Several people have asked us about the recent WordPress WP Super Cache and W3 Total Cache plugin security vulnerability.
For the most part, sites hosted on our servers aren’t vulnerable to this because we block comments that contain the malicious code.
We’ve talked before about WordPress login rate limiting. Attempts to guess WordPress administrator passwords are an ongoing problem, getting worse all the time.
The average WordPress site we host has received tens of thousands of malicious login attempts this month, with hundreds of thousands of different IP addresses being used in the attacks. We try to block the IP addresses that are responsible, but the ever increasing number of addresses means we can’t block all of them — an individual address often attempts a login only once a day for a given site. We need to adopt other tactics.
The PHP developers have announced the release of version 5.3.22 that fixes several bugs. We’ve upgraded PHP 5.3.21 to version 5.3.22 on our servers as a result.
In addition, we now offer PHP version 5.4.12 as an optional choice in our control panel. For now, the PHP 5.4 series is recommended only for customers who need to test “cutting edge” features. Most customers should stick with the PHP 5.3 series, which is compatible with a wider variety of scripts.
Earlier today, Twitter user @adam_baldwin mentioned finding a security flaw on our site. He reported this to us (thanks!) and we fixed it, then another Twitter user @mattmcgee asked what it was. It helps everyone on the Internet be transparent about security, so here’s an attempt at an explanation.
WordPress 3.5.1 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you can upgrade it from within your WordPress Dashboard.
As a reminder, you should always update immediately when WordPress tells you there’s a new version available in the Dashboard. Don’t let yourself get behind, because it gets more difficult to update smoothly if you’re several versions out-of-date.
In addition, don’t avoid upgrading just because the upgrade screen says you should make a backup of your WordPress files and database first: we already make backups for you, automatically, every day.
The PHP developers have announced the release of version 5.3.21 that fixes several bugs.
We’ve upgraded PHP 5.3.20 to PHP 5.3.21 on our servers as a result.
One of the options we offer to speed up busy PHP sites is called eAccelerator. However, eAccelerator doesn’t usually help for low volume sites, so we’ve disabled it by default in those cases. The rest of this post explains more.
WordPress 3.5 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you can upgrade it from within your WordPress Dashboard.
As a reminder, you should always update immediately when WordPress tells you there’s a new version available in the Dashboard. Don’t let yourself get behind, because it gets more difficult to update smoothly if you’re several versions out-of-date.
The PHP developers have announced the release of version 5.3.20 that fixes several bugs.
We’ve upgraded PHP 5.3.19 to PHP 5.3.20 on our servers as a result.
In an earlier post, we described how we’re phasing out PHP 5.2.6 in favor of the newer PHP 5.3 series.
Our original intention was to remove the long-obsolete 5.2 series entirely. However, a small number of customers have told us they’re unable to update their scripts to work with PHP 5.3, usually because the script is more than five years old and no newer version is available.
To help these customers, we’re making an extra version of PHP available: version 5.2.17. That’s still an outdated version, but for technical reasons we’re able to support it for a while longer than PHP 5.2.6, giving customers at least six extra months — perhaps even longer — before PHP 5.3 is the oldest version available on our servers.
We still recommend that all customers use the PHP 5.3 series. However, if you’re unable to do that, you can now use our “My Account” control panel to choose PHP 5.2.17 instead:
Our previously announced schedule to remove PHP 5.2.6 still applies, except that PHP 5.2.6 customers will be switched to version 5.2.17 (instead of all the way to the 5.3 series) if they don’t upgrade to 5.3 themselves.
