Web Hosting

WordPress 4.2.2 fixes a cross-site scripting vulnerability – Update Now

wordpress_logoWordPress Version 4.2.2

On May 6, 2015, WordPress 4.2.2 was released to the public. This is both a security update for all previous WordPress versions, and a maintenance release for versions 4.2 and newer.

From the announcement post, WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML file shipped with recent Genericons packages included in the Twenty Fifteen theme as well as a number of popular plugins by removing the file. Auto-updates and manual updates will remove this file, however manual installations and those using VCS checkout (like SVN) will not remove this file. Version 4.2.2 also improves on a fix for a critical cross-site scripting vulnerability introduced in 4.2.1.

The release also includes hardening for a potential cross-site scripting vulnerability when using the Visual editor.

In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs from 4.2.1, including:

  • Fixes an emoji loading error in IE9 and IE10
  • Fixes a keyboard shortcut for saving from the Visual editor on Mac
  • Fixes oEmbed for YouTube URLs to always expect https
  • Fixes how WordPress checks for encoding when sending strings to MySQL
  • Fixes a bug with allowing queries to reference tables in the dbname.tablename format
  • Lowers memory usage for a regex checking for UTF-8 encoding
  • Fixes an issue with trying to change the wrong index in the wp_signups table on utf8mb4 conversion
  • Improves performance of loop detection in _get_term_children()
  • Fixes a bug where attachment URLs were incorrectly being forced to use https in some contexts
  • Fixes a bug where creating a temporary file could end up in an endless loop.

How to: Create an email signature in RoundCube

Screen Shot 2015-04-27 at 17.38.50An e-mail signature is a block of text that is appended to the end of an e-mail message you send. Generally, a signature is used to provide the recipient with your name, e-mail address, business contact information, or Web site URL.

  1. Login to your RoundCube webmail service
  2. Click on the “Settings” cog in the top-right of the panel
  3. Locate your email “identity” from the list
  4. Click on the “identity” and clck on the “Signatures” tab. If you wish to use HTML formatting in your signature, select the “HTML Signature” checkbox.
  5. Enter your desired customised signature in the “signature” box and press “Save”.

WordPress Version 4.1.2 – Urgent Upgrade

wordpress-logo-updateOn April 21, 2015, WordPress 4.1.2 was released to the public. This is a security update for all previous WordPress versions.

This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.

Also fixed are three other security issues:

  • In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
  • In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
  • Some plugins were vulnerable to an SQL injection vulnerability.

A number of plugins also released security fixes yesterday. Keep everything updated to stay secure. If you’re a plugin author, please read this post to confirm that your plugin is not affected by the same issue.

If you are unable/uncomfortable upgrading your WordPress site then let our experts do all the work for you. Order a WordPress Maintenance service today.

MICROLITE3 Plesk 12 Upgrade

Plesk-12-Banner

MICROLITE3.COM – Upgrades

As part of our service to you, we strive to provide you with the very latest services, performance and security for your web sites. Our new upgrade schedule will completely replace your hardware and software to the very best available.

“During the period 1st thru 6th May the server hardware and plesk panel will be completely upgraded.”

HARDWARE: The new hardware will improve the performance and reliability of the server. Response times and security will be greatly increased. The server will also be migrated to our new UK datacenter. The old IP address was 109.75.161.213. The new IP address will be 5.77.60.44.

SOFTWARE: The core OS of the new server will be of the latest stable version. PHP, MySQL  and all other features will be of the latest production versions.

PANEL: The Plesk Panel will be upgrade to Plesk 12, the current latest version of Plesk. This will provide the very latest features, functionality and security for your accounts.

ENHANCED SECURITY: The new Security Core combines ModSecurity, CSF, Malware Detect and Fail2Ban with Outbound Antispam and ServerShield™ tools and many features that protect against malicious attacks and site vulnerabilities.

WEBMAIL: AtMail is now replaced with the awesome RoundCube. Your username is in the format name@yourdomain.co.uk. Your passwords are unchanged. If you do have a problem with your mail password simply change it or request support to change it for you.

COST: These are no-cost upgrades, there will be no additional charges to your account.

DOCUMENTATION: Take a look at our Step-by-step Video Tutorials or review the Official User Guide

Notice: Please refrain from making significant changes to your web site during this period. The migration of the data will take many hours. We request that you put off any changes until the upgrade is complete to avoid an inconsistent transfer of your site data.

Infrastructure Secured with the Plesk 12 Security Core

Plesk12_overview-plesk-graphic-2014-0430Enhanced Security on All Levels.

The new Security Core in Plesk 12 combines ModSecurity and Fail2Ban with Outbound Antispam and ServerShield™ tools allowing you to deliver server-to-site security out of the box.
 

With the Plesk 12 Security Core on your servers you get:

  • Secure servers that protect against persistent attacks targeting known or newly discovered vulnerabilities
  • Increased uptime as malicious attacks against your servers are automatically blocked in real time
  • Cleaner IP addresses with outgoing spam protection preventing your servers from being blacklisted
  • Faster site performance and bandwidth savings with next generation CDN
SP_Plesk12_SecurityCore_graphic_653x258_EN_0fc2738462

All security components work together leading to a more reliable infrastructure.
 
About ServerShield™
Odin partnered with CloudFlare to build ServerShield™, a complete security solution that enables server administrators and websites owners to protect and speed up any website with just a few clicks.

ServerShield helps to block hackers, spammers, botnets, and DDoS attacks. In addition, it offers free and unlimited reputation monitoring by StopTheHacker.

End-customers also get CloudFlare’s next generation CDN, which brings content closer and faster to visitors where on average, a website on CloudFlare loads twice as fast and saves 60% of bandwidth. No configuration or setup is needed.