Fix for TimThumb vulnerability

A serious vulnerability was recently discovered in the popular TimThumb script. TimThumb is a tool that is used to manipulate images, and is used by many themes and plugins. This vulnerability may allow users to execute certain malicious commands on affected servers.

If you subscribe to VaultPress Premium, we’ve already scanned your site for this vulnerability, and have sent email notifications to affected users. We’ve also launched a fixer that will allow you to patch vulnerable code with a single click. You can run this fixer from the Security page in your VaultPress dashboard.

All other VaultPress users should refer to their theme and plugin documentation, or contact their developer, to determine whether they are using TimThumb. You can also search your server for timthumb.php. If you’re running TimThumb, you should ensure that the vulnerable WebShot feature is disabled in timthumb.php.

You can manually disable the vulnerable WebShot feature in a few steps:

  • Locate the TimThumb script inside your themes and plugins. Generally the file will be named timthumb.php.
  • Open timthumb.php in your favorite text editor.
  • Search the file for WEBSHOT_ENABLED and ensure it is set to false.

As always, drop us a line if you have any questions!

Posted in Security | Leave a comment

Hotfix for All in One SEO Pack plugin

We’ve added a new hotfix to the 1.5.8 version of the VaultPress plugin to address the recent security vulnerability in the All in One SEO Pack plugin.

We’ve already pushed out the VaultPress plugin update to customers that have provided us with an SSH, SFTP, or FTP connection.

All VaultPress customers should update to the latest version of the VaultPress plugin if they are running a version less than 1.5.8.

Providing VaultPress with SSH, SFTP, or FTP connections will allow us to push these kinds of security updates to your sites as soon as we have hotfixes for them. You can provide the login credentials in the VaultPress dashboard.

As always, if you need help, give us a shout in support.

Posted in General, Security | Leave a comment

All in One SEO Pack vulnerabilities

The web security team at Sucuri recently discovered a couple of vulnerabilities in the popular All in One SEO Pack plugin.

If All in One SEO Pack is installed on your self-hosted WordPress site, your site’s security may be at risk, and you should upgrade to the latest version of the plugin immediately.

The vulnerabilities may allow users without administrative access to upgrade their user roles and gain administrative privileges on your site. Such users may also be able to execute malicious code on your site.

The authors of All in One SEO Pack have issued a security update that addresses these vulnerabilities. If you are running version 2.1.5 or earlier, you should assume that your site is vulnerable and immediately upgrade to the latest version of All in One SEO Pack. VaultPress Premium subscribers will also be alerted to update this plugin in their dashboard.

You can upgrade automatically from Dashboard Plugins in your WordPress dashboard. Alternatively, you can download the latest version of All in One SEO Pack from the WordPress Plugin Directory, and install the plugin manually.

 

 

Posted in Announcements, General, Security | Leave a comment

Need help? Chat with us!

Deep in the VaultPress laboratories, our backup scientists work around the clock to provide you with groovy new ways of managing your data. Recently, we launched the backup browser, an awesome tool that lets you preview and restore individual files in your backups!

New tools are great, but sometimes you need help from a human. You’ve always been able to contact us by email, but today we’re announcing that you can reach our team of WordPress experts by live chat!

livechat1

If you can see this friendly red tab, then we’re ready to help you! Give it a click!

So, whether you’re new to VaultPress and fancy a grand tour, or a seasoned user needing help with a site migration or restore, head on over to VaultPress.com and let’s have a chat!

livechat2

No sites were exploded in the making of this blog post.

Posted in General | 1 Comment

Preview and restore individual files with the backup browser

Meet the backup browser.

We’ve put together a brand new way to restore your files within a backup. The new backup browser features individual file restores and file previews along with some behind-the-scenes magic to make everything generally faster. Now, you can preview a file to make sure it’s the one you need before you restore it.

Backup Browser

Browse your files

Even if you don’t need to restore anything, the backup browser is a pretty cool way to dig through some of your WordPress files and check them out. It has text file, image, and video previews, so it’s super easy for you to find and restore that awesome .gif your editor deleted.

Restore one file at a time

Now, when you click “View Backup,” you can either restore or download files instead of having to download or restore the entire backup. Pretty handy, right?

Preview your text files in style

We’ve hooked up @leaverou’s awesome Prism, which adds syntax highlighting to your PHP, JavaScript, CSS, and other files you have stowed away in your backups.

Syntax-highlighted php

Admire your .gif collection

The new backup browser allows you to preview any of your images before you restore them. That way, you know for sure you’re restoring the file you need. (Even .gifs! :) )

Approved

Watch your videos

Did you accidentally delete that video of your kid’s coolest invention to date? Well, now you can watch and restore the little genius’ video for the rest of your family to enjoy.

Video preview

If you have any questions please drop us a line. We’re happy to answer them.

Posted in Announcements, Features | Tagged , , | 4 Comments