WordPress Security Update

An important security update was released today for WordPress. Version 4.1.2 fixes several vulnerabilities that could allow users to compromise your site. WordPress versions 4.1.1 and earlier are vulnerable, and should be updated to the latest version of WordPress as soon as possible.

We encourage everyone to head over to Dashboard → Updates in their WordPress dashboard, and click “Update Now”. Once you’re running WordPress 4.1.2, you’re protected from these vulnerabilities.

We’re currently attempting to apply a security patch to all sites on VaultPress, regardless of the plan they’re on. Some sites will not be automatically upgraded due to permission issues, so it’s important to make sure you’re up-to-date!

We also recommend that you take this moment to ensure you’re running the latest and greatest version of VaultPress. You can do so by heading back to Dashboard → Updates in your WordPress dashboard. If an older version of VaultPress is listed on this page, you’ll have the opportunity to upgrade to the latest version with a single click. You can also find our plugin in the Plugin Directory.

By running the latest versions of WordPress, VaultPress, and all your themes and plugins, you help to ensure that your site remains safe, secure, and speedy! As always, if you have any questions, drop us a line.

Posted in General, Security | Leave a comment

iThemes Security: Critical Security Release

iThemes have released an important security fix for their iThemes Security Plugin.

This release fixes an XSS issue, which allowed potentially dangerous JavaScript to be executed while viewing the iThemes Security 404 error logs.

iThemes have backported the security fix to past versions, releasing a patched version of every minor version dating back to 3.2.

In order to protect your site, we recommend that you check if your site is running a vulnerable version of iThemes Security, and upgrade it immediately to a safe version. You can do so from the “Updates” page in your WordPress dashboard.

We have attempted to push an update to all websites on VaultPress, upgrading them to the safe release of the minor version they were already using. However, we were unable to update some websites due to permission issues.

We have emailed all VaultPress customers whose sites have not been successfully updated.

As always, if you have any questions or need help, drop us a message!

Posted in General, Security | 1 Comment

Vulnerability in WP Super Cache

A couple of important security updates have been released for the popular WP Super Cache plugin.

The security updates fixed a vulnerability, reported by Sucuri, that allowed an attacker to introduce malicious code into the plugin’s cache file listing.

Many such vulnerabilities are executed by tricking the site owner into clicking on a dangerous link. However, since links pointing to the WP Super Cache cache listing page can only be used once, it would not be possible to execute the malicious code by clicking on a public link. In order to execute the malicious code, the site owner would need to visit the plugin’s cache listing page manually.

You can protect yourself from this security vulnerability by upgrading to the latest version of WP Super Cache, 1.4.4, under Dashboard → Updates in your WordPress dashboard.

We have also attempted to automatically upgrade any VaultPress customers that are running an outdated version of WP Super Cache. You can verify that you’re running the latest version of WP Super Cache, 1.4.4, on the Plugins page in your WordPress dashboard.

As always, if you have any questions, drop us a line!

Posted in General, Security | Tagged | 2 Comments

VaultPress Customer Stories: Attack of the Androids

MatLee2Mat’s podcasts are a therapy of sorts for him. After starting a couple of other podcasts, he launched the Attack of the Androids to cover all things Android. The focus of the podcast is to discuss Android news, reviews, and awesome Android apps.

He turned to podcasts in part because they felt more genuine. “Anyone can write and edit but it takes a certain someone to be real in front of a mic and camera,” he says.

Since putting himself and his thoughts out there, he’s drawn a loyal following. So much so that he’s been amazed at how long some of his listeners have been around for. “Some of those kids started listening in high school, and now they are graduating college and getting jobs,” he mentioned.

Part of his success has been the use of WordPress to quickly and easily publish his podcasts. Recently, he started using VaultPress to keep his content safe, because it seemed like the “only complete way to have multiple snapshots of full backups”. 

When the time came to move to a new server, he turned to VaultPress and performed an alternate restore. Now his sites are up and running on the new server without a problem.

We can’t be more delighted that Mat chose VaultPress to protect his recordings of Attack of the Androids.

You can learn more about how VaultPress can protect your site — including its contents, themes, plugins, site settings, and customizations.

Contact us with questions — or make our day, and sign up to protect your site!

Posted in Community, General | Leave a comment

Restore via Carrier Pigeon

Thanks to recent advances in avian logistics, your friends at VaultPress are pleased to offer a brand new automated restore tool.

In addition to restoring over FTP and SSH, and restoring to an alternate site, you can now restore your site using our team of carrier pigeons.

vaultpress-pigeons

You’ll be pleased to know that we’re offering our standard pigeon restore service at no extra cost!

Getting started is easy. First, select your backup. Then, pick your pigeon, and provide us with your datacenter’s physical address.

pigeon-restore

Our technically proficient pigeons will fly to your datacenter, and restore your site posthaste.

As our carrier pigeons gain experience, and build whatever relevant muscles that pigeons have, we hope to offer a premium option in the future.

As always, please drop us a line if you have any questions! We’re always happy to help.

Posted in General | 2 Comments