[Security] Keeping Scripts Up-To-Date

Tuesday, June 15th, 2010 - Security

One of the best ways to keep your website safe and secure from hackers is to always keep your scripts up-to-date with the latest version of any software you might have installed. We all know that keeping your operating system up-to-date is important to keep your computer safe. This is why in Windows you will periodically see a popup in your status tray telling you that updates are available. Scripts on your website are just like software on your computer. Bugs and security holes are found in these scripts and they must be patched in order to prevent serious malicious consequences from happening.

In order to keep the scripts on your account secure, the first thing you have to know is what scripts you have installed on your website. This should be pretty straightforward. In order for a script to exist on your account, you or someone has to install that script on the account. Just keep a log or a note of what scripts you install or have installed on your account. You can’t succeed in keeping the scripts on your account up-to-date if you don’t know what scripts are installed on your account.

You will also want to take into consideration any addons, extensions, or plugins that you have installed with those scripts. An example, Joomla!, a popular Content Management Script, has a lot of extensions that can be installed to work with the base Joomla! These extensions add functionality to the script. Joomla! calls these addons “extensions” because it extends functionality, but WordPress, a popular blogging script, calls these “plugins”. Basically, plugins, extensions, addons all do the same thing, by adding extra functions to the base script, but it is important to note that these remain up-to-date as well. You may have an up-to-date Joomla! install on your hosting account, but if you have an old and vulnerable extension still being used, then your hosting account still is not safe.

Bottom line, scripts, base scripts, and any addons you have installed must remain up-to-date in order for your account to be safe.

How do you know when a new version of the scripts is released?
This is not an easy question to answer. The best way to approach this is to subscribe to the script’s or addon’s mailing list, RSS, or Twitter feed. However not all script vendors will provide this avenue for releasing announcements. In those cases, you just have to routinely check the vendor or developer’s website to see if they have released a new version of the script. Most of your more popular scripts have methods for letting you know of new version announcements. However it is your responsibility to sign up for these announcement services with each script.

A lot of these popular scripts have robust community followings, usually through an online forum on their respective websites. Staying involved in these communities is another good way to stay apprised of recent script developments and issues.

Unfortunately there are just too many scripts available for you to use and that prevents us from being able to inform you of script updates. We may periodically check for some of the more popular scripts (Joomla!, WordPress, etc) and check to make sure that these scripts on your account are staying up-to-date. But it is just not possible for us to be able to do this for all scripts, especially when you consider the vast number of addons that are available for each script. The best way to approach this is for you to take on this responsibility yourself and subscribe to announcement feeds for whatever scripts or addons you have installed on your hosting account.

Script Upgrading Issues
Some people are afraid to upgrade their script or addon because they fear that doing so might break their website. This is a valid concern, there is no doubt about it. However, you have to consider that by continuing to run the old version of the script you are leaving doorways open for hackers and malicious visitors to take advantage of your account.

Generally, developers release new versions of their software to correct bugs that have been found in the software. The same is true with website scripts. New bugs are found in the script and the developers have to fix these bugs. Once they have fixed the bugs they release a new version of the script to correct the issue. However they can’t make you update the script on your hosting account.

If you are concerned about upgrading your scripts and breaking your website then you should raise this issue with the developer or vendor of the script through their website. Upgrading the script on your account MIGHT break your website, but leaving it outdated is GUARANTEED to make your website less secure. Don’t be surprised if your account is hacked or exploited if you choose, either knowingly or unknowingly, to continue to use old versions of your scripts.

Below is a list of popular scripts, their websites, and ways to stay up-to-date with their releases.

Joomla! Updates
Website / RSS / Twitter

Joomla! Extensions Updates
Website / RSS

Website / RSS / Mailing List / Twitter

WordPress Plugins Recently Updated

Website / Mailing List / Twitter

Zen Cart
Website / Mailing List

SMF – Simple Machine Forum
Website / Twitter

Coppermine Photo Gallery
Website / RSS / Twitter

Website / RSS / Mailing List / Twitter

Website / RSS / Mailing List / Twitter

Mailing List / Twitter

Website / RSS / Mailing List / Twitter


Next Post Securing Configuration Files

[Security] Security Guide

Monday, June 14th, 2010 - Security

I am working on a security series which will be used as a guide for our clients to better understand how to keep their webhosting account safe and secure.

The guide will consist of one post per day outlining different security options and ways that you can better secure your webhosting account.

Check back to this post for updates on this series.

June 15th – Keeping Scripts Up-To-Date
June 16th – Securing Configuration Files
June 17th – Fighting Malware
June 18th – Password Security
June 19th – AMS Webhosting Security Features


[Updates] Drupal 6.16

Thursday, March 4th, 2010 - Updates

A vulnerability in Drupal has been discovered and users are encouraged to upgrade. For more information see Drupal’s website:

Drupal 6.16

Fantastico Users: Drupal 6.16 is not yet available from Fantastico. No word yet on when this update will be available.


[Updates] WordPress 2.9.2

Monday, February 15th, 2010 - Updates

WordPress release an update to their blogging script today:

WordPress 2.9.2

Fantastico Users: Still no word on when the Fantastico maintainers will release an update to their script library.


[Security] Joomla! / Backups

Tuesday, February 9th, 2010 - Security

Users are encouraged to create and download a backup of their account before they attempt to upgrade their Joomla! scripts. This will insure that you have something that can be restored from if the upgrade breaks something. For information on how to backup your account see:


Again, users are encouraged to post any questions or concerns regarding a Joomla! upgrade at the Joomla! forums:


If you have any special setups or special settings with your Joomla! script, they should be able to help you.
