Looks like bozos found a ginormous hole in Elementor. We’ve updated the plugin on all sites with it.
More details here: https://blog.sucuri.net/2022/04/critical-rce-vulnerability-in-elementor-wordpress-plugin.html
-TS Jay
Looks like bozos found a ginormous hole in Elementor. We’ve updated the plugin on all sites with it.
More details here: https://blog.sucuri.net/2022/04/critical-rce-vulnerability-in-elementor-wordpress-plugin.html
-TS Jay
Hi Everyone!
Since it appears that every company is sending an update on how they’re handling the COVID-19 crisis, now seems a good time for us to do one too.
Don’t expect this update to be nearly as serious as some of the others you’ve read. (Anyone who has hosted with us for a while should already know this.)
But first a quick note on upcoming maintenance…
One of our Phoenix ISPs will be doing maintenance on their network from 2-4AM Arizona time tonight.
Traffic should fail over to our other Phoenix network provider, but there could be a blip. They’re estimating the link will be offline for 40 minutes.
Summary: when it comes to keeping your site up and running during all this, we’re ready.
We correctly assumed that we’d see an overall spike in traffic as options for other entertainment were canceled. So, last weekend we deployed a few additional servers to ensure we had plenty of headroom to handle traffic spikes.
The last two days have been our highest traffic days ever. Seems you all are doing amazing work and creating interesting content. Great job everyone!
With respect to our teams’ health and safety, we’re having all our techs work from home. This is a change from having all our techs work from home. Wait…
*Comic pause*
Actually the only policy change request came from a tech who asked if he would be required to wear pants when working from home. (I’m not kidding, though I suspect he might have been.)
Relatedly, I’ve decided against holding web meetings with the team for a while. Not that we actually do those either. We spend the day messaging in Slack or doing voice chat.
Getting slightly serious for a moment, we’re here for you!
If your circumstances change and you need us to be flexible on payments, need a laugh, or whatever, please reach out. We’re here.
Because, we’re all in this together.
-J
Hi All,
We’ve had a bunch of questions regarding WordPress 5 and especially the new Gutenberg editor.
For those clients on our hosting plans where we do your updates, we’re going to hold off on those updates until January, maybe February, depending on what we see with respect to plugin and other issues with the new release. We’ll still be doing your other plugin updates, but would rather give all the developers a bit more time to track down any bugs – and there will be bugs.
WordPress’s built-in updates doing the won’t update to this new major version. It does minor updates within the same major version. In other words, if your site is running 4.9.4, WP will update to 4.9.5, but it won’t update to 5.0.
If you’re doing your own updates, maybe also hold off on those for a bit. If you want to give it a whirl, feel free to do so – but maybe open a (low priority) support ticket to have us take an extra backup of your site beforehand.
Thanks for hosting with us.
-TS
Hey All,
The Bozos have a new trick for making money and causing grief for WordPress sites – buying a plugin and then inserting ads or malware in it. Yay for their ongoing creativity. It’s a shame they can’t put this energy toward doing something useful.
Today’s affected plugin is one of our favorites – Fast Secure Contact Form. Which is a bummer since it has been fantastic for years. (As an aside, if you like a plugin, please kick a few $ towards the developers, so they keep working on it, and aren’t as tempted to sell them to less honorable folk.)
In short, the original developer sold the plugin, the new owner attempted to put malicious code in several of his newly acquired WordPress plugins which would connect to a server he owned and inject spam ads in the site’s posts.
Read more here: http://www.fastsecurecontactform.com
This is exactly what happened with the Display Widgets plugin a while back.
For all sites using Fast Secure Contact Form installed (including ours), we’re going to make sure everyone is updated to the last known good version. Same for Secure reCAPTCHA (which we don’t use).
In TS news, we’ve been doing lots of HTTPS site conversions for sites wanting to comply with Google’s newest recommendations. (This will be the subject of our next post.)
Our new CDN servers are in place and serving static content for high traffic sites. So far this month, they’ve handled about 40TB of traffic – including one post which went extremely viral & has had over 11 MILLION views in a little over a week. We’ll be adding more sites to it, and more CDN servers in more locations as we go.
And, best of all, the TS family has grown. Please extend a warm welcome to our new tech Shawn. Yay!
Thanks for reading, and for recommending us for hosting as often as you do. We very much appreciate it, and wouldn’t be here without you.
-J