PHP 7.1.29, 7.2.18 and 7.3.5

The PHP developers recently released versions 7.1.29, 7.2.18 and 7.3.5 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

Our Web servers now ignore consecutive slashes in URLs

Today our servers began using an updated version of the Apache web server software that adds a new security feature: it collapses and ignores consecutive slashes in URLs it receives (among other security fixes).

For example, this URL (note the two slashes between “admin” and “options”):

 https://www.example.com/wp-admin//options-permalink.php

… would now be treated exactly as if the web server had been sent:

 https://www.example.com/wp-admin/options-permalink.php

This feature ensures that “hackers” cannot add extra slashes to bypass rules intended to restrict access to certain URLs. (The example above is a real security problem in WordPress from 2009 — it allowed hackers to access the permalink screen because the access restrictions were only applied to the exact pattern “/wp-admin/options-permalink.php”, and not to variations like “/wp-admin//options-permalink.php”.)

This change should not cause any problems, and our customers should not notice any change.

However, in the unlikely event that you have intentionally written script code that behaves differently when it sees two consecutive slashes in a URL instead of one slash, you would need to change your code to not rely on that behavior. (Two consecutive slashes in the path of a URI are not valid anyway, and other web servers will remove them by default, so relying on it would be unreliable to start with.)

As always, don’t hesitate to contact us if you have any questions or difficulties.

PHP 7.1.28, 7.2.17 and 7.3.4

The PHP developers recently released versions 7.1.28, 7.2.17 and 7.3.4 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

IPv6 enabled for new sites by default (and eventually for older sites, too)

We’ve supported IPv6 on customer websites for many years, but it didn’t default to “on”: customers had to explicitly enable it in our account management control panel.

Starting today, IPv6 is on by default for all new accounts signed up with us (although you can turn it off if you want).

In addition, we’re beginning a gradual process of slowly enabling IPv6 for existing sites if they haven’t chosen to disable it. If you don’t want IPv6 to be enabled for your site in the future, you should use our control panel to disable it.

Read the rest of this entry »

PHP 7.1.27, 7.2.16 and 7.3.3

The PHP developers recently released versions 7.1.27, 7.2.16 and 7.3.3 that fix several bugs. We’ve upgraded the PHP 7.1, 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

PHP 7.2.15 and 7.3.2

The PHP developers recently released versions 7.2.15 and 7.3.2 that fix several bugs. We’ve upgraded the PHP 7.2 and 7.3 series on our servers as a result.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

Restore a full website, including all files and databases, with one click

We’ve added a feature that allows you to do a complete “one-click” restore of your site from the control panel. The restore includes all website files, databases, and PHP settings at once, giving you a way to quickly “rollback” a site without needing to use extra tools like FTP or phpMyAdmin.

The backups page in our support section has more details.

PHP 5.6.40, 7.1.26, 7.2.14 and 7.3.1

The PHP developers recently released versions 5.6.407.1.26, 7.2.14 and 7.3.1 that fix several bugs. We’ve upgraded the PHP 5.6, 7.1, 7.2 and 7.3 series on our servers as a result.

In addition, ionCube Loader is now available for the PHP 7.3 series, so we’ve made that an option you can enable in our “My Account” control panel.

These changes should not be noticeable, but as always, don’t hesitate to contact us if you have any trouble.

SSLv3 disabled on all servers

We’ve updated the SSL/TLS security settings on our servers to match current “best practices” for security, disabling the long-obsolete, insecure “SSLv3” in all cases.

Our customers shouldn’t notice any changes. We made this change on our own websites a long time ago with no reports of problems, and nearly all of the largest sites on the Internet have done the same. We’re just mentioning this so that people know to contact us in the unlikely event they do have any trouble.

That said, if you do have any trouble, it’s probably because you’re using a long-outdated, insecure web browser that you should update. You can check your browser by visiting www.howsmyssl.com. If you can’t update it, using a different browser on your computer will probably help.

PHP 7.3 series now available

The PHP developers recently released a brand new version, PHP 7.3, so PHP 7.3.0 is now available in our control panel (in addition to the PHP 5.6, 7.0, 7.1 and 7.2 series).

We don’t yet recommend PHP 7.3 for most customers. It’s fairly new and some third-party scripts aren’t yet compatible with it. If you want to try it anyway:

  1. First, update your site’s PHP scripts (including WordPress, Joomla, any plugins or themes you use, and so on)
  2. Login to our My Account control panel
  3. Click PHP Settings
  4. Click PHP 7.3 series
  5. Click Save Settings

After updating, test your site carefully to make sure there aren’t any problems.

By the way, if all this seems confusing, we have a page explaining more about PHP versions and updates.

PHP 7.2 is now the default for new accounts

The somewhat older PHP 7.2 series has been out long enough that all modern script software should be compatible with it, and the authors of popular scripts like WordPress recommend using it. Because of that, we’re making PHP 7.2 the default for new customers.

We haven’t changed the version for any existing accounts, but we recommend that all customers use PHP 7.2 if possible (the instructions above explain how to choose the version your site uses). PHP 7.2 is slightly faster than PHP 7.1 and almost twice as fast as PHP 5. If you care about your site’s speed (and you should), always use the newest version of PHP that’s compatible with your scripts.