Sucuri has recently announced the discovery of a XSS vulnerability that affects multiple plugins. At least 15 popular plugins are affected including Jetpack, WordPress SEO, Gravity Forms and more. At the time of the vulnerability disclosure the majority of the plugin authors have launched new versions of their plugins fixing the issues. The next day a security release (4.1.2) of the WordPress core itself was released. It is reported to fix several security issues too.
A security vulnerability in the famous WordPress SEO plugin by Yoast was just reported by the WP Scan Vulnerability Database website. Our security specialists have immediately reacted to protect all SiteGround customers and have crafted and added new security rules to our WAF (web application firewall). This means that we will actively filter any possible incoming hacking attempts that try to exploit the vulnerability.
Although Yoast SEO users are protected on our servers we still highly recommend to anyone using the plugin to update it to the latest version 1.7.4. This latest release is not vulnerable to the reported Blind SQL Injection.
Few months ago WordSesh organizers contacted us asking if we would host their online conference. Needless to say, we got quite excited to help this great WordPress event happen. The project was very interesting from a technical point of view too, as we needed to ensure that thousands of visitors will be able to follow the free live stream for 24 hours without any downtime or other technical issue.
During the past few weeks, we have undertaken a serious campaign to increase the number of the WordPress sites that use more recent PHP versions on our servers. As a result, now more than 90% of all our WordPress sites are on PHP 5.5 or higher. As scary as such a massive update may sound when you have more than 100,000 WordPress instances, it turned out to be a real success.
Since we initially released jHackGuard back in 2010, it has been shipped with all the Joomlas installed on SiteGround servers and has additionally been downloaded more than 86,000 times from our download pages. What started as an internal tool for protecting Joomla sites under attack has turned into a really successful plugin that has helped thousands. Today we are happy to announce the release of a major jHackGuard update which greatly extends its functionality.