You know that thing where you have a blog, and you neglect to post to it for a while? And the longer you don’t post, the more and more embarrassing it’s going to be when you finally do post again? Well, this is that embarrassing post.
We are continually working on our web hosting platforms here (despite what one might think from following this fallow blog). Here’s a quick list of things we’ve been up to lately:
- Continuous improvement of the PHP environment. Our main webfarm is currently capable of running all these versions: 5.2, 5.3, 5.4, 5.5, 5.6. Versions 5.2 and 5.3 are extremely old and really need to be retired. Unfortunately we still have some customer sites relying on features from the old versions (such as “register_globals”). All new site setups are using 5.6.
- WordPress Everywhere! Over the years, WordPress has become the dominant CMS here. In that time SWCP has been sharpening our skills at managing WP sites. We have gotten pretty good a recognizing common WP mishaps and stopping many of them before they happen (such as the complications involved in creating a copy of a WP site). Lately we’ve been enhancing some of our internal “meta tools” for monitoring the hundreds WordPress sites on our system. Right now we’re pushing on folks with old installs to update, especially in light of the recent critical WordPress security updates.
- Hacked? We unhack it! WordPress and other CMSes are very powerful, but that power leads to extra complexity, and complexity leads to security holes. WordPress core is pretty solid, but plugins (for all CMSes) are of a much more variable quality. We’ve been honing our skills at preventing site hacks, detecting them sooner, and un-hacking them faster.
- Want someone else to monitor and update your WP site? We recently launched a service to do that: SWCP WordPress Monitoring and Update Service.
- SSL challenges galore in the past year. SSL protects communication between browsers and web sites, and our industry had become a little complacent about SSL’s ability to do that job over the past decade. The last year has seen bugs uncovered in the coding of OpenSSL (the most popular code to implement SSL). The Heartbleed bug in particular was a real eye-opener. Other SSL bugs we’ve been protecting against include CRIME, BEAST, POODLE, and FREAK. At least the names are entertaining! In addition to problems in the code and protocol definition, there are weaknesses in the ciphers used in many certificates. Starting in January of this year, we have stopped using any certificates signed with the older SHA-1 hash, and are renewing all certificates with SHA-256 signatures. On a practical level, this just means that your customer’s browsers won’t complain about the quality of the certificate on your site.
Well that’s it for this update. We’ll try to post more frequent updates in the future!
If you have questions about anything here, please email firstname.lastname@example.org