June 29, 2018

ACTION REQUIRED: DAP Security / Password Update!

Share this


DAP v7.1.1 / LiveLinks v4.1.1 is now FINAL!

CRITICAL DAP SECURITY UPDATE

We've made several updates to DAP Password / Security in this Release.

To make it easier for you to watch and digest  these updates, instead of one long video, I've created several shorter videos, each designed to help you protect your DAP website and also recover in the event that it gets hacked.

chevron-down

Hi Dappers,

Update (07/12/2018) :  DAP v7.1.1 / LiveLinks v4.1.1 is now FINAL!

This is a CRITICAL DAP RELEASE with multiple password and security updates.

Please be sure to read the entire post and watch the videos.  

We've added new features that are designed to help you better protect your DAP website, and also clean up / recover in the event your site gets hacked.

If a hacker has had access to your website, it is possible that files have been added/altered, passwords have been changed and possibly even new users added. So if your site is hacked, it's important that you clean up your site thoroughly otherwise the hacker can still gain access and cause more damage.  

So be sure to watch all the videos below and take action asap!

Key highlights of this release:

  • Automated Email Alert if any payment fields are updated in DAP admin >> setup >> config page.
  • Automated Email Alert if account_type field is changed to "admin" in DAP admin >> setup >> config page.
  • Update your DAP admin password. 
  • check
    Special characters are allowed in the Password.
  • check
    Several files have been removed from the "dap" folder. See details below on the action you need to take.
  • check
    Updates to the "LOGIN" URL. We've removed /dap/login.php file. See details below on the action you need to take.

VIDEO #1. Remove these files from your DAP folder.

For security reasons, we've removed "login.php" file and several other deprecated files (and folders) from the "DAP" folder. These files will NO longer be a part of future DAP updates. However, if you have an existing installation of DAP on your site, even if you upgrade, you will continue to have these files in your "dap" folder. We've added a NEW "Delete DAP Files" interface to the DAP admin that will allow you to quickly and easily delete these files with the click of a button.

Watch this video for all the details.

chevron-down

VIDEO #2. DO NOT use /dap/login.php for Member Login. See this video on how to create a Captcha-Enabled Member Login Form.

For security reasons, we've removed "login.php" file from the "DAP" folder. This file will NO longer be a part of future DAP updates and cannot be used as a member login page. 

In this video, you'll discover:

1. How to create a Member-facing Login Page using DAP Login Shortcode (if you don't already have one) and also how to configure DAP to use this page for login.

2. How to enable Google reCAPTCHA on your login form.

3.  How to delete "login.php" file from your dap folder.

If you still use /dap/login.php as the member login page, be sure to replace it with the URL of the page you created in step #1 in DAP setup >> config page >> Login URL field.

See the video for details.

chevron-down

VIDEO #3. Special Characters in Admin / Member Password

A weak password is one of the biggest security vulnerabilities.  The good news is, with the new DAP Password Rules, you can now create strong passwords that includes special characters, symbols and  numbers:

You can use these characters in your password:

  • Uppercase [A-Z] and Lowercase [a-z
  • Digits 0-9
  • Special Characters:   @%+\/'|#$^?:,(){}[]~-.!\"&*;<=>_`

For security reasons, change your password regularly, once every few months.

Watch this video to see "how you can change DAP admin user's password".

Please note:

If you change your WP admin password, it'll NOT change your DAP admin password. You'll have to change your DAP admin password separately. 

chevron-down

Website Hacked?

If a hacker has had access to your website, it is possible that files have been added/altered, passwords have been changed and possibly even new users added.

​So if your site is hacked, it's critical that you clean up your site thoroughly otherwise the hacker can still gain access and cause more damage.  

VIDEO #4.  Site Hacked? 
Change Your Database User Password

If your site is hacked, it's CRITICAL that you change all your passwords right away - your webhosting cpanel password, FTP password, WordPress and DAP admin password, and your "Database User Password".

If you update your database user password, you'll have to update both WordPress and DAP config files otherwise your site will not load as WordPress and DAP cannot connect to your database. 

Watch this video to see how to update your database password and also how to update database credentials in wp-config.php and dap-config.php file.

chevron-down

VIDEO #5. Automated Email Alerts!  

Another AWESOME Security Feature! If hackers gain access to your website due to a vulnerability in one of your plugins or theme, and try to update your payment credentials in DAP config table or update account type of a regular user to admin user, you'll receive an email alert almost instantly to let you know of this change. This way you can take immediate action before bad things happen. 

You may receive 6-7 emails in the first hour after DAP v7.1.1 upgrade as this change takes affect in DAP. You can ignore those emails (unless you notice something suspicious), but pay attention to these emails going forward. All the details are in this video. Please watch.

chevron-down

VIDEO #6. How to delete your current "dap" folder without losing data and how to install a new clean version.

One of the things you need to do is replace current DAP files with a newly downloaded version. But if you just delete the dap folder and install new version, you'll lose dap-config.php file and you will end up errors. Watch this video to see how to delete the current DAP folder and install a new version of DAP without any errors (and without losing any data).


3 things you can do to protect your wordpress website!

Click here to sign-up and watch these FREE Videos!


Hackers go after all websites - small or big. We'll continue to add / update security features in DAP to help you with your membership site security.

Please don't wait. Take action to protect your website site today. 

This release is in beta but stable. We hope to make this release FINAL within a week.

Cheers!

Veena Prashanth