Sucuri has recently announced the discovery of a XSS vulnerability that affects multiple plugins. At least 15 popular plugins are affected including Jetpack, WordPress SEO, Gravity Forms and more. At the time of the vulnerability disclosure the majority of the plugin authors have launched new versions of their plugins fixing the issues. The next day a security release (4.1.2) of the WordPress core itself was released. It is reported to fix several security issues too.
A security vulnerability in the famous WordPress SEO plugin by Yoast was just reported by the WP Scan Vulnerability Database website. Our security specialists have immediately reacted to protect all SiteGround customers and have crafted and added new security rules to our WAF (web application firewall). This means that we will actively filter any possible incoming hacking attempts that try to exploit the vulnerability.
Although Yoast SEO users are protected on our servers we still highly recommend to anyone using the plugin to update it to the latest version 1.7.4. This latest release is not vulnerable to the reported Blind SQL Injection.
Few months ago WordSesh organizers contacted us asking if we would host their online conference. Needless to say, we got quite excited to help this great WordPress event happen. The project was very interesting from a technical point of view too, as we needed to ensure that thousands of visitors will be able to follow the free live stream for 24 hours without any downtime or other technical issue.
During the past few weeks, we have undertaken a serious campaign to increase the number of the WordPress sites that use more recent PHP versions on our servers. As a result, now more than 90% of all our WordPress sites are on PHP 5.5 or higher. As scary as such a massive update may sound when you have more than 100,000 WordPress instances, it turned out to be a real success.
A few of our email servers went wild sending spam this weekend. After quickly fixing the spam issue, we started the longer process of identifying the cause for the spam. It turned out to be the CryptoPHP infection (check out the official whitepaper), activated through a few WordPress themes and plugins.
Yesterday Sucuri reported a new vulnerability in WP eCommerce - a popular WordPress plugin for online stores. The vulnerability allows attackers to obtain private information from websites. All versions of the WP eCommerce extension before 22.214.171.124 are vulnerable and attackers may export all user accounts, addresses and other information related to people, who used your site and the plugin to purchase any products from your site.
UPDATE: In 2019 SiteGround recommends our in-house developed free optimization plugin - SG Optimizer, which offers full optimization service for your website. Should you choose to use a specific plugin like WP Rocket that has an overlapping functionality with the SG Optimizer plugin, we recommend you disable that option in the SiteGround Optimizer interface.
Site speed has always been a priority for SiteGround. As you know we carefully choose our hardware, we do a lot of customizations on the server software and we have added Varnish and Memcached support within our SuperCacher plugin. All this is done to provide you the fastest possible environment. However, the speed of your site depends not only on the environment it’s hosted on but on the way it’s built and handled by browsers too. This is why we’re happy to announce our partnership with the creators of the WP Rocket plugin for WordPress which can further optimize the speed of your WordPress by improving the way it is opened by the browsers.
For the last few months there have been times that I wasn't present at the office, I could not attend some of the weekly SiteGround meetings and I have neglected a lot of the internal mail communication, that needed my attention. But it was all for a great reason -- I was lucky and honored to be part of the core organizing team of what turned out to be one of the most successful WordCamps. With 2 conference days, a packed Contributors Day and almost 800 people in attendance, I dare to say that WordCamp Europe was one of the best and most rewarding experiences I’ve ever been part of.