SSL HeartBleed Vulnerability Patched

heartbleed1

As some of you already know, a major vulnerability in some versions of the OpenSSL software libraries was announced two days ago. It got the fancy name “HeartBleed” and in short, allows anyone on the Internet to read the server memory protected by the vulnerable versions of the OpenSSL software and hijack your SSL’s private key. The interesting information is that not all old versions of the software are affected and there are some older and some newer ones that have it.
Read More

We now have a Responsible Disclosure Policy!

nenatrapchivo
Ever since I started working for SiteGround I have been really impressed with the effort that goes into protecting the data security of the company and (ultimately) the user. There’s virtually no action taken and no line of code written that are not thought through from the security perspective first. With this level of commitment vulnerabilities in our systems are rare. However, when they appear there is no way to guarantee we’d be the first to spot them.

It is a blessing that we have a community of thousands of happy customers, including some computer security researchers among them. During the years we had several vulnerability cases reported by customers. However, so far there was no structured way to report a security issue to us. To make up for this we are now setting up a formal Responsible Disclosure Policy.

Read More

Joomla! eXtplorer vulnerability – fixed!

hacklogo

Yesterday, my day ended delivering a webinar on Joomla security, only to start today with a new critical vulnerability found in a popular Joomla! extension – eXtplorer File Manager. This vulnerability is a classic example of two of the most popular ways to exploit an application: vulnerable plugin and weak login details. Of course as soon as the issue got discovered we started working on protecting our Joomla customers on a server level. Below I will explain the vulnerability, what we did to fix it on our servers, and what you should do if you are not hosted by SiteGround.

Read More

WordPress Security Webinar with WebDevStudios – video and slides

WordPress Security Webinar

After a short summer break our educational webinar initiative continues with WordPress! Yesterday we hosted our first WordPress webinar about WordPress security with Brad Williams and Brian Messenlehner from WebDevStudios. We had a really good crowd of attendees and a great discussion at the end.

There are more webinars to come and we would love to hear from you about your preferred topics. Throw your suggestions in the comments below!

As the tradition goes, we’re sharing the video replay and the presentation slides!

Read More

Serious Joomla Vulnerability found but we’ve got you Covered!

security

It is mid-summer now but security issues take no vacation. Actually they find the most inappropriate time to appear and make our lives more interesting, to say the least. On Thursday, 25 July the Joomla! Project announced the availability of Joomla 3.1.4/2.5.13 and many users upgraded their websites because the new releases provide tons of useful new features and bug fixes. One will think: job well done, it is time to hit the beach! But… On Thursday, 01 August, the Joomla! Project surprisingly  announced the immediate availability of Joomla! 3.1.5/2.5.14. Apparently not much time to sip exotic summer cocktails was allowed. The reason for this extremely short period between the two versions was that a critical level security issue was discovered just after the previous release and it had the potential to affect all Joomla! CMS versions. Yes, that's correct  - we are talking about all the Joomla! sites out there. All versions are affected - 1.5, 1.6, 1.7, 2.5 and 3. Sounds scary, right? Not if you're hosted on SiteGround servers!

Read More

JCE/Image Manager vulnerability? NOT on SiteGround servers anymore!

You should always update!

Few days ago our security team has come across a JCE related vulnerability that has the potential to affect many Joomla 1.5.x based websites. The problem is that an old version of one of the JCE addons called ImageManager has turned out to be vulnerable to attacks. The number of the affected websites is big, because many templates  providers include the JCE editor together with ImageManager as part of their template bundle installations. So many Joomla users have these extensions without having installed them themselves.

Read More

Keeping The SiteGround Herd Safe

SiteGround Security Infographic

In 2012 we started the SiteGround How Cool Is That challenge to help our clients learn about the cool technologies that only we provide. Every week of the challenge we posted a new infographic explaining one of our unique features. In the final stage of the competition, our clients were invited to vote for the coolest technology by sharing their feedback in a comment. Our unique security technology gathered most of the votes and was chosen as the coolest Siteground feature among all others. Read the comments to see the feedback from the clients who voted for it or check a short infographic on how it works.

WordPress with W3 Total Cache plugin? Should you worry?

W3 Total Cache Christmas Vulnerability

On this year's Christmas day, many WordPress users were quite unpleasantly surprised by a vulnerability in the popular W3 Total Cache plugin. The issue was a serious one, allowing the attacker to get access to sensible information from the WordPress database including password hashtags, usernames and much more. This meant that an experienced hacker could get full access to your site, download your personal information from it, change its looks, include malicious code, add backdoors for future access and much more bad things, you wouldn't want to experience. Sounds scary? Not if you host with SiteGround!
Read More