess with contents as follows:


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Note: this is a very basic htaccess file for wp site with “pretty permalinks”

  • Now you need to tell your wordpress to redirect those old category urls to new category urls. To do that modify the .htaccess file as follows:


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^old-category/([a-z/.]+)$ new-category/$1 [R=301,L]
RewriteRule ^/category/old-category /category/new-category [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
  • Save it, upload to your server and its done!

Gaining mastery over the written word is a skill all writers hunger for. Yes, ”everyone” wants to be read!

From novice writers to accomplished and even celebrated ones, the urge to better one’s writing is often deep seated and heartfelt. Try a generic web search on the topic and at a bare minimum, 500,000,000 plus results spring up – affirmation that a large number of people who write content, often look to the web to provide a means to bring out the best in their writing skills. What everyone wants, in short, is a one-stop shop of resources which can go a long way in helping make their articles top notch, read and appreciated by all.

Newspaper
A newsroom, with its fast-paced tempo, salad-bowl of talent, deadline-backed energy, collective news expertise and an information hungry workforce is a great training ground for writers.  It is this very expertise that we bring you through a  well-paced, concise, high-value series of articles targeting web writers, bloggers, wannabe journalists, casual writers, career professionals, creatives and those writing for the web in general.

Our aim is to give you Newsroom insight, value-added content, practical approaches to writing and skill sets that will get your creative juices flowing.  So if you are looking to get tips on writing from how things work in a newsroom (spaces which have the highest density of writers) and what a basic newsroom writer looks at while bringing out an article, and how writers approach a particular piece of writing, we have what you are looking for.  Our writers bring to the table, years of newsroom experience through articles aimed at tackling every challenging aspect of writing, head on.

Most people who write for the web, want to be able to write as easily as professional writers do, and as quickly as they do. For those who have never been exposed to the formal practices of traditional or modern writing methods, our series gives not just writing tips, but valuable insights on how writing is done in the newsroom how information is processed, how topics are selected or dropped and how the length of any article is decided. Our Newsroom articles will run the gamut on the what, when, where, why, when and how  to write on everything from hard news, sports, medicine and business, to entertainment, technology and science, blogs etc.

WritingOur topics will range from basic to advanced – brainstorming for a piece, to how to gather and process information, ethics in writing, how to write a simple 500 word piece, writing in a news style, writing creatively, selecting what information to use in your piece, what are the basics of a journalistic approach to writing a feature piece right up to how to write for a medical journal, how to choose photos etc. The Newsroom perspective comes through examples, scenarios, the workings, the procedures and the flows followed in the newsroom by writers, editors, reporters, copy editors etc. Our aim is the give you the best in analysis, perspective, and expertise – and to go above and beyond the ordinary.

Akshat Choudhary, founder of blogVault, believes that the potential of a comprehensive resource pool for writers, is huge and the demand will grow in the years to come. His concept is simple – give writers the right platform, a go-to place on the web where they can search and find expertise, insight, analysis and overviews on how to create winning content and they will keep coming back for more. “Over the past few years’ content has become one of the most important mechanisms of connecting with your customers on the web. Every company small or large is investing heavily into different forms of content from blogging to video to even interactive forms,’’ he says.

Akshat has brought together a team of leading journalists who have helmed multi-team newsrooms, managed news teams and daily deadlines, ideated and defined varied content and steered the entire gamut of the creative writing processes, to pool their know-how on a common platform. He adds, ‘’we at blogVault have some great talent who together have 35+ years of experience in the newsroom. In this new section of our blog we want to talk about our experiences in the newsroom and hopefully will have something which can help people create great content.’’

Jennifer Carello“Your website is only as good as its backup…”

…says Jennifer Carello, Founder of Tech Care, LLC who has designed and developed hundreds of client websites. She believes that clean and easy navigation is imperative to a good website

Tech Care has just turned 15 and as a web designer and developer, the company’s founder Jennifer Carello knows only too well the intricacies and challenges behind creating successful and appealing sites.

An accomplished Novell engineer based in Connecticut, Jennifer has trained in some of the acclaimed technology institutes in the New York area. Her eye for detail and enthusiasm to keep up with the rapid changes engulfing the technology sector is what has helped her in designing unique and customized websites for her clients that meet their specific needs.

Having started out in the mid 1990s when mostly Notepad and HTML were in use, Jennifer feels that while the technology itself has become quite complex, it allows you do a lot more things than you could have ever imagined at an earlier time.

Back then, the internet was still fairly new, and everyone at that point used a dial up service. Animated gifs were the “in” thing. I thought writing the html back then was pretty simple because the pages were pretty simple. Since the 90s, so much has changed. Now we can use CSS to modify our sites, which was not available back then. We build sites in databases which are much more complex. So I have to say things were much simpler back then,” she explains.

As someone interested in introducing children to the latest technology for better learning, Jennifer has gone out of her way to help students develop their digital footprint.

As a web designer working in the industry for 15 years, what do you think has changed in the field over the years?

Sixteen years ago, the person who built your website could also be the person who built your server in your corporate environment, and possibly also the person who installed your phone system. Technology was lumped into one category since there was so much less of it. Nowadays, you have to specialize in something particular. Not only do I have to just design and produce websites, I need to be an “expert” in one or two technologies. There is so much to know that there are very few people who can know everything. I think this is the biggest change in the industry.

What, according to you, are the key elements in successful web design and development?

First and foremost, the thing which will make your website successful is a clean and easy to use navigation. Visitors to the website want to find the information that they need quickly and easily with the least number of clicks. If a person “gets lost” on your site or has trouble finding information, they will not come back, and therefore, you have lost a potential customer. Of course, good design is intriguing and helps, along with great photos and imagery, but most important is navigation.

What is the one back up problem that you would like to solve?

The biggest challenge when choosing a backup program is the restore process. You can have the best backup in the world, but if you cannot restore the backup, it is of no use. Likewise, if it takes a web developer hours upon hours to restore a site, the labor costs outweighs a paid service if used even once.

Why do you think WordPress backup is important?

I have had a handful of clients who have been hacked due to outdated software on the backend of their site. Some of these clients had no backup at all. These clients have had to spend quite a bit of money getting their site cleaned – by having a developer comb through files and database entries for rogue software injections from being hacked. If they had had a backup, a restore would have been painless and quick. As I say, your website is only as good as it’s backup. If you have not been hacked, that day may be coming. Don’t be surprised.

How do you use blogVault and what is it that you like about it?

I recommend blogVault to all of my customers. Many of them sign up for the service. I have used blogVault to restore sites after getting hacked, and also to move sites from one domain to another. Using blogVault for that purpose is amazingly easy. I like that the files are backed up off site, not on your own server. I like that you can test a restore of your site on their servers, or download your backup. I also really like that a month of backups is kept which is important if you need to go to a backup from a while ago. The support is also top notch; I have only the best things to say about the support. I love the one click restore feature most of all. This is the biggest benefit of blogvault.

What do you like the most about WordPress?

I love WordPress because it is easy to create pages, menus, and to make global changes in just a few clicks. With flat HTML pages, if you would like to make a global change, in many cases, you must touch each file on the website. With WordPress, you can save hours upon hours in mundane programming and spend time on the more important things such as embellishments, content and design.

What are the biggest challenges you have faced with WordPress?

I think WordPress is great because there is so much development to extend the software. Many people in all parts of the world who would never have a chance to make a living can create themes or plugins and have success. On the other hand, many of these people write something fantastic and then “disappear”, so that when another piece of software is updated and their software breaks, it can sometimes be difficult to find these people or get support. So WordPress is a great thing because of this and also a difficult thing because of this.

Rami LeviNeed often drives us to create, innovate and think out of the box. So when a DJ realized that each time he used mobile payments technology to accept credit cards for payment at an event, he was actually overpaying his merchant services provider every month, he decided to take things into his own hands. On finding out that the problem was a common one, but the options were few, the idea of looking for a way to make mobile credit card processing cheaper for himself and others, took shape. That is when Rami Levi developed a business plan and set out to find a way to promote his new product.

Currently the head honcho of GlobalPay – a merchant services company specializing in mobile payment solutions, Rami is still the owner of RaMiX Events Production, his music entertainment company and says that he loves his job up until this day, as this job is what got him into his current business.

“After getting in contact with companies like First Data I developed a business plan and was looking for a way to promote the new product. I was aware of surrounding competition and the way I was able to differentiate my competition from me is by offering low cost processing, no monthly fee accounts and unique features that most of my competition still do not have. Although it looked very promising, I didn’t get my first client until over 4 months of effort and hard working. Today our website is generating new customers at a much faster pace and we anticipate the growth rate to keep rising,” he tells blogVault.

What is GlobalPay?

In one sentence, GlobalPay is a merchant services company specializing in mobile payment solutions.

How and why is a service like yours, the need of the hour today? Is this because of the popularity of mobile payments?

As technology keeps evolving and as more and more people every year use credit cards, merchants need to adapt to the technological era and accept credit card payments where business takes them. Checks are out dated already and most people tend to not carry much cash with them, so if you want to get paid quickly and easily, mobile payments are the way to go.

From a DJ to GlobalPay, what was the journey like and what was the toughest challenge you faced as an entrepreneur?

During this “GlobalPay Passage” I’ve faced many obstacles, from one side the need to complete my education at the university I am attending, from another side making sure there is enough income to cover all the costs of school and the new business while understanding that being a DJ is fun but also a full time job, and from another side the fact that the only company that offered the product I needed was not willing to work with me and only 6 months of hard working had proved to them that I might be deserving it.


What is mobile credit card processing – how does this impact credit card users like you and me?

Mobile credit card processing is the ability to process credit card payments using a wireless device. At the past this device used to be a special credit card terminal that was designed for this specific purpose (like the Nurit 8000), this product used to be expensive and its maintenance was a bit high. Today, instead of using these expensive machines, merchants can use their own smartphones or tablets. By installing an app on your phone or tablet you’ll be able to process payments quickly and securely.

What does a mobile payment processing provider do? Why is cost a key factor in this setup?

A Mobile Payment Provider supplies the necessary tools in order to process wireless payments. These tools may include a merchant account, the mobile card reader and the designated app that will be suitable with your mobile device. To the client, there are no costs involved in obtaining an account with us. The setup is free and so is our card reader.

In what forms do you offer payment processing services today? What would you say is the usage of such services like in the industry?

Payment processing is a large industry and each merchant may need a different payment solution as each merchant operates differently. Some have a retail store, others have an online website and others may offer services or products at the customer’s location. In order to comply with each merchant’s individual needs we offer payment solutions in several ways. Retail locations may use our traditional credit card machines, online users may use our virtual payment gateway that offers shopping cart integration for online shops (E-Commerce) and on-the-go merchants may use our mobile payment solution.

Tell us a bit about the international services you are offering?

All services that are currently offered at the US are also offered worldwide, pricing depends on the location and risk factor of the individual business.

What made you choose WordPress for your marketing site?

When I thought of developing GlobalPay I consulted with a few web developers who wanted a lot of money for my website. At the time I was not able to afford it and I wasn’t able to build trust with any of them due to my lack of expertise in the industry. So, I called my uncle who is a computer programmer and asked him what he thinks. Instantly he mentioned WordPress, within 48 hours I found myself beginning to build GlobalPay’s official website.

Do the security concerns regarding WordPress worry you, given that you are in the payments industry?

Yes it did, although I take every security measure possible with WordPress I am aware of the risk and therefore customer information is never on our servers but on the processor’s servers where they are monitored 24 hours a day, 7 days a week.

How did you go about selecting a hosting provider for your site?

I’ve been with GoDaddy many years (for my DJ’s website) and simply chose them, they have excellent customer service and this is one thing I am always looking for.

You are using Godaddy Website Protection. How has your experience been with them?

GoDaddy Website Protection team is extremely helpful, the one time I had an issue they instantly logged in into my servers and fixed the problem within 4 hours. More than anything, not only they are very reliable but also very affordable.

What was the thinking behind choosing a specialized WordPress backup solution?

In order to prevent any future problems and to save all the hard work that has been put into the website, I believe it is an obligation and a responsibility of any site owner to back up their website database whenever possible.

We obviously very strongly believe that backups should be 3rd party but we do see many site-owners trusting their hosting provider itself. Did you consider the backup provided by the hosting provider itself?

No, I never even considered it after stories I’ve heard of hackers breaking into a server and erasing all the content from it including backup. I strongly believe that backups should be done only by a 3rd party in order to maximize protection and minimize problems.

How has your experience been with blogVault – any suggestions?

One thing I really liked about blogVault is the quick customer service I received the first time I emailed them. The system has been much easier and quicker to set up than different backup systems I’ve tried in the past. The best feature I like is the option to test the backup and see if it works as it should be before restoring in a case where someone would need immediate restorations.

It is only after losing valuable data that most of us wake up to the need for preservation of our digital information by regularly backing it up. This World Backup Day, the Founding Director of Website Essentials TM tells us why it is important to play it secure   

Many of us have encountered this situation: we have tons of data in our systems and our digital presence makes us happy. We hope that whatever security and backup measures we have taken will hold us in good stead. But what niggles in the back of our minds becomes the monstrous reality one day. All that data is gone, just like that.

Not if you have a foolproof backup system. And internet marketing advisor and the first Yahoo Search Marketing Ambassador in Australia, Mark Tull knows that better than anyone else. Founding Director of Website Essentials TM, a Gold Coast-based company that specializes in website design and conversion, Adwords management and Search Engine Optimization, Mark has been a trailblazer of sorts. A true believer in the power of the net, he was building and designing websites as early as the mid-90s and also understood how crucial it was to have synergy between website designing and marketing.

“Reliability and service key to a good backup solution”

Having dabbled in managing a resort and a few other fields of work, he, along with another person, founded Hot Goanna, a leading Australian Internet Marketing company in 2005 and was highly successful with his venture. Later he sold the company to TPP Internet and went on to work in the area of search engine optimization.

Website Essentials was born in 2009 because Mark felt the need to bring in expertise in the field of internet marketing and wanted to marry it with quality website design and development. He is one of the early Google Adwords Professionals in Australia and Associate Fellow of the Australian Institute of Management. Considering that his company is responsible for data in hundreds of clients’ website, good backup is as essential to him as good hosting and a good operating system.

Mark Tull

Excerpts from an interview:  

Q1. Please tell us about your experience of losing valuable data and what steps you took to deal with this persistent problem.

A. Having lost a server at another business years ago, I remember the pain of trying to re-host, re-point and replace multiple websites by ftp from local files.  It was a long weekend I never will forget. With my current business with several hundred client websites, relying only on the server internal backup was a real concern.  Then of course, the epidemic of hacks around the world was only going to get worse and more aggressive, in my opinion.

To deal with this problem, we thoroughly researched many solutions.  Luckily, we pre-empted a massive hack attack on many of our clients’ websites and had blogVault in place.

Q2. What are the important lessons you have learnt through this experience about data recovery and security of your websites?

A.The ability to find the hack / fault and then be able to replace or export an up-to- date complete copy of the site and database is outstanding with blogVault. When you can identify the date of the attack or failure, you can quickly choose the previous day in the backup system and even if you have to reset the host on another server, it is almost instant.  This is real peace of mind.

Q3. What do you look for in a good backup solution?

A.One major quality we look for is customer service and reliability. We need access when we really need it, and we need assistance when we really need it. blogVault can be relied upon for this.

Q4. How have you used blogVault for your security issues?

A.Working with the team at blogVault based on previous hacks, their insight and knowledge has pointed us to continually refine our security and settings, much more so than our hosting provider. This way, we now not only keep an eye on our sites, but we continually work to make them more secure.

Q5. What are the advantages of using WordPress?

A. We love it, search engines love it, and our clients love it. The ability to create your own code and enhance it is excellent. Most SME clients just enjoy being able to really work on their own sites using WordPress.

Q6.What, according to you, are the five essentials for keeping sites and data secure?

A.Good Hosting, Good Operating System, Good email settings, Good Backup service and Good information going out to clients, reminding them that they are part of the solution to being safe on the internet.

Q7. What is the one thing you would like to change about WordPress?

A.I would like WordPress to talk to me and let me know when someone is inside my site, a bit like double verification on your Google account.

If you need to setup an online presence for your business please do contact Mark at http://websiteessentials.com.au/