WordPress Outdated Notices

Tuesday, April 26th, 2016 - Updates

We are sending out WordPress outdated notices to accounts that we show as having an outdated version of WordPress installed. If you are affected by this, you should receive an email from us with the details.

It is important to keep your WordPress (and any script) up to date and practice good, solid security for your account. If you do not, then this can lead to your account being hacked, defaced, or used for abusive purposes. If this happens, then we may have to suspend your account. That is why security is important.


Concerning these outdated script notices, it’s a good idea to ask yourself these three questions:

• Am I using this installed script?
If you aren’t using this script installed on your website, then it may be a good idea to just delete it and remove it from your web hosting account. That way you don’t have to worry about keeping it up to date or it becoming an avenue for malicious users to abuse your site. A lot of people seem to think that if they aren’t using a particular script or section of their website, then malicious users won’t ever find it. This is wrong. Just because you aren’t using it doesn’t mean that malicious users can’t take advantage of it.

• Should I back up my site before attempting an update?
Yes. Backing up your website before any update is always a good idea. For the most part, WordPress updates are fairly uneventful. But if something does go wrong, having a backup is always a good thing.

• Am I keeping all of my plugins and themes up to date?
Yes, you should be. Exploiting of themes and plugins have risen in recent years. Always use reputable themes and plugins and keep them up to date to insure security of your WordPress site.

If you receive a notice from us regarding an outdated WordPress script on your account, that message will contain a section similar to below. I am going to take a moment and explain some of the items.

The email message will contain a section that lists your outdated WordPress scripts, and it will look something like:

Script: WordPress
Installed Path: /home/%USER%/%PATH%
Installed Version: X.X.X
Latest Version: Y.Y.Y
Script Website: http://www.wordpress.org

If you have multiple accounts, then you may see 2 or more of these sections in the email message.

Let’s take a look at this line by line:

This refers to your account. The domain name of the account that contains the outdated WordPress script. This is the main account associated with your web hosting account in our system. The actual WordPress installation might be on a parked or addon domain on the account, but our system can’t differentiate that.

Script: WordPress
This simply refers to the script as being a WordPress script. Similar notices may be sent out for other scripts.

Installed Path: /home/%USER%/%PATH%
This is an important part. This refers to where the WordPress installation is at on the server’s file system. This may be an addon domain path – in which case you would access the WordPress script via the addon domain. Generally speaking if this path looks like /home/%USER%/public_html/%PATH% – then you can access this by using the domain name in the Account section above – http://%YOURDOMAIN.COM%/%PATH% – but not all Installed Paths are going to be under the public_html folder. To access the WordPress admin dashboard for this installation you would typically just add /wp-admin to the end of the path, i.e: http://%YOURDOMAIN.COM%/%PATH%/wp-admin If you don’t know what installed path this installation is referring to in your email message, simply write us back and we can figure it out for you.

Installed Version: X.X.X
This is going to tell you what version of WordPress is installed at the above Installed Path. This can tell you just how outdated that WordPress installation really is.

Latest Version: Y.Y.Y
This will tell you the latest version of WordPress as it applies to your WordPress script. WordPress has different release trees and therefore different latest versions, depending on what version you have installed. For example, if you are using WordPress 4.3, then your latest version might be WordPress 4.3.3. If you are using WordPress 4.4, then your latest version might WordPress 4.4.2.

Updating WordPress is fairly straight-forward. You simply need to log into the WordPress admin dashboard for the installation you are wanting to update. Click on the Dashboard tab on the left side and click on Updates. From there you will see “An updated version of WordPress is available.” and underneath that will be a link to Update Now to the new version. Simply click that link and WordPress will be updated.

You can also update your themes and plugins from this screen.

AMS Support

PHP Updated

Tuesday, April 19th, 2016 - Updates

All of our servers have had PHP updated.

All of our servers are now running PHP 5.6.20 and PHP 5.5.34.

Not a lot has changed in these versions. These releases are mostly just general bug fixes. Users should not notice any issues with these upgrades.

AMS Support

WordPress 4.5 released – updated jQuery

Wednesday, April 13th, 2016 - General

WordPress has released version 4.5 of their WordPress product. Release notes for this update can be found on the WordPress website.

Among the changes in this release include formatting shortcuts, image resizing optimizations, and an update to jQuery.

The update to jQuery is showing to cause some problems with users who use outdated or abandoned themes or plugins. The update to jQuery version 1.12.3 disrupts the way some themes and plugins were performing tasks. These tasks were being performed incorrectly, it’s just that older versions of jQuery were still allowing these tasks to be performed incorrectly. jQuery version 1.12.3 puts a stop to this. The long and short of this is to make sure you are always using up-to-date and reputable (as in not abandoned) themes and plugins for your WordPress script. Reputable theme and plugin developers have kept their code up to date and stay in-tune with WordPress changes.

The upgrade to WordPress 4.5 is not mandatory – at least I don’t think so. As we have found out, WordPress tends to have a weird release system. If you ask them, they’ll tell you that WordPress 4.5 is THE version of WordPress. Yet, they will also continue to release security updates for WordPress 4.4, WordPress 4.3, WordPress 4.2… I’m really not sure how far back they go. Eventually they will stop releasing updates to these older versions of WordPress (or do they intend to support 100 versions of WordPress for years?) but they won’t say when that will happen. Again, as far as they are concerned WordPress 4.5 is THE version of WordPress … except for when they release updates to WordPress 4.4, 4.3, 4.2, etc. Bottom Line: If you are not upgrading to WordPress 4.5 now, I would encourage you to at least be making plans to upgrade to WordPress 4.5 sometime in the near future.

AMS Support

Panama Papers and the importance of updated scripts

Saturday, April 9th, 2016 - General

I thought this was interesting.

As you may be aware the law firm Mossack Fonseca in Panama was recently hacked exposing quite a bit of customer data – the so called Panama Papers. While the actual root cause of this hack is still unknown some are speculating that this may have been done through known vulnerabilities in different outdated CMS software used on their website.

According to Wired the Mossack Fonseca website was using a 3 month old version of WordPress and nearly a 2.5 year old version of Drupal. Each of these versions are known to be susceptible to multiple vulnerabilities.

All of this serves to underscore the importance of keeping software – especially web facing software – up to date. If you don’t, you may just find yourself being a victim of a hack or compromise, much like Mossack Fonseca.

At AMS Computer Services we try to do our best to inform our users of when a new script update is available. We encourage users to sign up for announcements or mailing lists directly from the script developers so that you will know precisely when a new version is release.

• WordPress – WordPress Announcement Email list
• Joomla! – Joomla! Announcement RSS Feed
• Drupal – Drupal Security Twitter Account
• Magento – Magento Announcement Email list
• WHMCS – WHMCS Announcement RSS Feed

It is important to note that script developers can only do so much. If a script developer is not releasing security patches in a timely manner that is the fault of the script developer. But if a script developer is releasing security updates, but end-users are not installing those security updates, then there’s really nothing more that the script developer can do. It is up to the end-users – people that install these scripts – to be responsible for keeping them up to date.

AMS Support

WHMCS Upcoming End-of-Life

Friday, April 8th, 2016 - Updates

WHMCS recently released version 6.3 of their popular WHMCS billing software. I know a lot of our users depend on this software for their web hosting business. I thought now would be a good time to review the end-of-life status for various WHMCS version.

First, a primer. Why is end-of-life important? As software developers work on adding new features and optimizing code for a program, over time the core of that software may need to be replaced. To put it simply, this is what WHMCS 6.3 represents, a new core. Now, developers cannot continue to update cores for various other releases forever. So the amount of time that a software core remains active and able to be updated is called that software’s lifetime. Eventually those softwares reach their end, called their end-of-life. If you use a piece of software that is end-of-life, essentially you are using a version of the software that will never see updates again. This means that major security holes can be disclosed for those versions, and the developers aren’t going to fix it. Depending on end-of-life software puts your account, and potentially your customer’s data at risk.

WHMCS is currently supporting 4 different versions. From a developer’s standpoint, that’s a lot of software cores to keep safe and secure. The oldest of these cores – WHMCS 6.0 – is set to go end of life on July 31, 2016. If you are using WHMCS 6.0 you need to be aware of this and making plans to upgrade to a newer version.

A look at the current (as of April 8, 2016) WHMCS version makeup:

WHMCS Release Tree
Latest Version
Expected End-Of-Life
WHMCS Version 6.0 6.0.4 July 31, 2016
WHMCS Version 6.1 6.1.2 September 31, 2016
WHMCS Version 6.2 6.2.2 December 31, 2016
WHMCS Version 6.3 6.3.0 Unknown

IMPORTANT NOTE: – If you are using any other version of WHMCS, for example WHMCS version 5.3.14, then you are using an end-of-life version of WHMCS and may be vulnerable to security threats!

To upgrade WHMCS, you may need to contact your license vendor. That would be whoever you purchased your WHMCS license from. You may also find the information on WHMCS’s site to be useful for upgrading.

AMS Support