It’s been another busy week for WordPress security — first a large number of very popular plugins were found to be vulnerable to XSS (Cross-site Scripting) attacks due to improper use of a couple of commonly used functions. Then, an important security update for the WordPress core, version 4.1.2 was released. Plugin and theme authors the world over are no doubt still busily checking their code and updates to various plugins and themes are still rolling out as I write this post (though most have already been fixed and updated a couple of days ago).
Many WordPress users are probably wondering … why are there so many security patches coming out for WordPress? Is WordPress a safe platform for my website? … continues
We’re thrilled to announce that our Managed Cloud VPS server products are now officially available.
We have been offering this service to a few select customers for a while now, and we have been carefully testing and monitoring the platform to ensure that it’s stable and fast. We’re pleased to say that it is now rock-solid — and thanks to SSD RAID drives — it’s crazy fast!
Starting at only NZD$199 per month you can get yourself a fully managed Cloud VPS server, powered by 64-bit Ubuntu Linux. We install a custom designed hosting stack, featuring Nginx with SPDY and PHP-FPM. You can choose to run either PHP 5.4, 5.5 or the latest and greatest: 5.6. … continues
An article recently published on ZDNet suggests that much of WordPress’s security woes are due to lack of knowledge on the part of the administrator. Security — an area that is often overlooked or left out of the budget altogether — if left unchecked, can make your website an easy target.
Frequently, if a handful of straightforward, proven security hardening measures had been completed, many sites would not have fallen prey to their attackers. … continues
An interesting article was recently published on ZDNet, highlighting the increasing risks associated with unmanaged WordPress hosting.
In particular, the recent vulnerability discovered in the ubiquitous Slider Revolution plugin (and the subsequent controversy about the management of it’s disclosure and patching) has raised important questions regarding WordPress management and security.
At what technical level, is it accepted that a website owner has the necessary know-how to secure a website, protect it against attacks and detect when problems occur? As WordPress becomes ever more popular around the world — so too does the need for focus on security, performance and scalability.
… security is an even bigger imperative. Many WordPress sites belong to people who don’t know jack about computers, let alone web site administration. These users are much better off with a WordPress environment in which their options are limited, but their safety protected.
In 2015, it will be more important than ever to ensure that your WordPress installations are secure and up to date.
The next major release for WordPress, version 4.1 is due to be released on December 15 2014.
You can read some (work in progress) information about the new release on the WordPress.org website.
We will be reviewing and testing WordPress 4.1 as soon as it’s released and then start our upgrade process for all our hosting customers shortly thereafter. … continues
Our NZ-Based Managed WordPress Hosting has been operating for 8 months now, and already there have been many occasions when our added level of WordPress support and expertise has given our customers security and peace of mind.
WP NET does not just host your site and leave it at that — we constantly monitor the WordPress eco-sphere for important security updates, emerging threats and other risks — and when they are discovered we inform our customers and patch our systems as soon as possible. Most other hosts are not even aware of these issues and resolving them is usually left to you.
Many WordPress sites are still vulnerable to some of these threats weeks or even months later.
WP NET also monitors your website uptime and performs regular malware scans, and if we notice any performance issues with your site, we’ll get in touch and work with you to make improvements.
So, ask yourself … can you afford not to use Managed WordPress hosting?
As we continue to grow, we want to ensure that our hosting plans provide the right balance of resources that our customers need.
To this end, we have today increased the allocated resources on all hosting plans as follows. All prices remain the same. … continues
It’s been a busy week for WordPress security, firstly a critical security issue was discovered in the very popular WordPress slider plugin; Slider Revolution, and just today an important security fix was released for Gravity Forms, another very popular WordPress plugin.
Whilst in both these cases the developers have responded rapidly to resolve issues (in fact the Slider Revolution bug was patched back in February 2014), the onus does fall on to the user to update their plugins. Failure to do so could leave your website vulnerable to attack. The Slider Revolution bug was particularly nasty, allowing a malicious user to download the wp-config.php file (or just about any file actually). The wp-config.php file contains all the database connection credentials so this was very serious indeed. … continues
For some time now we have used our remote WordPress management system to execute database backups each night and upload these securely to Amazon S3. This has worked well, but it was not proving to be the most efficient method and there was one short-coming — only WordPress databases were backed up. There are sometimes a few instances of other databases on the server that would be nice to include in the nightly backups.
To this end, beginning today we are using a new method to backup all MySQL databases and upload to S3 — and it’s very fast. The backups execute directly on the server, and so does not require remote calls from our WordPress management software. Additionally, the temp backup files are now stored outside the web root, inaccessible to anyone. Previously, each backup was temporarily stored in the website’s ‘wp-content’ directory and then removed after upload. … continues
We are thrilled to announce that our new client area website — dubbed My WP NET — is now live! A lot of hard work has gone into building My WP NET to ensure that it is easy to use, looks great and integrates smoothly with our main public website.
All existing customers have access to My WP NET now, just request a password reset and you will be sent a new password to your registered email address. If you have any problems please contact us and we’ll get you set up.
My WP NET is a customer portal website — an account is automatically created when you purchase any of our services, you can then log in to access your hosting services Plesk Panel, pay invoices, open and manage support tickets and read helpful information in the KnowledgeBase. You can also read system status and updates.