For the last few years, the trend of moving towards encrypted browsing through HTTPS has been one of the most important developments on the Internet. With the free SSL certificates by Let’s Encrypt and Google openly promoting HTTPS protocol over the more widespread, but unsecure HTTP one, more and more sites have started to use SSL certificates.
We, at SiteGround, are very excited to announce that two recent developments in this area - TLS 1.3 and OCSP Stapling, which will make HTTPS sites faster, are already available on all our servers. Read below to learn how people using SSL will benefit from these innovations.
We are receiving more and more inquiries from clients asking if SiteGround will be GDPR-compliant. With this blog post, we would like to explain what we have been doing and share our experience with becoming GDPR-compliant, both as a way to inform you what you can expect from us in the next month, before May 25, 2018, and as a way to help you prepare for the GDPR yourselves.
The use of our personal data by big companies is indisputably the hottest topic right now and we don’t think anyone doubts the importance of regulations to prevent abuse and enhance the security of that data. The European General Data Protection Regulation - GDPR, which will take effect on May 25, 2018 is aiming to do exactly that - regulate how personal data of individuals in EU territory gets collected and used. It defines what personal data is - being literally everything - name, email, username, address, phone number, financial data, age, behavioural data and more, and obliges everyone who collects and processes such data of EU individuals, no matter where that company or person is located around the world, to act in accordance with this regulation.
SiteGround started the process of becoming GDPR-compliant about an year ago and we wholeheartedly look forward to it being enforced. We believe the GDPR is good for users and good for the overall security of the Internet and we have always been acting in line with its main principles. Now our goal is to audit and make public these internal rules, and also make sure we apply the letter and the spirit of the GDPR to all our clients, no matter if you are an EU-resident or a resident of another country.
Starting from today, all SiteGround customers can get a free Let’s Encrypt Wildcard SSL. This will make the setup and maintenance of websites with subdomains much easier, as they can now be encrypted with a single certificate. All it takes is a few clicks in our updated Let’s Encrypt interface in the cPanel. Ever since we heard that Let’s Encrypt plan to launch free Wildcard SSL, we’ve been eagerly waiting for this and we are proud to be among the first hosting companies to successfully integrate the new SSL in their platform. We strongly believe that global adoption of SSL certificates makes the Internet a more secure place. Read More
Тoday, a serious vulnerability issue with one of the vastly used Yith plugins - the WooCommerce Wishlist was discovered by Sucuri. The latest plugin version - 2.2.0 patches the vulnerability but all versions prior to it are at risk. To protect our customers, who haven't updated their plugin, our security team started working immediately and a WAF rule was just applied on our servers.
Yesterday, our partners from Sucuri have discovered a serious SQL injection vulnerability in one of the most popular WordPress gallery plugins - NextGen Gallery. Our security team started working immediatelly on the issue and created a rule in our web application firewall (WAF) to block any potential attempts to exploit this vulnerability. However, we strongly recommend that all NextGen Gallery users update their plugin to version 2.1.79 which fixes the core of the issue in the plugin code.
Since we launched our integration with Cloudflare in 2012 we have seen thousands of our customers benefit from its CDN and the site security functionalities. Today we are happy to announce two improvements in the Cloudflare packages we provide. First, the SSL is now supported in the free plan of the service. Second, we have included a very cool security feature - the Cloudflare Web Application Firewall, in our Plus plan.
In the security world, the following advice seems to be gold: keep templates and plugins up to date; use secure passwords and captchas; be careful whom you give access and to what; use a security conscious web host.
While those are all great tips and we encourage them, your website is still (and always will be) hackable. We’ve seen and helped clients with numerous hacks over the years, so we wanted to share some advice that goes beyond following security best practices.
Yesterday a Linux kernel local root exploit was found and reported. One more time our dedicated Linux kernel team acted quickly and was able to apply the official vulnerability patch in less than 24 hours. All our shared and cloud servers are now protected and again we managed to do this with no reboots and downtime. Read below to find out more about the security problem and how we patched it.