Earlier today, Twitter user @adam_baldwin mentioned finding a security flaw on our site. He reported this to us (thanks!) and we fixed it, then another Twitter user @mattmcgee asked what it was. It helps everyone on the Internet be transparent about security, so here’s an attempt at an explanation.
WordPress 3.5.1 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you can upgrade it from within your WordPress Dashboard.
As a reminder, you should always update immediately when WordPress tells you there’s a new version available in the Dashboard. Don’t let yourself get behind, because it gets more difficult to update smoothly if you’re several versions out-of-date.
In addition, don’t avoid upgrading just because the upgrade screen says you should make a backup of your WordPress files and database first: we already make backups for you, automatically, every day.
WordPress 3.5 was recently released, and as always, we’ve updated our WordPress one-click installer to automatically install the latest version for new WordPress sites.
If you’ve previously installed WordPress, you can upgrade it from within your WordPress Dashboard.
As a reminder, you should always update immediately when WordPress tells you there’s a new version available in the Dashboard. Don’t let yourself get behind, because it gets more difficult to update smoothly if you’re several versions out-of-date.
Between 11:00 PM and 11:59 PM Pacific time on Saturday December 22 2012, the MySQL database software on each of our servers will be upgraded to version 5.1.66 and restarted. This will cause an approximately 30 second interruption of service on each customer Web site at some point during this hour.
This upgrade is necessary for security reasons. We apologize for the inconvenience this causes.
Update December 22 11:17 PM: The maintenance was completed with less than 30 seconds downtime per server.
WordPress 3.4.2 was released yesterday, and it contains important security updates to keep your site safe.
Our WordPress one-click installer automatically installs the latest version for new sites. If you’ve previously installed WordPress, you should upgrade it right away from within your WordPress Dashboard.
In fact, you should always update immediately when WordPress tells you there’s a new version available. Don’t let yourself get behind, because it gets more difficult to update smoothly if you’re several versions out-of-date.
Between 11:00 PM and 11:59 PM Pacific time on Saturday June 23 2012, the MySQL database software on each of our servers will be upgraded to version 5.1.63 and restarted. This will cause an approximately 30 second interruption of service on each customer Web site at some point during this hour.
This upgrade is necessary for security reasons. We apologize for the inconvenience this causes.
Update 11:12 PM June 23: The maintenance was completed as planned.
There’s been a lot of talk in the last few days about a nasty PHP security bug that allows “hackers” to compromise some Web sites that use the PHP scripting language.
Our customers are not vulnerable to this problem because of the way PHP is set up on our servers. You don’t need to worry about it.
WordPress 3.3.2 was released today, and it contains an important security update to keep your site safe.
Our WordPress one-click installer automatically installs the latest version for new sites. If you’ve previously installed WordPress, you should upgrade it right away from within your WordPress Dashboard. (You should always do that when WordPress tells you there’s a new version available.)
Lots of people (and lots of our customers) use WordPress to run their Web sites. This unfortunately means that lots of “hackers” also try to guess the passwords of those sites.
That’s a problem, so we’ve had WordPress login “rate limiting” in place for a long time. When a single IP address tries loading the WordPress “wp-login.php” script many more times than a human would, we temporarily block that IP address from accessing the “wp-login.php” page until the requests stop for a while.
This works pretty well: we’ve blocked literally millions of password attempts this way. However, last week one of our customers had his site hijacked by someone who did indeed simply guess his WordPress password.
Between 10:00 PM and 11:00 PM Pacific time on Friday March 9, 2012, we’ll be updating the MySQL database software on all our hosting servers. This will cause a Web site service interruption of about 30 seconds for some customers at some time during this period. E-mail will not be affected.
This maintenance is necessary to install a mandatory MySQL security update that will upgrade the MySQL version to 5.1.61. We apologize for any inconvenience this causes.
Update 10:13 PM: The maintenance was completed with less than 30 seconds downtime on each server. Customers should not notice any changes, but as always, don’t hesitate to contact us with any questions or problems.
