Security

Your Browser’s Spellchecker Leaks Your Password

November 22, 2022

Yay – we have yet another way in which companies like Google and Microsoft grab your sensitive data. Though in this case it’s probably inadvertent that they’re doing so. Still, no one is saying what’s happening to that data once they get it or if they’re going to make attempts to scrub the data now that they are aware of…

Read More

Multiple High Priority Security Vulnerabilities In OpenLiteSpeed

November 11, 2022

This morning we woke up to a security disclosure report in our inbox which detailed multiple high priority security issues in OpenLiteSpeed. A brief overview of the issues are described in an article on thehackernews.com. More detailed information about them are on the paloaltonetworks website. The vulnerabilities were disclosed and patched in October. So, naturally, the first thing we did…

Read More

That AWS Outage: Don’t Put All Your Eggs In One Basket

December 14, 2021

It seems as if it was only yesterday that the GoDaddy hack was revealed and we had some deep thoughts about that. Now, we’re talking about a major outage at a key infrastructure provider that caused a lot of sites and devices to be unavailable for hours. Imagine for a second that your agency used a hosting service where all…

Read More

Thoughts On The GoDaddy Hack

December 2, 2021

If you don’t already know, GoDaddy was the victim of a successful mass hacking attempt. Discovered in mid November, the intruders are suspected to have been rummaging around since the beginning of September. As more data became available, it was discovered that many GoDaddy subsidiaries were also part of the hack. More than 1 million sites are potentially affected. We…

Read More

WPCloudDeploy 4.7.1: A Security-Focused Release

June 30, 2021

WPCD V 4.7.x has ZERO new features. Instead it is a release focused on bug-fixes, code improvement and, more importantly, a release that has been audited for security issues by a third party. If you’re looking for information about new features, please check out the announcement from our last release – version 4.6.0 (or any of our many other releases.)…

Read More

Deep Thoughts On Supply Chain Attacks

May 14, 2021

Supply chain attacks are becoming more prevalent and they pose a tremendous risk to everyone in the chain – developers, end users, customers etc. If you don’t know what a software supply chain attack is, here’s a brief overview of how it works: instead of attacking a company directly, hackers attack the software dependencies the company uses. For example, in…

Read More

When WordPress Professionals Publicly Trash-Talk WordPress

April 12, 2021

Ok, so this is less of an article and likely should be classified as a “rant”. You should definitely move on to the next article if you don’t like opinions and rants. <rant class=”start”> A couple of days ago a prospect of ours posted about our product in a private Facebook group. Our potential customer had just finished up a…

Read More

WPCloudDeploy 4.1.0 – A Security Focused Update Featuring WPScan & Dewhurst Security

October 28, 2020

Version 4.1.0 of WPCloudDeploy has only two new features. In fact, it probably has the least amount of new features of any release we’ve ever done. But there’s a good reason for that. Before we talk about that reason, here are the two new features: You can now choose a language / locale when installing WordPress Automatic updates from our…

Read More

5 Best-Practices For New Servers Built On WPCloudDeploy

October 3, 2020

After you deploy a server using WPCloudDeploy you have multiple options to help protect it and keep it running properly. 1. Turn On Malware Scanning & Detection Before you do anything with your new server, you probably want to check the reputation of the IP address it was assigned. Many IP addresses can be placed on “blacklists” for activity that…

Read More

Exposed API Keys: Handling A Nightmare Scenario

May 22, 2020

Recently we noticed a post on twitter about an exposed API key for Convertkit where the author of the tweet was unable to contact Convertkit to remove the exposed API key from their account. Which made us wonder – what would be a nightmare scenario for api keys for a Cloud Server provider? For example, are you prepared if one…

Read More

The Security Risks Behind SaaS WordPress Management Panels

February 11, 2020

SAAS (software as a service) WordPress Management Panels are growing in popularity. These consoles allow you to spin up servers at a cloud provider of your choice and install and manage WordPress sites on those servers. At the time of this writing the four most popular ones that we are aware of are: GridPane SpinupWP Vepp Cloudways (not a pure…

Read More