WordPress has released an update on 5th July, 2018. We urges all our WordPress client to update their WordPress to latest released version.
In order to update, please login to your WordPress Admin Panel >> Dashboard >> Updates >> here you should find with an option to update WordPress to latest Version or you can use “Re-install Now” button to have latest version installed for your account. Sites that support automatic background updates are already beginning to update automatically.
If you face any trouble updating your WordPress to latest version feel free to contact us. If you want us to update your WordPress, please create an support ticket with your WordPress Admin login details and We will update them for you.
Starting from July, 2018 Chrome Browser will mark a website without SSL certificate or HTTPS as “NOT SECURE“. This means that when potential customers visit a website without the HTTPS in the address bar, they will see that their website is not secure. So what can you do? You can simply install SSL certificate and have your site secured.
We at TetraHost offers free SSL certificate with our hosting service and to install SSL for your website, simply login to your cPanel >> Security >> Let’s Encrypt SSL >> here you will find option to install SSL certificate.
The password is the single most common security measure for digital systems, both online and off-line. The problem is that it is becoming increasingly less secure as hackers gain more and more powerful tools to simply crack them. A great deal of attention has gone towards the creation of secure passwords, what constitutes them, and whether or not it is feasible to retain a bunch of random alphanumerical strings inside your head all the time.
How are passwords cracked?
Most accounts that have their passwords compromised are not done so by another human being directly. Instead a computer will be tasked with guessing your password, so planning should go in to understanding and then deterring a computer from cracking your password. A hacker has a variety of malicious tactics available to them when trying to crack your password. These would be the two most common attacks you see on the Internet today:
Brute Force Attack: The attacker runs a script that tries again and again to randomly crack your password by sheer brute force. A long password with multiple character sets is the best protection. The higher your password entropy the less likely your password will be compromised by a brute force attack.
Dictionary Attack: The attacker utilizes dictionaries of known words or passwords and a script to try them in thousands of combinations until one matches up with the correct password. Don’t use common words, or keystrokes such as anyone’s name or phone number. Use a combination of multiple character sets to reduce the likelyhood of multiple entries pulled for a dictionary matching up successfully.
In recent time, We have been working on having more security on our cPanel servers and have applied few new security policies.
Password Strength – An password of any kind must set to 80% strong at least. System will not accept your password until it matches the security policy. To setup an strong password, you can use Lowercase/Uppercase letter, signs/symbols and number.
Password Age – Passwords must be changed every 90 days. Our system will automatically ask user to change their password every 90 days.
These two measures should allow you to secure your cPanel and related services. In the meantime, if you have any questions about account security, please contact us at TetraHost Support.
Let’s Encrypt is a free, automated and open certificate authority (CA) that offers free SSL certificates for the public’s benefit. Just like a paid for SSL certificate, a Let’s Encrypt certificate provides HTTPS protection for your website. You can find it by login into your cPanel and navigating to the Security section or simply by typing Let’s Encrypt in the search field.
Hypertext Transfer Protocol Secure (HTTPS), unlike its http counterpart is a communications protocol which provides a secure connection between a site and a visitor’s web browser, meaning any data shared is encrypted and safe from prying eyes.
Why HTTPS is important?
For security and Google.
First and foremost, https makes your website secure for your users. If your website does not use https, data sent between it and your users can potentially be intercepted, monitored or even altered by a 3rd party as it traverses the internet.
Security is a top priority for Google and back in August 2016 they announced https would to be used as a ranking single to encourage webmaster to use encryption. Continuing their mission for a safer web, from this month Google will highlight all sites which collect passwords and credit card data without https encryption as ‘Non-secure’ to visitors. You can learn more about this update here.
How to install Let’s Encrypt SSL?
With Let’s Encrypt you will be able to receive a certificate for your website without filling out any information details and by clicking a single button. Just choose the domain/subdomain you wish to cover with a certificate to and click on the Issue button next to it.
If you are a Joomla user, you better start updating your sites now.
Joomla was updated recently! Joomla issued a new minor versions, v2.5.14 and v3.1.5, that patches some very critical security holes, so it is very important you update as soon as possible! We are urging all customers to log in to update their Joomla sites to the latest version to help keep your site secure! They didn’t provide much details, but by the summary is seems serious enough to allow users to bypass upload restrictions:
Versions: 2.5.13 and earlier 2.5.x versions. 3.1.4 and earlier 3.x versions.
Exploit type: Unauthorised Uploads
Reported Date: 2013-June-25
Fixed Date: 2013-July-31
Description: Inadequate filtering leads to the ability to bypass file type upload restrictions.
As I write this article, there is an on going and highly distributed, global attack on WordPress installations across virtually every web host in existence! This attack is well organized and again very, very distributed. The attack can be called as “brute-force” attack as well. Due to the nature of the attack, memory consumption on targeted servers has increased. In certain cases, this has resulted in degradation of performance!
At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).
The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning. No one knows when it will end. TetraHost started a thread on a popular forum where web host owner’s is sharing their experience with the attack and solutions. Here is the thread.
We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done. Again, this is a global issue affecting all web hosts. Our hope is that this attack ends soon, but it is a reminder that we must all take account security very seriously.
To ensure that your customers’ websites are secure and safeguarded from this attack, we recommend the following blog article and apply the security protection ASAP:
We upgraded PHP in the Grid from 5.3.13 to the latest release, 5.3.14. This new release patches several security vulnerabilities existing in 5.3.13. Please note, the PHP development team already declared End of live for version 5.3.13. Here’s what the PHP development team says about this update:
The PHP development team would like to announce the immediate availability of PHP 5.4.4 and PHP 5.3.14. All users of PHP are encouraged to upgrade to PHP 5.4.4 or PHP 5.3.14.
The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension
PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI