Starting today, all WP NET Managed WordPress hosting plans include support for
Update 19 August: We’ve decided to rename our FreeSSL feature to AutoSSL!
All customers on MWP2 servers are now able to install Let’s Encrypt certificates and convert their site to use the
This move is largely in response to recent changes in many of the major web browsers and how they display non-HTTPS websites. You may have heard recently that the Google Chrome browser will now display “insecure” in the address bar when viewing any site using HTTP. These changes are further driving the move towards SSL / TLS encryption for all websites.
Effective today, the Starter + SSL hosting plan is retired and all customers on that plan have been crossgraded to Starter 1GB. All customers who were previously on the Starter + SSL plan will have their next account reduced to the $29 per month ($319 per year) price.
Converting your site to HTTPS
Converting your site is pretty straightforward, just login to the Plesk Panel, go to the Security Advisor and follow the steps to install a Let’s Encrypt certificate and convert your site to use the
At WP NET, our customers website security is of the utmost importance to us. We employ various, overlapping malware and virus detection systems to provide the most robust protection to our customers.
Starting today, all WP NET Managed WordPress hosted sites will be scanned daily using the Google Safe Browsing API. This is in addition to our existing server-side malware scans and Sucuri SiteCheck external scans.
Our existing uptime monitoring system also performs additional Google SafeSearch and virus / malware scans on a rotating hourly schedule.
If a scan identifies any issues, WP NET support will contact the customer directly to discuss the best course of action to remedy the problem(s).
If you have any questions regarding our security and protections systems in place, please contact NET and we’ll be happy to help.
We’ve recently deployed an update to our Managed Cloud Server Control Panel that adds support for managing FreeSSL (Let’s Encrypt) Certificates from directly within the Control Panel.
This means that all our Managed Cloud Server customers can now instantly apply SSL Certificates to their sites with the click of button. With this new addition — and considering the performance and SEO benefits of running sites with SSL — we recommend that all Cloud Server sites run under SSL.
More information, and complete instructions for using the Cloud Server Control Panel are available in our WP NET KnowledgeBase.
If you use WooCommerce, chances are you also use PayPal. Many PayPal users have begun receiving notification from PayPal regarding various security updates to their systems. Included in these updates are changes to the IPN (Instant Payment Notification) URLs. Many users are concerned about the impact this may have on their PayPal payments processing with WooCommerce.
If you’re interested in the technical details, you can read about it on the PayPal Knowledge site.
This is a concerning development, as a malicious user somehow gained access to the plugin’s source code on the WordPress plugin repository and added the malware. They then bumped the plugin’s version number and anyone who installed the update was unwittingly infected by the backdoor exploit. Ouch. … continues
There have been two critical security issues in recent days, which we wanted to bring to your attention.
Firstly, a serious vulnerability was discovered in the glibc library which is included in just about every Linux OS distribution. This was particularly concerning as 1) the vulnerability has existed since 2008(!) and 2) because the glibc library is so widespread, being used in Linux, smartphones, routers and all sorts of other devices. It could be sometime before some of these vulnerable devices are identified and patched. The bug is listed as CVE-2015-7547.
If you host with WP NET you can relax — we’ve already patched all our shared servers and Cloud Servers. … continues
Due to recent developments in brute-force hacking attempts using WordPress XML-RPC, we have implemented a new security measure to protect our customers.
The Sucuri Security blog post, Brute Force Amplification Attacks Against WordPress XMLRPC explains this issue very well, so we urge you to have a read if you would like to know more about this. … continues
As reported by Sucuri recently, Brute-force attacks on WordPress sites are on the rise and are still one of the most common website compromises.
We are in the final stages of deploying improved malware scanning capability on all WP NET servers.
In addition to the external malware scanning we perform using Sucuri Security’s SiteCheck scanner, we will also be performing server-side malware scanning using industry standard software which provides a more robust and comprehensive scanning capability.
For the time being we will continue to operate both systems for malware scanning, but we will be reviewing this in the future and we may discontinue the Sucuri SiteCheck scanner if we find that it is no longer beneficial.
If you have any questions regarding this, please feel free to get in touch.
It’s been another busy week for WordPress security — first a large number of very popular plugins were found to be vulnerable to XSS (Cross-site Scripting) attacks due to improper use of a couple of commonly used functions. Then, an important security update for the WordPress core, version 4.1.2 was released. Plugin and theme authors the world over are no doubt still busily checking their code and updates to various plugins and themes are still rolling out as I write this post (though most have already been fixed and updated a couple of days ago).
Many WordPress users are probably wondering … why are there so many security patches coming out for WordPress? Is WordPress a safe platform for my website? … continues