We hope that you and your beloved ones are staying safe during these difficult times. If you’re looking for a way to support the humanitarian crisis in Ukraine, you can refer to this episode of WP Briefing. There you will find a list of Non-Governmental Organizations (NGOs) that can help. In parallel to the work […]
Curious about returning to WordPress events safely? Tune in as WordPress Executive Director Josepha Haden Chomphosy discusses guidelines for returning to in-person events.
Welcome to the cPanel & WHM® contribution to the ELevate project by the AlmaLinux OS Foundation. ELevate enables upgrades between major versions of RedHat® Enterprise Linux® (RHEL) derivatives. At cPanel, we’ve created the cPanel ELevate tool that manages the ELevate process end-to-end so that systems administrators can safely and efficiently upgrade a cPanel & WHM server. Why ELevate Your cPanel & WHM Server? Sysadmins struggle when it’s time to do operating system upgrades. They’re very costly …
It’s been less than a year since the WordPress Pattern Directory was launched, and we already have more exciting news to share. The Pattern Creator is live! You can now build, edit, and submit your best block patterns to the Pattern Directory—submissions are open to all with a WordPress.org user account! The WordPress Pattern Directory […]
Who is WordPress actually made for? Join our host, WordPress Executive Director Josepha Haden Chomphosy, as she explores this controversial question and three things that can help find the answer. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Hosts: Josepha Haden Chomphosy Editor: Dustin HartzlerLogo: Beatriz […]
As we roll out Jupiter throughout the end-user interface of cPanel & WHM, we’ve received consistent feedback that the state of our translations needs attention. Though we briefly mentioned translations in a previous blog post, we want to dive a bit deeper into the topic, provide some additional context, and then share what we’re going to do about it. First and foremost, we need to acknowledge the customers who have sent in …
Join us as we celebrate our first in-person event of the year! Cloudfest 2022 kicks off with a welcome event on Monday, March 21, then the conference runs from March 22-24th. Check out this sneak preview. Some of the top leaders and creators in the cloud will be speaking this year, and plenty of time for networking. Check out the fantastic line-up of speakers and start
WordPress 5.9.2 is now available! This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.9.2 is a security and maintenance release. The next major release […]
In the winter of 2020, CentOS 8 announced that it would be reaching its end-of-life in December of 2021. This news was somewhat unexpected in the open-source and web hosting worlds. In response, we began working towards providing solutions that will benefit our partners and customers and expand options as we move forward together. The goal is to provide greater Operating System (OS) diversity, more substantial stability, and increased safety for our customers and their …
Matt Mullenweg speaks to WordPress contributors worldwide on this special edition of the WP Briefing podcast with Josepha Haden Chomphosy. Join us to hear Matt’s thoughts on Ukraine. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Hosts: Josepha Haden Chomphosy and Matt Mullenweg […]
There’s a lot going on in the world right now, and safety is top of mind for everyone in the WordPress community. If you don’t know where to begin, or how to support your peers, Executive Director Josepha Chomphosy’s advice to the global community is to start small. Overall, February has been a busy month […]
As we continue making improvements and adding additional functionalities to WordPress Toolkit, we wanted to take a moment to share some of what has changed with our recent 5.8 and 5.9 updates. What’s new with WordPress Toolkit? Many of our most recent updates are targeted towards security, because keeping the internet safe (and your websites secure) will always be a priority of ours. With that said, we’d like to highlight a couple of these features: …
Back in August of 2021, we announced the deprecation of Paper Lantern. Today we’re updating the schedule for the final stage: its removal. In the previous deprecation schedule, we planned a series of changes across 3 versions: 100, 102 LTS, and 104. With 100 and 102 LTS changes already happening, we are now delaying the removal of Paper Lantern from 104 to 108. In version 108 (debuting Q3-Q4 of 2022): We will remove the Paper Lantern theme from …
In this twenty-fifth episode of the WordPress Briefing, Executive Director, Josepha Haden Chomphosy discusses future-proofing the WordPress project with the Five for the Future pledge. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann & Santana Inniss Song: […]
Your feedback is invaluable to our research and product development. Please take a moment to complete the two surveys below to help us best serve you: …
In June 2021, @beafialho in collaboration with @pablohoney floated the idea of giving WordPress News a new look. Today, those ideas become a reality—we’re excited to share that redesign of WordPress News is live! The new design leans on the aesthetics of jazz, intrinsically connected to WordPress and which ultimately translates its uniqueness, historic significance […]
As cPanel & WHM Version 102 nears its release, many of you have reached out to us with feedback about Jupiter, as it appears in the end-user interface as well as WHM. Thank you! We’ve been listening carefully and are happy to now share what we’ve learned, as well as our game plan going forward. Within WHM In v102, we revealed Jupiter in WHM. We haven’t addressed WHM’s user experience in quite some time, so …
You’ve likely seen our requests for beta testers over the past few months, as well as the mentions in our newsletter – it’s been no secret that a new product was on the way. The day has now come, and we couldn’t be happier to announce that cPanel SEO has arrived! cPanel SEO was designed to not only improve your search engine results, but also the actual content of your website. …
In episode 24 of the WordPress Briefing, the Project’s Executive Director reviews three big-picture goals for the year: Increased Gutenberg adoption, support of all open source alternatives, and stewarding the open source ethos. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler […]
There are a few significant moments in the history of the WordPress project. January 2022 is one of them, with the release of WordPress 5.9! But that’s not all. Read on to learn more about the latest updates and achievements from the community. WordPress 5.9 Joséphine is here Meet WordPress 5.9 Joséphine. Named in honor […]
Netcraft’s most recent Web Server Survey includes nearly 1.2 billion websites. Most of these sites return a server banner that shows which web server software they use, thus allowing us to determine the market shares of each server vendor since 1995.
Many of these server banners are simply short strings like “Apache”, while others may include additional details that reveal which other software – and which versions – are installed on the server. One such example is “Apache/2.2.32 (Unix) mod_ssl/2.2.32 OpenSSL/1.0.2k-fips DAV/2 PHP/5.5.38”.
Chrome’s Network Inspector showing the HTTP response headers for wordpress.com, which uses the nginx web server. It does not reveal a version number.
A web server reveals its server banner via the Server HTTP response header. This string is not ordinarily exposed to users, but most browsers allow it to be viewed in the Network Inspector panel.
Custom banners
Web server software usually allows its server banner to be modified. A common reason for changing the default value is to reduce the amount of information that would be revealed to an attacker.
For example, if a web server advertises itself as running a vulnerable version of Apache, such as “Apache/2.4.49” it could be more likely to come under attack than a server that reveals only “Apache”.
Our Web Server Survey includes a few websites that return the following Server header, which takes a deliberate swipe at the effectiveness of hiding this sort of information:
Server: REMOVED FOR PCI SCAN COMPLIANCE - SECURITY THROUGH OBSCURITY WORKS, RIGHT? - https://bit.ly/2nzfRrt
Of course, with this amount of flexibility, a cheeky or malicious administrator can configure a web server to pretend to be anything they want. Sometimes this is done in a deliberate attempt to cloak the truth or to mislead, while in others it may simply be done as a joke waiting to be found by anyone curious enough to look for the banner.
Unlikely server banners
Amongst the 1.2 billion websites, there are plenty of examples of unlikely server banners.
As we greet a new year, WordPress’ Executive Director writes a letter to the project and community that speaks to the hopes of the year ahead. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin Hartzler Logo: Beatriz Fialho Production: Chloé Bringmann Song: Fearless First […]
Examples of bank-themed survey scams seen by Netcraft
Netcraft has seen a large increase in survey scams impersonating well-known banks as a lure. These are often run under the guise of a prize in celebration of the bank’s anniversary, though in some cases a reward is promised just for participating.
These scams first came to Netcraft’s attention around 16 months ago, when businesses that were particularly useful during lockdown such as supermarkets, mobile phone networks, and delivery companies were targeted. The expansion of these attacks to use banks as a lure started in October 2021. To date we have seen over 75 distinct banks used as lures for these survey scams, with a global spread including banks from US, UK, Asia, and the Middle East.
This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.8.3 is a short-cycle security release. The next major release will be version 5.9, which is already in the Release Candidate stage. You […]
