WordPress 3.8.2 is now available for download and upgrade.
This is an important security release for all previous versions and we strongly encourage you to update your sites immediately.
This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies.
It also contains a fix to prevent a user with the Contributor role from improperly publishing posts.
This release also fixes nine bugs and contains three other security hardening changes:
- – Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
- – Fix a low-impact SQL injection by trusted users.
- – Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.
For more information on all of the changes, see the release notes or consult the list of changes.
We are happy to announce that the Heartbleed Bug (CVE-2014-0160) is patched for all our servers which are vulnerable to it. Along with the patch we are required to perform a restart to services which are affected, including LiteSpeed Web Server, cPanel & WHM, Mail Services, FTP Services, etc and there was a brief service interruptions due to the restart.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed Bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
UPDATE: All server level certificates are reissued as well as a precautionary measure.
We are currently performing an Emergency Maintenance on our Client Area.
While the maintenance is ongoing, access to our Client Area is unavailable and any invoice payments are not possible. You will also not be able to obtain support through our Client Area.
Your website is NOT AFFECTED by the maintenance and you will be able to login to your cPanel / WHM as usual as well.
To contact us and to obtain support, you can email us at the appropriate email addresses listed at the page below:-
If you want to reply to any support ticket, you will just need to reply to the email our system sent to you and support will continue as usual.
We are extremely sorry for the short notice due to the emergency nature of this maintenance and the lack of ETA on when this will be fully resolved.
UPDATE: The Emergency Maintenance has been completed.
WordPress 3.5.2 is now available for download or update within your WordPress dashboard.
This version is a maintenance and security release for all previous versions and we strongly encourage you to update your sites immediately.
The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
The security fixes included:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. (Developers: More on SWFUpload here.)
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
- Multiple fixes for cross-site scripting.
- Avoid disclosing a full file path when a upload fails.
For more information on the changes, see the release notes or consult the list of changes.
We have partnered with Sucuri, a leader in Malware Monitoring and Cleanup to offer Aspiration Hosting and NoFrillsReseller clients powerful malware monitoring and cleanup services. With our Sucuri Security plan, you get the same Malware Monitoring and Cleanup from the team behind Sucuri at a lower price!
You must have an Active reseller account with us to take advantage of this service.
Sucuri Security Services include:-
- 24x7x365 Malware Monitoring
- Malware Cleanup (∞ Pages!)
- 24x7x365 Blacklist Monitoring
- Blacklist Removal
Sucuri is compatible with any type of websites, which includes anything from PHP Applications like WordPress, Joomla, Drupal, SimpleMachines Forum to basic HTML pages.
The regular price for Sucuri is $89.99/year for each website.
For clients of Aspiration Hosting, you can get the same service at $50.00/year for each website!
For more information or to place an order, please visit the Sucuri Security Services page in Aspiration Hosting’s website.
If you have any questions, feel free to contact our Sales Department regarding this service.
If you have a WordPress blog or website that has the WP Super Cache or W3 Total Cache plugins installed, this will affect you.
Please make sure that your plugins have the following minimum version:-
– WP Super Cache: 1.3
– W3 Total Cache: 0.9.2.9
You can find the plugin’s version by going to your WordPress Admin –> Plugins –> Installed Plugins.
If your plugin is older than the above version, please get them updated immediately.
Older version of the plugins have a very serious vulnerability – remote code execution (RCE).
RCE allows an attacker to execute PHP commands for your hosting accounts and the attacker can even access your account while bypassing all your authentication controls. They can do this by just posting comments in your website.
It is important for you to make sure all plugins are constantly updated to the latest version. We recommend that you check for updates at least on a weekly basis.
If you have a website or blog that is running on WordPress, this will affect you.
There is a very widespread Brute Force Attack targeting all WordPress installations across the globe. This affects all WordPress installations with any and every hosting providers, not just us.
Here are a few tips which we recommend you to follow to prevent your WordPress website from falling victim to this attack:-
Set A Very Strong Password
Change your WordPress’s admin password to a very strong password which is not easily guessed.
Here are the recommendations from WordPress:-
Rename Your Admin Username
WordPress ususually sets the default administrative username as “admin”.
We suggest you to rename this to something that is not easily guessed.
There are two ways to achieve this:-
Password Protect Your “wp-admin” Directory & “wp-login.php” File
The best way to protect against Brute Force Attack is to prevent them from even reaching your login page in the first place.
This can be achieved by using the “Password Protect Directory” feature in your cPanel.
You can follow our Text and Video tutorials to password protect the “wp-admin” directory.
Securing the “wp-admin” directory only is not enough as the attacker can still gain access to your WordPress login page with the “wp-login.php” file in the root directory of your WordPress installation.
To easily secure the “wp-login.php” file, simply follow the steps below:-
- 1. Use the cPanel File Manager or your FTP Client.
- 2. Navigate to the “wp-admin” directory.
- 3. Open the “.htaccess” file and copy the contents (from “AuthType Basic” till “require valid-user”).
- 4. Navigate to the root directory of the WordPress installation (your main directory for WordPress).
- 5. Type in “<FilesMatch "wp-login.php">” below “# END WordPress”.
- 6. Paste the copied contents at a new line.
- 7. Type in “</FilesMatch>” below the pasted content.
- 8. Save the file.
As some of you may know, Aspiration Hosting is using 2CheckOut to process credit card payments.
We are now partnering with 2CheckOut to offer our clients a waiver of the application fee with them when you use the coupon code ASPIRATION2CO.
2CheckOut (2CO) is a worldwide leader in payments and e-commerce services. 2CO powers online sellers with a global platform of payment methods and a world-class fraud prevention service on secure and reliable PCI-compliant payment pages.
2Checkout’s payments platform bundles a gateway and merchant account into one single offering with no need to contract with a merchant bank or manage separate agreements. You can accept Visa, MasterCard, AMEX, Discover, PayPal, Diner’s Club, JCB and Debit cards (in the U.S.) from one solution through 2Checkout’s fully secure hosted payment pages. In addition, 2CO provides industry leading recurring billing services, call center support, full SSL certification, and the system is translatable in 15 languages and 26 international currencies for buyers and sellers in over 200 countries.
Save now! Use promo code ASPIRATION2CO for a waiver of 2Checkout’s initial application service fee (first monthly fee) and start selling online today!
Visit www.2checkout.com, click SIGN UP NOW, complete the application, and then enter the code into the promo code field to take advantage of this special offer today!
As some of you may know, RatePoint, the leading customer review service is closing down very soon.
We at Aspiration Hosting were using RatePoint ourselves until the day they announced the sudden closure.
Many ex-RatePoint users are scrambling around the web to find an alternative to RatePoint and at the same time try to save their reviews and testimonials that were left by legitimate clients in RatePoint.
We were in the same situation as you until we found the Best Alternative: ShopperApproved
ShopperApproved has all the feature that you have come to love at RatePoint and even more! They are extremely effective in increasing the reviews and testimonials that you will receive from your clients.
RatePoint Refugee Promotion
From now till February 10th 2012, ShopperApproved is having a promotion which will take 50% OFF their pricing for life!
This is meant for RatePoint refugees but the promotion is valid for non-refugees alike!
They will also be transferring your RatePoint reviews over for you!
Need Further Convincing?
Take a look at our ShopperApproved seal below and while you are at it, be sure to leave a review or testimonial for us!
We have migrated our R1Soft CDP backup system from version 2.0 to version 3.0. With this we have also enabled the R1Soft Restore Backups feature within cPanel Hosting Control Panel of NoFrillsReseller.com.
You will have the option to access the R1Soft Restore Backups under your cPanel –> Files.
Once clicked, you will be directed to our R1Soft daily backup server where you can access the backup of your whole cPanel home directory.
For MySQL database backups, you will need to contact us if you wish you to restore them.