PHP 5 and 7.0 Reach End-of-Life
-PHP 5 and 7.0 will soon reach end-of-life. This means that these versions will no longer receive updates of any kind, including fixes for security issues. To ensure the on-going compatibility and security of your WordPress sites, you will need to upgrade to PHP 7.2. … continues
Price Drop on AutoSSL plans!
-Starting today, all WP NET Managed WordPress hosting plans include support for
FreeSSLAutoSSL.Update 19 August: We’ve decided to rename our FreeSSL feature to AutoSSL!
All customers on MWP2 servers are now able to install Let’s Encrypt certificates and convert their site to use the
https://prefix.This move is largely in response to recent changes in many of the major web browsers and how they display non-HTTPS websites. You may have heard recently that the Google Chrome browser will now display “insecure” in the address bar when viewing any site using HTTP. These changes are further driving the move towards SSL / TLS encryption for all websites.
Effective today, the Starter + SSL hosting plan is retired and all customers on that plan have been crossgraded to Starter 1GB. All customers who were previously on the Starter + SSL plan will have their next account reduced to the $29 per month ($319 per year) price.
Converting your site to HTTPS
Converting your site is pretty straightforward, just login to the Plesk Panel, go to the Security Advisor and follow the steps to install a Let’s Encrypt certificate and convert your site to use the
https://prefix.If you need any assistance or need more information, please see Using WordPress with SSL in our Knowledgebase or contact WP NET Support and we’ll be happy to help.
Introducing Google Safe Browsing Scans
-At WP NET, our customers website security is of the utmost importance to us. We employ various, overlapping malware and virus detection systems to provide the most robust protection to our customers.
Starting today, all WP NET Managed WordPress hosted sites will be scanned daily using the Google Safe Browsing API. This is in addition to our existing server-side malware scans and Sucuri SiteCheck external scans.
Our existing uptime monitoring system also performs additional Google SafeSearch and virus / malware scans on a rotating hourly schedule.
If a scan identifies any issues, WP NET support will contact the customer directly to discuss the best course of action to remedy the problem(s).
If you have any questions regarding our security and protections systems in place, please contact NET and we’ll be happy to help.
FreeSSL now available in Managed Server Control Panel
-We’ve recently deployed an update to our Managed Cloud Server Control Panel that adds support for managing FreeSSL (Let’s Encrypt) Certificates from directly within the Control Panel.
This means that all our Managed Cloud Server customers can now instantly apply SSL Certificates to their sites with the click of button. With this new addition — and considering the performance and SEO benefits of running sites with SSL — we recommend that all Cloud Server sites run under SSL.
More information, and complete instructions for using the Cloud Server Control Panel are available in our WP NET KnowledgeBase.
PayPal Security Updates and WooCommerce
-If you use WooCommerce, chances are you also use PayPal. Many PayPal users have begun receiving notification from PayPal regarding various security updates to their systems. Included in these updates are changes to the IPN (Instant Payment Notification) URLs. Many users are concerned about the impact this may have on their PayPal payments processing with WooCommerce.
If you’re interested in the technical details, you can read about it on the PayPal Knowledge site.
Custom Content Type Manager Backdoor Exploit
-Sucuri Security recently published a detailed post about a serious backdoor exploit that was discovered in the Custom Content Type Manager plugin.
This is a concerning development, as a malicious user somehow gained access to the plugin’s source code on the WordPress plugin repository and added the malware. They then bumped the plugin’s version number and anyone who installed the update was unwittingly infected by the backdoor exploit. Ouch. … continues
Security Update – glibc
-There have been two critical security issues in recent days, which we wanted to bring to your attention.
Firstly, a serious vulnerability was discovered in the glibc library which is included in just about every Linux OS distribution. This was particularly concerning as 1) the vulnerability has existed since 2008(!) and 2) because the glibc library is so widespread, being used in Linux, smartphones, routers and all sorts of other devices. It could be sometime before some of these vulnerable devices are identified and patched. The bug is listed as CVE-2015-7547.
If you host with WP NET you can relax — we’ve already patched all our shared servers and Cloud Servers. … continues
Security Update: now blocking XML-RPC
-Due to recent developments in brute-force hacking attempts using WordPress XML-RPC, we have implemented a new security measure to protect our customers.
The Sucuri Security blog post, Brute Force Amplification Attacks Against WordPress XMLRPC explains this issue very well, so we urge you to have a read if you would like to know more about this. … continues
Brute Force Attacks on the Rise — WP NET has your back
-As reported by Sucuri recently, Brute-force attacks on WordPress sites are on the rise and are still one of the most common website compromises.
Sucuri have also created this interesting WordPress Brute-Force Attack monitoring page, which shows the brute-force activity on WordPress sites on the Sucuri network. … continues
Malware Scanning Systems Improvement
-We are in the final stages of deploying improved malware scanning capability on all WP NET servers.
In addition to the external malware scanning we perform using Sucuri Security’s SiteCheck scanner, we will also be performing server-side malware scanning using industry standard software which provides a more robust and comprehensive scanning capability.
For the time being we will continue to operate both systems for malware scanning, but we will be reviewing this in the future and we may discontinue the Sucuri SiteCheck scanner if we find that it is no longer beneficial.
If you have any questions regarding this, please feel free to get in touch.
Security
Security