It is important to update to a newer version of PHP. We recommend upgrading to one of the latest supported versions — all of which include new features and backward-incompatible changes that should be thoroughly tested before deployment in a production environment.
You may need to ask your developers to update your codebase, verify plugin compatibility, and ensure your applications are supported on newer PHP versions.
Want to find out what your options are and what actions you need to take to stay secure. We can help just
Not sure which PHP version your server is using? It might be time for a Server Audit to get a complete view of your infrastructure. We provide a traffic light report that highlights the good, the bad, and the ugly.
Want to know your options and what actions you need to take to stay secure? We can help – just get in touch.
https://www.dogsbody.com/wp-content/uploads/PHP81EOL-e1753181148767.jpg323528Claire Christmashttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngClaire Christmas2025-08-08 11:34:412025-08-08 11:34:41PHP 8.1 will go end of life – 31 Dec 2025
Ubuntu 20.04 goes End Of Life (EOL) in April 2025. When an operating system goes EOL there is usually a lot to think about so lets break down the options open to you.
By far the easiest of the options but could end up costing you more in the long run. We do not recommend this option.
Doing nothing mean you have a ticking time bomb on your infrastructure. Your infrastructure will no longer receive security updates for the Ubuntu base OS, critical software packages and infrastructure components as well as no security maintenance for high and critical CVEs. This will probably also cause Compliance issues (PCI), Software incompatibility and make your whole network more vulnerable.
Using this option will also mean that more work will be required when you upgrade your server in the future costing you more.
2) Build new infrastructure (and move to the latest Ubuntu LTS release)
Dogsbody always recommend this options as a clean and safe way to upgrade. It allows you to upgrade your hardware to the latest tech. (Suppliers may allow you a free cut over period to manage costs).
This options lets everyone involved test things fully without affecting production infrastructure .
Obviously the disadvantage is this is it is one of the more expensive options, not just because of the work involved but as you may have to pay for two set of hardware and support etc until you migrate from your old to your new infrastructure. Dogsbody offer a one month cross over period for all our maintenance customers 🙂 Also if you have multiple sites on the server (shared hosting) you need to update all sites to the new IP.
Ubuntu 24.04 LTS became available in April 2024 and is supported for 5 years with the end of their standard support in June 2029. We recommend installing the 22.04.1 release especially for production machines.
3) Perform an in-place upgrade
This may only be an option for certain infrastructure types. It can be cheaper than option 2 (and quicker) but only if it upgrades perfectly. This option gives you zero testing time which means there is a risk that this will not work and your infrastructure will be off line whilst you or your support services fix it live.
While in-place upgrades will result with you having a new operating system, you will likely inherit the (less secure) defaults from the old operating system. A great example of this is when the default changed in SSH to disable the insecure v1 of the protocol on new operating system installs. Systems that were upgraded via in-place upgrade would inherit the old config keeping SSH v1 turned on.
We would certainly never recommend more than one in-place upgrade. Taking a single system from Ubuntu 16.04 -> 18.04 -> 20.04 and now 22.04 is a bad idea as it just leaves too many loose threads.
It also means your hardware will not be upgraded keeping you potentially on old, less efficient hardware that may also cause you issues at a later date.
4) Buy an annual subscription to Ubuntu Pro – Extended Security Maintenance (ESM) – UPDATED 12 Nov 2024
Extended Security Maintenance (ESM) and Ubuntu Pro are annual subscriptions. They provide Security updates for Ubuntu LTS for an additional 5 years (until April 2030 for Ubuntu 20.04). Including security coverage of the Main and Ubuntu Universe repositories for Critical, High and select Medium CVEs.
The disadvantages with this option Ubuntu Pro will not cover software from other repositories. If you have installed other software (Nginx, Percona, etc.) from their own official repositories then these repo’s may decide to drop support for your operating system as it’s now deemed to be EOL. We have seen this happen multiple times so unfortunately isn’t the panacea for all Ubuntu users.
Additionally, as with the in-place upgrade, it also means your hardware will not be upgraded keeping you potentially on old, less efficient hardware that may also cause you issues at a later date.
After a extensive discussion with Canonical we finally have a solution for getting Ubuntu Pro on smaller public cloud provider such as Linode, Digital Ocean, Vultr etc.
Ubuntu Pro is an enterprise subscription charged per machine per year. If Ubuntu Pro is something you are interested in please contact us.
5) Just shut it down
It’s good to take stock of your infrastructure sometimes, especially internal/pet projects that may have been left to languish.
Do you actually still need this infrastructure? Has it been replaced by something better? If so then you can always just shut it down.
We had customer who reviewed their hosting infrastructure and made the decision to moving their final customer websites to our shared hosting platform which saved them both time and money.
About Ubuntu 24.04
Ubuntu 24.04 LTS release is supported for 5 years with the end of their standard support in June 2029.
Upgrading from Ubuntu 20.04 to Ubuntu 24.04 should, instantly, speed up your sites/infrastructure if you get it right.
It’s worth considering package changes between operating system versions. Some of the most common are…
Dogsbody have a lot of customers who run Ubuntu 20.04 who we will be advising and helping move to the best option for their business. If you need help on deciding the best route for your upgrade or more information about getting Ubuntu Pro for smaller public cloud provider please do contact us.
https://www.dogsbody.com/wp-content/uploads/animal-4070485_1280.jpg8531280Claire Christmashttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngClaire Christmas2024-09-27 16:41:012024-11-12 11:57:195 options for Ubuntu 20.04 EOL in April 2025
CentralNic Registry was recently informed of a security issue with one of its third-party vendors. There’s no evidence of a compromise or any unauthorised access however there is a risk that domain authCode’s have been leaked.
A domain auth code can be used to steal a domain from you.
Any domain owners of the following TLD’s are advised to reset the authCode for their domain.
Some registrar’s are batch voiding and regenerating auth codes for affected domains but not all.
Affected TLD’s
gTLDs
.art
.bar
.basketball
.best
.college
.ceo
.design
.fans
.feedback
.frl
.fun
.gent
.host
.icu
.ink
.love
.observer
.online
.ooo
.press
.protection
.realty
.reit
.rent
.rest
.security
.site
.space
.storage
.store
.tech
.theatre
.tickets
.website
.wiki
.xyz
Official ccTLDs
.bh, Bahrain
.fm, Federated States of Micronesia
.fo, Faroe Islands
.gd, Grenada
.gl, Greenland
.la, Laos; also borrowed for Los Angeles
.pw, Palau
.sk, Slovakia
.vg, British Virgin Islands
Unofficial ccTLDs
.ae.org, for United Arab Emirates
.ar.com, Argentina
.br.com, Brazil
.cn.com, China
.com.de, Germany
.de.com, Germany
.eu.com, European Union
.gb.com, Great Britain
.gb.net, Great Britain
.gr.com, Greece
.hu.com, Hungary
.jpn.com, Japan
.jp.net, Japan
.kr.com, Korea
.no.com, Norway
.qc.com, Quebec
.ru.com, Russia
.sa.com, Saudi Arabia
.se.com, Sweden
.se.net, Sweden
.uk.com, United Kingdom
.uk.net, United Kingdom
.us.com: United States
.us.org: United States
.uy.com, Uruguay
.za.com, South Africa
Any domain owners of these TLD’s are advised to reset the authCode for that domain.
It is important to update them to a newer version. We would recommend updating to either:
8.1 supported until 25 November 2024
8.2 supported until 08 December 2025
This new minor version brings with it a number of new features and a few incompatibilities that should be tested for before switching PHP versions in production environments.
You may need to get your developers to update code, check plug-ins and app versions for supportability:
WordPress is not fully compatible with PHP 8.0 or 8.1. All remaining known PHP 8.1 issues are deprecation notices.
Please note, a deprecation notice is not an error, but rather an indicator of where additional work is needed for compatibility before PHP 9 (i.e. when the notices become fatal errors). With a deprecation notice, the PHP code will continue to work and nothing is broken.
At the time of writing PHP 8.2 for wordpress was still waiting on the dev notes.
Not sure what version your server is on? Maybe it’s time for a Server Audit so you have a full picture of your infrastructure – We produce a traffic light report telling you the good, the bad and the ugly…
https://www.dogsbody.com/wp-content/uploads/PHP-80-EOL.jpg10801920Claire Christmashttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngClaire Christmas2023-05-17 13:31:222023-05-17 13:31:22PHP 8.0 will go end of life – 26 Nov 2023
Keeping your WordPress software up to date and safe from vulnerabilities is the most important security tip for any WordPress site. And it’s super easy to do.
Below are three simple ways to secure your WordPress site.
1. Use the latest WordPress Version
Whenever WordPress sends out a new update, it means they may have fixed some bugs, added some features, but most importantly they have added some security features and fixes.
Nowadays, with one-click update, it’s very easy to upgrade your WordPress Version.
Make sure your theme and plugins are compatible with this latest version of WordPress. If an update has been rolled out and it’s not a security update, I suggest you wait for your plugins and themes to become compatible before upgrading.
2. Keep Your WordPress Plugins Updated
As I mentioned above, WordPress releases an update to fix bugs and vulnerabilities, and this is the same for plugins. This is a really quick update to make:
Click the Update Now button for the vulnerable plugin
Many times, an out of date plugin or 3rd party script can create a security hole in your WordPress website causing it to become vulnerable.
In general you should always use plugins which are continually updated and have good support.
If you are using a plugin which has not been updated for a while, find an alternative to it. If you have an installed plugin, remove it.
3. Keep Your WordPress Themes Updated
Yes! Even The Themes! Both plugins and themes are built on code. Mostly PHP to be specific. And, that code will eventually be outdated. When a theme (or plugin) is outdated, it’ll still work. Sure. However, it will be more prone to being exploited since it’s an easy way in for attackers.
Make a consistent schedule to regularly check and download the latest updates of themes (and plugins).
These can be found directly on the WordPress dashboard on the “Updates” pages.
Plugins are being updated all the time. For example, on a single day (24 Aug 2021) the following plugin vulnerabilities were all fixed and were ready to be updated:
Contact Form Entries < Version 1.2.1 – Reflected Cross-Site Scripting
TextME SMS < Version 1.8.9 – Authenticated Stored XSS
Live Scores for SportsPress < Version 1.9.1 – Authenticated Local File Inclusion
Live Scores for SportsPress < Version 1.9.1 – Reflected Cross-Site Scripting
SMTP Mail < Version 1.2 – Reflected Cross-Site Scripting (XSS)
SMTP Mail < Version 1.2.2 – Authenticated SQL Injections
Contact List < Version 2.9.42 – Reflected Cross-Site Scripting
Coupon Affiliates for WooCommerce < Version 4.11.0.2 – Reflected Cross-Site Scripting
Podlove Podcast Publisher < Version 3.5.6 – Unauthenticated SQL Injection
Recipe Card Blocks < Version 2.8.1 – Reflected Cross-Site Scripting
As of June 2020 over 73% of the most popular WordPress installations were vulnerable. They were vulnerable to exploitable vulnerabilities that can be detected with free automated tools, within seconds.
It only takes a couple of minutes for a malicious attacker to run an automated tool that can discover these vulnerabilities and exploit them. This highlights the importance choosing the right WordPress web host that auto updates both plugins and WordPress.
The most common vulnerabilities
Arbitrary File Upload & File Viewing: Lack of file type and content filtering allows for upload of arbitrary files that can contain executable code which, once run, can do pretty much anything on a site. Instead of allowing only certain file source to be viewed (for example plugin templates) the lack of checks in the code allows the attacker to view the source of any file, including those with sensitive information such as wp-config.php
Privilege Escalation: Once the attacker has an account on the site, even if it’s only of the subscriber type, he can escalate his privileges to a higher level, including administrative ones.
SQL Injection: By not escaping and filtering data that goes into SQL queries, malicious code can be injected into queries and data deleted, updated or inserted into the database. This is one of the most common vulnerabilities.
Remote Code Execution (RCE): Instead of uploading and running malicious code, the attacker can run it from a remote location. The code can do anything, from hijacking the site to completely deleting it.
How Dogsbody can help
So, you maybe wondering ‘How will I know I’m vulnerable in the first place’.
The easiest way is to log into your WordPress site and take a look.
https://www.dogsbody.com/wp-content/uploads/unsplash.com_.photos.8_NI1WTqCGY.webp7001050Ashley Hollandhttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngAshley Holland2022-10-14 10:00:382022-10-14 15:50:59Three Easy Ways To Secure Your WordPress Site
Ubuntu 18.04 goes end of life in April 2023. Our usual EOL blog posts tend to be quite short and sharp, making sure that people are aware of software becoming insecure. When an operating system goes EOL there is usually a lot more to think about.
Here we look at your 5 options for Ubuntu 18.04 EOL.
By far the easiest of the options but could end up costing you more in the long run. Dogsbody do not recommend this option.
Doing nothing mean you have a ticking time bomb on your infrastructure. Your 18.04 Infrastructure will no longer receive security updates for the Ubuntu base OS, critical software packages and infrastructure components as well as no security maintenance for high and critical CVEs. This will probably also cause Compliance issues (PCI), Software incompatibility and make your whole network more vulnerable.
Using this option will also mean that more work will be required when you upgrade your server in the future costing you more.
2) Build new infrastructure and move to the latest Ubuntu LTS release (Recommended)
Dogsbody always recommend this options as a clean and safe way to upgrade. It allows you to upgrade your hardware to the latest tech. (Suppliers may allow you a free cut over period to manage costs).
This options lets everyone involved test things fully without affecting production infrastructure .
Obviously the disadvantage is this is it is one of the more expensive options, not just because of the work involved but as you may have to pay for two set of hardware and support etc until you migrate from your old to your new infrastructure. Dogsbody offer a one month cross over period for all our maintenance customers 🙂 Also if you have multiple sites on the server (shared hosting) you need to update all sites to the new IP.
Ubuntu 22.04 LTS became available in April 2022 and is supported for 5 years with the end of their standard support in April 2027. We recommend installing the 22.04.1 release especially for production machines.
3) Perform an in-place upgrade
This may only be an option for certain infrastructure types. It can be cheaper than option 2 (and quicker) but only if it upgrades perfectly. This option gives you zero testing time which means there is a risk that this will not work and your infrastructure will be off line whilst you or your support services fix it live.
While in-place upgrades will result with you having a new operating system, you will likely inherit the (less secure) defaults from the old operating system. e.g. Networking in Ubuntu 14.04 is typically configured via the /etc/network/interfaces file. Networking in Ubuntu 16.04 is typically configured via the netplan configuration files. An in-place upgrade from 16.04 to 18.04 would leave the old interfaces configuration in place which may work or may not depending on the setup you have.
We would certainly never recommend more than one in-place upgrade. Taking a single system from Ubuntu 14.04 -> 16.04 -> 18.04 and now 20.04 is a bad idea as it just leaves too many loose threads.
It also means your hardware will not be upgraded keeping you potentially on old, less efficient hardware that may also cause you issues at a later date.
4) Buy an annual subscription to Ubuntu Pro – Extended Security Maintenance (ESM)
Ubuntu Pro and Ubuntu Pro (infra-only) are annual subscriptions from Canonical. They provide Security updates for Ubuntu LTS for an additional 5 years (April 2028). Including security coverage of the Main and Ubuntu Universe repositories (Ubuntu Pro only) for Critical, High and select Medium CVEs.
There is a possibility that other software and packages will drop their support for Ubuntu 18.04 so you may cause yourselves problems down the line if you plan to leave it the full 5 years.
Ubuntu Pro is an enterprise subscription charged per machine per year. Annual costs depend on your infrastructure type (desktop or server) and support requirements.
Security Patching
Ubuntu LTS
Ubuntu Pro (INFRA-ONLY)
Ubuntu Pro
Ubuntu Main Repo
5 years
10 years
10 years
Ubuntu Universe Repo
Best effort
Best effort
10 years
5) Just shut it down
It’s good to take stock of your infrastructure sometimes, especially internal/pet projects that may have been left to languish.
Do you actually still need this infrastructure? Has it been replaced by something better? If so then you can always just shut it down.
About Ubuntu 22.04
Ubuntu 22.04 LTS release is supported for 5 years with the end of their standard support in April 2027.
Upgrading from Ubuntu 18.04 to Ubuntu 22.04 should, instantly, speed up your sites/infrastructure if you get it right.
It’s worth considering package changes between operating system versions. Some of the most common are…
Dogsbody have a lot of customers who run Ubuntu 18.04 who we will be advising and helping move to the best option for their business. If you need help on deciding the best route for your upgrade please do contact us.
https://www.dogsbody.com/wp-content/uploads/beaver-gac8e01c32_1280.jpg8531280Claire Christmashttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngClaire Christmas2022-07-01 09:00:462023-02-09 10:44:575 options for Ubuntu 18.04 EOL
It is important to update them to a newer version. We would recommend updating to either:
8.0 supported until 26 November 2023
8.1 supported until 25 November 2024
New major PHP versions bring with it a number of new features and some incompatibilities. These should be tested before switching PHP versions in production environments. You may need to get your developers to update some code, check plug-ins and app versions for the new PHP supportability:
WordPress 5.6 to 5.9 state that they have added “beta support” for PHP 8.0 and 8.1 however no one know when it will be out of beta status. Beta support means that the compatibility of WordPress with PHP is still being tested. We would usually advise not to use it on a production server until it is fully supported by WordPress.
Not sure what version your server is on? Maybe it’s time for a Server Audit so you have a full picture of your infrastructure – We produce a traffic light report telling you the good, the bad and the ugly…
Otherwise want a hand with your PHP upgrade? Get in touch!
https://www.dogsbody.com/wp-content/uploads/lifeline-ge081f87d3_1920.jpg12801920Claire Christmashttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngClaire Christmas2022-05-26 14:36:332022-05-26 14:36:33PHP 7.4 will go end of life on 28 November 2022
On the 30 June 2022, Debian 9 “Stretch” goes End of Life (EOL). We recommend you upgrade to Debian 11 “Bullseye” (skipping Debian 10 if possible) which is supported until June 2026.
After this date there will be no security updates released for Debian 9 and servers will not be patched for any new vulnerabilities discovered.
Leaving old Debian 9 “Stretch” systems past 30 June 2022 leaves you at risk to:
Security vulnerabilities of the system in question
Software incompatibility
Compliance issues (PCI)
Poor performance and reliability
and
Making your network more vulnerable as a whole
Debian 11 “Bullseye” Supports:
Apache 2.4.48
MariaDB 10.5
MySQL 8.0
PHP 7.4
Python 3, 3.9.1
Not sure where to start? Contact us to find out how we can help you.
https://www.dogsbody.com/wp-content/uploads/debian-9-stretch.jpg10801920Claire Christmashttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngClaire Christmas2022-01-05 14:05:412022-01-05 14:05:41Debian 9 “Stretch” goes End of Life (EOL) June 2022
This weekend, a very serious vulnerability in the popular Java-based logging package Log4j was disclosed. This vulnerability allows an attacker to execute code on a remote server; a so-called Remote Code Execution (RCE). Because of the widespread use of Java and Log4j, as well as the relative ease with which the vulnerability can be exploited, this is likely one of the most serious vulnerabilities on the Internet since both Heartbleed and ShellShock.
This was a “zero day exploit”, meaning that the bad guys found this vulnerability and started exploiting it before that vulnerability could be fixed. The NIST has catalogued this as CVE-2021-44228 with a 10/10 severity (the most severe).
Who’s affected
Put simply – Java applications that use the log4j package. It is almost impossible to conclusively list all affected software and services, given such widespread use and the multiple versions and implementations that affects the ability to exploit the vulnerability.
An attempt to list responses from as many vendors and service suppliers can be found here, though this list shouldn’t be taken as authoritative.
What you can do
Most importantly you should take immediate action to do the following:
Identify usage of affected log4j versions within your infrastructure.
Apply available patches from your software vendors, or consider disabling elements of your infrastructure/services until patches are available.
Monitor your systems/logs for signs of previous and ongoing exploit attempts.
Take immediate steps to restore any affected systems to a known good state.
Our Customers
We are actively following the steps above and triaging those affected. Those most severely affected will have already been contacted and we will continue to proactively monitor all infrastructure to ensure all systems are patched as soon as possible.
Fail2ban is a tool which you can use to reduce the impact of attacks on your servers. Typically you configure it to monitor a log file for suspicious activity. Then once the activity crosses a threshold you can have it take an action, such as block the source IP address in your firewall. It’s a good way to stop attacks early but doesn’t entirely prevent them.
Why use it to protect WordPress
Due to it’s popularity, WordPress is often the target of automated attacks. We often see bruteforce attacks targeting xmlrpc.php or wp-login.php, these rely on making a huge number of requests in the hope that one will eventually be successful. Using strong passwords, especially for accounts with admin access is important to reduce the risk from attacks. Fail2ban can be used to slow attackers down. This helps for two reasons: it makes them less likely to succeed; it reduces the load on the server caused by processing these requests.
Blocking an attack as far upstream as possible is always advantageous to save resources so we would typically favour a Web Application Firewall or Webserver configuration over using fail2ban or a WordPress plugin however every site, server and customer is different so it will depend on the exact configuration used and required.
Install & config fail2ban (for Ubuntu)
sudo apt-get install fail2ban
Fail2ban works by having a jail file which references the log file, a filter and an action. By default fail2ban will protect sshd. If you are restricting SSH access in another way then you might want to turn this off. You can do so by creating the following as /etc/fail2ban/jail.local
[sshd]
enabled = false
Fail2ban doesn’t come with a filter for WordPress. I’d like to credit thesetwo articles for providing a good starting point. We see requests to ‘//xmlrpc.php’ (note the double slashes) fairly frequently so tweaked the below to also flag them. As this is detecting any requests to wp-login/xmlrpc it will flag legitimate admin users when they login etc. We’ll look to account for this with the jail configuration.
You can create the filter as /etc/fail2ban/filter.d/wordpress.conf
The jail file has most of the configuration options:
logpath, in this case the path to your Apache access log
action, adjust this if you’re using a different firewall or want to be sent email instead, you can see available options in /etc/fail2ban/action.d/
maxretry, the number of requests within findtime seconds to ban after
bantime, the number of seconds to ban for, with this action how long they’re blocked in iptables
As mentioned, the filter will catch both malicious and legitimate users. We’re configuring maxrety fairly high and bantime relatively low to minimise the probability and impact if we do block a legitimate user. Whilst this allows attackers to make roughly one request every ten seconds this is a fraction of what they’d make without fail2ban.
You can create the jail file as /etc/fail2ban/jail.d/wordpress.conf
https://www.dogsbody.com/wp-content/uploads/river.jpg19202560Jim Carterhttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngJim Carter2021-08-09 11:04:382021-08-09 11:04:38How to set-up fail2ban for a WordPress site
Dogsbody always recommend this options as a clean and safe way to upgrade. It allows you to upgrade your hardware to the latest tech. (Suppliers may allow you a free cut over period to manage costs).
