How is SiteGround Getting Ready for the GDPR?

We are receiving more and more inquiries from clients asking if SiteGround will be GDPR-compliant. With this blog post, we would like to explain what we have been doing and share our experience with becoming GDPR-compliant, both as a way to inform you what you can expect from us in the next month, before May 25, 2018, and as a way to help you prepare for the GDPR yourselves.

The use of our personal data by big companies is indisputably the hottest topic right now and we don’t think anyone doubts the importance of regulations to prevent abuse and enhance the security of that data. The European General Data Protection Regulation - GDPR, which will take effect on May 25, 2018 is aiming to do exactly that - regulate how personal data of individuals in EU territory gets collected and used. It defines what personal data is - being literally everything - name, email, username, address, phone number, financial data, age, behavioural data and more, and obliges everyone who collects and processes such data of EU individuals, no matter where that company or person is located around the world, to act in accordance with this regulation.

SiteGround started the process of becoming GDPR-compliant about an year ago and we wholeheartedly look forward to it being enforced. We believe the GDPR is good for users and good for the overall security of the Internet and we have always been acting in line with its main principles. Now our goal is to audit and make public these internal rules, and also make sure we apply the letter and the spirit of the GDPR to all our clients, no matter if you are an EU-resident or a resident of another country.

Read More

Free Let’s Encrypt Wildcard SSL

Free Let's Encrypt Wildcard SSL

Starting from today, all SiteGround customers can get a free Let’s Encrypt Wildcard SSL. This will make the setup and maintenance of websites with subdomains much easier, as they can now be encrypted with a single certificate. All it takes is a few clicks in our updated Let’s Encrypt interface in the cPanel. Ever since we heard that Let’s Encrypt plan to launch free Wildcard SSL, we’ve been eagerly waiting for this and we are proud to be among the first hosting companies to successfully integrate the new SSL in their platform. We strongly believe that global adoption of SSL certificates makes the Internet a more secure place.
Read More

YITH WooCommerce Wishlist Protection Added


Тoday, a serious vulnerability issue with one of the vastly used Yith plugins - the WooCommerce Wishlist was discovered by Sucuri. The latest plugin version - 2.2.0 patches the vulnerability but all versions prior to it are at risk. To protect our customers, who haven't updated their plugin, our security team started working immediately and a WAF rule was just applied on our servers.

Read More

NextGEN Vulnerability Patched on SiteGround Hosting

Yesterday, our partners from Sucuri have discovered a serious SQL injection vulnerability in one of the most popular WordPress gallery plugins - NextGen Gallery. Our security team started working immediatelly on the issue and created a rule in our web application firewall (WAF) to block any potential attempts to exploit this vulnerability. However, we strongly recommend that all NextGen Gallery users update their plugin to version 2.1.79 which fixes the core of the issue in the plugin code.

Cloudflare HTTPS and WAF Update

Since we launched our integration with Cloudflare in 2012 we have seen thousands of our customers benefit from its CDN and the site security functionalities. Today we are happy to announce two improvements in the Cloudflare packages we provide. First, the SSL is now supported in the free plan of the service. Second, we have included a very cool security feature - the Cloudflare Web Application Firewall, in our Plus plan.

Read More

Are You Ready to Get Hacked?

Are You Ready to Get Hacked?
In the security world, the following advice seems to be gold: keep templates and plugins up to date; use secure passwords and captchas; be careful whom you give access and to what; use a security conscious web host.

While those are all great tips and we encourage them, your website is still (and always will be) hackable. We’ve seen and helped clients with numerous hacks over the years, so we wanted to share some advice that goes beyond following security best practices.

Read More

Linux kernel local root exploit (CVE-2016-8655) fixed

Yesterday a Linux kernel local root exploit was found and reported. One more time our dedicated Linux kernel team acted quickly and was able to apply the official vulnerability patch in less than 24 hours. All our shared and cloud servers are now protected and again we managed to do this with no reboots and downtime. Read below to find out more about the security problem and how we patched it.

Read More

Dirty COW Linux Kernel Vulnerability Fixed

dirty-cow-blogpost
Last week a very serious vulnerability in the Linux kernel, the so called Dirty COW, was reported. Our dedicated Linux kernel team immediately addressed the issues and were able to patch it in less than 24 hours on the majority of our servers. What is more, we managed to do this without server reboot and we avoided the downtime that normally results from such kernel update activities. To learn more about the vulnerability and how we addressed it read below.
Read More