Secrets from the Vault

While VaultPress is known for backups, restores, and security scanning, there’s a lot more to VaultPress than meets the eye. This post is going to cover a couple of features that VaultPress also offers so you can make the most of your subscription:

3 Different Types of Restores

Whether you need to restore your entire uploads or a single picture you accidentally deleted, VaultPress has your back with three different types of restores including full site restores, partial restores, and single table/file restores.

Alternate Restores

Not only can you perform different types of restores on your site, you can also run each of these to an alternate site. If you need to move hosts or want to set up a development site, VaultPress can help.

Backup Browser

If you’ve ever been curious about what files make up your site, check out our backup browser functionality. Not only is this helpful for restoring single tables or files but this also allows you to preview your content without having to use an FTP client.

Detailed Posts Table

If you hover over your posts table on your backups page, you can find at a glance more detailed information about what we’re backing up. This can be helpful if you’re wanting to run a restore and you’re not sure which backup includes the right amount of posts, pages, or drafts.

Screen Shot 2015-05-22 at 5.25.55 PM

Add SSH Credentials

While there’s the option to add FTP and SFTP credentials, we highly recommend adding SSH credentials as they are both the most secure and robust credentials you can add. By adding these credentials, the backup processes will be optimized, you will be able to restore your site, and we’ll be able to help you further if any issues come up!

Put your FTP, SFTP, or SSH Credentials to the test

Before you run a restore, there are certain best practices we recommend you follow. One of the lesser known tips involves testing your credentials before you run a restore! Instead of having to do this manual, you can run a test designed for VaultPress restores from within your Settings page of the VaultPress dashboard. To do this, just click into the credentials you want to test and then select “Test your credentials”:

 

test your credentials

Once you do this, we’ll run a variety of tests on your credentials and provide the results of each of these tests for you. If you’re curious here’s a summary document that covers each of the tests we run.

Add another person to your account

This can be super helpful if you have multiple people within your company or team that you want to have access to the site. This will give them full access to everything on your account except the billing information which is kept private! Here’s more information about how to add another person.

Download a backup

While we store all of your backups on our servers, you are free to download a backup at any time from our system. To do so, just head to your backups page > click “View Backup next to the backup you want to download > click “Download” at the top of the page. From there, we’ll begin preparing the backup for download. No matter the size of the site, we’ll email you when the backup file is ready with a link to where you can begin the full site download!

Reuse a registration key

If you end up wanting to backup a different site midway through a subscription, no worries – just reuse the key by following these instructions. This can be helpful if you are a developer with clients and you need to move around which client sites you might want backed up!

Posted in Features, General | Leave a comment

Genericons XSS Vulnerability & WordPress 4.2.2

A XSS vulnerability has been found in Genericons. To explain further, Genericons includes a file called example.html which has been found to be vulnerable to attack from the Document Object Model level. Any WordPress plugin or theme that includes this file is open to an attack. To help combat this, we have done the following for VaultPress users:

1) We’ve deleted the file everywhere we can to proactively secure your site.

2) We’ve added it to our security scanner so that if there are any cases where we couldn’t detect the file or couldn’t delete it, you will still be notified if the file exists on your site. 

3) For users with sites where we couldn’t remove the file, we have personally emailed each of you with steps to remove the file and details about where the file is located.

Also, another important security update was released today for WordPress in Version 4.2.2. Version 4.2.2 fixes several vulnerabilities that could allow users to compromise your site including the Genericons vulnerability.

We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Otherwise, you can download WordPress 4.2.2 directly. Once you’re running WordPress 4.2.2, you’re protected from these vulnerabilities.

As always, drop us a line if you have any questions!

Posted in Security | 5 Comments

White Label CMS Vulnerability

A vulnerability has been found in White Label CMS, up to version 1.5.2. The vulnerability makes it possible to inject malicious code into websites, by tricking a site administrator into clicking a specially crafted URL. A fix has been released with version 1.5.3.

We have attempted to push an update to all websites on VaultPress with this plugin, upgrading them to 1.5.3. However, we were unable to update some websites due to permission issues.

We will email all site owners who we were unable to upgrade, recommending that they update their site as soon as possible.

As always, drop us a line if you have any questions!

Posted in General | Leave a comment

Opt into Receipt Emails

Given many people have expressed that they don’t want to be bogged down by emails about receipts and would rather only see important emails pertaining to their site’s backups, we’ve disabled receiving receipt emails by default.

Note: All other email communication surrounding backups, restores, cancellations, and security threats will continue as normal. 


Here’s more information about each option:

1) Receive Receipt Emails by Opting In

If you’d like to continue receiving receipt emails, please visit https://dashboard.vaultpress.com/account/.

From there, just select Change Settings on the right hand side of the page:

receipt default update

Next, enter in the email where you want to receive receipts, check the box next to Email my receipts to me at and click Save:

save update

Once this has been done, the default settings will be overridden and you will begin to receive emails for receipts. Your Account page will also show this change in settings:

receipt emails

2) Don’t Receive Receipt Emails by Default

This will happen by default moving forward. Keep in mind that if you don’t opt in, you can still access your receipts from the Accounts page on the right hand side. Just click on the date for the specific receipt and you’ll be able to view it from there. If you leave it at the default, you will see this on the right hand side of your account page:

default view

As always, if you have any questions about this, drop us a line.

Posted in Announcements, Features, General | Leave a comment

WordPress Security Update

An important security update was released today for WordPress. Version 4.1.2 fixes several vulnerabilities that could allow users to compromise your site. WordPress versions 4.1.1 and earlier are vulnerable, and should be updated to the latest version of WordPress as soon as possible.

We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Once you’re running WordPress 4.1.2, you’re protected from these vulnerabilities.

We’re currently attempting to apply a security patch to all sites on VaultPress, regardless of the plan they’re on. Some sites will not be automatically upgraded due to permission issues, so it’s important to make sure you’re up-to-date!

We also recommend that you take this moment to ensure you’re running the latest and greatest version of VaultPress. You can do so by heading back to Dashboard → Updates in your WordPress dashboard. If an older version of VaultPress is listed on this page, you’ll have the opportunity to upgrade to the latest version with a single click. You can also find our plugin in the Plugin Directory.

By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.

Posted in General | Leave a comment