This post was updated November 30, 2012 to reflect the additional availability of PHP 5.2.17.
We currently offer PHP versions 5.2.6, 5.2.17, and the 5.3 series. You can choose which version your account uses in the “PHP Settings” section of our “My Account” control panel.
PHP 5.2 has been obsolete for many years. Because of that, we’re beginning the process of removing PHP 5.2.6 from our servers and encouraging customers to switch to PHP 5.3. (PHP 5.2.17 is still available for now, but discouraged.)
Read the rest of this entry »
Shortly after we made PHP 5.3.15 available to hosting customers, the PHP team announced the release of version 5.3.16 that fixes several bugs.
We’ve upgraded PHP 5.3.15 to PHP 5.3.16 on our servers as a result.
PHP 5.3.15 is now available on all hosting accounts. It’s the default for new customers, and existing customers can update their PHP version using the “PHP Settings” link in our “My Account” control panel.
If you’re an existing customer using an older version of PHP, we haven’t yet changed your PHP version. However, we will begin doing that in about 30 days (we’ll announce that separately), so we recommend that you upgrade now. That way, if you find you’re using an outdated PHP script that isn’t compatible, you can set PHP back to the previous version and work to update the script. The old PHP 5.2 series will be removed from our servers by the end of 2012.
Read the rest of this entry »
Within the next few weeks, we’ll be making PHP version 5.3.15 available to customers in our account management control panel (and making the 5.3 series the default for all customers several months after that).
We’ve been testing PHP 5.3 ourselves for some time (among other things, it’s been running our Webmail system for several weeks, handling millions of page views without any problems), but it makes sense to test it on a wider variety of sites before deploying it for everyone.
If you would like to help us test PHP 5.3, just contact us and let us know what site(s) you’d like to enable it for. We’ll do that for you (it needs to be done manually by our staff for now).
Read the rest of this entry »
WordPress 3.4 was released yesterday, with some nice new features. Our WordPress one-click installer automatically installs the latest version for new sites. If you’ve previously installed WordPress, you should upgrade it from within your WordPress Dashboard.
There’s been a lot of talk in the last few days about a nasty PHP security bug that allows “hackers” to compromise some Web sites that use the PHP scripting language.
Our customers are not vulnerable to this problem because of the way PHP is set up on our servers. You don’t need to worry about it.
Read the rest of this entry »
WordPress 3.3.2 was released today, and it contains an important security update to keep your site safe.
Our WordPress one-click installer automatically installs the latest version for new sites. If you’ve previously installed WordPress, you should upgrade it right away from within your WordPress Dashboard. (You should always do that when WordPress tells you there’s a new version available.)
Lots of people (and lots of our customers) use WordPress to run their Web sites. This unfortunately means that lots of “hackers” also try to guess the passwords of those sites.
That’s a problem, so we’ve had WordPress login “rate limiting” in place for a long time. When a single IP address tries loading the WordPress “wp-login.php” script many more times than a human would, we temporarily block that IP address from accessing the “wp-login.php” page until the requests stop for a while.
This works pretty well: we’ve blocked literally millions of password attempts this way. However, last week one of our customers had his site hijacked by someone who did indeed simply guess his WordPress password.
Read the rest of this entry »
A couple of days ago, one of our Web servers became unstable for an unknown reason and needed to be restarted. This is rare: on average, this happens less than once every five years of uptime per server, so we took it very seriously and launched an investigation.
What we found was that the owner of one of the sites on that server made a mistake that allowed attackers to run their own scripts. That’s all too common, unfortunately, but usually only the single site is affected by this kind of thing. What was surprising in this case was that the script used a previously unknown method of causing problems for other sites running on the server.
As a result of this investigation, we’ve made several changes to our systems to ensure the problem won’t recur. The rest of this post has a detailed technical description of the problem in case it’s useful for others.
Read the rest of this entry »
Over the next four weeks, we’ll be migrating customer Web sites to upgraded servers. The servers have updated software (and upgraded hardware in some cases), and are also located in a data center with increased power reliability.
For most customers, these changes will be completely unnoticeable. However, a very small number of customers might notice software differences or experience up to five minutes total of “downtime” at some point. We recommend reading through this entire post for details.
Read the rest of this entry »
