Back in May, we posted that we now offer basic SSL certificates for just $19.00 a year, allowing you to protect your Web site without going broke.
Today, we’ve added another option: you can optionally choose a “wildcard” AlphaSSL certificate instead for just $49.00 a year.
Between 11:00 PM and 11:30 PM Pacific time this Friday, September 24, some of our hosting servers will be restarted. As a result, some customers will find that Web site service and the ability to read incoming e-mail will be unavailable for approximately five minutes at some point during this maintenance “window”.
Between 10:00 PM and 11:59 PM Pacific time this Saturday, August 28, all our hosting servers will be restarted. As a result, Web site service and the ability to read incoming e-mail will be unavailable for approximately five minutes at some point during this maintenance “window”.
One of the tools we offer our customers is the “wget” program, which can be used to fetch files from other Web or FTP servers.
It turns out that wget has a security bug that needs to be avoided. As a result, the behavior of wget has changed in some situations. If you use wget (most of our customers don’t), you should be aware of this change.
Update: This post is outdated. We now offer SSL certificates for free to all customers, and recommend that you make your entire WordPress blog use SSL (rather than just making the dashboard SSL using the FORCE_SSL_ADMIN trick described below).
Do you login to your WordPress blog securely? Are your username and password encrypted so that “hackers” can’t steal them and then break into your blog? (Probably not!)
By default, each WordPress blog is configured to send the login username and password as plain (unencrypted) text. If a hacker can see what you are sending during your login, they can easily steal your username and password. This can happen if you have a virus installed on your computer. It can also happen if your computer is virus-free but connects via WiFi. If your main computer uses a wireless connection, or if you or other users of your blog ever login with their laptops — blogging from a coffee shop, anyone? — remember that these connections can be insecure, and could be susceptible to revealing your password.
You can protect your blog by installing an “SSL certificate” and configuring WordPress to require secure logins. Your browser will then encrypt your username and password so that no one can intercept them.
We’re pleased to announce that we’ve dramatically lowered our price on SSL certificates — they’re now just $19.00.
What’s an SSL certificate? It activates the “padlock” icon for your site in a Web browser, showing that the connection is encrypted for security. You should use an SSL certificate if your visitors type sensitive data such as usernames, passwords or credit card numbers, because it ensures that “hackers” can’t intercept that data.
Between 10:00 PM and 11:59 PM Pacific time this Saturday, May 22, all our hosting servers will be restarted. As a result, Web site service and the ability to read incoming e-mail will be unavailable for approximately five minutes at some point during this maintenance “window”.
In the last few days, there’s been a lot of talk on the Internet about the security of WordPress blog software.
Several shared hosting companies apparently allow customers to view the text of other customer’s files by default, and that allows malicious customers to discover the database password of another site (from the “wp-config.php” file) and alter the site.
Between 10:00 PM and 11:59 PM Pacific time this Sunday January 3, all our hosting servers will be restarted. As a result, Web site service and the ability to read incoming e-mail will be unavailable for approximately five minutes at some point during this maintenance “window”.
If you use WordPress blog software on your site, be sure to upgrade to WordPress 2.8.6. The upgrade contains important security fixes. Upgrading is usually easy with the built-in WordPress “update now” feature.
Although all WordPress users should upgrade, we’ve added security rules to our servers to protect our Web hosting customers who haven’t yet upgraded. Other people may find the rules useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
