Quick jump menu:

DSA Media News and Information

WordPress 3.0.3 – Security Update

Hot on the heels of the 3.0.2 release Automatic have released another WordPress security update. On December, 08 WordPress 3.0.3 was released to fix issues in the remote publishing interface. It’s advised that all users who run multi-author installations update to this version as soon as possible.

WordPress 3.0.2 – Security Update

On November 30, Automatic released the latest version of their WordPress CMS software which they described as “a mandatory security update for all previous versions”. Along with a number of bug fixes and general security enhancements, this release fixes a security issue that would allow a malicious author-level user to gain greater control of the web site. Their advice is that all users should update their installations even if they do not have untrusted users and, as per our terms, we require all WordPress users hosted by us to update to this version as soon as possible.

User Account Security and DSA Media Status & Support Site Update

In an effort to provide maximum security for our clients, DSA Media uses a firewall to help protect the websites that we host. (Please also see our previous security notice below which also relates to this issue.)

One of the functions of the firewall is to check the log-in attempts made by users to ensure that only those users who have the correct permission can access secure areas of our hosting, such as control panels, FTP accounts and email accounts. We believe that this has so far proved successful, and has resulted in the blacklisting of IP addresses relating to numerous malicious access attempts. However, recently we have had several legitimate users who have found themselves unable to access their websites or secure hosting features as a consequence of themselves being blacklisted by the firewall.

In order to prevent this from happening it is essential that users only attempt to access their accounts using the correct details. If a user makes a number of repeated attempts to access any secure region of their hosting account the server firewall will automatically take action against them, and treat them as if they were a hacker. This is the expected and correct action for the firewall to take as it is unable to distinguish a legitimate user from a malicious one if neither enters correct access details.

If account holders do find themselves unable to access either their website or any secure features of their hosting account they will need to contact DSA Media for us to investigate the matter. In order for us to do that quickly and efficiently it is essential that users present us with sufficient information as early as possible. The minimum we require is:

  • The user’s IP address;
  • A tracert from the user’s computer;
  • Confirmation that the user cannot access either their own website, or ours at www.dsamedia.co.uk;
  • Any error codes/messages displayed within their web browser, or other software, that relates to the failure;
  • Any other information that the user feels is relevant and may help to diagnoset their connection problem (bearing in mind that the firewall may not be the cause of their issue).

In order to make it easier for users to find and supply the information that we require as quickly as possible, we have updated our Status Site to include a TraceRT tutorial and a support request form.

All users experiencing problems with connecting to the services that we provide them with should use this form as the first line of contact. Users who try to contact us via any other method, or who do not supply sufficient information with which to diagnose their problem efficiently, may find that their support request is delayed. DSA Media will not accept any responsibility for delays to support provision under these circumstances.

In addition to the updates to our support site we have also updated our terms and conditions to reflect the change in dealing with connection support issues. Our terms & conditions can be found at www.dsamedia.co.uk/terms.php (hosting terms, section 7).

PHP and MySQL Support in WordPress

Support for PHP 4 and MySQL 4 is to be dropped after the release of WordPress 3.1, due October 2010. Users without at least PHP 5.2 and MySQL 5.0.15 will then be able to upgrade to newer versions from WordPress 3.2 onwards.

Our hosting clients can rest assured that we already meet these minimum requirements and that their WordPress sites will continue to work with the expected future updates. If you’re not sure whether your web hosting meets the stated minimum requirements you can install the Health Check plugin available from the WordPress Plugins Repository.

On a related note – it’s expected that both Drupal and Joomla will also be adopting these same minimum standards with their new releases expected later this year.

WordPress 3

On June 17 Automattic proudly announced the release of WordPress 3, with 1,217 bug fixes and feature upgrades that have been worked on by a team of over 200 developers. Some of the key points to note are:

  • WordPress and WordPress MU have been merge to bringe multi-site functionality to the general release version;
  • A new custom menu management feature, allows creation of custom menus combining posts, pages, categories, tags, and links for use in theme menus or widgets;
  • New custom header and background APIs;
  • The ability to set your own admin username and password during the installation process;
  • A bulk update feature for themes and plugins;
  • Updates to developer tools such as JQuery, Json, Scriptaculous and SWFobject.

As with all new releases containing security updates we strongly recommend that WordPress users on our servers upgrade to the latest version as soon as possible. And we make this a strict requirement where upgrading patches any security issue that could place other user accounts, or the entire server, at risk of attack. This requirement is also placed on any other off-the-shelf software, such as Joomla, CMSimple or Moveable Type.