Some times I come across issues which are very frustrating for me as well as for the client. It happened like this that a client had decided to spend £1000 via Google Adwords in order to promote his website and try and get some orders. As the website was related to wooden furniture it became all the more important as this was an expensive product line and there are not many buyers especially when the recession is in full swing.
The campaign bore fruit in a just a few days and the client received an order worth £600. Unfortunately, even though the customer paid online via SagePay, the order was not registered on the website and the client made his frustration well known. As the website was in Zencart the order does not get saved into the orders table till the customer pays for the products. In this case, the customer did not return from Sage Pay so the order was not visible in the admin panel. As the order details such as product information were not sent to Sage Pay the client had no way of knowing what the customer ordered and the client had to contact the customer to obtain the product details. You can understand how that would have felt for the client as well as what the customer would have thought of the website.
The default Sage Pay (formerly Protx) payment module does not provide the option to send the product details to Sage Pay even though this option is very much there. So, I went about writing a payment module which would allow the system to send the product details to Sage Pay so that the details are logged there as well. In case the customer did not return from Sage Pay after making the payment the client would still have the option of viewing the product details on Sage Pay.
I also installed the Zencart Abandoned Cart Module which would display the products in the admin panel if a customer did not proceed to purchase the order from the website.
What I (and probably you) learned from the above event is that you can never be safe and you must do all you can to prevent any sort of mishap which would affect the credibility of the website.
If you would like to download the Zencart payment module for Sage Pay form which allows you to send product details to Sage Pay then you can download it from here
I always read about websites getting hacked and thought to myself “Hey these guys should spend some time on securing their websites”. I always thought that I would not be hacked as I did not leave my passwords on public computers and changed my passwords regularly. Boy was I wrong. Today some one placed a comment on my post. The comment was in Russian or Turkish language and I was really surprised that the comment appeared on the post without giving me the chance of moderating and approving it.
I tried to logging into the WordPress admin panel and was unsuccessful. The only thing I got was the dreaded “Incorrect username/password” message.
This called for drastic actions and I did the following.
- First I did damage control by renaming my blog folder via FTP
- Then I went into my hosting account and changed the database username and password
- I then connected via PHPMyAdmin and deleted the spam users on my blog.
- I did a backup of the wp_posts table and exported the SQL to my local computer
- I then dropped the complete database
- I then deleted the complete blog folder online
- I uploaded the latest WordPress 2.9.2 version online and installed a fresh copy
- I then uploaded the Lightword theme of WordPress and installed it
All the above steps took 40 minutes or so and my blog was back online. This is the first post I am writing after restoring the blog online.
As I did everything very quickly I did not spend time investigating the reasons how some one got into the WordPress admin panel in the first place and changed the admin password.
The only thing that comes to mind is that I had selected the “Anyone can register” checkbox on the Settings page and this may have allowed any one to register on the website. Then again I have unselected the option for the time being till I get to the bottom of this.
If you have anything to add then do let me know.