JetPack XSS Security Issue – What We Did to Protect You

jetpack
On October 1st, a security issue in JetPack, one of the most commonly used WordPress plugins, was disclosed by our partners from Sucuri. The vulnerability was severe because an attacker could exploit the contact form feature of the plugin to insert and execute JavaScript code as an admin of your site. Needless to say, that could lead to all sort of problems - injecting black SEO links, adding backdoors for full access to your account, accessing private information, etc. In this recap post, we would like to summarise what we did to protect SiteGround users with this plugin installed.

Read More

The SuperCacher Plugin for WordPress (SG CachePress) Just Got an Update

wp-super-cacher-up

Those of you who are using our caching system, the SuperCacher, to boost the speed of their WordPress sites have probably already noticed that we've released an update for the plugin. Although we regularly maintain the extension and keep it up-to-date, this update adds some features with new and useful functionality. They can help you manage better your site.
Read More

WordPress 4.2.3 Security Update Applied

cover-photo The latest WordPress update is live since yesterday. For those of you who have opted in to our AutoUpdater or have enabled the WordPress internal system for automatic updates it should be now ready to use! Check out the official release notes for detailed information about the update and read on to see what we've done to further protect our customers. Read More

WordPress Core and Plugin Update Needed (Updated)

wp-vulnerabilityfixed
Sucuri has recently announced the discovery of a XSS vulnerability that affects multiple plugins. At least 15 popular plugins are affected including Jetpack, WordPress SEO, Gravity Forms and more. At the time of the vulnerability disclosure the majority of the plugin authors have launched new versions of their plugins fixing the issues. The next day a security release (4.1.2) of the WordPress core itself was released.  It is reported to fix several security issues too.
Read More

Protected Against a Vulnerability in WordPress SEO by Yoast Plugin

idealno

A security vulnerability in the famous WordPress SEO plugin by Yoast was just reported by the WP Scan Vulnerability Database website. Our security specialists have immediately reacted to protect all SiteGround customers and have crafted and added new security rules to our WAF (web application firewall). This means that we will actively filter any possible incoming hacking attempts that try to exploit the vulnerability.

Although Yoast SEO users are protected on our servers we still highly recommend to anyone using the plugin to update it to the latest version 1.7.4. This latest release is not vulnerable to the reported Blind SQL Injection.

Hosting WordSesh 2014 – Challenge Accepted!

wordsesh

Few months ago WordSesh organizers contacted us asking if we would host their online conference. Needless to say, we got quite excited to help this great WordPress event happen. The project was very interesting from a technical point of view too, as we needed to ensure that thousands of visitors will be able to follow the free live stream for 24 hours without any downtime or other technical issue.
Read More

Our WordPress sites now on PHP 5.5 and above!

wp-to-php55
During the past few weeks, we have undertaken a serious campaign to increase the number of the WordPress sites that use more recent PHP versions on our servers. As a result, now more than 90% of all our WordPress sites are on PHP 5.5 or higher. As scary as such a massive update may sound when you have more than 100,000 WordPress instances, it turned out to be a real success.

Read More