menu

security

  • Categories

  • Subscribe:

    Get our blog’s monthly recaps!

  1. Managed Optimized Wordpress Hosting in Raleigh NC

    WordPress 3.5.1 Maintenance and Security Release

    WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include:

    • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
    • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
    • Networks: Suggest proper rewrite rules when creating a new network.
    • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
    • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
    • Suppress some warnings that could occur when a plugin misused the database or user APIs.

    Additionally, a bug affecting Windows servers running IIS can prevent updating from 3.5 to 3.5.1. If you receive the error “Destination directory for file streaming does not exist or is not writable,” you will need to follow the steps outlined on the Codex.

    WordPress 3.5.1 also addresses the following security issues:

    • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
    • Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
    • A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

    Download 3.5.1 or visit Dashboard → Updates in your site admin to update now.

  2. New WordPress Update Service

    wordpress-pluginIf you are running a WordPress website and you can’t remember the last time you updated WordPress and your installed plugins, then this is for you!

    Updating WordPress and plugins regularly ensures that your website is running with the latest features and most importantly has all of the latest security patches applied. Just like with your computer updates, your website system needs to be updated regularly too to minimize the threat of a hacker exploiting your site.

    To make sure you are staying on top of your WordPress updates, we are releasing a new monthly service where we will update your WordPress install and all your plugins at least once a month for $15 a month.

    If you are interested, contact us here or call us at 919-374-3014.

  3. Managed Optimized Wordpress Hosting in Raleigh NC

    WordPress 3.5 Update

    The folks at WordPress released the 3.5 update and we recommend upgrading. It provides several aesthetic updates, support for Retina displays and  reworks the image management area to make it more user friendly. For a full writeup on the update, click here.

  4. 4 Ways to Bulletproof Your WordPress Site

    Malicious hackers-many might say they are the bane of the Internet! After all, there are few things more frustrating than dealing with spam, objectionable content and in some extreme cases, complete overhauls of websites due to your website getting hacked. Hackers can cost time and money-neither of which most of us want to spend on fixing a hacked website! But thankfully, we don’t have to be easy prey to those eager to inflict our sites with malware. There a variety of actions we can take to protect our websites and other online accounts from hackers.

    However, before we delve into how to be protected, first, let’s look at the types of malware there are to be cognizant of. After all, it is hard to fight something you don’t know anything about.

  5. Managed Optimized Wordpress Hosting in Raleigh NC

    WordPress 3.4 “Green”

    WordPress 3.4 has been released! We recommend that everyone running WordPress to upgrade as it will ensure a more secure and faster running site, plus some other neat additions. According to The WordPress website, “This release includes significant improvements to theme customization, custom headers, Twitter embeds (see example of one below), and image captions.” Click here for more details!

  6. Tim Thumb…No Not a Fairy Tale

    If you run a WordPress website, especially if you use a pre-built template, there is a good chance that your theme uses the timthumb.php script for resizing images. That script was found to be exploitable several months ago, and there has been updates released to patch your file, but many don’t know how to do it or even that they need to.

    Enter the Timthumb Vulnerability Scanner. This is a free plugin for WordPress that will scan your site to see if you are using an outdated version of the timthumb.php file and if so, fix it for you.

    If you host with Page Progressive, then we’ve scanned our server and patched any old timthumb.php files but if you are hosting elsewhere, it’s possible your host has not scanned for it and you may need to check to make sure you are not vulnerable to this exploit. It could lead to your site getting hacked and allow malware to be distributed though it, and that will ruin just about anyone’s day.

« Previous Entries