Core Joomla! Vulnerability Patched in Version 3.4.5 Security Release


A few days ago, a critical vulnerability in the Joomla! core was found. It comes from an unsanitized input in the Joomla! core, which makes an SQL injection possible. The result of such an attack can lead to totally compromised websites - stolen login details, hijacking website access, malicious file uploads, etc. It’s a serious threat, without a doubt, and one that applies to all Joomla! 3.2 versions and above.
Read More

JetPack XSS Security Issue – What We Did to Protect You

On October 1st, a security issue in JetPack, one of the most commonly used WordPress plugins, was disclosed by our partners from Sucuri. The vulnerability was severe because an attacker could exploit the contact form feature of the plugin to insert and execute JavaScript code as an admin of your site. Needless to say, that could lead to all sort of problems - injecting black SEO links, adding backdoors for full access to your account, accessing private information, etc. In this recap post, we would like to summarise what we did to protect SiteGround users with this plugin installed.

Read More

Killing SSL SHA-1 Certificates And Making The Web A Safer Place


Recently PayPal has sent emails to many of its users informing them that SSL upgrades will be performed on their servers and SHA-1 certificates will be upgraded to SHA-256. Some people got confused what they should do when receiving these emails, as the mail that PayPal sent and the blog post they shared, giving more details to the users contain very technical information. Hence, we would like to explain to our customers how end users will be affected from the changes that PayPal makes and what they have to do. Read More

Venom Vulnerability and SiteGround Cloud and VPS Accounts


A serious security issue in one of the world's most popular machine emulator and virtualizer QEMU, used by the most popular virtualization systems - KVM, Xen and others has been discovered. The so-called Venom attack allows an user with root access to his/her virtual machine to gain root access to the entire host node under special circumstances. An official patch of for qemu-kvm has already been released and it fixes the vulnerability.
Read More

Protected Against a Vulnerability in WordPress SEO by Yoast Plugin


A security vulnerability in the famous WordPress SEO plugin by Yoast was just reported by the WP Scan Vulnerability Database website. Our security specialists have immediately reacted to protect all SiteGround customers and have crafted and added new security rules to our WAF (web application firewall). This means that we will actively filter any possible incoming hacking attempts that try to exploit the vulnerability.

Although Yoast SEO users are protected on our servers we still highly recommend to anyone using the plugin to update it to the latest version 1.7.4. This latest release is not vulnerable to the reported Blind SQL Injection.