VaultPress v.1.3.4 includes hotfix for WordPress vulnerabilities

Posted on Jun2012

Today, we released an update to the VaultPress plugin (1.3.4) to protect against recently identified security vulnerabilities in WordPress. You can read more about those vulnerabilities and the release of WordPress 3.4.1 here.

To be proactive, we pushed version 1.3.4 of the VaultPress plugin to all sites for which we have credentials. Those sites are now protected against the vulnerabilities and we sent customers a note just to let them know we’ve taken action and that their site is safe.

We’ve notified all site owners if we were not able to update their plugin to close the vulnerabilities. If you received a notice, please download version 1.3.4 of the plugin and install it to protect your site. Better yet, enter your site’s FTP credentials in the VaultPress dashboard. In your dashboard, click Configure FTP, MySQL, & SSH to enter the FTP credentials. When you’ve got that done, send us a note and we’ll update your plugin for you. Providing your FTP credentials will allow us to push VaultPress plugin updates to your site automatically, which will keep your site protected against known vulnerabilities.

Remember, to keep your site secure, keep WordPress, your plugins, and themes up-to-date. All users accessing your WordPress admin area should use strong passwords and make sure you delete plugins and themes that you’re no longer using.

Learn more about how VaultPress can protect your content, theme, plugin, and site settings and customizations. Contact us with questions, or sign up to protect your site.

Posted in General, Security | 6 Comments

VaultPress Customer Stories: Magnolia Guitar

Posted on Jun2012

Already in 2012, Daniel Magnolia has given away 50 guitars to 50 at-risk kids through his SIX for SIX program.

For Daniel Magnolia, music is a way of life. Daniel is a full-time guitar teacher whose love of listening to and playing music began when he was a child.

“It may be cliche to say that I’ve always enjoyed music, but it’s true. As a kid, we moved around a lot, and I found it hard to make new friends. We didn’t have a lot of money growing up, but listening to the radio was free! Music was something that I could consider my own,” says Daniel.

Daniel started learning to play guitar as a kid in elementary school. Now, with the help of his wife, who is a fifth grade elementary teacher, he’s taking his love of music back to class. Daniel’s Sound and Science of Guitar class started when his wife mentioned that her students might enjoy a hands-on demonstration during the unit she’d been teaching on sound.

“Many musicians would probably just go into the class and wing it. But as a teacher myself, I went in prepared,” says Daniel. “I designed The Sound and Science of Guitars so it covers the history of where guitars came from, how they’re made, who makes them, how they make sound, and some of the math involved in how they’re made. I begin the 45 minute lesson by singing a song and end the lesson with a hands-on student demonstration on a variety of fretted instruments that include the banjo, mandolin, and of course, the guitar. It never ceases to amaze me, the incredibly smart questions and active participation I get from the kids. Teaching children (and adults for that matter) and seeing their enthusiasm for music (and history, science, math, and art) is the most rewarding part. I’d like to take the program into as many schools as I can.”

Encouraging kids to play guitar is important to Daniel. As part of Magnolia Guitar, he created a community program called SIX for SIX. When a paying student signs up and pays for six guitar lessons from Daniel, Daniel donates a new six-string guitar to an underprivileged kid through the Guitars not Guns (GNG) program. Even though the program just started at the beginning of 2012, 50 kids have received 50 guitars through GNG thanks to SIX for SIX.

“It’s important to note, that it doesn’t cost my students anything extra to participate in SIX for SIX,” says Daniel. “Giving should be easy, not hard. But my students still get to feel good that they’re giving lessons at the same time they’re taking lessons. GNG purchases and distributes the guitars for their after school program. GNG is a national 501(c)(3) all-volunteer organization that provides free guitars and guitar lessons to at-risk and disadvantaged kids throughout the US and Canada. The majority of the time I set aside for volunteering is spent with the GNG class I oversee in Springfield, Virginia. By supporting their efforts, together we can be assured that kids are getting the guitars and the guidance they need. It’s also important to note that these guitars are NOT gifts. The kids must earn them through regular attendance and by passing a basic skills test. When they do that, they can keep their guitar forever (and keep coming to lessons). This is one of the reasons I gravitated towards GNG in the first place, because the program is as much about mentorship as it is about music. We provide a safe environment for kids to go after school and they can feel a real sense of achievement when they earn that guitar to keep. What a great feeling for everyone!

Magnoliaguitar.com is Daniel’s online business card. Even before he created his business’ site, he had a personal WordPress site dedicated to reviewing albums, documentaries, and concert films.

“I had some really good posts starting to accumulate. And then, of course… my site was hacked,” says Daniel. “When something like this happens, you always have that moment where you think to yourself (or perhaps scream out loud): ‘I was JUST going to backup/install antivirus/etc.’ But that’s a lie. It often takes a catastrophe or reading enough stories like this to make you act. Apparently, the easiest way to fix my website was to ditch the whole thing and start fresh. And working with the host provider to restore a backup proved incredibly difficult and even then, I would have lost some of the most recent work I had just done. When I launched the website for my current business, I was certain that I needed some sort of safety net. But it had to be easy. It had to be ‘set it and forget it.’ I had to know that it was doing its job in the background. And VaultPress, which was being introduced by the same people who created WordPress, seemed like a perfect integrated fit. In fact, VaultPress often pushes new updates to your site before you even have a chance to do it yourself,” says Daniel. “Your website is the new business card. Don’t lose business because you lost it and couldn’t get it back. If you are a small business or individual with limited IT resources, then you need all the help you can get. Help like VaultPress.”

We’re proud that Daniel chose VaultPress to protect his labor of love and his living, magnoliaguitar.com. You can learn more about how VaultPress can protect your content, theme, plugin, and site settings and customizations. Contact us with questions, or you could make our day, and sign up to protect your site.

Posted in Community | Comments Off on VaultPress Customer Stories: Magnolia Guitar

VaultPress Customer Stories: WP101.com

Posted on May2012

Shawn Hesketh

Shawn Hesketh is the dynamo behind WP101.com, a compendium of quality video tutorials geared to helping members learn to build sites with WordPress. Building sites since 1994, Shawn started using WordPress exclusively with version 2.5 back in 2008. WP101.com came out of a need he had to educate clients on how to work with their WordPress site after hand-off.

“To be honest, my initial purpose for creating WP101.com was purely selfish,” says Shawn. “After designing WordPress-powered sites for dozens of my own clients, I’d find myself in their offices, providing hours of personalized one-on-one training, teaching them how to create, edit, and manage their content. After doing this dozens of times, I decided to create a set of online video tutorials that I could point my clients to, enabling them to learn at their own pace, return to the site at any time to review topics, and make the cost of this training more affordable. During the process of developing the site, it occurred to me that if I had this need, surely other WordPress developers were facing the same need. I decided to open the site to a wider audience on a membership basis, and it was launched in December of 2008.”

Shawn creates all WP101.com’s videos. He says that meticulous scripts help him to keep his videos up to date, which is challenging, considering the rapid release cycle of WordPress.

“I typically create the script while conducting a ‘dry run’ of the topic on a local installation of WordPress. This allows me to set up the demo environment ahead of time and become familiar with the steps needed to fully explain the topic,” says Shawn. “Since I launched WP101.com in 2008, there have been seven major upgrades to WordPress, and I’ve committed myself to keeping these tutorials up to date. That simply wouldn’t be possible if I didn’t work from a set of scripts. Having a script for each video makes it easier to find and update those sections that have changed with the newest release. I record the narration in GarageBand, using the excellent Yeti mic by Blue Microphones to record the voiceover. When I’ve finished recording, I export it as an uncompressed AIF file. Next, I use the Window Resizer plugin for Chrome to perfectly size my web browser window to 1280 x 720 pixels (HD dimensions), and then record the web browser screen actions in Screenflow while listening to the audio in the background. After a little editing, I’m ready to export the final video and convert it into a web-standard MP4 file using HandBrake.”

In addition to videos, WP101.com features a WordPress Q&A Board, where you can go to ask a question about WordPress or offer an answer.

Shawn is active in the WordPress community, in fact you may have even met him at WordCamp Dallas, Austin, or Houston. We’re delighted that he trusts his content to VaultPress.

“More than once, VaultPress has completely saved my bacon after what would have otherwise been a devastating mistake,” says Shawn. “The ability to simply roll back changes is priceless, and the live updates give me peace of mind, knowing that my site is continuously being monitored and backed up with every new activity. I’ll never forget the first time I received an automated notification from VaultPress, letting me know that a security vulnerability within a popular script had been found on my site and automatically repaired, resulting in absolutely no action on my part… aside from a deep sigh of relief.”

Learn more about how VaultPress can protect your content, theme, plugin, and site settings and customizations. Contact us with questions, or you could thrill us, and sign up to protect your site.

Posted in Community, WordPress | Comments Off on VaultPress Customer Stories: WP101.com

VaultPress protects against the PHP CGI Flaw

Posted on May2012

Recently, a security vulnerability called the CGI Flaw was identified in PHP. We scanned all of our customers’ sites and discovered the vulnerability in a handful of them. We closed this vulnerability yesterday, by pushing an update to the .htaccess file on all sites that contained this security issue. We’ve notified all customers who were affected via email.

PHP versions 5.4.3, and 5.3.13, released today, include a fix for the CGI Flaw. We recommend that you contact your web hosting provider to make sure they’re updating PHP on their servers.

If you have any questions or see any issues with your site please let us know.

Posted in Announcements, Security | Comments Off on VaultPress protects against the PHP CGI Flaw

VaultPress v. 1.3.2 includes hotfix for WooThemes vulnerability

Posted on May2012

Today, we released an update to the VaultPress plugin (1.3.2) to protect against a recently identified security vulnerability in the WooThemes framework.

We’ve already pushed version 1.3.2 of the VaultPress plugin to all sites with a WooThemes file for which we have credentials. Those sites are now protected against the vulnerability.

If you have the WooThemes framework installed and you’re not running version 1.3.2 of the VaultPress plugin, we were not able to update your plugin to close the vulnerability. Please download version 1.3.2 of the plugin and install it to protect your site. Better yet, enter your site’s FTP credentials in the VaultPress dashboard. In your dashboard, click Configure FTP, MySQL, & SSH to enter the FTP credentials. When you’ve got that done, send us a note and we’ll update your plugin for you. Providing your FTP credentials will allow us to push VaultPress plugin updates to your site automatically, which will keep your site protected against known vulnerabilities.

We recommend that you update your WooThemes framework. From the WooThemes blog:

“We recommend all users update their themes to the latest version, it’s really easy. Click the “Update Framework” button in our theme framework in the WP backend to grab and install the latest version.”

Remember, to keep your site secure, keep WordPress, your plugins, and themes up-to-date. All users accessing your WordPress admin area should use strong passwords and make sure you delete plugins and themes that you’re no longer using.

Learn more about how VaultPress can protect your content, theme, plugin, and site settings and customizations. Contact us with questions, or sign up to protect your site.

Posted in Announcements, Features, Security | Comments Off on VaultPress v. 1.3.2 includes hotfix for WooThemes vulnerability