Magento 2.4.2 focuses on several security fixes. Therefore, it is strongly recommended to update your Magento installation to the latest version. Magento 2.4.2 includes 35 security enhancements, and over 280 fixes to the Magento core code. Magento has stated all known issues in version 2.4.1 are now fixed in version 2.4.2. It is notable this is one of the higher security fix counts Magento has released.
Keeping your Magento installation up-to-date helps maintain the proper security of your store, making it the safe for your customers. The Covid-19 pandemic has boosted e-commerce sales making it all the more important to protect your customers’ data.
What’s new in Magento 2.4.2?
- Significant security enhancements
- Patching of Remote Code Execution (RCE) vulnerabilities
- Patching of Cross-Site Scripting (XSS) vulnerabilities
- Samesite attribute is now supported
- CSP Violations have been corrected.
- Infrastructure enhancements
- Support for Redis 6.x
- Support for ElasticSearch 7.9.x
- Support for Composer 2.x
- Support for storing media files on AWS S3
- New scalability enhancements allowing Magento 2.4.2 to natively support catalogs up to 20x larger than previous Magento versions.
- Performance Enhancements
- New code changes in Magento 2.4.2 boost API performance and backend response times for stores with large catalogs
- Support for web-optimized images in content
- PWA Studio performance enhancements and bug fixes.
- GraphQL Enhancements
- Create and delete comparison lists.
- Added localization support for changing languages and currencies.
- Support for unions in GraphQL
- Schema has been optimized for product data retrieval
- PWA Enhancements
- Venia now supports for multiple languages and currencies.
- Improved extensibility framework
- Performance optimizations and bug fixes to PWA Studio
- Deprecated features
- Split database functionality has been deprecated in Magento 2.4.2
Many changes have been made to Magento 2.4.2. The Host Duplex team offers custom Magento Cloud packages and works closely with Magento development agencies who can assist you with development-related matters. Please contact us for further information by calling us at 877.7.DUPLEX or via our contact form.
The EU General Data Protection Regulation (GDPR) law is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared. How’s that for an opening line? If you fire up your web browser right now and head over to the EU’s official GDPR homepage (seriously do it), this bold quote sticks out like a sore thumb, and that’s most likely by design. GDPR is currently among the hottest and controversial tech topics that no one (well, at least us state-side folks) is talking about. Proposed by the European Commission, GDPR is a data protection law that was initially adopted last April and replaces a previous data protection law implemented back in 1995. GDPR goes into effect on May 25, 2018. Although the GDPR regulations are technically in place right now, they’re not enforceable until May 25, 2018. Given that this is the date, we need to roll our sleeves up and get to work!
Familiarize Yourself With The Basics
I’d be the first person to admit that I’m no legal advisor nor am I anywhere close to being a GDPR expert by any means. However, I will do my best to keep you calm and share as much as I understand to help you prepare for doomsday (ignore my awful attempt at humor, swear I’m not trying to scare you!). The aim or objective of GDPR is to put personal data back under the control of the individual. If you’ve done any basic level of research on GDPR, you’ll notice the EU’s documentation use of the words ‘processor’ and ‘controller’ quite frequently. In a layman’s term, the data controller is the organization (aka us business owners) that hence ‘control’ the data, whereas, the data processor is the organization that handles or processes this data (can be your web hosting provider, email marketing provider, etc.).
In principle, the mere timing and action of the legislation shouldn’t be that surprising when you take in account last year’s disastrous Equifax’s data breach and Facebook’s current data scandal. As a self-proclaimed tech-junky, what catches my attention most is not so much the timing or even the formation of the GDPR law (generally speaking) but rather, the requirements of the law and skeptically what is being defined as ‘personal data.’ Be mindful of this as you can overlook personal data.
According to the EU, the term ‘personal data’ is loosely described as any information that can define a human being (name, photo, email addresses, date of birth, etc.). If you think about this, there’s a little bit of a grey area in this regard. For example, from my understanding, comments left on that last kick-ass blog post you created would also be categorized as personal data under the law. Why? Because that person that left you that nice feedback in the comments section probably had to sign in your website. This means that we (the business) have some form of this individual’s data stored on our end (by the web host). Some may find this excessive and abrasive, but unfortunately, it’s out of our control, and we have to accept it. Know that EU citizen’s data are about to be protected to an extent we’ve never seen before.
Why Should You Be Concerned?
Although it’s most pivotal for businesses inside the European countries, the GDPR legislation will have an impact on your company if you have any website visitors from European citizens. A little louder for the folks in the back: If you’re a business or website and are collecting any user data from European citizens or residents, you are required by law to comply 100% with GDPR. GDPR applies to ANY company that processes any data on behalf of EU citizens or residents. Don’t feel like complying? You better be ready to fork up some cash. Penalties for non-compliance of the GDPR can result in fines of up to 4% of gross revenue (or up to 20 million Euros). Under GDPR, your organization only has 72 hours to report a data breach, so time is literally of the essence. Sorry for my language but there’s no ‘half-assing’ this time around my friends. Now that that’s out of the way let’s get down to brass tacks.
Marketers especially will be key players in the rollout of GDPR. Let’s role-play for a moment (not that kind of role-play, get your head out of the gutter) and put on our digital marketing hats. On any given day, we target users and collect their data, and probably don’t think twice about it. For example, on our standard landing page or ‘contact us’ form, we might have three fields: first name, last name, and email address. We then subsequently grab this information from a database to collect or update our current mailing list of subscribers so we can target them using various platforms. With GDPR, we need an extra check mark that requests the consumer’s consent. This text will read along the lines of ‘I consent to company XYZ collecting and storing my data via this form.’ The folks at WPForms wrote an easy starter kit on how to create GDPR compliant forms that I recommended checking out. If you’re not already implementing double opt-ins, the procedure where the person who initially signed up receives a confirmation email to confirm their signup, I highly recommend doing this asap. The great advantage of double-opt ins is that it puts the responsibility on the user to take the next step. One less thing to worry about!
What Immediate Steps Can You Take?
Under GDPR, there are several action items that we have to fulfill as WordPress administrators. If you can begin by doing some simple house cleaning, the lowest hanging fruit is to wipe out any plugins you’re not utilizing. This is already a best practice for ensuring website performance and optimization, so you’re killing two birds with one stone. From a provider standpoint, any plugins that you use will also need to comply with the GDPR rules as well. Putting that marketing hat back on for a moment, think about plugins you’ve integrated with your WordPress site. I would bet that you’re probably using a web analytics tool. You’ll want to pay attention to these tools because their sole reason for existing is to track users and their user behaviors on your behalf.
On a side note, GDPR can spell some tough times for some of the most popular plugins out there. Solution providers such as Jetpack, a very popular marketing & design WordPress plugin, collect a whole lot of data by nature. However, as a site admin or owner, it’s still our responsibility to make sure that the plugins, active or inactive, are complying with GDPR regulations themselves. Perfor an audit of your plugins and make sure that the third-party providers are on their A-Game when it comes to GDPR compliance. Familiarize yourself with plugins as you’ve never done before. Also, I realize it’s common for a lot of businesses to outsource their website management to third parties. Unfortunately, this causes a disconnection between the owner(s) and the third party admins who hold personal data. Reach out to them on twitter or go old-school and give them a ring (people do this still right) to make sure stakeholders are all on the same page.
Website cookies also store and collect data to help marketers retarget users with ads, analytics tracking, and storing your session dat) Going forward, you should make your messaging crystal clear for individuals ahead of placing any cookies on their machine. One action you can take is to launch a pop-up window or place text somewhere that’s extremely visible to the user. We can no longer be vague with our messaging. People need to know what they are signing up for, so investigate and find out what the plugins and other third-party tools are collecting on your behalf. Remember, the burden of proof lies with us, the business owners and organizations.
Some larger organizations who have the budget, have already decided to appoint or hire a Chief Data Officer. This expert would be responsible for all things GDPR related and would relieve companywide anxiety for sure. Whoever you put in charge, he or she needs to fully grasp what information is being collected, how it’s being collected and why it’s being collected. If your budget doesn’t allow for a fancy Chief Data Officer, that’s okay. Another route you can take is to have your legal team work together with your in-house or IT hosting company. This creates a synergy, and it’s less likely things will fall through the cracks. On a larger scale, ensure every single employee in your organization has a basic understanding of GDPR and why it’s important to stay mindful of. Make a company event out of it, or get on a quick all hands call to get the ball rolling. However you decide to move forward, the key is to create awareness as soon as possible and start getting into good habits!
Idean joins the HD team as our tech writer.
Since earning his degree in Liberal Arts and Entrepreneurship from the University of Iowa (Go Hawks!), Idean has spent the last nine years working in various Digital Marketing and IT roles at Universal Music Group, Participant Media, and Apollo Group, Inc. When he’s not freelancing as a marketer and providing IT support to small business in the LA area, he writes blogs for various startups and companies. Idean’s dream is to one day be an entrepreneur and escape the confines of the cubicle!
During his free time, Idean loves to catch NBA games, shoot hoops, go hiking in the scenic Santa Monica Mountains and improve his Photoshop skills. As a member of the Host Duplex blog team, Idean will work closely together with the core staff to help explore and explain a variety of topics in the cloud hosting industry. More to come soon!
Before we dive in and get down to the nitty-gritty, let’s begin with some basic background information on firewalls (feel free to bypass this part if you’ve already done your homework). At the most basic level, A Firewall is a software and/or hardware feature that acts as a shield or ‘wall’ between your website and all incoming traffic. Think of it as the space between your home router and the internet. In a typical home internet setup, the wireless router serves as the hardware firewall while your computer’s and/or device’s standard operating system (Windows, Mac OSX, etc.) serves as the software component of the firewall.
Firewalls protect you from the bad guys by using customized filters. These filters are a basic set of rules that are defined in order of prioritization. This is important because as a company, you only want authorized and safe traffic accessing your website. On top of utilizing best practices such as using secure passwords and frequently changing them, you also need to learn about the general importance and the necessity of a firewall. (I wrote a recent blog post about a similar security topic called ‘Two-Factor Authentication’ that you can read about if you’re intrigued). So, in a nutshell, a firewall is that extra important security layer that your website and computer needs. For this blog entry, I’ll be focusing on what is known as ‘web application firewalls’ or WAF’s for short.
WAF’s are more of a recent introduction to the WordPress ecosystem. WAF’s work hard to counter cyber attacks from malicious hackers who are seeking to steal highly sensitive information. To keep things easy peasy, all you need to remember is that WAF’s exist to protect your WordPress website!
Why Do I Need a Web Application Firewall For My WordPress Site?
Historically speaking, 2017 holds the RECORD for the total number of cyber attacks in terms of security breaches, ransomware, and exploits according to an annual global security report issued by AppRiver. You very well may have heard about the infamous Equifax nightmare that resulted in possibly 143 million people having their highly sensitive personal data (social security and driver’s license numbers) compromised. Ok, Idean, that all sounds fine and dandy but do I really need a web application firewall for my WordPress site? I mean, nothing has happened so far and all this is just so companies can make an extra buck right? Well, my friend, do I have some interesting and frankly scary data to share with you. Did you know that among all CMS (content management system) platforms, WordPress gets hacked the most? Furthermore, there are up to 90,000 attacks per minute on WordPress sites according to Wordfence, the creator of a popular WordPress plugin. Unfortunately, this is naturally the price we consumers pay for the ‘user-friendly’ WordPress CMS.
How A Web Application Firewall Works and What We Offer
WAF’s are configured to either (or in some hybrid cases both) a) allow certain traffic or to b) block traffic. Whitelisting, or allowing certain data from a pool of accepted IP addresses ensures that the incoming traffic to your website is deemed ‘safe.’ On the other hand, blacklisting certain IP addresses will ensure that malicious data will not access your website and is designed to thwart anything that can slightly resemble a cyber attack. In regards to WAF’s, all these configurations are carefully executed and set at the software level for WordPress sites.
At HD, we understand how important security is for your WordPress site. No different than a 24-hour state of the art home security system that protects your property, our highly skilled security experts strive to go above and beyond to ensure stability and thwart attacks before they happen. Just how a home burglary happens approximately every 13 seconds, hackers across the world are hard at work attempting to steal your precious information and data. These days, you need more than a full-grown Rottweiler on the premises to protect your valuable belongings! At an age where we’ve seen notorious attacks like the Equifax breach, a hosting provider that provides 24/7 security over your website is a must and not just a ‘nice to have.’ At HD, we offer a standard WAF that we use for all clients out of the box as well as a highly advanced WAF for our premium plans (in partnership with the good folks at Sucuri). HD’s state of the art DuplexGuard™ security will keep you safe and protect you from 99% of attacks while also preventing them from happening. As always, we’re here to answer any of your questions so please, don’t be a stranger!
HD is beyond thrilled to announce that we’ll be joining an incredible group of sponsors for this year’s WordCamp conference in Sunny San Diego! For those who haven’t attended in the past, WordCamp is a yearly conference covering all things WordPress related. WordCamp SD will be held at San Diego City College on April 14-15th. (Don’t stress though, the venue is conveniently located near the San Diego Airport with there’s ample parking in the area).
This year’s speakers include an outstanding lineup of WordPress developers, designers, and business leaders alike. WordPress topics from the event schedule that caught our eyes include; ‘The Hidden Features of WordPress’ and ‘Making Security Make Sense to Users & Clients.” The HD crew is particularly looking forward to all things security/privacy related, along with networking with the WordCamp community…but who isn’t right?!
You can follow the conversation on social media by using the official WordCamp San Diego 2018 Hashtag #WCSD and be sure to reach out or tag us on Twitter (@HostDuplex) during the conference.
Purchase your tickets today, book your hotel and come nerd out with us in San Diego!
2FA, better known as ‘Two Factor Authentication’ has been a hot phrase in the tech world for the better half of the decade. We’ve all experienced a single factor authentication anytime we’ve simply logged in with a username and password alone. However, as more online businesses and services look to improve user security when it comes to protecting logins for consumers, 2FA has become a widely accepted security protocol these last 5 years or so. You may not always encounter 2FA (sites like Google and online banks have offered it for longer) but chances are you already have. iCloud, for example, is one popular service that utilizes 2FA and that I personally use regularly.
Theoretically, 2FA essentially adds an extra layer of authentication to a users standard login procedure with the end goal of verifying your identity and making it more difficult for hackers to access your account(s). There are three basic ways to identify yourself. 2FA requires two out of the following three:
- One Time Code
- Finger Print (think Apple’s Touch ID)
By combining your password with just one of these extra factors, attackers can’t access your account EVEN if they have your password from the getgo. For example, in a scenario where you’re prompted to verify your identity with a one-time passcode via your phone’s SMS, a hacker would also have to have possession of your phone; the password alone will not let him move forward thanks to 2FA.
Now that we’ve briefly touched on the basics of two-factor authentication, let’s shift gears and talk about 2FA with regards to WordPress! As you can now probably better understand, 2FA for WordPress is a must in order to further protect your valuable asset (aka your Wordpress website). At HD, we swear by the Google Authenticator Plugin for WordPress. It is the ‘industry standard’ and most popular when it comes to 2FA plugins for WordPress websites. The Google Authenticator Plugin can be easily installed and gives you two-factor authentication for iPhones, Androids and even Blackberrys (no judgment here). Choosing a premium hosting provider that prioritizes security is important, too. According to a WordPress security infographic via wptemplate, 41% of WordPress sites get hacked because of to their hosting providers’ inadequate security. Yikes! Fear not as our knowledgeable and seasoned staff at HD utilizes the Google Authenticator Plugin and a slew of other vital security protocols as part of HD’s Managed WordPress Hosting package. Check it out today!
Whether you’re a full-blown web developer or have just begun dabbling in the world of WordPress, you probably already have heard about or are familiar with the importance of plugins. Plugins integrate seamlessly and make having a WordPress site that much easier. They allow us to bypass complicated coding and we can turn them on and off with one simple click. WordPress websites would become more of a hassle for the majority of us if Plugins didn’t exist. WordPress without plugins are like Pizza without toppings…kind of well, plain and boring (sorry cheese-only lovers).
More recently, the topic of website performance and the number of plugins installed on websites have spread online. I’ve noticed and come across various online forums where people worry about having too many plugins installed and question if it’s affecting their website performance. I’ve seen some so-called experts say that the sweet spot is about 25-30 plugins while others claim they’ve seen no performance issues with up to 100 or more plugins installed. The reality is that there are various factors that play a role in running your WordPress website like a well-oiled machine.
Technically speaking, WordPress was designed to handle a ton of your plugins without slowing down your website. That being said, too much of anything can be bad, as in any facet of life. This is especially true when you’re not taking the following factors into consideration with respect to your WordPress plugins:
Quality of Plugins
If you had a Ferrari, odds are that you’re not going to pump 87 octane gas into it right? You’d be sure to get a funny look at the gas station. Treat your WordPress website the same way. ‘Fill her up’ with high-quality plugins and your website will be better optimized, not to mention your audience will appreciate a smoother user experience in return. How can you verify the overall quality and performance of your WordPress website? The Google PageSpeed Insights plugin can help get you started.
Also, the number of unnecessary plugins can make a difference. This should go without saying but if you have plugins that exist just for the sake of existing, you’ll want to consider doing some housecleaning. Only install plugins that you’re actually going to use, and do not leave them deactivated but instead, deleted. This will save you time and ensure efficiency in the long run.
Your Hosting Matters
Your hosting service matters. Bottom line. The difference between a great and satisfactory host is like the difference between a great landlord that tends to your needs and one that ignores them. We’ve all experience that landlord that ignored our request to fix the bathroom sink or upgrade the appliances. It’s not fun, to say the least. Whether you’re just starting a new website or are a seasoned business owner, you’ll need a host that caters to your specific needs. If you’re an e-commerce business or simply have a lot of data on your website, for example, you’ll want to compare disk space offering as well as speed (loading time) and a dedicated customer support team. Keep in mind that a slow host doesn’t just affect the speed of your customer’s website experience but can also make things on the admin side function sluggishly. All too often, business owners have had that dreadful day where their website suddenly goes down due to a higher number of visitors and/or unusual activity. If you’re looking to get started with a new host or ditch your current one, explore Host Duplex’s Managed WordPress offering here and feel free to give us a call if you have any questions.
Use A CDN
A CDN or ‘Content Delivery Network’ takes your website’s content and distributes it on to various places (servers) from a single location. Having a CDN can help improve the importance and scalability your content. If your website is hosted at one primary location and you get a sudden surge of traffic, it could spell doom without a CDN. A CDN will have a huge positive impact especially if you have website users around the world. Depending on the distance from the website user and the hosted server, it could take a longer time to deliver and upload data without a Content Delivery Network. In short, these are some of the main reasons why many companies have invested in a quality CDN provider.
If you’re not already implementing the above suggestions, give them a shot and see how your website performance can improve today! Your clients just might thank you.
This tutorial describes how to install the Dell OMSA (OpenManage Server Administrator) on Citrix XenServer 6.5.
Note: Citrix has spent long hours quality testing their packages. The method below downloads packages directly from the CentOS-Base repository. While the following method has worked just fine in our lab, we ask you to proceed with caution.
Step 1: Temporarily disable the Citrix yum repository. As of this post, Citrix’s repo does not seem to be working properly.
To do so, let’s temporarily move the Citrix.repo file out of the /etc/yum.repos.d folder.
Alternatively, you can also disable the repo within the file itself.
mv /etc/yum.repos.d/Citrix.repo /root/Citrix.repo
Step 2: Run the following:
yum clean all
Step 3: Install the Dell OMSA Repository:
wget -q -O – http://linux.dell.com/repo/hardware/Linux_Repository_14.12.00/bootstrap.cgi | bash
Step 4: Install Dell OpenManage Server Administrator
yum –enablerepo=base install srvadmin-all
Step 5: Open port 1311 in iptables
Now add the following line above the second-to-last line that mentions icmp-host-prohibited:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 1311 -j ACCEPT
Step 6: Restart iptables
service iptables restart
Step 7: Start Dell OpenManage Server Administrator
Step 8: Move the Citrix.repo file back to the original location:
mv /root/Citrix.repo /etc/yum.repos.d
Step 9: You can now access OMSA via your browser: https://Your.IP.Address.Here:1311
If you’ve tried to change the DNS Nameservers on your XenServer machine and are wondering why it keeps reverting back to its previous setting, you’re not alone. In this blog we lay out the steps on how to properly change your DNS settings in XenServer.
You’ll want to log onto your machine via XenCenter or via console and go to the Local Command Shell:
2. Now you’ll want to run xe pif-list
Take note of the uuid of your management interface.
3. Now you’ll want to run the xe pif-reconfigure-ip uuid=youruuid mode=static IP=ipaddresshere netmask=subnetmask gateway=yourgateway DNS=dnsserver1,dnsserver2
Press enter and you’re set 🙂
To begin installation of XenServer you’ll want download the latest Citrix XenServer Install CD, any supplemental packs, and XenCenter. You may have to login to download the ISO files. We recommend using PowerISO or any other burning utility that can verify your disc.
To install Citrix XenServer, there are a few requirements that must be met. Your server must include at least 2GB of RAM. The processor must be a minimum of 1.5GHz, and support virtualization (Intel® VT or AMD-V™ required for support of Windows guests). You may want to review the XenServer System Requirements. Our test machine for this how-to is a Dell PowerEdge 1950. Before installation begins, you should enable virtualization within your BIOS.
4. Save and Reboot. Ensure your disc in the drive and make sure you boot from your CD drive. If your server doesn’t have a cd/dvd drive, you may have to use an external drive.
When you boot from the CD, you should reach the XenServer installation screen. Press Enter once you reach the screen below to continue with installation.
5. You should reach the screen asking you to choose your keymap. Choose your keyboard layout and continue… in our case, [qwerty] us
6. The next screen will ask if you need to load a device driver. Since we are using a Dell PERC card, it isn’t required in our case. Click OK and continue.
7. Read the EULA and continue
8. Choose the disk you would like to use for your Virtual Machine Storage and click OK to continue.
NOTE: If your drive/volume is larger than 2TB, then you will have to create a partition that is less than 2TB for the XenServer hypervisor. If you are using RAID 10 and a PERC card (as we have before), Dell’s PERC Configuration tool does not allow for 2 separate RAID 10 partitions. Since Dell’s PERC Card is a rebranded LSI card, you can create the 2 separate partitions using LSI’s MegaRAID software. If you are using a PERC 5/i or 6/i you can download it under the LSI MegaRAID SAS 8408E Adapter. or here: LSI MegaRAID Storage Manager for Windows
10. It will now ask you if you would like to install any supplemental packs. If you plan on installing any Linux VMs, it is a good idea to install the Linux Supplemental Packs. There are also other supplemental packs that you can install. For example, Dell has OpenManage software that can be and installed easily using the OpenManage supplemental pack. We will choose Yes at this screen since we are installing the Linux Supplemental Pack.
It will begin by verifying your XenServer installation disc:
The next page will display if there were any issues with verification. If verification was successful you may continue, otherwise you may to try burning your disc again.
12. Choose a root password for your server. This is the password used when connecting to the XenServer host from XenCenter.
13. Choose which ethernet card you would like to designate for managing your server. Since our ethernet cord is plugged into the first ethernet port on our Dell server we will choose eth0. Eth1 shows no link because there is nothing connected to the second ethernet port on the server. Your server may only show one interface if you have only one card.
15. Continue by choosing a hostname. Unless you chose DHCP, you will also be asked to enter to your DNS Nameservers.
16. Choose the geographical area your server is in, and then select the City.
17. Next you will be asked to enter the time or choose an NTP server. I recommend using NTP. I recommend the following NTP servers:
21. Once verification has completed, go ahead and Use the pack and install.
23. Once your server has booted you should reach the following screen:
24. Open XenCenter on your desktop and Add your new server. Type in your server’s IP, Username: root and the password you chose.