Security Vulnerability Fixes, Speed Improvements and Other Major Improvements on FlyWP

At FlyWP, we are always committed to enhancing your WordPress management experience with powerful and efficient tools. We are excited to announce the latest updates to FlyWP, bringing you a host of new features, enhancements, and crucial fixes to improve your experience with our platform. Here’s a detailed overview of what’s new —

More Focus on Security and Vulnerability Fixes

At FlyWP, security and overall platform stability are of paramount importance. We understand that our users rely on us to provide a robust, secure, and reliable environment for managing their WordPress sites. This is why we continuously strive to enhance our security measures and improve the stability of our platform. Our latest updates reflect our ongoing commitment to these principles, ensuring that you can focus on growing your online presence with peace of mind.

Last month, we focused specially on the security and vulnerability issues and took prompt action to fix them.

All the security and vulnerability fixes, and enhancements are already deployed to FlyWP servers and sites. No further action is required on customer end.

Replacing PHP-FPM from TCP to Unix socket

Vladimir Smitka published a security vulnerability for FlyWP. We took this seriously and took prompt action, As Vladimir mentioned in his blog we did not handle the inter-container communication situation, which was not controlled or restricted in any way. The fix was replacing php-fpm TCP port with Unix sockets. It sounds simple, but we had to make many under the hood changes. We made sure to take the necessary actions required and made the changes to our platform to mitigate the issues,

  • We’ve transitioned PHP-FPM from TCP to Unix socket to address the security issue reported by Vladimir. Although we are still awaiting Vladimir’s confirmation, we have proactively applied this fix to all sites. 
  • Addressed security vulnerabilities reported by Vladimir by replacing the php-fpm port with a socket and resolving insecure Redis connection issues. These fixes enhance the overall security of your servers.
  • We’ve introduced Redis ACL for improved site isolation (Object Cache). From now on, each new site will have its own unique username and password, similar to MySQL. This measure will significantly enhance the isolation and security of each site. This was also suggested by Vladimir. Thanks to him.
  • We have already migrated all sites and servers to take advantage of these security fixes, ensuring a secure environment for all users.

We’ve also collaborated with Vladimir regarding the fixes and informed him about the fixes and enhancements that we did. We’re still awaiting for his response and we are communicating with him for more enhancements to FlyWP

Better Authentication of Redis using Redis ACL

This enhancement was also suggested by Vladimir.

  • We’ve introduced Redis ACL for improved site isolation (Object Cache). Each new site will now have its own unique username and password, similar to MySQL. This measure significantly enhances the isolation and security of each site. This improvement was also suggested by Vladimir, and we thank him for his valuable input.

Faster Response Time

We’ve increased the default increasing nginx worker_rlimit_nofile and worker_connections on Nginx config, that should generally offer faster response time. If you want, you can also contribute to our open source nginx configuration.

93722

Automatic Upgrade to the Latest Version of OpenSSH-server

  • We have automatically upgraded openssh-server on all our servers to address a vulnerability in the old version. The CVE-2024-6387 vulnerability has been mitigated by upgrading the openssh-server package for every customer on each server managed through FlyWP. Thanks to Dmitriy Yevseyev for reporting it.

✨ New Features and Enhancements

Apart from the security fixes, we’ve also worked on key features and enhancements. At FlyWP, our priority is to continuously improve your experience by enhancing the platform’s security, functionality, and ease of use. We’re excited to introduce key updates to FlyWP, designed to provide you with more efficient tools and a smoother user experience, reflecting our commitment to delivering top-notch server management solutions.

Great Improvements to FlyWP for Mobile Devices

  • All functionalities of FlyWP should now be usable from mobile and tablet devices. We have spent considerable time optimizing the UI for smaller screens to ensure a seamless experience across all devices. This makes managing your servers on the go more convenient than ever.
  • Fixed Logo Issue on Login & Register Page: Resolved display issues with the logo on the login and registration pages.
  • Updated Responsive Dropdown & Sidebar Menu: Improved the functionality and appearance of the dropdown menu, and sidebar to be fully responsive for a better user experience. This update ensures that navigating FlyWP is smooth and accessible, no matter what device you’re using.

SSL Certificate Management UI and Custom Certificate Installation

  • We’ve improved the user interface for managing SSL certificates. This enhancement allows you to install custom certificates with greater ease and flexibility. Now, managing your SSL certificates is more intuitive, ensuring your sites remain secure with just a few clicks. We’ve also done many under the hood changes to make sure SSL deployment is more reliable, and easier.

Provision Through FlyWP

  • We’ve made significant enhancements to the provisioning process to make it more efficient and reliable. These improvements help streamline server setup and management, saving you time and effort.

Wildcard Certificate Badge and Alias Domain List

  • Added a badge for wildcard certificates and an alias domain list to simplify the management of your SSL certificates. These additions make it easier to identify and manage your certificate configurations.

Fixes

LetsEncrypt Challenge Directory Issue

  • Fixed an issue with the LetsEncrypt challenge directory to ensure smoother SSL certificate issuance. This fix helps prevent errors during the SSL setup process, ensuring your sites remain secure.

More Optimization to FlyWP’s Own Database

  • We’ve done changes to our internal database and increased column size where it was required to accommodate more data. This enhancement allows for better data management on our end.

Provision Through FlyWP Billing Fix

  • Resolved billing issues related to provisioning through FlyWP to ensure accurate and reliable billing processes.

FlyWP Server SSH Key Duplicate Issue

  • Fixed an issue with duplicate SSH keys on FlyWP servers, improving server security and access management.

✈️ Fly High with FlyWP

These updates are part of our ongoing commitment to provide you with a robust and secure server management platform. We appreciate your feedback and support, which help us continually improve FlyWP. If you have any feature request, feel free to submit at https://feedback.flywp.com

Stay tuned for more updates, and as always, if you have any questions or need assistance, please don’t hesitate to reach out to our support team.

Thank you for choosing FlyWP!