White Label CMS Vulnerability

A vulnerability has been found in White Label CMS, up to version 1.5.2. The vulnerability makes it possible to inject malicious code into websites, by tricking a site administrator into clicking a specially crafted URL. A fix has been released with version 1.5.3.

We have attempted to push an update to all websites on VaultPress with this plugin, upgrading them to 1.5.3. However, we were unable to update some websites due to permission issues.

We will email all site owners who we were unable to upgrade, recommending that they update their site as soon as possible.

As always, drop us a line if you have any questions!

Posted in General, Security | Leave a comment

Opt into Receipt Emails

Given many people have expressed that they don’t want to be bogged down by emails about receipts and would rather only see important emails pertaining to their site’s backups, we’ve disabled receiving receipt emails by default.

Note: All other email communication surrounding backups, restores, cancellations, and security threats will continue as normal. 

Here’s more information about each option:

1) Receive Receipt Emails by Opting In

If you’d like to continue receiving receipt emails, please visit https://dashboard.vaultpress.com/account/.

From there, just select Change Settings on the right hand side of the page:

receipt default update

Next, enter in the email where you want to receive receipts, check the box next to Email my receipts to me at and click Save:

save update

Once this has been done, the default settings will be overridden and you will begin to receive emails for receipts. Your Account page will also show this change in settings:

receipt emails

2) Don’t Receive Receipt Emails by Default

This will happen by default moving forward. Keep in mind that if you don’t opt in, you can still access your receipts from the Accounts page on the right hand side. Just click on the date for the specific receipt and you’ll be able to view it from there. If you leave it at the default, you will see this on the right hand side of your account page:

default view

As always, if you have any questions about this, drop us a line.

Posted in Announcements, Features, General | Leave a comment

WordPress Security Update

An important security update was released today for WordPress. Version 4.1.2 fixes several vulnerabilities that could allow users to compromise your site. WordPress versions 4.1.1 and earlier are vulnerable, and should be updated to the latest version of WordPress as soon as possible.

We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Once you’re running WordPress 4.1.2, you’re protected from these vulnerabilities.

We’re currently attempting to apply a security patch to all sites on VaultPress, regardless of the plan they’re on. Some sites will not be automatically upgraded due to permission issues, so it’s important to make sure you’re up-to-date!

We also recommend that you take this moment to ensure you’re running the latest and greatest version of VaultPress. You can do so by heading back to Dashboard → Updates in your WordPress dashboard. If an older version of VaultPress is listed on this page, you’ll have the opportunity to upgrade to the latest version with a single click. You can also find our plugin in the Plugin Directory.

By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.

Posted in General, Security | Leave a comment

iThemes Security: Critical Security Release

iThemes have released an important security fix for their iThemes Security Plugin.

This release fixes an XSS issue, which allowed potentially dangerous JavaScript to be executed while viewing the iThemes Security 404 error logs.

iThemes have backported the security fix to past versions, releasing a patched version of every minor version dating back to 3.2.

In order to protect your site, we recommend that you check if your site is running a vulnerable version of iThemes Security, and upgrade it immediately to a safe version. You can do so from the “Updates” page in your WordPress dashboard.

We have attempted to push an update to all websites on VaultPress, upgrading them to the safe release of the minor version they were already using. However, we were unable to update some websites due to permission issues.

We have emailed all VaultPress customers whose sites have not been successfully updated.

As always, if you have any questions or need help, drop us a message!

Posted in General, Security | 1 Comment

Vulnerability in WP Super Cache

A couple of important security updates have been released for the popular WP Super Cache plugin.

The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to introduce malicious code into the plugin’s cache file listing.

Many such vulnerabilities are executed by tricking the site owner into clicking on a dangerous link. However, since links pointing to the WP Super Cache cache listing page can only be used once, it would not be possible to execute the malicious code by clicking on a public link. In order to execute the malicious code, the site owner would need to visit the plugin’s cache listing page manually.

You can protect yourself from this security vulnerability by upgrading to the latest version of WP Super Cache, 1.4.4, under Dashboard → Updates in your WordPress dashboard.

We have also attempted to automatically upgrade any VaultPress customers that are running an outdated version of WP Super Cache. You can verify that you’re running the latest version of WP Super Cache, 1.4.4, on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!

Posted in General, Security | Tagged | 2 Comments