Since we initially released jHackGuard back in 2010, it has been shipped with all the Joomlas installed on SiteGround servers and has additionally been downloaded more than 86,000 times from our download pages. What started as an internal tool for protecting Joomla sites under attack has turned into a really successful plugin that has helped thousands. Today we are happy to announce the release of a major jHackGuard update which greatly extends its functionality.
Site speed has always been a priority for SiteGround. As you know we carefully choose our hardware, we do a lot of customizations on the server software and we have added Varnish and Memcached support within our SuperCacher plugin. All this is done to provide you the fastest possible environment. However, the speed of your site depends not only on the environment it’s hosted on but on the way it’s built and handled by browsers too. This is why we’re happy to announce our partnership with the creators of the WP Rocket plugin for WordPress which can further optimize the speed of your WordPress by improving the way it is opened by the browsers.
For the last few months there have been times that I wasn't present at the office, I could not attend some of the weekly SiteGround meetings and I have neglected a lot of the internal mail communication, that needed my attention. But it was all for a great reason -- I was lucky and honored to be part of the core organizing team of what turned out to be one of the most successful WordCamps. With 2 conference days, a packed Contributors Day and almost 800 people in attendance, I dare to say that WordCamp Europe was one of the best and most rewarding experiences I’ve ever been part of.
A serious vulnerability in the popular Joomla extension VirtueMart was discovered by the awesome people at Sucuri during one of their regular security audits. It allows regular users to gain Super Administrator privileges to a Joomla website with VirtueMart 2.6.8c and below installed on it. If a site with an older version of VirtueMart allows user registration (which is a default mode in VirtueMart) it can be hacked through this vulnerability.
Yesterday, a serious vulnerability in the PHP XML parser used by WordPress and Drupal was announced. After some great collaboration between the core developers of those applications, new versions that address the issue were released for both WordPress and Drupal. We, at SiteGround, are proactively addressing the issue too:
Critical vulnerability in the famous Kunena forum component for Joomla! were announced three days ago and a new version of the component that addresses the issue was released. According to the official Kunena blog post all extension that are not updated to the latest version are vulnerable and the attackers may use XSS and SQL injection to gain full access to a Joomla! site.
A serious vulnerability in one of the most popular WordPress plugins - WPtouch was announced yesterday. The exploit allows registered users to upload malicious PHP files to your website and use them to gain further access to it.
Another serious security issue was reported earlier today within one of the popular WordPress plugins for managing thumbnails - TimThumb. This plugin already has a history of causing security issues in the past with which we dealt with. The current vulnerability allows the attacker to gain unauthorised access to your hosting account and even execute shell commands on it. Needless to say, this is not something we can allow to happen.
Our security team has reacted immediatelly after the vulnerability was disclosed. We have applied a patch in our in-house system to protect all our customers from getting hacked through TimThumb. Currently, if you're hosted on SiteGround, you will be protected against hacking attempts that try to utilise this problem.
However, we strongly recommend that you switch plugins or update TimThumb as soon as new version is released.