WordPress 5.3

WordPress 5.3 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites. WordPress 5.3 works fine on our servers (make sure you’re using a recent version of PHP for your site).

If you’ve previously installed an older version of WordPress, you should update it from within your WordPress Dashboard.

Our IMAP mail servers now support “special use” hints for Sent and Trash folders

Our IMAP mail servers now support the IMAP LIST Extension for Special-Use Mailboxes. That means we send hints to your IMAP mail program suggesting it should store copies of sent and deleted mail in the “Sent” and “Trash” mail folders on the server, rather than a different location the program might randomly choose.

Without the hints, some mail programs default to storing copies of sent and deleted mail only on your local computer or device. Those copies can’t be seen by other programs or devices, and they aren’t saved in our backups. You could always change that manually, but with the hints, some mail programs — particularly macOS Mail and iOS Mail — will automatically save the mail to server folders with no extra configuration needed. The copies will then be visible on all the IMAP devices you use, and they’ll be saved in our backups.

What if I don’t want my mail program to use these folders?

In our testing, this change doesn’t affect mail programs that are already storing sent and deleted mail on the server. But if your mail program does change where it stores sent or deleted mail, and you don’t like the change, you can use your program’s settings to explicitly choose where you want sent and deleted mail copies to be stored. If your program doesn’t offer that feature, another option is to delete the “Sent” and “Trash” folders from your mailbox (or ask us to do so). That will prevent any hints from being sent at all, making things work exactly as they did before.

Insecure versions of Adminer disabled

Some of our customers use a script called Adminer (aka adminer.php) that allows them to modify MySQL database entries. It’s similar to phpMyAdmin.

This is fine, except that old versions of Adminer have a serious security vulnerability that allows “hackers” to take control of sites that use it. If you’ve put an old version of the adminer.php script on your site, then you never updated or removed it, your site is vulnerable to hackers. A couple of our customer’s sites have been “hacked” this way in the last week.

To make sure this doesn’t happen to more customers, we’re disabling any old vulnerable versions of adminer.php (versions earlier than 4.7) and replacing them with a link to this page.

If you try to use a copy of Adminer you’ve previously installed, but you get referred to this page, you should simply install a new version from the Adminer website. Be sure to keep it updated in the future (or delete it when you’re finished using it).

PHP 7.2.23 and 7.3.10

The PHP developers recently released versions 7.2.23 and 7.3.10 that fix several bugs. We’ve upgraded the PHP 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

PHP 7.1.32, 7.2.22 and 7.3.9

The PHP developers recently released versions 7.1.32, 7.2.22 and 7.3.9 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

Free SSL certificates added for all parked domain names

We’ve previously added free wildcard Let’s Encrypt SSL certificates for all our customers who use our web hosting service. Now we’ve added free certificates to all “parked” domain names, too!

If you have a parked domain name on our servers that’s set up to redirect to another site, you can now use https:// URL addresses for the parked domain name and the redirect will work securely, with no problems.

PHP 7.1.31, 7.2.21 and 7.3.8

The PHP developers recently released versions 7.1.31, 7.2.21 and 7.3.8 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

Brief server upgrades August 2019 (completed)

Update August 21, 2019: The maintenance described below has been completed for all sites.

Over the next few weeks, we’ll be retiring some old servers and moving sites on those servers to new (often faster) ones. Migrating a site takes just a few seconds in most cases, so it’s likely that neither you nor your visitors will notice this happening.

If someone does view your site while it’s being migrated, they’ll see a maintenance screen with a link to this blog post, like this:

If your site is in the small minority that has a large database (more than a few hundred MB), the migration could take a little longer — perhaps a few minutes. We try to do migrations during slow periods for each site, minimizing the impact on visitors.

Read the rest of this entry »

PHP 7.2.20 and 7.3.7

The PHP developers recently released versions 7.2.20 and 7.3.7 that fix several bugs. We’ve upgraded the PHP 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

WP Super Cache 1.6.8 with Cloudflare (and other add-ons that set cookies)

If you have a WordPress site, and you use both the WP Super Cache plugin and the Cloudflare content delivery network, the latest version 1.6.8 of WP Super Cache may not properly cache your pages by default.

This is because of a quirk of the update: A new setting makes it think all Cloudflare visitors are “known users” because they have a “cookie” set. If you had the old “disable caching for known users” option turned on before the update, it won’t cache pages for Cloudflare visitors after the update.

The same thing can happen if you have a WordPress plugin that sets a “cookie” for each visitor for some other reason.

This problem is easily fixed by changing the new WP Super Cache “Cache Restrictions” setting from “Disable caching for visitors who have a cookie set in their browser” to “Disable caching for logged in visitors. (Recommended)”. We’ve updated our WP Super Cache page to reflect this change, and if we notice that a site hosted on our servers suddenly has higher CPU resource usage because of this, we’ll update the setting for you to make it work as it did before.