Categories
Articles Wordpress Wordpress Hosting

11 Best Managed WordPress Hosting Providers in 2020

Whether you are a blogger or an established business, the use of the best managed WordPress hosting platform is crucial for success.

WordPress has been democratizing the web for over fifteen years now. It delivers the most flexible blogging experience and it is so easy to learn that even a beginner can work on it.

Released in 2003, WordPress is the website content management system (CMS) which powers over 30 percent of the entire web. It provides access to thousands of free plugins and themes, using which you can design your website and add powerful features.

If you use WordPress for some hobby, then the free account is fine for you. But if you have an established website, and have regular heavy traffic, then you may face some downtime. Also, the webpages will take long to load.

Since you need to ensure a lot of things to keep your website running, including the content, design, social media, marketing, and a lot more things, WordPress management may become cumbersome in the long run. But you need not worry. To overcome these challenges, many hosting providers now provide managed WordPress hosting.

What is managed WordPress hosting?

As the name suggests, it is specifically designed and optimized for WordPress, where all technicalities are managed by the hosting provider. It is a perfect solution for you if you want simplicity, flexibility and power of the fastest WordPress hosting.

The host will manage all the technical aspects like backups, security, WordPress updates, speed, etc. This enables you to focus on running your business rather than getting trapped in management hassles.

With managed WordPress hosting, you also get very tight security for your site with tools and software that scan for malware, phishing attempts and block all other attempts to hacking.

With fully managed WordPress hosting, you can build, edit, and manage your site easily, and run it seamlessly right from the moment you log in. Management is integrated with your hosting account, and trained team of Sysadmins helps accelerate your site speed and secure it.

Let’s take an example to understand it better. Suppose, you are participating in some car race with your everyday compact family sedan. If you have watched The Fast and The Furious, you probably know what level of preparation your car will need to be able to compete or in a movie-inspired scenario, win the race.

You have to take help from car racing experts to increase the engine power, change the tyres, tune the gearbox or other nitty-gritty racing lovers must be aware of. So, at the end of the day, you still have your compact sedan only, but with the help of experts, you have worked on it to maximize the performance. To some extent, managed WordPress hosting is the same.

So, now that you know what is managed WordPress hosting, the next question that arises is who are the best WordPress hosting providers.

Related read: Top 5 Managed Services & Web Hosting industry trends in 2020

Top Managed WordPress Hosting Providers Comparison

Below is a list of top WordPress hosting providers and the reasons why they are among the top 10.

1. WP Engine

WP Engine WP hostingWP Engine is a kind of a VIP WordPress hosting, where you can build websites easily and quickly to drive your business faster. It provides one-click tools and unlimited workspaces which simplify the staging, testing, and deployment.

You get automatic security updates, daily backups, automatic caching, and many more features. They provide auto migration plugin, EverCache technology to make the WordPress sites scalable and fast and their team supports you 24/7.

WP Engine Personal plan begins at $25, which features a free SSL Certificate, 10 GB local storage, supports up to 25k visits per month for one installation. It provides other plans, including Professional, Business, Premium and Enterprise-grade, depending upon the number of installations and website traffic.

Related read: What makes Plesk the preferred choice of WordPress developers?

2. SiteGround

siteground wordpress hostingSiteGround managed WordPress hosting provides 1-Click installer, enabling you to launch your website with a click. You don’t have to worry about the WP version updates since they are updated automatically.

They offer you free CloudFlare CDN (content delivery network) to boost your site speed. With 24/7 support, their StartUp plan starts at just $11.95 per month. Along with it, you get free SSL Certificate, daily backup, SSD storage and 30-day moneyback guarantee. This plan is suitable for up to 10,000 visits per month. You can explore GrowBig and GoGeek plans to host multiple websites, 25k, and 100K monthly visits respectively.

3. ZNetLive

znetlive best managed wordpress hosting provider in IndiaIf you are not confident about buying managed WordPress hosting, then better go for a free trial. ZNetLive offers managed WordPress hosting 30-days trial for free. ZNetLive’s WordPress hosting provides pre-installed WP-CLI, and your data is backed up daily.

ZNetLive managed WordPress hosting offers 10 GB SSD, free CDN, DDoS protection, SEO toolkit, free SSL certificate, control panel powered by Plesk, and easy DNS management.

Priced at $6.94, ZNetLive provides 50 GB bandwidth supports up to 25,000 visits per month.

4. Templ

Templ is a new and modern web hosting company offering managed WordPress hosting built on Google Cloud.  At Templ, you get everything you can expect from a Managed WordPress hosting service, including free staging sites, daily backups, 24/7 monitoring and more. At Templ, every service and functionality is included in all plans.

Some other things you can take advantage of at Templ is free speed optimization and Google Cloud CDN. During the first year, Templ will also update your WP Core, plugins and themes for you, for free once a month.

Templ’s pricing starts at $27 and includes 10 GB storage space and 10 GB data transfer. Add-on websites are priced at $10. If you’d like to try Templ for free, they offer a 10-day free trial.

5.Flywheel

flywheel hostingFlywheel WordPress hosting empowers you to migrate your sites to Flywheel for free. It provides staging, enabling you to make changes to your live sites easily.

You get hacker-free security, automatic data backups every night, and free Let’s Encrypt SSL Certificate.

The lowest-priced plan starts from $13/month, which features 5 GB disk, 20 GB bandwidth, and 5000 monthly visits.

6. DreamHost

dreamhost wp hostingThe managed WordPress hosting from DreamHost includes a 1-Click installer, free Let’s Encrypt SSL Certificate, 24/7 support and guaranteed uptime. You get free SSDs (Solid State Drives) which make your site faster.

DreamHost managed WordPress hosting plans start from $16.95 per month, and up to 100,000 visitors per month.

Must read: Top 10 best data center service providers in India 2020

7. Cloudways

WordPress hosting cloudwaysCloudways managed WordPress hosting boosts the performance of your websites, and secures them. You get one-click deployment and free migration, and managed backups as well.

Managed WordPress hosting from Cloudways features a Breeze Cache Plugin which speeds up the caching process, and streamlines the integration of Cloudways CDN with your WP website. It compresses the files through Gzip compression to reduce the file delivery time.

Additionally, you get a free Let’s Encrypt SSL Certificate and pre-installed WP-CLI. Priced at $10 per month, Cloudways offers 25 GB storage, 1 TB bandwidth, and 24/7 support.

8. Bluehost

bluehost best managed WordPress hostingThe Bluehost managed WordPress hosting plan, starting from $19.95/month, promises up unlimited traffic. With Bluehost, you get 100+ free WordPress themes, daily scheduled backups, free SSL Certificate, and domain privacy,

Bluehost also provides enhanced cPanel, using which you can easily manage your WP websites, emails, domains and other features.

Suggested reading: How to improve your Website Marketing?

9. Kinsta

Kinsta wp hostingWith Kinsta managed WordPress hosting, you get free migration, daily backups, and a dashboard to review your site.

Powered by Google Cloud Platform, Kinsta’s WP hosting is priced at $30 per month. Kinsta provides 20,000 monthly visits, 10 GB disk space, free SSL Certificate and CDN.

10. Pressable

Pressable managed wordpress hosting providerPressable provides optimized managed WordPress hosting, which includes traffic scaling, automatic updates, nightly backup, and 24/7 WordPress experts support.

Among the freebies, Pressable offers CDN, malware scanning and removal, SSL Certificate, staging, and caching. With Starter plan, you can host up to 10 WordPress websites for $45 per month, and 200,000 shared pageviews.

11. Liquidweb

liquidweb wp hostingLiquidweb’s Spark WordPress plan starts from $19 per month, allowing you to host one website. It includes 15 GB storage, 2 TB bandwidth, unlimited email accounts, Beaver Builder Lite, as well as iThemes Security Pro and iThemes Sync.

There are no limits on pageviews and traffic limits and the data is backed up automatically on a daily basis.

 

Suggested reading: Difference between shared hosting and reseller hosting

Comparison of best managed WordPress hosting providers

Sr. NoProviderBasic Plan Price/ monthNo. of websitesStorageVisits per month
1WP Engine$25110 GB25K
2SiteGround$11.95110 GB10K
3ZNetLive$6.94110 GB25K
4Templ$27110 GBUnlimited
5Flywheel$1315 GB5K
6DreamHost$16.95130 GB100K
7Cloudways$10125 GBNA
8Bluehost$19.95UnlimitedUnlimitedUnlimited
9Kinsta$30110 GB20K
10Pressable$4510NA200K
11Liquidweb$19115 GBUnlimited

Wrapping up:

Who is the most reliable provider of fully managed WordPress hosting, depends a lot on you and your website’s needs. If you are a blogger or just starting out with your website, SiteGround, Cloudways or DreamHost can be the best for you as they cost less and can meet most of your requirements.

For small and medium-sized businesses, Templ, Flywheel or ZNetLive can be best as they can handle high traffic at a low cost.

Let us know what you think of managed WordPress hosting in the comments section.

Categories
Web Security Wordpress

Popular Ad management plugin found vulnerable to cyberattacks

The popular Ad management plugin named Ad Inserter is the latest WordPress asset to be found vulnerable to a serious security issue. An authenticated user of the plugin can easily execute PHP code on the vulnerable websites.

Ad Inserter is currently active on more than 200K websites, leaving a massive number of WordPress websites open to cyberattacks.

Website owners use this plugin to insert ads at optimal positions. It supports Google AdSense, Google Ad Manager, contextual Amazon Native Shopping Ads, Media.net and rotating banners.

According to Wordfence researchers who discovered the vulnerability, the Ad Inserter is using check_admin_referer () function to bring an additional security control to the plugin.

The role of this function is to protect against cross-site request forgery (CSRF) attacks. The function checks that a one-time token (nonce) is present in the request to prevent unwanted repeated, expired or malicious requests.

However, many developers believe that checking this one-time token is enough for access control, and stop their efforts here. But, the WordPress documentation clearly mentions that this function is not intended for access control.

The vulnerability in Ad Inserter is a good example for developers to understand that using this function for authorization is not a good idea.

Also read: Flaw in YellowPencil plugin leaves over 30K WordPress sites open to hacking

Wordfence mentioned that the weakness could allow an authenticated user (even the subscriber) to execute arbitrary PHP code on the vulnerable sites. The Wordfence disclosed the issue to the developers of Ad Inserter who released the fix the very next day.

All the websites running Ad Inserter 2.4.21 or below must update the plugin to the latest version (v2.4.22).

Categories
Newss Wordpress

Flaw in YellowPencil plugin leaves over 30K WordPress sites open to hacking

YellowPencil, a popular WordPress plugin for visual style editing, has got hacked. Last week, the attackers infected the plugin with a couple of software vulnerabilities that could allow them to update arbitrary options on vulnerable websites.

If any website with active YellowPencil installation is hacked, the attackers gain the ability to make changes to the URLs of the website and the homepage. They could do it using unauthenticated SQL injection.

The plugin has more 36,000 downloads, which means that the number of vulnerable websites was high. On 8th April, WordPress closed this plugin on its repository of plugins. It is now not available for download.

According to researchers at Wordfence, “The first flaw that enables this attack is present in the yellow-pencil.php file within the plugin. The yp_remote_get_first() function is called on every page load and checks if a specific request parameter (yp_remote_get) has been set. If it has, the plugin escalates privileges to that of an administrator for the remainder of the request.”

When the parameter status is checked out, the plugin enables the attackers to take actions on websites, which are usually meant to be done from administrators only.

But what is scarier is that the YellowPencil plugin hack is part of a larger campaign that is run by the same attacking group, according to researchers at Wordfence.

“Exploits so far are using a malicious script hosted on a domain, hellofromhony[.]com , which resolves to 176.123.9[.]53.”

Also read: Microsoft develops SECCON framework to strengthen security of Windows 10 devices

The developers behind the YellowPencil have fixed the vulnerability with a new update. To avoid the websites from getting into the hands of attackers, users must update their plugin to the latest version. All the older versions of YellowPencil are currently at risk.

Categories
Newss Wordpress

WordPress latest release fixes critical cross-site scripting vulnerability

With the release of WordPress 5.1.1, the developers behind the platform have fixed critical cross-site scripting (XSS) vulnerability and introduced several fixes and enhancements.

The XSS vulnerability in WordPress existed in the way comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.

Cross-site scripting can allow attackers to inject malicious scripts into webpages and bypass access controls. This flow in WordPress was discovered by Simon Scannell of RIPS Technologies.

In a blog post, he explained the way attacks could take place, “An attacker can take over any WordPress site that has comments enabled by tricking an administrator of a target blog to visit a website set up by the attacker.”

“As soon as the victim administrator visits the malicious website, a cross-site request forgery (CSRF) exploit is run against the target WordPress blog in the background, without the victim noticing. The CSRF exploit abuses multiple logic flaws and sanitization errors that when combined lead to Remote Code Execution and a full site takeover.”

WordPress versions 5.1 and earlier are affected by this vulnerability. It has been fixed in v5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.

Also read: Top Managed WordPress Hosting Providers of 2019

Other than this, WordPress also mentioned a number of more highlights with the latest release. Hosts will now be able to provide a button to their users using which they can update PHP. They can also filter the recommended PHP version used by the ‘Update PHP’ notice.

Categories
Newss Wordpress

Former employee hacks WPML WordPress plugin site to spam users

A few hours ago, the website of popular WordPress plugin WPML (WordPress Multilingual Plugin) got hacked by an ex-employee who had left a backdoor in the site. After hacking, the attacker sent out a mass-mail to every user, stating that the plugin contains several vulnerabilities and warned them to not store any sensitive information on database.

WPML plugin is used to write content in multiple languages and translate content without any need of technical or programming skills. English, Spanish, French, German, Italian and Dutch are the most popular languages on WPML. As per their site, the plugin is currently used by more than 600K WordPress websites.

After hacking the WPML website, the attacker sent the following email to every user:

The attacker mentioned in the email that he is a frustrated user of the same plugin who got two of his websites hacked because of security holes in the plugin. Since the same plugin is used by WPML as well, he hacked their website to warn other users.

The attacker also published a blog post on WPML site with the same message that he had sent to users.

However, WPML wrote in a tweet that “Looks like an ex-employee backdoor”. The plugin creator also clarified that they double-checked the plugin, and assured users that there is no exploit. Since the plugin doesn’t store any payment information, there’re no chances of compromising it.

Also read: Plenty of plugins and PHP libraries disabling TLS validation, leaving sensitive data at risk

As of now, WPML has rebuilt its website and suggested the users to update their WPML account password and use a secure one.

Update: The title of this news has been updated with feedback from the WPML team. The readers are hereby informed that the plugin was not compromised or hacked and was/is safe to use. The attack was aimed specifically at WPML website.

Categories
Newss Wordpress

First release candidate of WordPress 5.0 now available

Following the release of 3rd beta version of WordPress 5.0, the core developers behind the leading content management system (CMS) have announced the availability of first release candidate (RC) for WordPress 5.0.

The RC means that this release has potential to be a final product, which will be released soon unless significant bugs emerge.

WordPress 5.0 will become generally available following feedbacks from developers and users. Since it is an important milestone, the core development team behind the CMS are taking enough time to fully test the latest version before releasing it.

Features of WordPress 5.0

  • Gutenberg editor

The most exciting feature in WordPress 5.0 is the Gutenberg editor that will transform the editing experience for authors, bloggers, and developers. It is a block-based post editor that will allow insertion of text, images, quotes, videos and more, in the form of blocks.

“You’ll have more flexibility with how content is displayed, whether you are building your first site, revamping your blog, or write code for a living,” wrote Matias Ventura, developer at Automattic and co-lead of Gutenberg project, in a blog post.

Currently, WordPress uses TinyMCE (Tiny Moxiecode Content Editor) as the default WordPress editor, that has been with the CMS for many years now. It provides a simple interface to users, giving them control over content creation and editing.

Since, users have got used to the classic editor, WordPress will provide them additional time to use the classic editor even after upgrading to WordPress 5.0. They’ll just need to install the Classic Editor plugin.

  • Twenty Nineteen theme

WordPress 5.0’s default theme will be Twenty Nineteen. The theme will feature custom styles for blocks available by default. It has been created for several use cases, whether users are launching a new business, running a photo blog, or supporting a non-profit.

Additionally, updates have been made to the previous default themes, from Twenty Ten to Twenty Seventeen, so that they can support Gutenberg editor.

More with WordPress 5.0

  • Users will be able to improve the accessibility of the content, as simple ARIA labels can be saved in posts and pages.
  • It will support the upcoming PHP 7.3 release.
  • There will new JavaScript language packs, allowing developers to add translatable strings directly to their JavaScript code.

Also read: Top Managed WordPress Hosting Providers of 2019

To try the WordPress 5.0, use WordPress Beta Tester plugin or download the release candidate from here.

WordPress is also on a mission to translate the CMS into more than 100 languages. It welcomes developers to contribute with coding or test changes to make the CMS error-free.

Categories
Newss Wordpress

WordPress 5.0 Beta 3 released. What’s new?

Release of WordPress 5.0 is just a couple of weeks away. Before general availability, the core developers behind the content management system are trying best to fix as many issues as possible. Currently, they have released the 3rd beta version of WordPress 5.0.

WordPress 5.0 Beta 3 comes with updates to block editor to include all features and bug fixes from the upcoming Gutenberg 4.2 release. It has added support for Custom Fields meta box, improved reliability of Rest API requests, and several minor tweaks.

Further, updates have been made to WordPress’s Twenty Nineteen theme from its GitHub repository. The theme now comes with support for Selective Refresh Widgets in the Customizer, as well as support for Responsive Embeds.

Twenty Nineteen theme has also been improved for readability and functionality on mobile devices. There are fixes to some errors in older PHP versions and in IE11.

WordPress users can try the Beta 3 version on a test site to play with WordPress 5.0. It is recommended not to use it on a production site before the general availability, as it is still under development. It is expected to release on November 19.

To try the beta version, use WordPress Beta Tester plugin or download it from here.

Also read: Smart Updates – What makes Plesk the preferred choice of WordPress developers?

WordPress is also on a mission to translate the CMS into more than 100 languages. It welcomes developers to contribute with coding or test changes to make the CMS error-free.

“We have a multitude of bug scrubs scheduled this week, we’d love to have as many people as we can be ensuring all bugs reported get the attention they deserve,” wrote WordPress.

Categories
Articles Interviews Wordpress

Smart Updates – What makes Plesk the preferred choice of WordPress developers?

In the last years we saw WordPress continuously increasing market share and becoming the CMS standard for building websites. Today, more than 31% of all websites worldwide are built with WordPress and this number is still growing.

However, maintaining WordPress sites, keeping them secure and up to date is a real challenge – especially if you run multiple sites! We know the numbers: More than 60,000 websites are hacked every day, so it’s absolutely critical to secure WordPress and the underlying infrastructure properly and monitor its status to avoid downtime and prevent sites from getting blacklisted.

Plesk WordPress Toolkit takes away the burden of WordPress management and significantly increases website speed, performance, security and a web pro’s productivity!

Recently, we interacted with Jan Loeffler, CTO of Plesk, to discuss about WordPress, WP Toolkit, Plesk’s relationship with Automattic and more.

1. Plesk – one of the leading names in the WebOps hosting platforms that is running on more than 380,000 servers. Give us a quick overview of Plesk and its journey so far.

Plesk is a website management platform that powers 11 million websites and 19 million mailboxes for customers in 230 countries. It was founded back in 1999, when Rackspace became Plesk’s first customer and now, 19 years later, Plesk is used and offered by thousands of Hosting companies and Cloud Service Providers worldwide – incl. top players like GoDaddy, 1&1, Media Temple, AWS, Google, Microsoft Azure and many more.

The core mission of Plesk is to simplify the lives of web professionals. Web Professionals are web developers, web designers, system administrators, digital agencies and service providers that mainly create or manage websites and web applications for business. We simplify their lives by automating and securing web operations (WebOps) to free up time and allow focus on their core business which is not infrastructure management.

2. Initially, Plesk was largely used as a software for server administration. But now, we see it expanding to include WordPress and web applications too. Please enlighten.

Having our core mission in mind, we continuously analyze how web pros work, what challenges they have to overcome, and where they lose precious time that cannot be billed. Our goal is to help them increase productivity through automation and intuitive ways to address the most common pain points. To complete our mission, we’re constantly adding new tools and features to Plesk to stay ahead of the game and provide web pros with the latest and greatest technologies.

In the early days we focused on automating server management only. That’s still part of our DNA but not enough to address what the market demands today. We cannot ignore millions of end customers who are using WordPress to build successful websites, web apps and online businesses. WordPress still is the most widely used and fastest growing solution to build a website.

3. Plesk is steadily entering the world of WordPress. How’s the experience? Throw some light on working with Automattic and WordPress Developer community.

At Plesk we have a passion for WordPress! A lot of Pleskians have been using WordPress for years, plesk.com is built with WordPress, too. But besides using and understanding WordPress we also contribute back and sponsor many WordPress events like WordCamps and Meetups to support and engage with the community. If you want to be best in class and become a trusted advisor you have to know WordPress by heart and be very well connected with the WordPress developer community.

When Matt Mullenweg, founder of WordPress and CEO of Automattic, came to us 2 years ago, we immediately understood that this was the beginning of something great. We’re closely working with the Automattic team to make the whole WordPress experience better and more secure. As a result, I’m proud to say that the second largest number of WordPress sites is already managed by Plesk WordPress Toolkit.

4. Plesk’s WordPress Toolkit simplifies WP installation and management. What was the idea behind launching WordPress Toolkit?

In the last years we saw WordPress continuously increasing market share and becoming the CMS standard for building websites. Today, more than 31% of all websites worldwide are built with WordPress and this number is still growing. It became pretty obvious to us that just installing WordPress for our users is not good enough. The community is making it very clear that the installation of WordPress is easy and not an issue at all.

However, maintaining WordPress sites, keeping them secure and up to date is a real challenge – especially if you run multiple sites! We know the numbers: More than 60.000 websites are hacked every day, so it’s absolutely critical to secure WordPress and the underlying infrastructure properly and monitor its status to avoid downtime and prevent sites from getting blacklisted. For example, let Plesk install patches & updates immediately before the site can be harmed and block attacks already at web server level without the need of deep technical knowledge.

Plesk WordPress Toolkit takes away the burden of WordPress management and significantly increases website speed, performance, security and a web pro’s productivity!

5. That’s interesting. Can you shed light on some more distinctive features of Plesk WordPress Toolkit? Does it actually take one-click to install WordPress from start to finish?

Yes, of course. Installing WordPress on Plesk is just one click and done within 20 seconds. That’s easy as pie. The real benefit is a ready-to-code/ready-to-design WordPress environment that is automatically hardened for best security.

And if you want to make changes on your site or test different themes or plugins, never do it on a live site! Use the integrated 1-click cloning and data synchronization features instead to clone websites to one or multiple test environments whilst keeping all data in sync. The time savings are tremendous and provide web pros with unique possibilities of testing changes safely or developing in an iterative approach!

Web pros love to make changes or play with different variants – i.e. multiple site designs. When the end customer has chosen his favorite the web pro can even improve it step by step and then move the latest and greatest version to production without any hassle. And, if the end customer suddenly changes his mind? No problem, just switch back to a previous with 1 click.

6. Updates are crucial to WordPress security. We heard something about Smart Updates. How does that help Plesk users with WP updates?

The biggest problem is that many WordPress sites are not using the latest WordPress version and as a result do not utilize its full power. But even worse those outdated WordPress sites are very vulnerable and can be easily attacked by hackers.

We spoke with many web agencies and learned that a lot of them are reluctant to update customer websites automatically because often sites break after an update and cause severe damage. We listened and put our heads together. WordPress updates should no longer be considered a business-critical issue and run without disruptions. We made it happen and proudly present Smart Updates!

Smart Updates uses Artificial Intelligence technologies to keep all WordPress instances – including plugins and themes – up to date without ever breaking the sites. There are two options of Smart Updates available: interactive and automatic. The interactive approach allows web pros to safely check how websites will look like after the installation of an update and checks if there are any issues.

The whole process is fully automated and happens on a dynamically created test environment without any risk of impacting the live websites. You can watch the process live and decide on your own whether it’s safe to push the updated sites to production or if it’s better to reject them.

The automatic process does everything in the background. It checks for updates for all WordPress sites daily, tests the updates and double-checks all web pages. If everything is fine, Smart Updates deploys the changes to production without any human interaction. If the AI discovers a problem the web pro will receive an e-mail notification describing the identified issues in detail. In case of an issue the production sites won’t be touched. It’s up to the web pro to decide whether the changes are intended (i.e. improvements of themes) or not (i.e. bugs, wrong layout).

Smart Updates is able to differentiate intended dynamic changes like video content, twitter feeds or JavaScript animations from unwanted changes like a broken site, unwanted line breaks, etc. The AI system uses a Deep Learning technology that works similar to a human brain.

7. Which option do you recommend more out of the two options for smart updates and why?

Personally, I’m always using the automatic mode of Smart Updates to focus on more important tasks of my business instead of watching WordPress updates. Staying up-to-date and secure are the key principles and core functionalities of Plesk WordPress Toolkit.

8. It would be completely unfair if we do not discuss the security aspect. How does Plesk ensure a site’s security?

Besides keeping sites up to date, WordPress Toolkit continuously applies best security practices. This includes limiting file system permissions to reduce the attack surface, generating strong passwords and obfuscated database prefixes, just to name a few. It would take more than half an hour to go through all the security features and many other improvements for secure WordPress hosting.

Besides automation of most common tasks of a web pro’s workflow, enhanced security features make Plesk WordPress Toolkit the perfect solution for web agencies and experienced WordPress users, but newbies also can fully relax and let WordPress Toolkit do the job.

9. So, are there any new updates or upcoming versions that we should look forward to?

Definitely! We just released WordPress Toolkit CLI feature that allows automating WordPress Management from the command line. This was highly demanded by managed WordPress hosters using Plesk.

Additionally, there will be a solution for web agencies which allows them to publish finished websites back to the client’s webhosting plan – no matter where it is located. This feature was also highly requested by many web agencies we engaged with at WordPress events. It does not only simplify their work but also increases productivity and elevates customer service levels.

For developers and professional users, we will deeply integrate “git” as the most loved version control system directly into the WordPress Toolkit. You can already use git with Plesk today, but we’ll make it super easy to use for WordPress as well.

In fact, we publish micro updates for WordPress Toolkit every 4 weeks and automatically update it on all Plesk servers. Nothing to do, just relax and enjoy the new WordPress experience.

And, if you don’t want to use WordPress – no worries. Simply use Joomla! Toolkit for Joomla! sites or code your app with NodeJS, Ruby or any other technology or web app you prefer.

Suggested reading: ZNet becomes authorized Plesk distributor in India

Categories
Web Security Wordpress

WordPress 4.9.7 fixes critical media vulnerability in 4.9.6 and earlier versions

WordPress has fixed a very critical vulnerability existing in the versions 4.9.6 and earlier. The latest WordPress 4.9.7 has been released with more security and maintenance improvements.

According to WordPress development team, the v4.9.6 and earlier versions are affected with a media vulnerability which can allow users with specific privileges to delete files outside the uploads directory.

The vulnerability was originally discovered by a cybersecurity researcher at HackerOne big bounty platform. Along with this, WordPress 4.9.7 includes fixes for 17 more bugs.

Particularly, WordPress mentioned the five noteworthy updates, including the improved cache handling for term queries, and clearing post password cookies at the time of log lut.

Further, the widgets will now allow basic HTML tags in sidebar descriptions on Widgets admin screen. The updates to Community Events Dashboard will display the nearest WordCamp if one is coming up.

WordPress releases new versions on a regular basis to fix bugs, add new features, and modernize the experience. However, a report suggested that around half of WordPress sites don’t use the latest version of WordPress.

Being the most used platform to build websites, it is also the most common platform attacked by hackers. Not updating the WordPress to latest version can lead to site hacking.

Also read: WordPress 4.9.6 release helps site administrators respond to GDPR compliance

WordPress strongly recommends its users to update to the latest version. Venture over to the Dashboard, visit Updates and click Update Now. The sites supporting automatic background updates will update automatically.

Categories
Cloud News Wordpress

WordPress 4.9.6 release helps site administrators respond to GDPR compliance

WordPress community unveiled WordPress 4.9.6, updated with new privacy features that will support site owners to comply with GDPR (General Data Regulation Privacy Regulation) taking effect on May 25.

GDPR data protection rules will apply to all the businesses operating in the EU, even if they do not have any physical presence within the EU. Any company that stores or processes personal information about European citizens within or outside EU states will need to comply with GDPR.

To be compliant with GDPR, the companies will have to reveal how they handle the personal data of customers. On that front, WordPress will now allow administrators to designate a privacy policy page that include all the insights about how the site handles the data.

The privacy policy page will be shown on the login and registration pages. It can also be manually added to other pages on website.

The v4.9.6 will also include a detailed guide about how WordPress and its plugins handle the data. Administrators can copy and paste the guide or required details to their privacy policy page.

The end-users who add comment on any WordPress site will have option on whether their name, email address and website are saved in a cookie on their browser.

Another new feature is that the users can request the site administrator to export all their data from the site that has been gathered by WordPress and the participating plugins. Users can also request the administrator to erase all the personal data.

The data export and erasure method will work for the registered users as well as the users who simply comment. An email will be sent to the site administrator when the request is made.

Additionally, the WordPress latest version has been updated with new maintenance features which includes a filter in the media library, and PHP pollyfills for plugins and themes. The TinyMCE has been updated to v4.7.11.

The sites that support automatic background updates will be updated to the latest version soon. And the sites on version 4.6.3 will need to be updated manually.

Page 1 of 3
1 2 3