We are excited to announce that we will soon be upgrading PHP on all of our servers! PHP 5.5 will be added and it will become the new default version (previously version 5.3). This change will begin on November 18th, but due to the numbers of servers that need to be upgraded, it will take several weeks to complete all servers.
With this update, we will also be removing support for PHP 5.2 and FFMPEG. PHP 5.2 has been unsupported by the PHP development team since the beginning of 2011. FFMPEG introduces performance issues that affect all customers. Given usage is extremely low, we have decided to remove support to improve performance (we can enable FFMPEG by request on Managed VPS accounts).
If you are using PHP 5.2, you will be switched to PHP 5.3 via modifications we will automatically make to your .htaccess configuration. We recommend that you contact the developer of your software as soon as possible to ensure your application is compatible with PHP 5.3.
We will continue to offer PHP 5.4 as an add-on option and any applications on your account that explicitly declare that version will continue to use that version.
If you would like to start using PHP 5.5 immediately, you can! For instructions, please visit the following article in our KB for how to change your PHP version.
If you have any questions or concerns, please contact our Support Department via Backstage.
Site5 has always been a big supporter of Net Neutrality and its vast importance. If you’re new to the Net Neutrality movement, please see this guest blog post from Christian Dawson, chairman and co-founder of the Internet Infrastructure Coalition.
Please take some time today or tonight to encourage the European Union to pass an amendment to safeguard Net Neutrality! A website, savetheinternet.eu, has been set up for this movement.
We encourage everyone to email a member of the EU government via the savetheinternet.eu website and then spread the message on social media. If you are in the EU, you can take this one step further by calling your local government members!
Net Neutrality is vital! The Internet is global, and if we act together, we can help safeguard it.
Magento recently released a security update that fixes many vulnerabilities found in their software. If you are running a Magento installation without patch SUPEE-6285 we highly recommend you update immediately:
If you are a customer with us, we will be in contact if this issue affects your account.
For more information on the security vulnerabilities fixed in this update, please visit the following link:
It was recently discovered that a large number of WordPress plugins have security vulnerabilities allowing hackers access to websites running outdated versions of these plugins. The list below includes plugins which have been identified as definitively containing the vulnerability but it is by no means a complete list:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
The above plugins have already been updated by their developers to fix the issue so we strongly recommend logging into your WordPress admin panel and updating these as well any other plugins that are installed.
If you are a customer with us, we will be contacting you with more information if this affects your account.
For more information about this vulnerability, please visit the following link:
Earlier in the year, it was discovered that Magento contained a critical security vulnerability which allowed a hacker to take full control of a Magento based website and run any command they wanted. The Magento team released a security patch in February but unfortunately many sites still run without the patch. The company that located the vulnerability will be releasing a paper on it, to the public, within 24-48 hours. A reverse engineered tool will be available shortly after and mass compromises will likely be attempted on Magento users. If you are running a Magento installation without patch SUPEE-5344 we highly recommend you update immediately:
If you are a customer with us, we will be in contact if this issue affects your account.
For more information on this vulnerability please visit the following link:
It was recently discovered that a popular WordPress plugin, WP Super Cache, has a security vulnerability in older versions. This plugin is actively being targeted by hackers and with an outdated version on your website, you are vulnerable to intrusions.
We strongly recommend you update to the latest version which you can do by clicking ‘update’ on the plugin within your WordPress admin panel.
If you are a Site5 customer, we will be contacting you with more information if your SuperCache plugin remains out of date.
For more information on this vulnerability, please visit the following link:
Spring has arrived! The winter months are finally behind us and warm days are ahead! With Spring on it’s way, we are happy to announce new and exciting projects for Site5. There is just something about Spring and how it makes you feel so refreshed and awake. We are definitely ready for longer days and lots of sunlight! What have we been doing all winter? Take a look and see for yourself:
- Calling all Beta Testers! As we enter the final stages of our Backstage revision, we are looking for volunteers to test the beta version. If you are interested in participating in our beta tester program, please complete a short survey to see if your account is eligible.
- Password Protected: In order to protect our customers and their web apps during installations and updates, our Software Development team has added a new password rating system into SiteAdmin to help you pick the strongest possible password combination. We cannot stress the importance of strong passwords; the stronger the password, the more protected your apps and your website will be. Check out this Knowledge Base article on how to create strong passwords.
- Additional Security Updates: Recently, several major security vulnerabilities relating to the “Xen” software required us to issue reboots on most of our servers as part of the process of upgrading Xen to the latest version. These reboots were required to maintain the security of our customer’s websites. Most of the reboots went smoothly and without incident, however, there were some isolated issues for a few customers, but we believe these have been resolved at this time and all servers have been upgraded.
Spring is all about growth, renewal and new opportunities. Here is what we have planned for the warmer days ahead:
- Preventing HTTP Attacks: Site5’s Server Health and Systems team will be deploying a new system for preventing HTTP attacks on shared and VPS servers. This new system will help prevent unnecessary downtime.
- Join our team! Looking to grow your career? Come join our team at Site5! In addition to researching new locations for our servers around the world, we are looking to expand our workforce. If you are interested in working with a modern and globally present company, consider joining our team. If you are interested in learning more about our software development team check this site out, and for our tech team go here.
In the spirit of Spring, consider starting a new blog, changing your WordPress theme or even just cleaning up your work-space. These are great ways to re-energize yourself and your work! Do you plan to do any Spring cleaning or updates? Let us know! Comment below or let us know on Twitter and Facebook (@Site5).
Do you have an SSL certificate installed on your website? If so, please check if your certificate was generated using the SHA-1 algorithm. We would urge customers using SHA-1 based SSL certificates to consider replacing them with ones generated using SHA-2 algorithm.
Google announced its plan for sunsetting SHA-1, Mozilla has done the same, and Microsoft actually laid out their plans before the others. There does not seem to be an official announcement on Safari’s support of SHA-1 that we could find, but considering how the majority of the industry is deprecating SHA-1, an announcement from Apple should not be far away!
We would definitely not recommend waiting until such a time when most major browsers start issuing warnings when connecting to websites that use SHA-1 based SSL certificates. Imagine how unnerving that would be for visitors to your website and can be quite damaging to your website’s reputation! We would recommend making the switch to SHA-2 based SSL certificates as quickly as possible.
If you purchased your SSL certificate through us, we will help you with the entire process of making the switch including regenerating the certificate using the SHA-2 algorithm and installing that in place of your old certificate. All you need to do is to send in a ticket to our support department and they will let you know what is involved. There is no additional fee for this, and we will help you every step of the way!
If you had purchased your SSL certificate elsewhere, you would need to contact them to have your certificate regenerated. Once you have the new certificate, simply submit the form within Backstage to have it installed!
Thank you, and please feel free to contact our support team in case you have any questions!