WebCitz Blog

YubiKey NEO Works Great!

Testing out the YubiKey Neo that just arrived today – so far we are really liking it for secure computer logins and its integration with LastPass! We haven’t yet tried it for accessing Magento / Joomla / WordPress websites but we plan to test that out soon. http://www.yubico.com/

Magento Community Edition (CE) 1.8 Alpha

WebCitz is excited to announce in its blog that MagentoCommerce has released an Alpha release of Magento CE! We can’t wait to test this out on one of our development servers to see all the great features in action. From our past experience, it takes roughly two months to go from an Alpha release to a Stable release – we could be wrong, but we don’t suggest you get your hopes up for a stable release in the next couple of weeks. (there still needs to be a Beta release too!)


WordPress Caching Plugin Security Update

There is a new serious WordPress vulnerability in certain versions of two popular WordPress caching plugins, W3TC and WP Super Cache. The vulnerability allows remote PHP code to be executed locally on a server for anyone running either of the plugins. An attacker could then execute code on the infected server.

Joomla Security Update – Joomla 2.5.10, 3.1.0 and 3.0.4 Released!

Joomla has released a new version of the CMS program you are using on your website(s). This update may include security patches, bug fixes or feature additions. It is recommended you upgrade to the latest version.

Affected Joomla Installations

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions. The older your version, the more security issues you will have that can be exploited by hackers from across the world that look for outdated websites to deface or force into sending spam / malware.

Joomla Security Issues

  • Inadequate filtering leads to XSS vulnerability in Voting plugin.
  • Inadequate filtering allows possibility of XSS exploit in some circumstances.
  • Use of old version of Flash-based file uploader leads to XSS vulnerability.
  • Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.
  • Inadequate permission checking allows unauthorised user to delete private messages.
  • There may be other security issues from extensions you are using that haven’t been updated!


  • Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
  • Upgrade any installed extensions on your website.

Q: Why should I upgrade?
The developers at Joomla work tirelessly to implement new features, patch reported bugs and correct security holes in each update release. Their hard work to provide a better, faster and safer online shopping experience only pays off if you upgrade. If you do not upgrade, you are simply using what their best work was from months or years past.

Q: Will you upgrade my website?
If you would like to have our team upgrade your website to the latest version please send us an email or call us at (800) 796-8263.

Q: How much time does it take to upgrade?
The time necessary to upgrade your website is dependent upon the current version you are on, how many extensions you have installed, how complex those extensions are and a number of other factors. Please contact us for more information at (800) 796-8263.

Joomla Security Update – Joomla 3.0.3 Released

There has been a security release for Joomla 3.0.x versions with the recommended fix of updating to version 3.0.3.

  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 3.0.2 and earlier 3.0.x versions.
  • Exploit type: Information disclosure
  • Reported Date: 2013-January-16
  • Fixed Date: 2013-February-4
  • CVE Number: CVE-2013-1455


Undefined variable caused information disclosure in some situations.

Affected Installs

Joomla! version 3.0.2 and earlier 3.0.x versions.


Upgrade to version 3.0.3.

CloudFlare – WordPress Brute Force Attack

There is currently a widespread brute force attack being launched at a large number of WordPress blogs across the Internet. The attacks are using brute force against WordPress administrative portals, using the username “admin” and trying thousands of passwords. It appears a botnet is being used to launch the attack and more than tens of thousands of unique IP addresses have been recorded attempting to hack WordPress installs. If you have a username of “admin” for your blog or other CMS program, please update it to something less generic. It is also a good idea to ensure the passwords you are using are strong, such as the inclusion of special characters, mixed case and numbers.

Read More: http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br

Magento Enterprise Edition 1.13

Magento Enterprise Edition has been updated to 1.13, the latest release which includes a number of exciting improvements.

  • Optimized Indexing
  • Improved Caching
  • Speedier Checkout Flow
  • Enhanced Tax Calculation Algorithms
  • Functional Improvements

Read More: http://www.magentocommerce.com/blog/comments/magento-enterprise-edition-113/

cPanel & WHM Certified

One of our staff has passed the L1: cPanel Base Certification:Sales test from cPanel University! Stay tuned throughout the year as we rack up other certifications in PHP, PHP Frameworks, and Red Hat!

cPU Badge