Yesterday, our partners from Sucuri have discovered a serious SQL injection vulnerability in one of the most popular WordPress gallery plugins - NextGen Gallery. Our security team started working immediatelly on the issue and created a rule in our web application firewall (WAF) to block any potential attempts to exploit this vulnerability. However, we strongly recommend that all NextGen Gallery users update their plugin to version 2.1.79 which fixes the core of the issue in the plugin code.
Our Top Support Rep in February is Nikolay Hadzhiyski. He is one of those people who constantly strive to push their limits and can’t stay content for long with current achievements. He finds inspiration in music and likes to recharge his batteries on the snowboard. If you happen to see a snowboarder listening to Elvis Presley, that could easily be him! Here is what he shared with us.
Since we launched our integration with Cloudflare in 2012 we have seen thousands of our customers benefit from its CDN and the site security functionalities. Today we are happy to announce two improvements in the Cloudflare packages we provide. First, the SSL is now supported in the free plan of the service. Second, we have included a very cool security feature - the Cloudflare Web Application Firewall, in our Plus plan.
We first launched our WordPress AutoUpdater in 2012. Some tweaks were made to the system a year later, when the original AutoUpdate feature was included in the WordPress core, but we continued to rely primarily on our own system for our customers. The SiteGround AutoUpdater has been used successfully for the last 5 years and has kept a lot of our customers up-to-date and safe from hacks. Thanks to it, more than 70% of the WordPress installations on our servers have been constantly using the latest software version. However, we have been thinking for a while how to get this percentage even closer to 100. The recent security issues with WordPress REST API motivated us to introduce a change into the system that increased the upgrade rate to more than 90%.
In the security world, the following advice seems to be gold: keep templates and plugins up to date; use secure passwords and captchas; be careful whom you give access and to what; use a security conscious web host.
While those are all great tips and we encourage them, your website is still (and always will be) hackable. We’ve seen and helped clients with numerous hacks over the years, so we wanted to share some advice that goes beyond following security best practices.
UPDATE: If you're using CloudFlare with your website, make sure you set the SSL Option in our CloudFlare tool in cPanel to Flexible, then configure WordPress to work through HTTPS and finally, switch the option in CloudFlare to Full Strict. This way, you will not have any downtime during the reconfiguration process. Check out our CloudFlare tutorial for additional information on that matter.
A month ago we made the first step to increase the adoption rate of SSL certificates amongst our customers by starting to issue automatically Let's Encrypt certificates for all domains hosted on our servers. However, there still remained a manual step to configure all applications to use the certificates we've made available. We knew that if we really wanted to see a rise in the HTTPS usage we not only needed to provide the SSLs, but also make it easy for our clients to implement them. Today we are happy to announce that we have achieved this second goal for a large group of our customers -- the WordPress users.
2016 was the most successful in the history of SiteGround. We kept growing in terms of clients and employees and we worked on many new projects that improved further the quality of our service. One of the key factors for our success is the relationship with our affiliate partners. During the past year we welcomed 63% more affiliates and witnessed a 60% increase in the number of the affiliate sales. We have distributed nearly $6 millions in commissions.
Тhe SiteGround Customer Care Rep who scored the highest customer satisfaction rating during the past month is Tervel Kutzev. At work he is organized and responsible, and when you get to know him personally, you will also spot the signs of a creative soul. Find out what his passion is in his interview!