Тoday, a serious vulnerability issue with one of the vastly used Yith plugins - the WooCommerce Wishlist was discovered by Sucuri. The latest plugin version - 2.2.0 patches the vulnerability but all versions prior to it are at risk. To protect our customers, who haven't updated their plugin, our security team started working immediately and a WAF rule was just applied on our servers.
Yesterday, our partners from Sucuri have discovered a serious SQL injection vulnerability in one of the most popular WordPress gallery plugins - NextGen Gallery. Our security team started working immediatelly on the issue and created a rule in our web application firewall (WAF) to block any potential attempts to exploit this vulnerability. However, we strongly recommend that all NextGen Gallery users update their plugin to version 2.1.79 which fixes the core of the issue in the plugin code.
Since we launched our integration with Cloudflare in 2012 we have seen thousands of our customers benefit from its CDN and the site security functionalities. Today we are happy to announce two improvements in the Cloudflare packages we provide. First, the SSL is now supported in the free plan of the service. Second, we have included a very cool security feature - the Cloudflare Web Application Firewall, in our Plus plan.
In the security world, the following advice seems to be gold: keep templates and plugins up to date; use secure passwords and captchas; be careful whom you give access and to what; use a security conscious web host.
While those are all great tips and we encourage them, your website is still (and always will be) hackable. We’ve seen and helped clients with numerous hacks over the years, so we wanted to share some advice that goes beyond following security best practices.
Yesterday a Linux kernel local root exploit was found and reported. One more time our dedicated Linux kernel team acted quickly and was able to apply the official vulnerability patch in less than 24 hours. All our shared and cloud servers are now protected and again we managed to do this with no reboots and downtime. Read below to find out more about the security problem and how we patched it.
Last week a very serious vulnerability in the Linux kernel, the so called Dirty COW, was reported. Our dedicated Linux kernel team immediately addressed the issues and were able to patch it in less than 24 hours on the majority of our servers. What is more, we managed to do this without server reboot and we avoided the downtime that normally results from such kernel update activities. To learn more about the vulnerability and how we addressed it read below.
End of Life (EOL) in the CMS world refers to the point in time when an older version stops being supported by the company or community that has built it, and all efforts are focused on current and future versions. No support means performance, and more importantly, security issues, which nobody wants.
A dangerous easy-to-exploit vulnerability called httpoxy discovered 15 years ago, reappeared again yesterday, leaving server-side website software potentially open to attackers. This security hole impacts a large number of PHP and CGI web-apps. This means that anything that runs on PHP, Apache, Go, HHVM, Python can be vulnerable. The exploit allows man-in-the-middle attacks that could compromise web servers and potentially access sensitive data or seize control of the code. Thanks to our unique in-house developed systems and some precautions taken ahead of time by our DevOps team, SiteGround customers are unaffected by the return of the vulnerability.