Our business offices will be closed on Thursday, November 26 to observe the US legal holiday for Thanksgiving.
As always, we’ll provide same-day support for time-sensitive issues via our ticket and e-mail systems. However, questions that aren’t time-sensitive (including most billing matters) may not be answered until Friday, and telephone support (via callbacks) will be available only for urgent problems.
We write a lot about how out of date WordPress plugins or themes can cause your site to get “hacked” due to security bugs.
Interestingly, many of these bugs have a near-identical flaw: They intentionally allow strangers to upload files to your site (intending to allow image uploads and so on), but they don’t sufficiently screen out malicious script files. The bugs allow a malicious PHP script somewhere under the site’s “/wp-content/uploads” directory, then the “hacker” simply runs that script in a web browser.
To help our customers, we’re doing something to minimize the impact of these security vulnerabilities: By default, we’re now blocking PHP scripts from running in “/wp-content/uploads”.
This will improve security because very few sites use this feature legitimately (and none should do so, really; relying on being able to run uploaded PHP scripts without moving them to a safe location is a security risk). Disabling PHP scripts in this directory is recommended by well-known WordPress security companies like Acunetix and Sucuri.
As we mentioned in a previous post, our customers can now test the next major update to PHP, version 7.0, which is almost twice as fast as the current PHP 5.6. (There is no PHP version 6: That project was abandoned by the PHP authors.)
Today we updated the test version on our servers from 7.0.0RC6 to the latest 7.0.0RC7.
The PHP developers recently released version 5.6.15 that fixes several bugs. We’ve upgraded PHP 5.6 on our servers as a result.
As we mentioned in a previous post, our customers can now test the next major update to PHP, version 7.0, which is almost twice as fast as the current PHP 5.6. (There is no PHP version 6: That project was abandoned by the PHP authors.)
Today we updated the test version on our servers from 7.0.0RC5 to the latest 7.0.0RC6. This updated version also includes support for the ImageMagick extension, making it functionally complete.
