-
SHORELESS Managed Hosting discontinues PHP 5.3 Support
CategoriesLegacy PHP code is a prime target for malicious parties attempting to gain unauthorized access or deface your web application . Older versions of PHP which are marked as "unsupported" or "end of life" (EOL) by the developers of PHP no longer receive security updates, and may also contain bugs which are fixed in subsequent major releases only. It is in your best interest to remaining up-to-date.
PHP 5.3 was marked EOL in August 2014. As a courtesy to our clients, our Managed Hosting regularly offers extended support for EOL PHP, while we help our clients to upgrade their web applications to more recent PHP versions.
In order to ensure the safety of our server environments and your hosted applications , our Managed Hosting will remove support for PHP 5.3 by the end of February 2017. We will eventually also discontinue support for the 5.4 and 5.5 branches of PHP (both of which are also EOL) by the middle of this year.
What does this mean for you as a Managed Hosting client?
We already identified all client sites still using PHP 5.3 and contacted you accordingly about upgrading your web applications to PHP 5.6 or 7.x respectively. If you did not get any message from us, the above changes may not affect your sites.
-
SHORELESS ceases its WordPress business
CategoriesIt's been a long and hot debate among our client service, web experts and developer teams. As a full-range IT solutions provider, we should of course provide services for one of the most famous content management systems. Its user base is enormous. Plenty of community-driven add-ons are available for almost every use-case one may think of when it comes to websites. On the other hand, keeping a running WordPress website up-to-date and constantly hardening it against security leaks and hacker attacks requires a huge amount of work.
We needed more insights. So SHORELESS spent almost two years observing the performance of the four PHP based content management systems we regularly use for client websites: WordPress, Contao, TYPO3 and Drupal. We measured entry costs, time-to-market, and costs for maintenance and support of comparably complex sites. To no surprise, WordPress sites have been fastest and cheapest to setup and get running for simple sites. However, by the end of the second year already, the costs for maintenance and support of most WordPress sites significantly outgrew their advantages and low entry costs compared to all other CMS. As SHORELESS always strives to provide best services and long lasting easy-to-maintain solutions, these findings led us to not actively offer WordPress anymore for new client websites.
While our WordPress developers still maintain and support existing WordPress sites for our clients, they will now primarily focus on improving and extending our website base packages for Contao, TYPO3 and Drupal. This way, we're still able to offer low-cost, entry level websites to our small to mid-sized clients. They feature highly customizable themes and include the most common features out of the box. And our confidence in providing lasting, extendable and secure solutions that really meet the needs of our clients. Even when our clients are on a low budget.
-
The Heartbleed bug didn't affect our clients
The Heartbleed bug was disclosed on 1st of April 2014. This massive security vulnerability in OpenSSL protocol has been present since the relase of OpenSSL version 1.0.1 on March 2012. While it left people scrambling to change their passwords left, right and center, we'd like to inform our customers, that our websites and the managed hosting accounts have been save and secure.
Our servers used OpenSSL version 1.0.0 and 0.9.8 which where not affected by the Heartbleed bug . To ensure none of our certificates have been compromised during its issuing process on third party servers and communication channels, we renewed all our SSL certficates.
What should you/your customers do next?
No data on our servers has been breached. The certificates on your managed hosting have been reissued as well. You don’t need to take any action regarding our site or services. However, this bug has been out there for a long time and it's possible that sites you or your customers regularly visit would be susceptible the vulnerability.
You can check whether or not sites are susceptible using this tool: http://filippo.io/Heartbleed/
We recommend you and your customers generate new passwords for any website in which sensitive information is stored, such as email, banking, etc. However, you should wait until these sites have updated their OpenSSL version and replaced their certificates with new certificates being issued on 8th of April 2014 or later.