Monday, 19 October 2015

Layer ads makeover

View this email in your browser
This newsletter is dedicated to the PopUp & Layer add-on, which can increase user interaction using a closable layer format. This placement is not only useful for ads, but also signup forms, promotions, or other content that needs user attention.



This add-on is one of the first I created after many users asked me for such a feature and it is still very popular. This is the reason why I completely rewrote it in the current version.

Split testing your PopUps

Since version 1.3. the PopUp and Layer add-on is a placement and not an option of an ad. This allows you to rotate multiple "ads" in the same placement. The change is not only logical, but also enables a few interesting situations like testing the performance of different content in the PopUp against each other.

Convert better from leaving visitors

Another feature allows you to trigger the PopUp when users want to leave your site. You probably know this behavior from some subscription plugins already. Now you can use this in Advanced Ads to boost anything with people who leave anyway.

Nice Fancybox

The original version of the PopUp was hand coded to not interfere with other code. With the new version the plugin allows you to choose the nice looking Fancybox script. It is not a default option because it might break when you already use another instance of Fancybox on your site, but if you don't you should definitely check it out.

Choose the position of the PopUp

The previous version only allowed you a centered box. Now you can also choose whether the PopUp should appear at the top, bottom, or other positions on your site.

The rest of the options are pretty much the same. You can choose between different triggers for the PopUp to appear and add a close button with a timeout, so that visitors who close it don't see it for some time. I am thinking about using this instead of a much higher priced subscription plugin that I am using on another site now.

Will older versions break?

If you already have PopUPs set up with the previous settings then you don't have to worry. The old script is still working. It would still make sense to switch, because I am not going to support the old method from now on.

Open Feature Requests

With the changes from above I am almost through with the todo list. There are two items that I put on the Feature Requests page to see if anyone is interested in them at all:
  • trigger: display ads after x seconds
  • option: display ad only x times per user or visit

I am sure that after reading this post you have a lot of ideas on how to use this add-on. Don't let me hold you back from getting it here or update if you already use it.

Thomas
Copyright © 2015 webgilde GmbH, All rights reserved.
You are receiving this email because you opted in it using our Advanced Ads plugin – the ad management solution for WordPress.

visit Advanced Ads

Our mailing address is:
webgilde GmbH
Dorfstr. 18D
Ranzin 17495
Germany

Add us to your address book


unsubscribe from this list    update subscription preferences 

Thursday, 15 October 2015

Security Advisory: Stored XSS in Akismet WordPress Plugin

Real People. Real Security.

Stored XSS in Akismet WordPress Plugin

During a routine audit for our Web Application Firewall (WAF), we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs. This vulnerability affects everyone using Akismet version 3.1.4 and lower with the WordPress "Convert emoticons like :-) and 😛 to graphics on display" option enabled, which is the case by default on any new WordPress installation. 

The issue can be found in the way Akismet deals with hyperlinks present inside the site's comments, which could allow an unauthenticated attacker with good knowledge of WordPress internals to insert malicious scripts in the Comment section of the administration panel. An attack like this could lead to multiple exploitation scenarios, including a full site compromise.
More details on this security advisory can be found here:
 
If you're a Sucuri customer subscribing to our Firewall or Antivirus protection, take a deep breath. You are already safe. If you're not a customer yet, save yourself from anxiety.
Protect Your Site With Sucuri
This email does not mean you are affected!

Being proactive in the protection of your site is of one of the most important aspects of having a solid security posture. Therefore, we feel it's important to research and report on all potential threats as quickly as possible.
Discover How List25 Leverages Sucuri's Website Application Firewall

"I needed a team and a product like the firewall Sucuri offers, which automatically blocks anything malicious. Because of the popularity of the site, List25.com, we cannot afford the site to go down. We changed hosting providers and then turned on the Sucuri Web Application Firewall layer that sits on top at the DNS level. Before using Sucuri I had to mitigate these attacks myself, but now that I'm using Sucuri I don't have to do any of that and that is a big stress reliever for me."
Sincerly,
- Your Sucuri Security Team
Facebook
Facebook
Sucuri
Sucuri
Website
Website
Sucuri Labs
Sucuri Labs
Email
Email
LinkedIn
LinkedIn
Share
Tweet
Forward
Copyright © 2015 Sucuri Security, All rights reserved.
The user subscribes to this list to stay current with the latest in security news.

Our mailing address is:
Sucuri Security
30141 Antelope RD
Suite D, #680
Menifee, CA 92584

Add us to your address book


unsubscribe from this list    update subscription preferences 

Monday, 12 October 2015

Image Ads, Genesis themes, Autoptimize and ad impression limit

View this email in your browser
As the headline of this newsletter indicates, there are a lot of interesting changes to the Advanced Ads plugins I would like to share with you.

Image ads

Advanced Ads 1.6.10 introduces the new ad type "image ads". I noticed that a lot of you find it confusing to use the rich media editor for image ads, so I came up with a much simpler approach.

The new image ads allow you to just select an image from your media gallery and then takes care of the rest. It even has a preview of the image in the ad parameters box.



Genesis theme support (still free)

There are a lot of users with a theme that runs on the Genesis framework. One advantage of this theme is that it offers various custom positions that you can use not only for ads.

I wrote a small add-on that allows you to target these positions. The plugin is – still – available for free and I haven't yet decided whether to include it into Pro or sell it like it is, so you better hurry to get it from https://wpadvancedads.com/add-ons/genesis-ads/.

And yes, I would like to read your feedback about it :)

Autoptimize support

Autoptimize is one of the best plugins to minify the size of your site and speed it up. However, it also changes ad codes, so it didn't work with AdSense and co.

Advanced Ads Pro now solved this problem. Just install and activate Pro and ads will no longer be stripped from your site while the code is still small and fast.

Tracking with impression and click limits

The Tracking add-on now has a feature that allows you to limit the ad impressions. With this feature you can sell a specific number of ad impressions or clicks to an advertiser without having to check manually if the limit was reached.

The latest version of the add-on also comes with a nice meta box that shows you the performance on the ad screen.



I hope this is all exciting news for you, too. I didn't mention some minor optimizations to the other add-ons, but it is always worth taking a look.

Thomas

 
Copyright © 2015 webgilde GmbH, All rights reserved.
You are receiving this email because you opted in it using our Advanced Ads plugin – the ad management solution for WordPress.

visit Advanced Ads

Our mailing address is:
webgilde GmbH
Dorfstr. 18D
Ranzin 17495
Germany

Add us to your address book


unsubscribe from this list    update subscription preferences 

Friday, 9 October 2015

Security Advisory: Brute Force Amplification Attacks Against WordPress

Security Advisory
Attackers are exploiting one of the hidden features of XML-RPC - using the system.multicall method to execute multiple Brute Force attempts inside a single post request. Instead of targeting wp-login.php directly, the user is circumventing the system by targeting methods within the very popular XML-RPC. This attack is amplifying the Brute Force attempts in very high orders of magnitude, and disguising the attempts in a technique that makes it very difficult to identify and mitigate. By leveraging the system.multicall method within XML-RPC the attacker is able to hide 100's / 1,000's of passwords within a single HTTP / HTTPS request. If you can't block XML-RPC, we advise you to leverage a  Website Application Firewall (WAF) and verify you can strip requests targeting the system.multicall method.
 
This email does not mean you are affected!
Being proactive in the protection of your site is of one of the most important aspects of having a solid security posture. Therefore, we feel it's important to research and report on all potential threats as quickly as possible.
 
Why this attack matters...
None of the security plugins designed to stop Brute Force attacks are blocking it.
We cannot stress the importance of good access control management such as creation and management of strong passwords.


More details on this security advisory can be found here:
Brute Force Amplification Attacks Against WordPress XMLRPC
 
If you're a Sucuri customer subscribing to our Firewall or Antivirus protection, take a deep breath. You are already safe. If you're not a customer yet, save yourself from anxiety and sign up!
Discover how iThemes Leverages Sucuri's Website Application Firewall...
"The peace of mind of having a dedicated, 24/7/365 team to protect and clean your website can prevent the myriad of negative effects on your business and brand reputation."
 
Protect Your Site Today
Sincerly,
- Your Sucuri Security Team
Facebook
Facebook
Sucuri
Sucuri
Website
Website
Sucuri Labs
Sucuri Labs
Email
Email
LinkedIn
LinkedIn
Share
Tweet
Forward
Copyright © 2015 Sucuri Security, All rights reserved.
The user subscribes to this list to stay current with the latest in security news.

Our mailing address is:
Sucuri Security
30141 Antelope RD
Suite D, #680
Menifee, CA 92584

Add us to your address book


unsubscribe from this list    update subscription preferences