Our hosting customers can now get free SSL certificates to secure their site.
What’s an SSL certificate? It activates the “padlock” icon for your site in a Web browser, showing that the connection is encrypted for security. You should use an SSL certificate if your visitors type sensitive data such as usernames, passwords or credit card numbers, because it ensures that “hackers” can’t intercept that data.
SSL certificates used to cost a lot of money, but an organization called Let’s Encrypt is now providing them for free, trying to encourage the widespread use of encryption on the modern Internet.
We believe that encryption should be widely available, so we’ve changed our SSL certificate system to provide free Let’s Encrypt certificates to our hosting customers. You can get one now in our “My Account” control panel.
Read the rest of this entry »
The PHP developers recently released versions 7.0.2, 5.6.17 and 5.5.31 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
Read the rest of this entry »
Some of our customers are still using the PHP 5.3 series, even though it’s obsolete and not recommended.
We’ve “rebuilt” the old PHP 5.3.29 software to patch a serious security bug it contains. This bug is the partial cause of a recent Joomla security problem.
The rebuilt version will be deployed on all our servers within the next few hours. No changes should be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
Read the rest of this entry »
The PHP developers recently released version 7.0.1 that fixes several bugs. We’ve upgraded PHP 7.0 on our servers as a result.
Read the rest of this entry »
The authors of the Joomla software announced today that every version of Joomla below 3.4.6 has a critical security bug that allows “hackers” to take over a site.
The bug was in use by hackers for two days before the Joomla authors patched it, and we found several Joomla customer sites that had been modified as a result. We’ve restored backups of those sites and notified those customers directly, but we recommend that all Joomla users change their password to be safe, even if we didn’t notify you of a problem.
The best solution for Joomla users is to update to version 3.4.6 immediately. However, we also added a rule to our servers this morning to block any more attacks until our customers can update. The rule should ensure that if you use our hosting service, and your site hasn’t already been modified, hackers won’t be able to take advantage of this bug.
WordPress 4.4 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed an older version of WordPress, you should update it from within your WordPress Dashboard.
The PHP developers recently released PHP version 7.0.0, as well as an update to the 5.6 series, version 5.6.16. We’ve upgraded PHP on our servers as a result.
The official release of PHP 7 means we’ll start encouraging customers to use it (as long as they use modern scripts like current versions of WordPress). It’s almost twice as fast as old versions of PHP. Yes, really: Twice as fast. We’re using it ourselves on this blog.
If you’d like your WordPress or other PHP-based site to seem snappier, or be able to handle twice as many visitors per second, you can easily do so:
- Login to our My Account control panel
- Click PHP Settings
- Click PHP 7.0 series
- Click Save Settings
Then test your site to make sure it works properly. If it does: Great, you’ve just made your site much faster! If it doesn’t, it’s probably because you’re using older scripts that haven’t yet been updated, and you can simply set PHP back to an earlier version for now. We recommend that you always use the latest version that works properly with your scripts.
As always, if you have any trouble, don’t hesitate to contact us.
We write a lot about how out of date WordPress plugins or themes can cause your site to get “hacked” due to security bugs.
Interestingly, many of these bugs have a near-identical flaw: They intentionally allow strangers to upload files to your site (intending to allow image uploads and so on), but they don’t sufficiently screen out malicious script files. The bugs allow a malicious PHP script somewhere under the site’s “/wp-content/uploads” directory, then the “hacker” simply runs that script in a web browser.
To help our customers, we’re doing something to minimize the impact of these security vulnerabilities: By default, we’re now blocking PHP scripts from running in “/wp-content/uploads”.
This will improve security because very few sites use this feature legitimately (and none should do so, really; relying on being able to run uploaded PHP scripts without moving them to a safe location is a security risk). Disabling PHP scripts in this directory is recommended by well-known WordPress security companies like Acunetix and Sucuri.
Read the rest of this entry »
As we mentioned in a previous post, our customers can now test the next major update to PHP, version 7.0, which is almost twice as fast as the current PHP 5.6. (There is no PHP version 6: That project was abandoned by the PHP authors.)
Today we updated the test version on our servers from 7.0.0RC6 to the latest 7.0.0RC7.
Read the rest of this entry »
The PHP developers recently released version 5.6.15 that fixes several bugs. We’ve upgraded PHP 5.6 on our servers as a result.
Read the rest of this entry »
