WordPress has released version 3.5.1 of their WordPress blog script.

For more information on this release see their release notes:

http://wordpress.org/news/2013/01/wordpress-3-5-1

All users are encouraged to upgrade and to make sure any themes and plugins are also updated if necessary.

Steven

Last month (Octoboer 2012) we sent out notices to users who we found to be running outdated WordPress and Joomla! scripts. We will be doing that again this month, and I hope to make this a monthly notice.

If you received a notice in October about an outdated script and you receive another one this month, this simply means that – according to our records – you have not updated the outdated script. We feel that keeping your scripts up to date is important and should be done in order to keep your website safe. That is the purpose of these notices, to inform you that you are running outdated scripts.

Once you update a script, and then keep it updated, you will not receive these outdated notices.

I hope to send the outdated notices early next week to the accounts on our servers.

Steven

As I was reading through some of my daily security updates, I came across this post from Secunia:

http://secunia.com/blog/334

which I found to be very interesting.

The article focuses mainly on why software updates on your personal computer are important (keeping Adobe Flash, Adobe Reader, Java, etc. up to date) and while this is important, this same principle can be applied to other aspects of your web life. Your web hosting account, the scripts you use for your web site, even your smartphone.

An important quote from the article:

“If you do not update your software with the latest security update, you cannot be sure that it is secure. Software has vulnerabilities, and these vulnerabilities work as a potential open door to your computer for hackers, who exploit these openings to gain access to your computer and everything on it – including your bank and credit card details, your passwords, and all your social media activity.
As NorSIS also states: ”Software programs that aren’t updated are one of the most commonly used methods by criminals to take control of private PCs. It is incredibly important to keep the programs updated.””

So again, just remember that it is important that you keep all software up to date with the latest security patches and this will greatly improve your overall web security.

Steven

Joomla! recently released version 3.0 of their popular CMS product. You can read more about Joomla! 3.0 at it’s release notes. With the release of Joomla! 3.0 I thought it might be a good idea to give an outlook on the different versions of Joomla!

Currently there are only two versions of Joomla! that are being supported by the Joomla! developers:

• Version 2.5 – Latest version as of October 8, 2012 2.5.7
• Version 3.0 – Latest version as of October 8, 2012 3.0.0

Technically speaking if you are using any version of Joomla! that is not one of these versions, then you are running an unsupported version of Joomla!

I know there are a lot of users that are still using Joomla! 1.5. Please understand Joomla! no longer supports this version and you really need to be updating to Joomla! 2.5. If you are using Joomla! 1.5 then you should consider reviewing the instructions for migrating to Joomla! 2.5. I can understand the reluctance to upgrade Joomla! because it may not be an easy process. However, please understand that if you continue to use an outdated piece of software, it puts your website and the web server in general at risk. A security hole in Joomla! 1.5 will not be patched because the Joomla! developers are no longer maintaining Joomla! 1.5. If you have questions or concerns about the upgrade process for Joomla! I strongly encourage you to ask these questions or voice these concerns at the Joomla! Forums.

While AMS Computer Services cannot provide any direct support for Joomla! As of today, October 8, 2012 we are allowing the following versions of Joomla! to run on our servers:

• Version 1.5.26
• Version 2.5.7
• Version 3.0.0

Note that this is including the latest version of Joomla! 1.5, even though it is not supported by the Joomla! developers. This just means that we will not disable any Joomla! sites that are using any of these version (1.5.26, 2.5.7, or 3.0.0). However, please note, we will not be able to allow Joomla! 1.5 indefinitely, eventually we will have to stop allowing Joomla! 1.5 on our servers, which is why all Joomla! 1.5 users need to be looking at upgrading to Joomla! 2.5. Please consider this fair warning regarding Joomla! 1.5.

If you are not using one of these versions, then your website may be susceptible to attack and as a result we may have to disable or suspend your hosting account. For example, if you are using Joomla! 1.5.22 note that this is an outdated version, you need to, at the very least, upgrade to Joomla! 1.5.26 and ideally upgrade to Joomla! 2.5.7. If you are using Joomla! 1.0.12 then you need to upgrade to either Joomla! 1.5.26 or (ideally) Joomla! 2.5.7.

Failing to keep the scripts on your website up to date means that you will be targetted for abusive attacks by malicious users.

As for Joomla! 3.0 note that this is really more of a beta release. Joomla! 3.0 is a short-term release, meaning that it is going to go through many updates over the next few months. This is not really ideal for live, production level websites. For production level sites, there is nothing wrong with staying with Joomla! 2.5 at this time, however I would encourage you to begin looking at Joomla! 3.0 and getting involved with that project because you will eventually need to upgrade to Joomla! 3.5, when it becomes a long-term release. I would stress that I really don’t recommend upgrading to Joomla! 3.0 at this time, but just that you need to be made aware of it’s existence and upgrade paths.

Steven

Searching engine ranking based on a website’s IP address is still a topic that has a lot of discussion. A lot of people still believe that in order to maximize their search engine ranking, specifically with Google, that they must have a dedicated IP. This is a myth. This has been stated several times by people and developers from inside Google.

Matt Cutts is a developer for Google. He runs a blog – http://www.mattcutts.com – where he discusses some of the ins and outs of the Google algorithm. He made a post way back in 2006, where he actually reference a slashdot post from Craig Silverstein, Google’s Director of Technology, concerning this:

I can’t just deny it? What are my other choices? Actually, Google handles virtually hosted domains and their links just the same as domains on unique IP addresses. If your ISP does virtual hosting correctly, you’ll never see a difference between the two cases. We do see a small percentage of ISPs every month that misconfigure their virtual hosting, which might account for this persistent misperception–thanks for giving me the chance to dispel a myth!

Why is this important?

You may have heard recently, and if you haven’t you will in the coming months, about the death of IPv4 address space. IPv4 allows for a maximum of 4,294,967,296 IP addresses. That may seem like a lot, but keep in mind the world’s people population currently stand at about 6,973,738,433. That’s a difference of 2,678,771,137. Also factor in that of the 4,294,967,296 IPv4 address space, you have to dedicated about 18,000,000 for private networks (which aren’t Internet routable) and 270,000,000 multicast IP addresses. That leaves you with only 4,006,967,296. Again, that may seem like a lot. But just think, every Internet connection, every smartphone, every Internet connected device, every web server, requires at least 1 of those IP addresses. There just aren’t a lot of available IPv4 addresses any more. We can’t get them, our datacenter partners can’t get them, they’re just not there to get. IP allocation systems (ARIN in North America) are being much more strict with their requirements for releasing IP addresses, so that only users that really need a dedicated IP address will be able to get them.

In order to consolidate IPv4 space, the HTTP 1.1 protocol revision was written to allow for “VirtualHosts” on a web server. This essentially allows a web server to disperse web traffic based on the hostname that is sent along with each HTTP packet, instead of via an IP address, allowing IP address space on a web server to be shared. Google, Bing, and all of the major search engine providers know this. They would be fools if they did not. Perhaps it used to be common place for websites to have their own dedicated IP address, this is no longer a requirement (accept for in case of SSL secure certificates, but that’s another topic, and most websites do not have SSL secure certificates).

If you haven’t heard about the death of IPv4 you will soon. The Internet is very quickly approaching a move to IPv6 which allows for many, many, many more addresses (approximately 3.4 x 10³⁸).

So how does this affect search engine ranking?

Having a dedicated IP address has no bearings on your pagerank. If you really want to improve your search engine ranking, then you need to focus on the content, the quality of content of your website and get others to legitimately link to your site. If your sole purpose of building sites is to link back and forth with the hope of increasing your page rank, this is a violation of Google guidelines, and it won’t matter if you are on a dedicate IP address or not, this type of activity will have a negative impact on your pagerank.

This is discussed specifically from Google:

http://support.google.com/webmasters/bin/answer.py?hl=en&answer=66356

The best way to get other sites to create relevant links to yours is to create unique, relevant content that can quickly gain popularity in the Internet community. The more useful content you have, the greater the chances someone else will find that content valuable to their readers and link to it. Before making any single decision, you should ask yourself the question: Is this going to be beneficial for my page’s visitors?

So pagerank and search engine visibility is based much more on content than anything else. If you have solid content that people want to read about, this is the number one thing that will move you up the search engine ladder.

So remember, if you want to increase your pagerank and your visibility on search engine result pages, a dedicated IP address is not necessary for this. SEO techniques that advise a dedicated IP address are a marketing ploy used by companies to try and get more money from you. If you really want to improve your pagerank you need to focus on the content of your website and getting legitimate users to link to your site. If you try to circumvent Google’s pageranking system by building link farms and backlinks, then this can have a negative impact on your site’s pagerank, defeating the whole point of the links.

Steven