VaultPress + Akismet

Earlier this year, we announced new Akismet + VaultPress bundles available from Akismet.com.

Now you can sign up for a bundle from VaultPress.com too, to protect your site from security threats, unforeseen disasters, and spam. Head over to our plans page to take a look.

akismet_bundle_banner

If you’re already a VaultPress user, you can take advantage of the bundle savings too. Just visit the Subscriptions & Billing page in your VaultPress dashboard and click “Change Plan” to switch to an Akismet Bundle.

akismet_plan_switch akismet_key

When you switch to a bundle, you’ll be given a new Akismet key instantly.

If you have any questions, let us know at vaultpress.com/contact/. Happy bundling!

Posted in General | Leave a comment

Connect through Jetpack for a free 5-day VaultPress Trial

We’re excited to announce that there’s a new and easy way to connect your Jetpack-powered WordPress site to VaultPress. With a single click, you can register for a free 5-day VaultPress trial and begin backing up your site immediately!

During your trial, you’ll have access to everything that VaultPress Lite has to offer, including daily backups, our automated site restore system, and support from our team of WordPress experts.

Great! How do I get started?

To use our one-click setup and free trial offer, you first need to install Jetpack and connect it to WordPress.com.

Once Jetpack is connected, install the VaultPress plugin and head to the “VaultPress” page in your admin dashboard. From there, you can click the “Start free trial” button to connect to VaultPress.

VaultPress menu Instantly connect through Jetpack

When you click the trial button, you’ll receive a free VaultPress Lite account to try for 5 days. Your site will be automatically connected to VaultPress, and your first backup will begin.

First Backup

What happens when my trial ends?

If you’d like to continue using VaultPress when your trial ends, you can subscribe by visiting your VaultPress dashboard and entering your credit card information. Here, you can also choose a different plan level or annual billing.

Your VaultPress account will be automatically linked to your WordPress.com account when you register through Jetpack. In order to access the VaultPress dashboard, you’ll need to log in using your WordPress.com username and password.

Login via WPCC

If you decide that VaultPress is not for you, the service will be automatically canceled after the 5-day trial period ends. Please note that you don’t need to do anything.

We hope you’ll take VaultPress for a spin! If you have any questions, please send us a message at vaultpress.com/contact/.

Posted in General | Leave a comment

Fix for the MailPoet Plugin AKA wysija-newsletters

A vulnerability was found in the MailPoet Newsletters WordPress plugin ( known as wysija-newsletters at the WordPress.org plugin repository ). All versions below 2.6.7 of the plugin are vulnerable.

We’ve deployed a hot fix to VaultPress sites running the MailPoet plugin to protect you from this issue. This hot fix is included as part of the VaultPress 1.6.1 plugin.

When you are ready you should still update to the latest version of the MailPoet plugin. The hot fix that we pushed out addresses the vulnerability, so you have some time to review the update before upgrading.

Providing VaultPress with SSH, SFTP, or FTP connections allows us to push security updates like this to your sites as soon as we have hot fixes for them. You can provide the login credentials in the VaultPress.com account dashboard.

If you have any questions about this update please drop us a note.

Posted in General | Tagged | Leave a comment

Fix for TimThumb vulnerability

A serious vulnerability was recently discovered in the popular TimThumb script. TimThumb is a tool that is used to manipulate images, and is used by many themes and plugins. This vulnerability may allow users to execute certain malicious commands on affected servers.

If you subscribe to VaultPress Premium, we’ve already scanned your site for this vulnerability, and have sent email notifications to affected users. We’ve also launched a fixer that will allow you to patch vulnerable code with a single click. You can run this fixer from the Security page in your VaultPress dashboard.

All other VaultPress users should refer to their theme and plugin documentation, or contact their developer, to determine whether they are using TimThumb. You can also search your server for timthumb.php. If you’re running TimThumb, you should ensure that the vulnerable WebShot feature is disabled in timthumb.php.

You can manually disable the vulnerable WebShot feature in a few steps:

  • Locate the TimThumb script inside your themes and plugins. Generally the file will be named timthumb.php.
  • Open timthumb.php in your favorite text editor.
  • Search the file for WEBSHOT_ENABLED and ensure it is set to false.

As always, drop us a line if you have any questions!

Posted in Security | Leave a comment

Hotfix for All in One SEO Pack plugin

We’ve added a new hotfix to the 1.5.8 version of the VaultPress plugin to address the recent security vulnerability in the All in One SEO Pack plugin.

We’ve already pushed out the VaultPress plugin update to customers that have provided us with an SSH, SFTP, or FTP connection.

All VaultPress customers should update to the latest version of the VaultPress plugin if they are running a version less than 1.5.8.

Providing VaultPress with SSH, SFTP, or FTP connections will allow us to push these kinds of security updates to your sites as soon as we have hotfixes for them. You can provide the login credentials in the VaultPress dashboard.

As always, if you need help, give us a shout in support.

Posted in General, Security | Leave a comment