Happy holidays from all of us

Posted on Dec2010

Our 2010 Holiday Card

It’s been a great year so far for VaultPress — from Matt’s launch announcement in March, through opening the beta over the summer, and to now, where we’re supporting an amazing roster of WordPress sites all over the world. Thanks to each one of you in the community who’s taken the time in 2010 to give us your feedback, kick the tires, and generally help us create the kind of service we always wanted for ourselves to safeguard our WordPress sites.

In 2011, we’ll continue to improve VaultPress, and we’ll be taking our show out on the road to meet up with the WordPress community. If you’re a WordPress consultant, theme professional, web host, or you run a business on top of WordPress, we’d love to talk to you about how we can make VaultPress even better for you. Several of us – including me – will be at WordCamp Phoenix in January. We hope to see you there and at other WordCamps to come in the new year.

Our mission remains the same from where we started: we want to provide the best possible solution for everyone who depends on WordPress to completely protect and secure their sites.

See you in the New Year!

Posted in Announcements, Community, Meta, WordCamp, WordPress | Tagged , , , | 4 Comments

New Hotfix Released for Security Issue

Posted on Dec2010

We’ve issued a new hotfix via the VaultPress plugin that closes a recently identified security issue in WordPress. WordPress 3.0.3, released yesterday, fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.

For VaultPress customers who haven’t yet been able to update WordPress to 3.0.3, the hotfix we’ve released will keep your site protected from this security issue. You should still update WordPress to 3.0.3 as soon as possible.

Both Basic and Premium VaultPress customers should already have been automatically updated to the latest version of the plugin, v. 0.0890. You can verify the version number by visiting your site’s WordPress dashboard, then viewing your plugins page. If your VaultPress plugin version is lower than 0.0890, you can then update the plugin manually by logging into your VaultPress dashboard, and downloading the latest version of the VaultPress plugin. Or, just contact the VaultPress Safekeeper team and we’ll take care of updating the plugin for you. We can also help you enable automatic updates to the VaultPress plugin.

Posted in Announcements, Security | Tagged , , | Comments Off on New Hotfix Released for Security Issue

Hotfix Released for Security Issue

Posted on Dec2010

We’ve just updated the VaultPress plugin with a hotfix that closes a recently identified security issue in WordPress. The security issue, which has been corrected in the WordPress 3.0.2 release, could have enabled a malicious Author-level user to gain further access to a site.

VaultPress now looks at potentially problematic queries that get passed through WordPress, determines if one of them is the problem query, and fixes it. All WordPress users should still upgrade to WordPress 3.0.2 as soon as possible, but for those VaultPress customers who haven’t yet been able to upgrade, the update fixes this specific security issue.

Most VaultPress customers (both Basic and Premium) should already have been automatically updated to the latest version of the plugin, v. 0.0888. You can verify the version number by visiting your site’s WordPress dashboard, then viewing your plugins page. If your VaultPress plugin version is lower than 0.0888, you can then update the plugin manually by logging into your VaultPress dashboard, and downloading the latest version of the VaultPress plugin. Or, just contact the VaultPress Safekeeper team and we’ll take care of updating the plugin for you. We can also help you enable automatic updates to the VaultPress plugin.

Our mission is to take the worry out of keeping your WordPress site secure, and we’ll continue to work on making updates like this one even easier for you.

Posted in Announcements, Security | Tagged , , | 1 Comment

New VaultPress Security Scanning

Posted on Nov2010

One of the goals for VaultPress is take as much of the guesswork out of securing your WordPress site as possible. In that spirit, we’ve just enabled a brand new security feature for all of our premium customers, a WordPress core file scanner.

How it works

VaultPress knows which version of WordPress your site is running. For each particular version of WordPress, we know what the MD5 checksum for each of the core files should be (an MD5 checksum is a kind of digital fingerprint for a file, that can be used to validate the integrity of that file).

Our new core file scanner scans your site and does the following:

  • Checks that each of the expected core files exists
  • Checks the MD5 checksum of each file
  • Stores information about each file from PHP’s stat() function

On our initial scan of your site, we perform all three of these steps for each of the 750+ WordPress core files. This scan creates a baseline that we can compare against in future scans. If the MD5 checksum of a core file doesn’t match, we notify you through an alert in the security tab of your VaultPress dashboard. A variation in the checksum means that the file has been modified from the original version that came with your WordPress install.

If you weren’t the one who modified a file, it’s possible that your site has been hacked and malicious code injected. In that case, you can contact the VaultPress Safekeeper team from your dashboard and we’ll help you diagnose and correct the problem.

For the next version of the scanner, we plan to store a unified diff of core file changes — that will enable us to show you exactly what was modified in any given core file. We also plan to add malicious code detection to further enhance your site’s security with VaultPress.

Posted in Announcements, Features, Security | Tagged , , | 16 Comments

ServInt and VaultPress

Posted on Nov2010

We’re excited to announce that golden tickets to VaultPress are now being made available to all ServInt WordPress customers. ServInt has been in the web hosting business for over fifteen years with a strong focus on customer service. In talking to them, it was clear there’s a great fit between the premium security and backup features VaultPress delivers and how they approach the needs of their business customers. Check out the ServInt blog for more.

Posted in Announcements, Partnerships | Tagged , | Comments Off on ServInt and VaultPress