Exploring 3 Types of Restores

VaultPress’ restore system is incredibly versatile allowing you to restore your whole site or just one image with a couple clicks of a button. Because of this though, we wanted to provide some clarity as to when you should run each kind of restore. This post is going to go over the three different levels of restorations VaultPress can perform and offer some recommendations for when to run each.

Full Site Restore

This is the most thorough restore we offer. If your site has a variety of things wrong with it and you’re unable to pinpoint what the problem is, your best bet is to restore your site in full. Please note that VaultPress can only restore a site if it is publicly accessible so if you’re site is completely down it’s best to start from a fresh WordPress installation first before restoring.

Example: Your site is hacked causing a variety of different files now to have malware and half your posts have been deleted. This is a great use case for a full site restoration followed by changing passwords and checking over the Codex’s security guidelines.

Partial Site Restore

This is a great middle ground option that will be much faster than a full site restore but not as specific as restoring just a single image, for example. Don’t be afraid to try this option first to see if it will fix something with your site before running a full site restore. Note that you can restore both single sections or a combination of them. All in all, you can choose from restoring the database, uploads, plugins, contents, and themes.

Example: You added a new plugin to your site but it conflicts with another plugin you already have installed and need for your site to function properly. In this case, you can restore just the plugins on your site using a backup that doesn’t include the new plugin you tried to add. Here’s a GIF to show how you might do this:

restore plugins

Single File or Table Restore

This is the fastest and simplest restore you can run. If you know exactly what went you want to restore and don’t want to roll back your entire site to a previous backup, this option is for you.

Example: You were editing a theme’s files when you accidentally deleted the CSS file causing the theme to break. Rather than restore your whole site or even the entire theme folder, use the backup browser functionality to restore the specific CSS file you deleted.

 

Need help deciding which kind of restore to run? Just contact us  – we’re happy to help. 

Posted in Features, General, Help | 1 Comment

Migrate your site with VaultPress

For a couple years, VaultPress users have been able to restore their backups to a new site. This can come in handy if you want to experiment with making changes to your site, before making these changes visible on your main site. But did you know that you can use the same feature to move your site to a different hosting provider, while keeping the same domain name?

Perhaps you’ve outgrown your shared hosting plan, and are looking to move to a fancy new VPS. Or maybe you’re unhappy with your current provider, and are looking to explore other options.

Whatever the reason, VaultPress can simplify the process of migrating your site to a new host. And by following a few steps, you can even ensure that your site remains available to your visitors while it’s being transferred to a new host.

Migrating your site is no small feat — it involves a lot of moving parts — but we’re committed to make it simpler!

Here’s how you do it:

  1. Sign up for a new hosting plan, providing your new host with the domain name where you want visitors to find your site. In most cases, this will be your existing domain name.
  2. Take note of the FTP or SSH credentials provided by your new hosting provider. These will let us transfer your site to the new server.
  3. Also take note of the temporary address (URL) from which you can access your new server. Your new hosting provider should provide this information in their documentation.
  4. Restore your latest backup to a new site, using the FTP/SSH credentials and the temporary address from above. These should be used to set up your “Alternate Site”.
  5. You’ll receive an email once your restore has finished. After it’s finished, update your DNS records to point your domain name to your new hosting provider. (The process is different for every provider, so you should refer to the documentation provided by your domain registrar and your new host.)
  6. At this point, you can update the database on your new site to ensure that links point to your permanent domain name, and not the temporary address. You can run the following SQL queries on your database, or reach out to us. We can help with this step! (Note: Please replace TemporaryDomain and PermanentDomain with your temporary and permanent domain names, respectively.)
    UPDATE wp_options SET option_value = 'http://PermanentDomain' WHERE option_name = 'siteurl' LIMIT 1;
    UPDATE wp_options SET option_value = 'http://PermanentDomain' WHERE option_name = 'home' LIMIT 1;
    UPDATE wp_posts SET post_content = REPLACE(post_content, 'http://TemporaryDomain', 'http://PermanentDomain');
    UPDATE wp_comments SET comment_content = REPLACE(comment_content, 'http://TemporaryDomain', 'http://PermanentDomain'), comment_author_url = REPLACE(comment_author_url, 'http://TemporaryDomain', 'http://PermanentDomain');
    UPDATE wp_posts SET guid = REPLACE( guid, 'TemporaryDomain', 'PermanentDomain');
  7. Your visitors may be directed to your old host while DNS changes propagate across the internet. These changes can take up to 72 hours, so you should wait a few days before you cancel your subscription with your old hosting provider.
  8. Take a deep breath! You’ve just migrated your site. :)

Need assistance?

As always, don’t hesitate to contact us if you have any questions along the way. We’re happy to help you through the process of migrating your site — we know it can be challenging!

Posted in General | Leave a comment

SoakSoak Malware affects 100,000+ WordPress sites

Sucuri recently reported that hundreds of thousands of WordPress sites have been infected with a new strain of malware, which injects malicious JavaScript into every page of affected sites.

According to their analysis, the “SoakSoak” malware uses a known vulnerability in old versions of the Slider Revolution plugin to infect sites.

In September, we reported the Slider Revolution vulnerability and released a hotfix, which prevents attackers from taking advantage of the vulnerability on all sites running VaultPress 1.6.5 or later.

Today, we’ve released an update for our security scanner to detect any cases of the SoakSoak malware.

We are scanning all VaultPress-protected sites for this malware, regardless of plan level. We will contact site owners who are affected and will work directly with them to repair their sites.

Fixing a compromised site

We will contact you, if we determine that your site has been compromised. The easiest way to fix this vulnerability is for you to re-install your core WordPress files. You can do so in just a few steps:

1. Visit your WordPress dashboard.
2. Navigate to Dashboard → Updates
3. Click the Re-Install Now button and follow the prompts on screen.

To be extra safe, you should also ensure that you’re running the latest versions of the VaultPress and Slider Revolution plugins.

As always, if you have any questions or need further help, feel free to contact us!

 

Posted in General, Security | Leave a comment

Serious Vulnerability in bash

A serious vulnerability has been found in bash, one of the core tools found on almost every Unix, Linux, and Mac OS X system. The vulnerability affects most versions up to and including 4.3, except certain patched versions like 3.2.52(1).

You should assume that your server has an exploitable version of bash, unless you are certain that it has been patched.

This vulnerability can allow remote attackers to run arbitrary shell commands on your server, and potentially allow them full access to your data or control over your server.

We strongly recommend that you check which version of bash your sites’ host is running, and upgrade if necessary. In many cases, you will need to contact your hosting provider, and ask them to verify and update bash for you.

How do I know if my server is at risk?

One way to check whether you are running a vulnerable version of bash is to run the following commands on your server’s command line:

env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
env X="() { :;} ; echo busted" `which bash` -c "echo completed"

If either command outputs the word “busted”, then you are likely running a vulnerable version of bash, and should contact your hosting provider as soon as possible.

If you’re using VaultPress Premium or the Security Plan, we’re scanning your server for vulnerable versions of bash. If we detect a vulnerability, we will attempt to notify you via email. You will then need to upgrade to a fixed version of bash.

How can I upgrade my version of bash?

Many of our users will need to contact your hosting providers in order to upgrade bash. If you have access to your server’s command line, you can upgrade to the latest available version by running the following commands:

For servers running Ubuntu or Debian:

apt-get update && apt-get install --only-upgrade bash

For servers running CentOS:

yum upgrade bash

If your server is not listed, or you’re not comfortable using the command line, please contact your hosting provider for assistance.

If you are able to upgrade bash, please try running the test commands again to help verify that your bash installation is no longer subject to this vulnerability.

Need help?

Due to the nature of this vulnerability, you should contact your hosting provider if you need any assistance in upgrading to a fixed version of bash.

As always, feel free to drop us a line if we can help!

Posted in General, Security | Leave a comment

Vulnerability In The Slider Revolution Plugin

Sucuri has discovered a very serious vulnerability in the ‘Slider Revolution’ plugin. All versions below 4.2 are exploitable.

As the Sucuri blog post points out, this is serious. This vulnerability can allow an attacker to read any file on the system that the PHP process can access. One obvious target is the wp-config.php file, which contains the username and password for your WordPress database, making it a common target.

Version 1.6.5 of the VaultPress plugin has a new hot fix that protects against attempts to exploit the vulnerability. If you have provided SSH, SFTP, or FTP access to us, then we’ve already pushed out the updated plugin to your site.

If you have not provided us SSH, SFTP, or FTP access, please download VaultPress version 1.6.5 and install it.

To allow us to update your plugin remotely with security hot fixes, add or update remote access credentials in your VaultPress.com account dashboard.

While the ‘Slider Revolution’ is a plugin, there are also themes that ship with it as well. Be sure that any installations of the plugin or themes that use it are using the most recent version (4.6 right now ).

If you have any questions about this update please let us know.

Posted in General | Tagged | Leave a comment