Is Your Online Store Ready for Black Friday?

black-friday

Black Friday is a date, highly anticipated by marketeers and store owners across the entire world. What started as a purely American tradition is now a global event. On this day stores give their greatest discounts and a lot of people are anticipating it to get the item or service they've been looking forward to for months. Usually on Black Friday online stores get a huge traffic peak and multiply their sales. However, you have to make sure that both your website application (e.g. WordPress) and hosting environment are prepared for this traffic surge. Otherwise you risk turning a great sales day into a disaster. Read on to get more information on how to prepare your online store for the upcoming Black Friday and get the most out of it!

Read More

Jetpack Critical Security Vulnerability

jetpack

Today a critical vulnerability was found in one of the most popular and widely used WordPress plugins - Jetpack. Fortunately, according to the plugin authors there is no evidence that this issue has been used to hack real sites. However, an update of the plugin was released - Jetpack 4.0.3.

As usual, our security team was pro-active and updated our WAF (web application firewall), adding rules to prevent the hack from being used. This means that even if your plugin is not updated to the latest version, your site will still be protected. However, we urge all Jetpack users to update the plugin to its latest version in which the vulnerability is patched.

ImageMagick Vulnerability Fixed

imagemagick

ImageMagick is one of the most widely used services to process images. Most of the web applications use it for many different purposes - to crop images, to resize them, to generate different thumbnail sizes, etc. Unfortunately, a serious vulnerability was discovered within the service, that allows an attacker to execute code remotely on your site. As usual our security team started working on a way to protect our customers immediately and came up with a solution hours after the vulnerability was disclosed.

Read More

Critical glibc Vulnerability Patched on all SiteGround Servers

gnu

Hours ago a critical vulnerability in  the GNU C Library (glibc) was announced alongside a proof of concept for the attack. This library is one of the main components in the majority of Linux distributions (if not all) including those, used for server OS'es. Without getting into too much technicalities, the exploit allows an attacker to remotely execute code by following a simple link. That's one of the most severe vulnerabilities discovered in the recent years and potentially affects pretty much any Linux server out there.

Given that all SiteGround servers run on CentOS - a Linux distribution, we took immediate measures to secure our machines. I am happy to announce that a patch has been applied on all our servers and our customers are well protected against this security threat!

WordPress 4.4.1 Security & Maintenance Release

wp-vulnerabilityfixed

A new WordPress security update 4.4.1 was announced yesterday. The latest version fixes a cross-site scripting vulnerability that allows a site to be compromised as well as some minor issues.

All WordPress sites at SiteGround with enabled autoupdate service have been updated to the new version 4.4.1 last night and are safe and sound. For all WordPress sites that do not have the autoupdate option on, we have applied a rule in our WAF (web application firewall) that will block possible hacking attempts. As our firewall rule is not covering all possible hack scenarios, we are additionally patching WordPress sites on versions 3.7 to 4.4 at a website level.

Regardless of the security shields we have placed, we still recommend all websites that have not been autoupdated to upgrade to the newest version 4.4.1 or to the latest version within their current branch as soon as possible.