Site5 - Built For Designers & Developers MENU

Magento Security Update

No Comments

Magento recently released a security update that fixes many vulnerabilities found in their software. If you are running a Magento installation without patch SUPEE-6285 we highly recommend you update immediately:

https://www.magentocommerce.com/products/downloads/magento/

If you are a customer with us, we will be in contact if this issue affects your account.

For more information on the security vulnerabilities fixed in this update, please visit the following link:

http://merch.docs.magento.com/ee/user_guide/Magento_Enterprise_Edition_User_Guide.html#magento/patch-releases-2015.html

WordPress Plugin Vulnerability

Comments Off on WordPress Plugin Vulnerability

It was recently discovered that a large number of WordPress plugins have security vulnerabilities allowing hackers access to websites running outdated versions of these plugins. The list below includes plugins which have been identified as definitively containing the vulnerability but it is by no means a complete list:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

The above plugins have already been updated by their developers to fix the issue so we strongly recommend logging into your WordPress admin panel and updating these as well any other plugins that are installed.

If you are a customer with us, we will be contacting you with more information if this affects your account.

For more information about this vulnerability, please visit the following link:

https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

Magento Security

Comments Off on Magento Security

Earlier in the year, it was discovered that Magento contained a critical security vulnerability which allowed a hacker to take full control of a Magento based website and run any command they wanted. The Magento team released a security patch in February but unfortunately many sites still run without the patch. The company that located the vulnerability will be releasing a paper on it, to the public, within 24-48 hours. A reverse engineered tool will be available shortly after and mass compromises will likely be attempted on Magento users. If you are running a Magento installation without patch SUPEE-5344 we highly recommend you update immediately:

https://www.magentocommerce.com/products/downloads/magento/

If you are a customer with us, we will be in contact if this issue affects your account.

For more information on this vulnerability please visit the following link:

https://blog.sucuri.net/2015/04/critical-magento-shoplift-vulnerability-supee-5344-patch-immediately.html

WordPress SuperCache Plugin

1 Comment

It was recently discovered that a popular WordPress plugin, WP Super Cache, has a security vulnerability in older versions. This plugin is actively being targeted by hackers and with an outdated version on your website, you are vulnerable to intrusions.

We strongly recommend you update to the latest version which you can do by clicking ‘update’ on the plugin within your WordPress admin panel.

If you are a Site5 customer, we will be contacting you with more information if your SuperCache plugin remains out of date.

For more information on this vulnerability, please visit the following link:

https://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html

State of Site5: March 2015

Comments Off on State of Site5: March 2015

Hi there!

Think SpringSpring has arrived! The winter months are finally behind us and warm days are ahead! With Spring on it’s way, we are happy to announce new and exciting projects for Site5. There is just something about Spring and how it makes you feel so refreshed and awake. We are definitely ready for longer days and lots of sunlight! What have we been doing all winter? Take a look and see for yourself:

  • Calling all Beta Testers!  As we enter the final stages of our Backstage revision, we are looking for volunteers to test the beta version. If you are interested in participating in our beta tester program, please complete a short survey to see if your account is eligible.
  • Password Protected: In order to protect our customers and their web apps during installations and updates, our Software Development team has added a new password rating system into SiteAdmin to help you pick the strongest possible password combination. We cannot stress the importance of strong passwords; the stronger the password, the more protected your apps and your website will be. Check out this Knowledge Base article on how to create strong passwords.
  • Additional Security Updates: Recently, several major security vulnerabilities relating to the “Xen” software required us to issue reboots on most of our servers as part of the process of upgrading Xen to the latest version. These reboots were required to maintain the security of our customer’s websites. Most of the reboots went smoothly and without incident, however, there were some isolated issues for a few customers, but we believe these have been resolved at this time and all servers have been upgraded.

Spring is all about growth, renewal and new opportunities. Here is what we have planned for the warmer days ahead:

  • Preventing HTTP Attacks: Site5’s Server Health and Systems team will be deploying a new system for preventing HTTP attacks on shared and VPS servers. This new system will help prevent unnecessary downtime.
  • Join our team! Looking to grow your career? Come join our team at Site5! In addition to researching new locations for our servers around the world, we are looking to expand our workforce. If you are interested in working with a modern and globally present company, consider joining our team. If you are interested in learning more about our software development team check this site out, and for our tech team go here.

In the spirit of Spring, consider starting a new blog, changing your WordPress theme or even just cleaning up your work-space. These are great ways to re-energize yourself and your work! Do you plan to do any Spring cleaning or updates? Let us know! Comment below or let us know on Twitter and Facebook (@Site5).

 

Site5 recommends switching to SHA-2 SSL Certificates

Comments Off on Site5 recommends switching to SHA-2 SSL Certificates

Greetings!

Do you have an SSL certificate installed on your website? If so, please check if your certificate was generated using the SHA-1 algorithm. We would urge customers using SHA-1 based SSL certificates to consider replacing them with ones generated using SHA-2 algorithm.

Google announced its plan for sunsetting SHA-1, Mozilla has done the same, and Microsoft actually laid out their plans before the others. There does not seem to be an official announcement on Safari’s support of SHA-1 that we could find, but considering how the majority of the industry is deprecating SHA-1, an announcement from Apple should not be far away!

We would definitely not recommend waiting until such a time when most major browsers start issuing warnings when connecting to websites that use SHA-1 based SSL certificates. Imagine how unnerving that would be for visitors to your website and can be quite damaging to your website’s reputation! We would recommend making the switch to SHA-2 based SSL certificates as quickly as possible.

If you purchased your SSL certificate through us, we will help you with the entire process of making the switch including regenerating the certificate using the SHA-2 algorithm and installing that in place of your old certificate.  All you need to do is to send in a ticket to our support department and they will let you know what is involved. There is no additional fee for this, and we will help you every step of the way!

If you had purchased your SSL certificate elsewhere, you would need to contact them to have your certificate regenerated. Once you have the new certificate, simply submit the form within Backstage to have it installed!

Thank you, and please feel free to contact our support team in case you have any questions!

Going Green – how at Site5 we’re doing our bit to save the environment!

1 Comment

We at Site5 are proud to be providing services that help you build great things online. However, there is an environmental cost to this – as a web hosting provider we have to keep our servers powered on 24×7 and this does result in a lot of energy usage, a lot of which is produced via methods that release carbon into the atmosphere. It is no secret that carbon emissions are damaging our environment in very serious ways.

I’m sure that as a consumer you would prefer to do business with an organization that is sensitive to these environmental threats and believes in doing whatever it can to negate the harmful effects that its operations might be having on the environment. The good news is that Site5 is an environmentally conscious company, strongly committed to being as green as possible

So what are we doing to compensate for the environmental damage we’re causing? We support organizations that help run projects that benefit the environment — we do this by buying carbon offsets from them which is a tangible way of compensating our carbon emissions. Each year our Operations team undertakes a very thorough endeavor to calculate our total carbon usage. We calculate carbon emissions caused due to our servers and networking infrastructure, by far the largest contributors to our carbon usage. We also factor in things like flight and car trips purchased by the company to travel to company meetups (we conduct a couple of meetups each year), management meetings and industry conferences and events. From the total carbon usage calculated this way, we deduct the CO2 emission that our commutes to work would have caused if we were not a 100% remote team working from home. We think this makes a lot of sense as by working from home we are actually doing a lot of good for the environment – just imagine how many cars would be off the streets if everyone worked from home and how much it can reduce pollution and CO2 emission! –  quantifying these savings provides a tangible way of calculating that impact and rewarding ourselves for it.

Once we have calculated the total carbon usage, we go ahead and convert them to carbon offsets that we purchase from an organization called COTAP – they are an extremely transparent organization with a mission of alleviating poverty by selling carbon offsets. The funds are used to help under privileged communities set up farms, orchards etc that can provide a stable source of income and raise them from poverty. They’re doing some solid work and maintain a high level of accountability. We’re very happy to support them! We highly recommend COTAP to any small business looking to offset their activities!

logo

State of Site5: February 2015

4 Comments

Greetings!

We hope everyone is staying warm! If you are lucky enough to live in a region where the temperatures stay relatively warm, we certainly envy you! February, although cold, has been nice and warm here at Site5. This has been one of the busiest months for our company, and we love it! So, here’s what we’ve been up to:

  • Management of Resources:  Site5 has been focusing on using what resources we have more efficiently. By taking a closer look into how efficient each one of our servers are, we have made improvements to our server fleet by: expanding into globally managed datacenters, altering server settings such as memory limit, and adding more detection tools to prevent attacks (WordPress websites in particular). These adjustments to our fleet will make each server run more efficiently, and should reduce the strain each server experiences, thus making your websites run more efficiently!
  • Updates, Updates, Updates: Updates are a critical aspect of keeping our servers happy and healthy. These updates mean better server quality for all customers across all hosting plans. Upgrades for this month include:
    • cPanel: 11.44 is running and we are currently testing 11.48 on certain servers
    • mySQL has been upgraded from 5.1 to 5.5
    • 3.14 Linux kernal is now running on all servers and virtual machines to improve performance and stability.

Spring is right around the corner and Site5 is keeping up the momentum! What can you expect from Site5 in the upcoming months? Check it out:

  • WordPress themes: Our team of web designers have been tirelessly working on new WordPress themes to feature on our WordPress theme website, S5Themes. Our next theme will launch in April and will continue to reflect current WordPress trends. Any ideas on a WordPress theme? Feel free to let us know on social media: @Site5.
  • Customer Service: Site5 plans to continue our work in our customer service department to improve ticket/chat response times and quality. Gathering feedback from our customers is so important to us. We are constantly looking to improve every area of our customer service team so that our customers get the best experience available.
  • Backend/Billing System: With the launch of our new backend/billing system, our engineers have tirelessly been working on upgrading and improving the system to create an effortless and smooth running dashboard for our customers.
  • Expansion: We really just want to take over the world. Anyone interested in a space station server location? Sounds amazing. Site5 continues to research and investigate new places for server locations and datacenters. We are also looking to continue expanding our workforce. If you are interested in working with a modern and globally present company, consider joining our team. If you are interested in learning more about our software development team check this site out, and for our tech team go here.

Overall, I think we are all looking forward to Spring! Of course a huge shout out to all of our existing customers for being awesome, and a big welcome to all of our new customers! We are so happy to have you aboard our team. Enjoy the rest of winter friends! We will talk soon.

Pages:1234567...38»