The SSLv3 ‘POODLE’ Vulnerability
-All our servers now have SSLv3 disabled to mitigate the recently revealed SSLv3 vulnerability, dubbed POODLE.
WP NET servers are NOT vulnerable to the POODLE attack.
Please note that this issue affects both servers and browsers, you should disable SSLv3 in your web browser as soon as possible.
For help with disabling SSLv3 in your browser go to: zmap.io/sslv3/browsers.html or scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/
For more information about the POODLE vulnerability, please read the following references:
- http://googleonlinesecurity.blogspot.co.nz/2014/10/this-poodle-bites-exploiting-ssl-30.html
- https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
- https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/
- https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack
.nz domain registrations now available
-WP NET now offers the new ‘.nz’ TLD domain registrations. You can register or transfer .nz domains directly from our website.
Pricing is the same as all other ‘nz’ domains; NZD$40 per year.
You can search for domain names and see our complete price list on our Domain Checker page.
You can read more about .nz domains on a special NZ Domain Name Commission website: anyname.nz
Another week — another serious security vulnerabilty
-Security vulnerabilities are happening more and more, again this week there are been two serious security issues revealed.
iThemes, creators of the very popular BackupBuddy and iThemes Security plugins have had their membership systems compromised, and it appears likely that hackers have gotten away with up to 60,000 users email addresses and passwords. If you are an iThemes customer, you should immediately reset your password — your previous password won’t work any more, as iThemes have disabled them — you must reset your iThemes membership password before you can access your account. If you are a user of Backup Buddy, iThemes Security Pro, iThemes Sync or iThemes Stash then this affects you. Please go to the iThemes website and reset your password now. … continues
Why use Managed WordPress hosting? Security, security, security.
-It’s been a busy week for WordPress security, firstly a critical security issue was discovered in the very popular WordPress slider plugin; Slider Revolution, and just today an important security fix was released for Gravity Forms, another very popular WordPress plugin.
Whilst in both these cases the developers have responded rapidly to resolve issues (in fact the Slider Revolution bug was patched back in February 2014), the onus does fall on to the user to update their plugins. Failure to do so could leave your website vulnerable to attack. The Slider Revolution bug was particularly nasty, allowing a malicious user to download the wp-config.php file (or just about any file actually). The wp-config.php file contains all the database connection credentials so this was very serious indeed. … continues
Backup systems improvement
-For some time now we have used our remote WordPress management system to execute database backups each night and upload these securely to Amazon S3. This has worked well, but it was not proving to be the most efficient method and there was one short-coming — only WordPress databases were backed up. There are sometimes a few instances of other databases on the server that would be nice to include in the nightly backups.
To this end, beginning today we are using a new method to backup all MySQL databases and upload to S3 — and it’s very fast. The backups execute directly on the server, and so does not require remote calls from our WordPress management software. Additionally, the temp backup files are now stored outside the web root, inaccessible to anyone. Previously, each backup was temporarily stored in the website’s ‘wp-content’ directory and then removed after upload. … continues
Plesk 12 now installed on all hosting accounts
-All WP NET servers have now been updated to the latest version Plesk Panel version 12. Plesk 12 brings a refined interface and some fantastic new features, including integrated WordPress management and backup to DropBox.
This is an exciting Plesk release for WP NET. Plesk 12 allows us to provide an even greater level of security and WordPress-centric server management services to our customers. Furthermore, the WordPress Toolkit features are also available to you — the customer — so you can now update plugins and themes yourself — should you wish to do so — directly in the Plesk Panel.
Whilst the interface is mostly the same as version 11.5, there are a few notable changes and additions.
Client Area: My WP NET is now available — my.wpnet.co.nz
-We are thrilled to announce that our new client area website — dubbed My WP NET — is now live! A lot of hard work has gone into building My WP NET to ensure that it is easy to use, looks great and integrates smoothly with our main public website.
All existing customers have access to My WP NET now, just request a password reset and you will be sent a new password to your registered email address. If you have any problems please contact us and we’ll get you set up.
My WP NET is a customer portal website — an account is automatically created when you purchase any of our services, you can then log in to access your hosting services Plesk Panel, pay invoices, open and manage support tickets and read helpful information in the KnowledgeBase. You can also read system status and updates.
WordPress 3.9 deployed
-After a slight delay while we finalised testing, we have now completed deploying WordPress 3.9 to all our Managed WordPress hosting customers.
To learn more about some of the fantastic new features and changes in WordPress 3.9, check out this article on Smashing Magazine.
Enjoy!
WordPress 3.7 deployed — 3.7.1 incoming
-No sooner had we tested and deployed WordPress 3.7 to all our Managed Hosting customers and low-and-behold — 3.7.1 is released.
One of the main new features in (the very recently released) 3.7 is the automatic installation of security and patch updates. All our customers who have been updated to 3.7 therefore have this functionality running on their site now.
Security enhancement: FTPS now available
-We are continuing our efforts to make security improvements to our hosting systems where ever possible.
System Updates
System Updates