BlogVault Security Update

Bulletproof Backups for Your WordPress Website

Fortify your business continuity with foolproof WordPress backups. No data loss, no downtime — just secure, seamless operation.

On February 6, I had written a blog post regarding a possible security breach at BlogVault. Since then we have been conducting a thorough investigation into the issue. We have concluded the investigations. This post outlines its results.

No Data Breached

In our previous communication with you, we had mentioned that there had been a data breach. After detailed investigations, we found that the issue was a vulnerability in the BlogVault plugin, and none of the data on our servers were exposed.

We have ensured to cover every aspect of our system in our investigations, which involved inspecting the logs for our system as well as that of affected and unaffected sites. We also reviewed the attack payload with great detail.

BlogVault Plugin Vulnerability Fixed in Version 1.45

On Feb 4, we learned that we were using ‘unserialize’ PHP function on unverified data in BlogVault plugin versions 1.40 to version 1.44. We fixed it on the same day (Feb 4) with plugin version 1.45.

However, we had assumed the worst, and communicated with our customers the same day about the security issue. Following this, we also made a public announcement about it via a blog post.

Since then, we have thoroughly investigated the issue and analyzed our entire system. We have found that the the above mentioned vulnerability was the only entry point that allowed malware to be injected into sites on which the BlogVault plugin was reachable.

The BlogVault plugin has been secure ever since the updates on version 1.45.

However, we have continued to strengthen the security of our plugin and as of the date on which this post is published, the latest version of the BlogVault plugin is 1.46. If your BlogVault plugin is older than 1.46, we request you to update to the latest version available in the WordPress repository (https://wordpress.org/plugins/blogvault-real-time-backup/ ).

Your data and backups are safe

As mentioned in our previous communication, your backups and data were safe and continue to be safe. They were never at risk. This includes:

  • Your backups
  • Your passwords
  • Your payment details

Please find below the details of the measures we have taken during the investigation to bolster the security of our service:

Preventive Security Measures Implemented

As a reflection of our commitment to security best practices, we have taken a list of preventive security measures during the investigation to ensure that this incident doesn’t repeat itself.

  • Updates made with versions 1.45, and 1.46 of the BlogVault plugin were a part of the measures to strengthen the security of the plugin.
  • We have actively scanned all sites to identify websites affected by this issue and to get them cleaned and secure.
  • We have also pushed an automatic update to the BlogVault plugin on most sites.
  • Moreover, we have taken and continue to take measures to ensure that neither the BlogVault plugin nor the servers can be exploited.

Your Trust Continues to Be Important to Us

During this period, many of you who have reached out to us via our chat channels, email or even Twitter. We realize that you have not received the level of service on which we pride ourselves, and for this we apologize.

At BlogVault we are committed to being transparent and accountable to you. I know that we had received some questions about details regarding the issue. We were unable to respond to them because we had prioritized the security of the affected sites of our customers. We also wanted to ensure that we would refrain from adding to any speculations and only communicate facts.

We have set up an FAQs page that addresses some of the questions you might have regarding the security issue (these are different from the FAQs we received at first), and address the measures we have taken to secure sites. Please find the link to this page here. https://blogvault.net/security-updates-faqs/

The security of your sites and your trust is of utmost importance to us at BlogVault. Please reach out to us with any further queries you might have.

Thank You

You have been extremely understanding and generous to me and my entire team over this period; and we want to personally thank you for that.

Security is an ongoing process and we remain committed to making our service more robust.

Tags:

You may also like


Manage Multiple WordPress Sites
How To Manage Multiple WordPress sites

Management tools help agencies become well-oiled machines. Each task is completed with the least amount of effort and highest rate of  accuracy.  For people managing multiple WordPress sites, the daily…

PHP 8.3 Support Added to Staging Feature
PHP 8.3 Support Added to Staging Feature

We’ve introduced PHP version 8.3 to our staging sites. Test out new features, code changes, and updates on the latest PHP version without affecting your live website. Update PHP confidently…

How to Repair & Optimise the WordPress Database
How to Repair & Optimise the WordPress Database

WordPress is developed with the scripting language PHP and uses either MySQL or MariaDB as its open-source relational database management system. Behind the scenes, the WordPress database stores content such…

How do you update and backup your website?

Creating Backup and Updating website can be time consuming and error-prone. BlogVault will save you hours everyday while providing you complete peace of mind.

Updating Everything Manually?

But it’s too time consuming, complicated and stops you from achieving your full potential. You don’t want to put your business at risk with inefficient management.

Backup Your WordPress Site

Install the plugin on your website, let it sync and you’re done. Get automated, scheduled backups for your critical site data, and make sure your website never experiences downtime again.