7 Aug

2014

WordPress & Drupal Vulnerability? –  Keep calm and update!

drupal-wp-vuln

Yesterday, a serious vulnerability in the PHP XML parser used by WordPress and Drupal was announced. After some great collaboration between the core developers of those applications, new versions that address the issue were released for both WordPress and Drupal. We, at SiteGround, are proactively addressing the issue too:

  1. Our security team has been addressing the issue on the server level. We have discerned unwanted activity during last week and have applied certain firewall rules to mitigate it even before the exploited issue was announced. Once we became aware of the officially published details of the problem, we were able to refine our server level defense. Our team is on the guard and ready to add a future improvement if needed.
  2. All WordPress users, who use our autoupdater will be updated to the newest version in 24 hours after the announcement was made
  3. All WordPress users, who do not use our autoupdater but are on a version 3.7 or higher will be automatically updated by the native WordPress update function too.
  4. Once the automatic updates are done, we will scan our servers for outdated WordPress versions and will contact by email their users to recommend update.
  5. We will also contact all Drupal users on our servers, whose applications are not updated and will strongly encourage them to go ahead and get the latest version.

Author: Hristo Pandjarov

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about Joomla and WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments (2):

  1. Tim says:

    As per usual, Siteground stays on top of any and all security threats! With their dedicated support, I can be assured my website as well as my clients sites are well looked after and updated with security patches.

  2. Anthony Crowe says:

    I just migrated my websites to site ground tonight and am amazed at how far behind my previous host is, comparatively, to this host. This security announcement and fix had never been mentioned to any of the web owners that I know on that host. The cPanel here is also much more extensive than the cPanel on my old host. So far, so good. Hope it stays that way.

Favorite Tweets

Facebook