The PHP developers recently released version 5.4.20 that fixes several bugs. We’ve upgraded PHP 5.4 on our servers as a result.
We’ve also introduced support for the new PHP 5.5 series, making PHP 5.5.4 available as a new option in our My Account control panel.
Finally, we’ve updated all versions of PHP to use the latest versions of the ionCube Loader (4.4.3), ImageMagick (3.1.0) and SourceGuardian (9.5) PHP extensions. These changes should be transparent to customers.
In the unlikely event you experience any issues, don’t hesitate to let us know.
WordPress 3.6.1 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you should update it from within your WordPress Dashboard.
The new version of WordPress is described as a security release that prevents “hackers” from modifying your site if you use “a popular plugin“, whose name has not yet been revealed so that everyone has a chance to upgrade first. While we may be able to add additional protection against this vulnerability when the details are revealed, updating now guarantees your site will stay protected.
Read the rest of this entry »
There’s been a lot of discussion recently about a critical Joomla security bug that allows “hackers” to upload malicious PHP script files to Joomla sites, then run them. This would allow hackers to use your site to send spam, or to replace any file on your Web site.
Although our customers running Joomla should always upgrade to the latest versions when available, we’ve also put rules in place to protect against this vulnerability.
Read the rest of this entry »
WordPress 3.6 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you can (and should!) upgrade it from within your WordPress Dashboard.
The PHP developers recently announced the release of versions 5.3.27 and 5.4.17 that fix several bugs. We’ve upgraded PHP 5.3 and 5.4 on our servers.
In addition, we’ve updated the obsolete PHP version 5.2.17 on our servers to include the fix for a security bug that the updated 5.3 and 5.4 versions solve. (This bug wouldn’t normally be fixed because the PHP 5.2 series is no longer supported by the PHP developers, but we consider it important enough to manually backport the fix.)
These changes should be transparent to customers. In the unlikely event you experience any issues, don’t hesitate to let us know.
Earlier this month, the PHP developers announced the release of versions 5.3.26 and 5.4.16 that fix several bugs. We’ve upgraded PHP 5.3 and 5.4 on our servers as a result.
In addition, the developers of Zen Guard Loader for PHP (previously known as “Zend Optimizer”) have released a version with PHP 5.4 compatibility, so our copies of PHP 5.4.16 now support that feature, too.
Finally, we’ve also updated the ionCube Loader PHP extension (which most of our customers don’t use) from version 4.4.0 to version 4.4.1.
These changes should be transparent to customers. In the unlikely event you experience any issues, don’t hesitate to let us know.
WordPress 3.5.2 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you should upgrade it from within your WordPress Dashboard.
Read the rest of this entry »
The PHP developers have announced the release of versions 5.3.25 and 5.4.15 that fix several bugs. We’ve upgraded PHP 5.3 and 5.4 on our servers as a result.
We’ve also updated the ionCube Loader PHP extension (which most of our customers don’t use) from version 4.2.2 to version 4.4.0.
These changes should be transparent to customers. In the unlikely event you experience any issues, don’t hesitate to let us know.
Several people have asked us about the recent WordPress WP Super Cache and W3 Total Cache plugin security vulnerability.
For the most part, sites hosted on our servers aren’t vulnerable to this because we block comments that contain the malicious code.
Read the rest of this entry »
We’ve talked before about WordPress login rate limiting. Attempts to guess WordPress administrator passwords are an ongoing problem, getting worse all the time.
The average WordPress site we host has received tens of thousands of malicious login attempts this month, with hundreds of thousands of different IP addresses being used in the attacks. We try to block the IP addresses that are responsible, but the ever increasing number of addresses means we can’t block all of them — an individual address often attempts a login only once a day for a given site. We need to adopt other tactics.
Read the rest of this entry »
