Security and Spam Announcements
We’ve been working hard on different service areas to improve security, prevent spam, upgrade our systems, and offer more value to our customers. Here’s a summary of all the recent efforts for you to review.
- Secure Control Panel Access
To improve security, our hosting Control Panel now forces you to use encrypted SSL for all visits, at https://cp.yourserver.net/ and all bookmarks with the old unencrypted URL will redirect to the new encrypted URL.
- Spam Prevention
Please update your scripts and WordPress installations (use http://wordpress.org/plugins/wp-smtp/) to use an authenticated mailbox or 3rd party service like Mandrill (free up to 12K emails a month, see https://mandrill.com/pricing/), as web scripts sending email to our mail servers rejects mail relaying unless it’s a mailbox on that mail server. It’s just too easy for spammers to inject code into a web site via automated scripts that blast our email server with millions of spam emails, and the mail server gets blacklisted, your emails are delayed or blocked, and it’s a huge amount of work to clean it all up. Sending using authentication is the only way to send out email to external servers.
- Do Email Right
We strongly recommend using Google Apps (http://www.google.com/enterprise/apps/business/) or another 3rd party service like Outlook.com (http://zd.net/1bsSy2C) for domain name email, as they offer amazing spam blocking and filtering built in to their platforms. Google has also recently announced they are now displaying images for emails in a safe way. We use Google Apps for all email hosting, but it’s especially recommended for business or e-commerce sites. Our email servers work well too if configured correctly (as discussed above), but they are no match for the global protection that these services bring you, and Outlook.com still offers free domain name hosting, so why not take advantage of that. We’d love to stick to offering the best hosting for WordPress, PHP, MySQL, and of course HTML sites, and email is something we’d love to get away from, considering the great alternatives out there.
- Hire Us for Your Web Site Needs
We’re finding that many customers don’t know we offer full WordPress and web services and consulting, including Managed Maintenance (site and plugin updates, managing site and database backups, & security hardening with malware scanning), site migrations from HTML, Drupal, Joomla, and others into WordPress, theme customizations, e-commerce consulting with WooCommerce, as well as email marketing and CRM integration. Contact us today to discuss further.
- Developers: PHP version 5.4 is an available option under Web Options – but update your MySQL passwords before you switch
PHP v5.4 will not connect to databases using users that have the old short (now considered insecure) password hashing/storing method, so you should look into changing your MySQL user’s password first, before switching to PHP v5.4. Be sure you know where to update your script’s stored password before using the MySQL tool in the Control Panel to reset the user’s password, selecting the “Long, PHP5.x-only” hash length. Then you’ll have no problems with v5.4. More technical info here.
If you’ve got any questions or concerns on any of the above, feel free to reach out to us by submitting a Trouble Ticket through the Control Panel, or contact us here.