Let’s Encrypt Interface New Options

Making SSL certificated accessible and used by everyone has been our ongoing effort for more than a year now. We were among the first to provide the free Let’s Encrypt certificates. Then, we automated the SSL issuing for all accounts. Later, we upgraded our WordPress plugin, SG Optimizer, to allow 1-click WordPress SSL configuration. Now we’re making the next step - our latest upgrade to the Let’s Encrypt tool in cPanel allows you to force all your domain traffic through HTTPS with a single click regardless of the application you are using. Read below to find out what are the new options in our Let’s Encrypt interface.

Read More

How our new anti-bot AI prevents millions of brute-force attacks

For the last few days we have been gradually launching a new AI-based bot prevention system on our servers developed by our own DevOps specialists. We are already seeing amazing results from the operation of the system. Each hour it blocks between 500 000 and 2 million brute-force attempts across all our servers. Thus, we have prevented an unknown number of potential unauthorized logins, but what is even more important -- we have managed to save an enormous amount of server resources that can now be used for a meaningful and legitimate activity by our users.

Read More

SG Optimizer – Our WordPress Plugin

In 2012 we released a SiteGround WordPress plugin. Its purpose was to connect the WordPress installations of our users with our caching service - the SuperCacher. For many years all updates we have made to the plugin were only related to the caching functionality. However, in the last few months we have added two completely new functionalities (HTTPS switch and PHP 7.0 updater) and have changed the plugin name to SG Optimizer. To learn more about what is now included in the SG Optimizer read below.

Read More

Get your WordPress on PHP 7.0 now!

We have just released a new version of our WordPress plugin 3.2.1 the SG Optimizer, which allows you to move to PHP 7.0 with a click.  We encourage all SiteGround customers to utilize this great option and make their WordPress installation run on PHP 7.0 now. PHP 7.0 has been available on our servers for over a year and it is high time that all of our customers take full advantage of the considerable performance boost it provides.

Read More

NextGEN Vulnerability Patched on SiteGround Hosting

Yesterday, our partners from Sucuri have discovered a serious SQL injection vulnerability in one of the most popular WordPress gallery plugins - NextGen Gallery. Our security team started working immediatelly on the issue and created a rule in our web application firewall (WAF) to block any potential attempts to exploit this vulnerability. However, we strongly recommend that all NextGen Gallery users update their plugin to version 2.1.79 which fixes the core of the issue in the plugin code.

Cloudflare HTTPS and WAF Update

Since we launched our integration with Cloudflare in 2012 we have seen thousands of our customers benefit from its CDN and the site security functionalities. Today we are happy to announce two improvements in the Cloudflare packages we provide. First, the SSL is now supported in the free plan of the service. Second, we have included a very cool security feature - the Cloudflare Web Application Firewall, in our Plus plan.

Read More

WordPress AutoUpdater Restarted

We first launched our WordPress AutoUpdater in 2012. Some tweaks were made to the system a year later, when the original AutoUpdate feature was included in the WordPress core, but we continued to rely primarily on our own system for our customers. The SiteGround AutoUpdater has been used successfully for the last 5 years and has kept a lot of our customers up-to-date and safe from hacks. Thanks to it, more than 70% of the WordPress installations on our servers have been constantly using the latest software version. However, we have been thinking for a while how to get this percentage even closer to 100. The recent security issues with WordPress REST API motivated us to introduce a change into the system that increased the upgrade rate to more than 90%.

Read More

HTTPS for WordPress With a Click

UPDATE: If you're using CloudFlare with your website, make sure you set the SSL Option in our CloudFlare tool in cPanel to Flexible,  then configure WordPress to work through HTTPS and finally, switch the option in CloudFlare to Full Strict. This way, you will not have any downtime during the reconfiguration process. Check out our CloudFlare tutorial for additional information on that matter.

A month ago we made the first step to increase the adoption rate of SSL certificates amongst our customers by starting to issue automatically Let's Encrypt certificates for all domains hosted on our servers. However, there still remained a manual step to configure all applications to use the certificates we've made available. We knew that if we really wanted to see a rise in the HTTPS usage we not only needed to provide the SSLs, but also make it easy for our clients to implement them. Today we are happy to announce that we have achieved this second goal for a large group of our customers -- the WordPress users.

Read More