Hi there!

Today, I’m proud to announce the launch of our very own host-agnostic WordPress migration plugin: Migrate Guru!

Since we first started, BlogVault has grown to become a major player in the field of WordPress backups. A huge contributor to our growth has been the fact that our subscribers came to us to help them solve issues related to their websites.

Over time, we received a large number of requests and queries about WordPress migrations. We tried solving these problems at first with other migration plugins, but we realized that most of them needed tons of manual work as well as constant monitoring. We basically needed something like Iron Man’s Jarvis to help us out.


via GIPHY

The result? Well we did what engineers do (i.e. we basically built Jarvis…but for migrations).

Our ‘Jarvis’ was an in-house tool to help us automate the migration process. We eventually could bundle it with BlogVault to offer our users better functionality. Having it also let us partner with leading WordPress webhosts (such as WP Engine, Flywheel, Pantheon, and many others) for onboarding their customers.

Our experience got us thinking that if our existing customers and partners had such a great need for migration tools, so would others!

Turns out:

  1. Most site owners who don’t have the time to do it themselves either hire web developers or turn to their hosts.
    However, these aren’t ideal options since they could turn to be expensive affairs (and/)or take time.
  2. The others who have technical knowledge use WordPress migration plugins, but even these need manual work.

This is why we built Migrate Guru. Migrate Guru is a free-to-use migration plugin that makes WordPress migrations quick, and easy. Moreover, since the plugin performs the migration process on our servers, it’s poses ZERO risk to your live site. This also ensures that the migration process doesn’t time out, no matter the size of your site.

While the Migrate feature will continue to be a part of the BlogVault product, Migrate Guru is our way of giving back to the WordPress community. We’ve used our knowledge gained from migrating over 500,000 sites, and hope that it makes life easier for anyone using it.

 

Oh, but don’t take our word for it…

 

Check it out for yourself, and let us know what you think!

 

On February 6, I had written a blog post regarding a possible security breach at BlogVault. Since then we have been conducting a thorough investigation into the issue. We have concluded the investigations. This post outlines its results.

 

No Data Breached

In our previous communication with you, we had mentioned that there had been a data breach. After detailed investigations, we found that the issue was a vulnerability in the BlogVault plugin, and none of the data on our servers were exposed.

We have ensured to cover every aspect of our system in our investigations, which involved inspecting the logs for our system as well as that of affected and unaffected sites. We also reviewed the attack payload with great detail.

 

BlogVault Plugin Vulnerability Fixed in Version 1.45

On Feb 4, we learned that we were using ‘unserialize’ PHP function on unverified data in BlogVault plugin versions 1.40 to version 1.44. We fixed it on the same day (Feb 4) with plugin version 1.45.

However, we had assumed the worst, and communicated with our customers the same day about the security issue. Following this, we also made a public announcement about it via a blog post.

Since then, we have thoroughly investigated the issue and analyzed our entire system. We have found that the the above mentioned vulnerability was the only entry point that allowed malware to be injected into sites on which the BlogVault plugin was reachable.

The BlogVault plugin has been secure ever since the updates on version 1.45.

However, we have continued to strengthen the security of our plugin and as of the date on which this post is published, the latest version of the BlogVault plugin is 1.46. If your BlogVault plugin is older than 1.46, we request you to update to the latest version available in the WordPress repository (https://wordpress.org/plugins/blogvault-real-time-backup/ ).

 

Your data and backups are safe

As mentioned in our previous communication, your backups and data were safe and continue to be safe. They were never at risk. This includes:

  • Your backups
  • Your passwords
  • Your payment details

Please find below the details of the measures we have taken during the investigation to bolster the security of our service:

 

Preventive Security Measures Implemented

As a reflection of our commitment to security best practices, we have taken a list of preventive security measures during the investigation to ensure that this incident doesn’t repeat itself.

  • Updates made with versions 1.45, and 1.46 of the BlogVault plugin were a part of the measures to strengthen the security of the plugin.
  • We have actively scanned all sites to identify websites affected by this issue and to get them cleaned and secure.
  • We have also pushed an automatic update to the BlogVault plugin on most sites.
  • Moreover, we have taken and continue to take measures to ensure that neither the BlogVault plugin nor the servers can be exploited.

 

Your Trust Continues to Be Important to Us

During this period, many of you who have reached out to us via our chat channels, email or even Twitter. We realize that you have not received the level of service on which we pride ourselves, and for this we apologize.

At BlogVault we are committed to being transparent and accountable to you. I know that we had received some questions about details regarding the issue. We were unable to respond to them because we had prioritized the security of the affected sites of our customers. We also wanted to ensure that we would refrain from adding to any speculations and only communicate facts.

We have set up an FAQs page that addresses some of the questions you might have regarding the security issue (these are different from the FAQs we received at first), and address the measures we have taken to secure sites. Please find the link to this page here. https://blogvault.net/security-updates-faqs/

The security of your sites and your trust is of utmost importance to us at BlogVault. Please reach out to us with any further queries you might have.

 

Thank You

You have been extremely understanding and generous to me and my entire team over this period; and we want to personally thank you for that.

Security is an ongoing process and we remain committed to making our service more robust.

 

We recently discovered a security breach at BlogVault which led to some data being exposed. Here are some details about the issue. We are currently in the middle of an extensive investigation and we will share updates with more detail as and when we learn more about the issue.

 

Update to The Latest Version

To mitigate risks from the data exposure we have updated our plugin with additional security measures. If you are learning about this for the first time and you are a BlogVault user then please update to BlogVault plugin version 1.45 from the WordPress plugin repository.

 

An ‘Updates Page’ for Clear Communication

We have reached out to all our customers informing them about the situation. We have also set up a ‘Security Updates’ page to be communicative throughout the process. The page also has some FAQs and contact details. Please follow this link for more details: https://blogvault.net/help/info

 

app backup & restore

We understand that it can be frustrating for you; as it is for us, to not have all the information. We aim to be comprehensive in our response to the issue. Once we have safeguarded our customers’ data, and our investigation is complete we will be able to share more details. Security is essential for all even while an app backup & restore.

 

Lastly, we have reached out all BlogVault customers and we are deeply moved by the patience and understanding displayed by many of them. We are working round the clock and have prioritized safeguarding your data.

We at blogvault arrived at a situation where we needed to convert some of our pages into posts. One’s common sense will tell to create a new post – copy everything from content to title as in page to the new post – delete the old page and finally publish the post! This should work great is your permalink is set to wordpress default (or you have some custom setting that handles it somehow using the id). But in our case our permalink setting was:

 

Post namehttp://127.0.0.1/wordpress/sample-post/

 

So when we visited the new (post) link after deleting the old page, we got 404 – Page not found!

 

Understanding the issue

As you can see the same thing works for a particular permalink setting but fails for another. This can be explained as – wordpress maintains a common (database) table for both post and page under the name ‘wp_posts’. As each entry in the table has its own unique id, when we try to locate them using id in permalink (as wordpress default) we face no problem.

However its not the same with our permalink setting. Due to some reason, on deleting a page (or post) from admin panel, wordpress does not immediately remove their corresponding entry from the database. So when resolving the address by post name, wordpress finds the earlier entry (page in our case) which is marked deleted, hence giving the 404 not found error.

 

Solution

One simple solution is using plugins exclusively made for this purpose. Some of them are:

http://wordpress.org/plugins/convert-post-types/

http://wordpress.org/plugins/vice-versa/

 

However incase you don’t mind getting your hands dirty and saving your site with the load of extra plugin, you can follow these steps (with extreme precautions).

  • Get access to your wordpress database. You may use phpmyadmin for that.
  • Open the wp_posts table.
  • Locate your post entry and replace its ‘post_type’ from ‘page’ to ‘post’ or vice versa.

OR

Incase you already created a new post as in our case and are now getting the 404 error, simply delete your earlier (deprecated) entry.

SQL query for same will be:

Post to page

UPDATE wp_posts SET post_type=’page’ WHERE id=<your_post_id>;

Page to post

UPDATE wp_posts SET post_type=’post’ WHERE id=<your_post_id>;

 

What are WordPress security Keys?

WordPress manages login sessions by storing the information in cookies instead of using PHP sessions. These cookies are secured by calculating a special hash of the username, password and “a long random string”. These “long random strings” used to calculate the cookie hash are called WordPress Security Keys. They are configured in the wp-config.php files. When a fresh WordPress site is setup the security keys look like this:


define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

Why should you set them on your site?

These keys play a big role in securing the cookies of a site. Without them it will be relatively easy for anyone to enter a WordPress site. Hence, while setting up a new site, it is recommended that the above default keys are replaced with a randomly generated one. The keys should be very long and very difficult to guess to be most effective.

How do they work?

The following article describes the process of calculating cookies using Secret Keys in detail.

https://api.wordpress.org/secret-key/1.1/salt/

You can copy the keys from the link above and replace them in your wp-config.php file. For example:

 


define('AUTH_KEY', 'g<z98-8lX|(5.DTVVFC*G O&G:R<code>utiR%B#,N8l7G:E2]+#n-{i?%yisDf_UIK(7');
define('SECURE_AUTH_KEY', '}UH1y+&Qqf]]@6&|/W,9}mTtF<F{|xzaVakp>9UvlwH$ .6&Yn[<q/W$+6?i*zKU');
define('LOGGED_IN_KEY', 'TJBE.sz{QNLl>c-oU{^G!xj%{t-ab+h{;|a@m#n7w0iNL-dp9OCV4AWucLQz3+z/');
define('NONCE_KEY', 'k?}x=cwsif@rb[Sc,-f5=33R$J|Qh}cJOpEA</code>Bm9!G|-P]}K<code>=EbDTw.k/wbcQ+-');
define('AUTH_SALT', '{nU:W(cOx+fRY+zhHXZ|l<1R?Edp$)v|QZ su6r++Ln3eisWq<Zi{QKS&x,DRfA+');
define('SECURE_AUTH_SALT', '~kX[L4;|O(A% _gQ_*TXHPlE@6f^Z~-pE#T}N?tBzKwYL-,.q5{L|p9<V+S</code>-RG]');
define('LOGGED_IN_SALT', '-:Bs5&X(/+(.|f(:GfcU+w/kbq2_o%W{{bbS%&|JIGR5I1sWwD-Y3Frko>yMn*$<');
define('NONCE_SALT', 'Lo%|>Ai6gS7[NqgVcW.mtq-4O0s^b|} ;c9nRXdf/jQ[n!> OSQc^Kmo-kk+aw{!');

What if I don’t set random Security Keys?

Given the importance of security keys, failing to replace these keys with random values can end up being a major security issue. In such situations, WordPress will generate its own keys, and store it in the options table in the database. If the keys are placed in the wp-config.php file at a later point, WordPress will override the values present in the database.

If WordPress auto-generates them, then why do it manually?

Inserting your own secret key is better for security. The cookies are created by combining the password hash and the secret keys. The password hash is stored in the database. Consider a situation where a hacker is able to access the contents of your database but not the files. In such a situation both the password hash and the secret key will be visible to the hacker. This will make it very easy for the hacker to get complete access to your site.

However, by storing the secret keys into the config file, they will need access to both the database and the files to be able to gain admin access for your site. Hence it is a good practice to keep the keys in the config file.

Do I have to remember these Security Keys?

No, once you place them in wp-config.php file, you do not need to remember them any more. You can change these values at any time, without having a major impact on your site.

What happens if you change them? Is it safe? Will it reset your passwords?

It is perfectly safe to change the Security Keys. They can be changed by replacing the existing values in the config file with a newly generated set of keys. When the keys are changed all cookies will be invalidated. All existing login sessions will be discarded, and the users will need to login again.

The security keys are also used to create nonces used in WordPress. Hence these too will be invalidated.

Finally, changing the security keys will not affect the user passwords in any way.

Why should you change them when your site gets hacked?

When a site gets hacked all data within the site can be considered to be compromised. One of the first recommendations is to change all passwords. However, as mentioned above, the security keys are even more important. If the hackers have the security keys, they can regain access to the site even if the passwords have been changed.

Hence it is important to change the security keys along with the passwords when a site gets hacked.

 

What are SECRET_SALT/SECRET_KEY?

The older versions of WordPress had only a single key called SECRET_KEY. In the 2.5 release the newer keys were added. However for sake of backward compatibility the SECRET_KEY is still honoured. If only SECRET_KEY is defined then, it is used to calculate the hash.

Why are there both Keys and Salts?

Keys and salts are both combined to create the final hash.

Most of the popular free and paid WordPress backup plugins such as Backup Buddy or Updraft Plus come with the ability to store the backups on a cloud service like Amazon S3. Offsite storage of the backup is a critical requirement for any good backup solution. If you are not using offsite backups, do so right away – sign up for our 7 day trial now.

The way these plugins implement this important feature however creates a security hole in your system. Your backups may not be as safe as you think.

Leaving the key in the open

Consider a scenario, where you have valuables that you would like to protect. You get a bank locker to safely store the valuables. Ideally you would like to keep the key to this locker in a safe place. Instead, just imagine if you keep these keys at your home, and not only that, you also put a nice, big label on the keys.

The above is obviously not a very smart thing to do. When someone breaks into your home they will not only get the stuff in your home, but they will also get the keys to the safe. Your locker will no longer protect you.

Hackers can steal your Amazon S3 key

The same problem exists with the free and paid backup plugins. While they will help you upload the data to your S3 account, they store the S3 key, which is used to copy your backups, on your site itself.

WordPress sites are often targeted by hackers. If your site gets hacked, the hackers will get the keys to your S3 account. The hackers will not only ruin your site, but they can also destroy your backups.

Robbing the whole neighborhood

WordPress Security

This problem is further exacerbated in the following situation. Imagine a scenario, where everyone in your neighborhood has a master key, which can be used to access every home in the neighborhood. You might trust your neighbors, and have no problem with such an arrangement. If you are away on a holiday, you can ask any of the neighbors to check that the gas is turned off at your home. There are other benefits with such an arrangement. However the downside is also very obvious. Even if one of the master keys is lost, the entire neighborhood will be vulnerable.

One key to rule them all

The above situation is exactly what happens when you use the same S3 or Dropbox account to back up multiple sites. This is a very common practice among designers or those with many websites. To backup multiple sites, it is economical to buy a developers license of any of the backup plugins. The big mistake will be to use the same S3 account to backup all the sites. Even if one of the sites is hacked, all the other sites will be compromised too.

Solution – Separate the backup from the original data

We recommend evaluating these plugins very carefully. A good WordPress backup service, will completely separate the backups from the original data. Losing the actual site should in no way compromise the backups. We at blogVault follow the best practices, and completely separate the backup from the actual site.

We keep copies of the data on 2 of our servers. Further we backup all of this data again onto our own S3 account. Finally, our servers are kept completely independent of the actual sites. Even if a site is hacked, there is no way for the hacker to access our servers or the backups.

Try out blogVault – sign up for our 7 day trial now.

Takeaways

  • Offsite storage is critical to any backup solution

  • Backup plugins store the S3 key in the WordPress site itself

  • The S3 key needs to be kept safely. If the site gets hacked the key will be stolen.

  • Use a complete WordPress backup service which separates backups from the original site.

EDIT: David from UpdraftPlus has mentioned that there are advanced settings in S3 which can reduce the risk associated with the S3 key being exposed. While these security measures do alleviate the problems a bit, and we do recommend them, they come at a cost. They lead to dramatically poorer user experience. They also can be further exploited by hackers to make it much more difficult to restore the site. The hackers can even exploit the hack to increase your S3 storage charges. We hence continue to advice against sharing using your S3 key in your backup plugins.

On your WordPress site, you may want to change the name of an existing category for your posts. This will affect the urls of all the posts belonging to the category(assuming you use Pretty Permalinks) as follows:

Earlier: www.example.com/category/some-post

Now: www.example.com/new-category/some-post

While your WordPress will now use these new URLs and everything will work, you will lose SEO benefits for the URLs using the older category. All links to the older URLs will now stop working leading to a terrible user experience and will affect your Google ranking. You may not want to lose that either!

There is a simple solution to that. You can easily redirect those no-more-valid urls to your new-category-urls.

 

Here’s how:

  • Go to your root wordpress folder and look for .htaccess file. Incase you don’t find one, create a new .htacess with contents as follows:


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Note: this is a very basic htaccess file for wp site with “pretty permalinks”

  • Now you need to tell your wordpress to redirect those old category urls to new category urls. To do that modify the .htaccess file as follows:


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^old-category/([a-z/.]+)$ new-category/$1 [R=301,L]
RewriteRule ^/category/old-category /category/new-category [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
  • Save it, upload to your server and its done!

Gaining mastery over the written word is a skill all writers hunger for. Yes, ”everyone” wants to be read!

From novice writers to accomplished and even celebrated ones, the urge to better one’s writing is often deep seated and heartfelt. Try a generic web search on the topic and at a bare minimum, 500,000,000 plus results spring up – affirmation that a large number of people who write content, often look to the web to provide a means to bring out the best in their writing skills. What everyone wants, in short, is a one-stop shop of resources which can go a long way in helping make their articles top notch, read and appreciated by all.

Newspaper
A newsroom, with its fast-paced tempo, salad-bowl of talent, deadline-backed energy, collective news expertise and an information hungry workforce is a great training ground for writers.  It is this very expertise that we bring you through a  well-paced, concise, high-value series of articles targeting web writers, bloggers, wannabe journalists, casual writers, career professionals, creatives and those writing for the web in general.

Our aim is to give you Newsroom insight, value-added content, practical approaches to writing and skill sets that will get your creative juices flowing.  So if you are looking to get tips on writing from how things work in a newsroom (spaces which have the highest density of writers) and what a basic newsroom writer looks at while bringing out an article, and how writers approach a particular piece of writing, we have what you are looking for.  Our writers bring to the table, years of newsroom experience through articles aimed at tackling every challenging aspect of writing, head on.

Most people who write for the web, want to be able to write as easily as professional writers do, and as quickly as they do. For those who have never been exposed to the formal practices of traditional or modern writing methods, our series gives not just writing tips, but valuable insights on how writing is done in the newsroom how information is processed, how topics are selected or dropped and how the length of any article is decided. Our Newsroom articles will run the gamut on the what, when, where, why, when and how  to write on everything from hard news, sports, medicine and business, to entertainment, technology and science, blogs etc.

WritingOur topics will range from basic to advanced – brainstorming for a piece, to how to gather and process information, ethics in writing, how to write a simple 500 word piece, writing in a news style, writing creatively, selecting what information to use in your piece, what are the basics of a journalistic approach to writing a feature piece right up to how to write for a medical journal, how to choose photos etc. The Newsroom perspective comes through examples, scenarios, the workings, the procedures and the flows followed in the newsroom by writers, editors, reporters, copy editors etc. Our aim is the give you the best in analysis, perspective, and expertise – and to go above and beyond the ordinary.

Akshat Choudhary, founder of blogVault, believes that the potential of a comprehensive resource pool for writers, is huge and the demand will grow in the years to come. His concept is simple – give writers the right platform, a go-to place on the web where they can search and find expertise, insight, analysis and overviews on how to create winning content and they will keep coming back for more. “Over the past few years’ content has become one of the most important mechanisms of connecting with your customers on the web. Every company small or large is investing heavily into different forms of content from blogging to video to even interactive forms,’’ he says.

Akshat has brought together a team of leading journalists who have helmed multi-team newsrooms, managed news teams and daily deadlines, ideated and defined varied content and steered the entire gamut of the creative writing processes, to pool their know-how on a common platform. He adds, ‘’we at blogVault have some great talent who together have 35+ years of experience in the newsroom. In this new section of our blog we want to talk about our experiences in the newsroom and hopefully will have something which can help people create great content.’’

Jennifer Carello“Your website is only as good as its backup…”

…says Jennifer Carello, Founder of Tech Care, LLC who has designed and developed hundreds of client websites. She believes that clean and easy navigation is imperative to a good website

Tech Care has just turned 15 and as a web designer and developer, the company’s founder Jennifer Carello knows only too well the intricacies and challenges behind creating successful and appealing sites.

An accomplished Novell engineer based in Connecticut, Jennifer has trained in some of the acclaimed technology institutes in the New York area. Her eye for detail and enthusiasm to keep up with the rapid changes engulfing the technology sector is what has helped her in designing unique and customized websites for her clients that meet their specific needs.

Having started out in the mid 1990s when mostly Notepad and HTML were in use, Jennifer feels that while the technology itself has become quite complex, it allows you do a lot more things than you could have ever imagined at an earlier time.

Back then, the internet was still fairly new, and everyone at that point used a dial up service. Animated gifs were the “in” thing. I thought writing the html back then was pretty simple because the pages were pretty simple. Since the 90s, so much has changed. Now we can use CSS to modify our sites, which was not available back then. We build sites in databases which are much more complex. So I have to say things were much simpler back then,” she explains.

As someone interested in introducing children to the latest technology for better learning, Jennifer has gone out of her way to help students develop their digital footprint.

As a web designer working in the industry for 15 years, what do you think has changed in the field over the years?

Sixteen years ago, the person who built your website could also be the person who built your server in your corporate environment, and possibly also the person who installed your phone system. Technology was lumped into one category since there was so much less of it. Nowadays, you have to specialize in something particular. Not only do I have to just design and produce websites, I need to be an “expert” in one or two technologies. There is so much to know that there are very few people who can know everything. I think this is the biggest change in the industry.

What, according to you, are the key elements in successful web design and development?

First and foremost, the thing which will make your website successful is a clean and easy to use navigation. Visitors to the website want to find the information that they need quickly and easily with the least number of clicks. If a person “gets lost” on your site or has trouble finding information, they will not come back, and therefore, you have lost a potential customer. Of course, good design is intriguing and helps, along with great photos and imagery, but most important is navigation.

What is the one back up problem that you would like to solve?

The biggest challenge when choosing a backup program is the restore process. You can have the best backup in the world, but if you cannot restore the backup, it is of no use. Likewise, if it takes a web developer hours upon hours to restore a site, the labor costs outweighs a paid service if used even once.

Why do you think WordPress backup is important?

I have had a handful of clients who have been hacked due to outdated software on the backend of their site. Some of these clients had no backup at all. These clients have had to spend quite a bit of money getting their site cleaned – by having a developer comb through files and database entries for rogue software injections from being hacked. If they had had a backup, a restore would have been painless and quick. As I say, your website is only as good as it’s backup. If you have not been hacked, that day may be coming. Don’t be surprised.

How do you use blogVault and what is it that you like about it?

I recommend blogVault to all of my customers. Many of them sign up for the service. I have used blogVault to restore sites after getting hacked, and also to move sites from one domain to another. Using blogVault for that purpose is amazingly easy. I like that the files are backed up off site, not on your own server. I like that you can test a restore of your site on their servers, or download your backup. I also really like that a month of backups is kept which is important if you need to go to a backup from a while ago. The support is also top notch; I have only the best things to say about the support. I love the one click restore feature most of all. This is the biggest benefit of blogvault.

What do you like the most about WordPress?

I love WordPress because it is easy to create pages, menus, and to make global changes in just a few clicks. With flat HTML pages, if you would like to make a global change, in many cases, you must touch each file on the website. With WordPress, you can save hours upon hours in mundane programming and spend time on the more important things such as embellishments, content and design.

What are the biggest challenges you have faced with WordPress?

I think WordPress is great because there is so much development to extend the software. Many people in all parts of the world who would never have a chance to make a living can create themes or plugins and have success. On the other hand, many of these people write something fantastic and then “disappear”, so that when another piece of software is updated and their software breaks, it can sometimes be difficult to find these people or get support. So WordPress is a great thing because of this and also a difficult thing because of this.

Rami LeviNeed often drives us to create, innovate and think out of the box. So when a DJ realized that each time he used mobile payments technology to accept credit cards for payment at an event, he was actually overpaying his merchant services provider every month, he decided to take things into his own hands. On finding out that the problem was a common one, but the options were few, the idea of looking for a way to make mobile credit card processing cheaper for himself and others, took shape. That is when Rami Levi developed a business plan and set out to find a way to promote his new product.

Currently the head honcho of GlobalPay – a merchant services company specializing in mobile payment solutions, Rami is still the owner of RaMiX Events Production, his music entertainment company and says that he loves his job up until this day, as this job is what got him into his current business.

“After getting in contact with companies like First Data I developed a business plan and was looking for a way to promote the new product. I was aware of surrounding competition and the way I was able to differentiate my competition from me is by offering low cost processing, no monthly fee accounts and unique features that most of my competition still do not have. Although it looked very promising, I didn’t get my first client until over 4 months of effort and hard working. Today our website is generating new customers at a much faster pace and we anticipate the growth rate to keep rising,” he tells blogVault.

What is GlobalPay?

In one sentence, GlobalPay is a merchant services company specializing in mobile payment solutions.

How and why is a service like yours, the need of the hour today? Is this because of the popularity of mobile payments?

As technology keeps evolving and as more and more people every year use credit cards, merchants need to adapt to the technological era and accept credit card payments where business takes them. Checks are out dated already and most people tend to not carry much cash with them, so if you want to get paid quickly and easily, mobile payments are the way to go.

From a DJ to GlobalPay, what was the journey like and what was the toughest challenge you faced as an entrepreneur?

During this “GlobalPay Passage” I’ve faced many obstacles, from one side the need to complete my education at the university I am attending, from another side making sure there is enough income to cover all the costs of school and the new business while understanding that being a DJ is fun but also a full time job, and from another side the fact that the only company that offered the product I needed was not willing to work with me and only 6 months of hard working had proved to them that I might be deserving it.


What is mobile credit card processing – how does this impact credit card users like you and me?

Mobile credit card processing is the ability to process credit card payments using a wireless device. At the past this device used to be a special credit card terminal that was designed for this specific purpose (like the Nurit 8000), this product used to be expensive and its maintenance was a bit high. Today, instead of using these expensive machines, merchants can use their own smartphones or tablets. By installing an app on your phone or tablet you’ll be able to process payments quickly and securely.

What does a mobile payment processing provider do? Why is cost a key factor in this setup?

A Mobile Payment Provider supplies the necessary tools in order to process wireless payments. These tools may include a merchant account, the mobile card reader and the designated app that will be suitable with your mobile device. To the client, there are no costs involved in obtaining an account with us. The setup is free and so is our card reader.

In what forms do you offer payment processing services today? What would you say is the usage of such services like in the industry?

Payment processing is a large industry and each merchant may need a different payment solution as each merchant operates differently. Some have a retail store, others have an online website and others may offer services or products at the customer’s location. In order to comply with each merchant’s individual needs we offer payment solutions in several ways. Retail locations may use our traditional credit card machines, online users may use our virtual payment gateway that offers shopping cart integration for online shops (E-Commerce) and on-the-go merchants may use our mobile payment solution.

Tell us a bit about the international services you are offering?

All services that are currently offered at the US are also offered worldwide, pricing depends on the location and risk factor of the individual business.

What made you choose WordPress for your marketing site?

When I thought of developing GlobalPay I consulted with a few web developers who wanted a lot of money for my website. At the time I was not able to afford it and I wasn’t able to build trust with any of them due to my lack of expertise in the industry. So, I called my uncle who is a computer programmer and asked him what he thinks. Instantly he mentioned WordPress, within 48 hours I found myself beginning to build GlobalPay’s official website.

Do the security concerns regarding WordPress worry you, given that you are in the payments industry?

Yes it did, although I take every security measure possible with WordPress I am aware of the risk and therefore customer information is never on our servers but on the processor’s servers where they are monitored 24 hours a day, 7 days a week.

How did you go about selecting a hosting provider for your site?

I’ve been with GoDaddy many years (for my DJ’s website) and simply chose them, they have excellent customer service and this is one thing I am always looking for.

You are using Godaddy Website Protection. How has your experience been with them?

GoDaddy Website Protection team is extremely helpful, the one time I had an issue they instantly logged in into my servers and fixed the problem within 4 hours. More than anything, not only they are very reliable but also very affordable.

What was the thinking behind choosing a specialized WordPress backup solution?

In order to prevent any future problems and to save all the hard work that has been put into the website, I believe it is an obligation and a responsibility of any site owner to back up their website database whenever possible.

We obviously very strongly believe that backups should be 3rd party but we do see many site-owners trusting their hosting provider itself. Did you consider the backup provided by the hosting provider itself?

No, I never even considered it after stories I’ve heard of hackers breaking into a server and erasing all the content from it including backup. I strongly believe that backups should be done only by a 3rd party in order to maximize protection and minimize problems.

How has your experience been with blogVault – any suggestions?

One thing I really liked about blogVault is the quick customer service I received the first time I emailed them. The system has been much easier and quicker to set up than different backup systems I’ve tried in the past. The best feature I like is the option to test the backup and see if it works as it should be before restoring in a case where someone would need immediate restorations.