WordPress 4.4.1 Security & Maintenance Release

wp-vulnerabilityfixed

A new WordPress security update 4.4.1 was announced yesterday. The latest version fixes a cross-site scripting vulnerability that allows a site to be compromised as well as some minor issues.

All WordPress sites at SiteGround with enabled autoupdate service have been updated to the new version 4.4.1 last night and are safe and sound. For all WordPress sites that do not have the autoupdate option on, we have applied a rule in our WAF (web application firewall) that will block possible hacking attempts. As our firewall rule is not covering all possible hack scenarios, we are additionally patching WordPress sites on versions 3.7 to 4.4 at a website level.

Regardless of the security shields we have placed, we still recommend all websites that have not been autoupdated to upgrade to the newest version 4.4.1 or to the latest version within their current branch as soon as possible.

 

Critical Vulnerability in Joomla Fixed on Zero-day

joomla-vulnerability

Yesterday, a serious vulnerability that affects all major Joomla versions was disclosed. Using this security breach a hacker could do a full remote command execution on the targeted site. We have worked together with the Joomla Security teams and came up with a rule in our WAF (web application firewall) that would block hacking attempts using this vulnerability and we don't have reports for hacked accounts through this exploit.

Read More

JetPack XSS Security Issue – What We Did to Protect You

jetpack
On October 1st, a security issue in JetPack, one of the most commonly used WordPress plugins, was disclosed by our partners from Sucuri. The vulnerability was severe because an attacker could exploit the contact form feature of the plugin to insert and execute JavaScript code as an admin of your site. Needless to say, that could lead to all sort of problems - injecting black SEO links, adding backdoors for full access to your account, accessing private information, etc. In this recap post, we would like to summarise what we did to protect SiteGround users with this plugin installed.

Read More

The SuperCacher Plugin for WordPress (SG CachePress) Just Got an Update

wp-super-cacher-up

Those of you who are using our caching system, the SuperCacher, to boost the speed of their WordPress sites have probably already noticed that we've released an update for the plugin. Although we regularly maintain the extension and keep it up-to-date, this update adds some features with new and useful functionality. They can help you manage better your site.
Read More