WordPress Toolkit Quarantine Error and Quick Resolution

If you have received within the past 48 hrs a notification such as this:

Updates were not installed for the following items: Website "/home/$username/public_html" (https://$domain.com): Failed to reset cache for the instance #1: WordPress Toolkit was not able to finish running an operation on this site in 60 seconds, so the operation was terminated. This could mean that your WordPress installation might be infected with malware. Check the wp-config.php file of the installation for potential malware code or run an anti-virus scan. If you cannot find any traces of malware, try running the operation again later.

it is likely because of an existing issue with WordPress Toolkit.

By default, the cPanel WordPress Toolkit plugin automatically checks your WordPress website daily for malware infection.

It turned out that as presently coded, WordPress Toolkit creates a false match if it could not verify WordPress file checksums via api.wordpress.org or if api.wordpress.org is unavailable or inaccessible.

For now, the workaround is as follows:

Log in to your cPanel.

Visit WordPress Toolkit.

You will see something like this:

Click on Check WordPress Integrity

Click the "Verify Checksum"

WordPress Toolkit Check Integrity

Once the checksum check is completed, you will see this:

Close the pop-up.

Now click on "Refresh".

You will notice that the issue has gone away.

If you are unable to do this by yourself, please contact our technical support team at https://dashboard.webhostingmagic.com/submitticket.php

It is also worth noting that you can install WordPress using other methods including

  • Softaculous WordPress Manager
  • WP-CLI
  • or manual WordPress installation

If you wish to use either of these instead of WordPress Toolkit and are not sure where to start, please do visit and create a technical support request and create request.

The cPanel WordPress Toolkit development team is aware of this problem and working on a permanent fix.

We are also following the issue.

Customers will receive an email notification when a solution is published in the product

24/7 Managed Hosting Now Available To All Hosting Tier

Since we came online almost 4 years ago, our core goal has always been to offer a 24/7 managed hosting service.

We see this as the best way to assist customers so that they can focus on building your business.

For example, instead of digging around on how to create an email address, install/deploy a web application, or do basic hosting account tasks, all the customer has to do is open a ticket and ask our team to get that done.

This though was delivered as an optional additional paid service and add-on.

Today, we are making the same service available to all customers.

That is all hosting tiers will now receive the same level of support.

To continue providing this all-around 24 hrs technical support, we have added a Phoenix-based ISO 9001 & ISO 27001-certified, GDPR-compliant first responder team as additional engineers.

As an existing or new customer, just visit https://dashboard.webhostingmagic.com/submitticket.php and select the Technical Assistant & Analysis team whenever you want something to get done.

As long as the issue is hosting account related (and not the management of website content), our team will work to help you get it done.

This expanded service starts on August 1st, 2022 and we are looking forward to helping you get things done.

Thanks for choosing Web Hosting Magic, and for helping us get to this point.

PHP4.4 End Of Life and Planned Removal

Web Hosting Magic has been offering HardenedPHP hosting packages that support PHP 4.4 for many years.

We have been doing that even after upstream stopped supporting it 13 years ago.

We felt that it is our obligation to assist customers still using old PHP versions to keep their website/application online while working towards an upgrade. 

But the technology behind PHP 4.4 is now so outdated that it poses a significant risk not only to the customers using it but also to the systems that support it.

Thus, Web Hosting Magic will officially end support for PHP 4.4 on Jan 1, 2023.

This means that security vulnerabilities in PHP 4.4 will no longer be patched and the verison removed from our systems.

If you are still running an application that requires PHP 4.4, we highly recommend that you start looking around for a way to upgrade the app to work with either:

  • PHP 5.3
  • PHP 5.4
  • PHP 5.5
  • PHP 5.6
  • PHP 7.0
  • PHP 7.1
  • PHP 7.3

All the above PHP versions can ONLY be hosted in our Iowa data center.

  • PHP 7.4
  • PHP 8.0
  • PHP 8.1

Want to host a PHP application (even one running PHP5.6) securely?

You can ... with the HardenedPHP packages at https://dashboard.webhostingmagic.com/store/secure-php-hosting

Simplify Your Search Optimization Effort With cPanel SEO

We recently announced the availability of AccelerateWP, a tool you can use from your cPanel to accelerate and optimize your WordPress for speed.

Today, we are also announcing the availability of cPanel SEO.

As a product, cPanel SEO is designed to help our customers:

  • create more successful websites
  • find relevant keywords
  • optimize existing content
  • write great blog posts without hiring an SEO expert or overextending your budget
  • rank better in search engines such as Google, Microsoft, etc

To learn more about cPanel SEO visit https://dashboard.webhostingmagic.com/store/search-engine-optimization

If Your cPanel File Manager Is Showing Another Username

If you recently encountered a situation where your cPanel File Manager is showing another account's directory in the navigation pane, it might have something to do with the Settings.

The cPanel development team is aware of the issue and currently investigating it.

For a quick workaround, please visit the link at https://dashboard.webhostingmagic.com/knowledgebase/432/What-To-Do-When-Your-cPanel-File-Manager-Shows-Another-Username.html to see how to get it resolved.

Hourly & Daily Backup-as-a-Service Now Available To Customers

As humans, we are not particularly good at understanding probabilities.

Especially when it comes to guessing the odds of things that could happen in our lives.

Unpleasant things happen...

But uhmmm ... it happens to other people.

Until it happens to us.

The chances may be infinitely small.

But if the same conditions apply, we found ourselves in the same exact situation.

This is true for good things that one wishes happen to him, her, or them.

And also true when we fail to take steps to ensure business continuity even when the worst happens.

Events such as:

  • account compromise that stole an organization's data, emails, etc
  • malware infection that made their website a no-go area
  • or plain ol' carelessness that made it impossible to conduct business

can be devastating to any business.

And could any of this happen when you are hosting a website?

Yes, it could.

It could happen because we have seen customers ignoring easy-to-implement security recommendations.

A typical example would be when a customer ignores the recommendation to:

  • use a strong, unique password of at least 18 characters and made up of a combination of letters, numbers, cases, and symbols.
  • enable two-factor authentication on every cPanel or Plesk account you have with us
  • enable two-factor authentication on your billing account

As a customer, our security is extremely important to us.

It is why we keep reminding you of the need to take measures to better protect your accounts.

Yes, we

  • have systems in place to thwart automated password crackers
  • work with security partners to prevent brute-force attacks on your website/applications
  • do everything we can to protect your website from vulnerability exploitation (including 0-day attacks) & malware infections
  • etc

But none of these matters if you are using short, common passwords or dictionary words as passwords.

There are tools that could help you create passwords that will not be guessed by password cracking programs or bad guys.

Tools such as:

could help securely generate strong, unique passwords for each and every one of your accounts.

We have seen customers not bothering with back-ups.

Even when there are 3 different, easy-to-use self-service backup options.

We have seen customers not acting when our systems send a notification to update an application or its supporting resources (for example WordPress core, plugin, or theme).

Even when such an update is rolled out to patch security vulnerabilities.

To save us from ourselves, Web Hosting Magic is today announcing a daily backup-as-a-service.

We have been testing this service with several businesses with a need for hourly replication.

When purchased, the system backs up your data once every 24 hrs to a secure off-site location.

And as a customer, you too can take advantage of this service to stack the odds in your favor.

If anything happens, we restore your account with the exact copy of your data as it was within the past 24 hrs.

For those businesses with a need for hourly replication, we take a real-time snapshot of the data every hour.

If anything happens, we restore the exact copy of your data as it was within the past 60 minutes.

To take advantage of this offering, please visit https://dashboard.webhostingmagic.com/store/

To read more about the recommended steps, please visit https://blog.webhostingmagic.com/how-to-prevent-web-hosting-data-loss-or-compromise

Please, help us help you better.

Thanks and have a great week ahead.

Possible RCE Vulnerability In Chamilo LMS Patched

Chamilo LMS at Web Hosting Magic

mPDF is a PHP library that generates PDF files from UTF-8 encoded HTML.

Chamilo uses this library to convert HTML to PDF.

It has been discovered that this can be abused in all 1.11.* versions by anyone able to edit the HTML (so with edition permissions) to trigger a Remote Code Execution vulnerability.

Softaculous, a 1-click app installer has released an update for Chamilo to patch this.

Customers installing new Chamilo applications will use the updated version.

While existing installations were not updated (since the current Chamilo version number is the same), Chamilo believes there are enough conditions and features in Chamilo to mitigate or remove this issue.

There is every reason to believe so as the team behind Chamilo LMS has a great track record for fixing reported security issues & publishing fixes prior to the official publication of the vulnerabilities on official sites.

So when the Chamilo team releases a new version (including the Chamilo 2.0 which is still in development), Softaculous will release the new version.

And existing users can then upgrade their installations to the latest version with the patch.

For more information on the nature of this vulnerability, please visit research.securitum.com

If you want to manually tweak your files, then visit github.com/chamilo/chamilo-lms

Note that this is not limited to Chamilo only.

It is an issue that affects any application using the library.

Chamilo is a learning management system (LMS) and web application often used by schools and educational institutions.

If you would love to know more about this LMS, please visit www.webhostingmagic.com/chamilo-lms-hosting.html to learn more.

Softaculous automates the installation of web applications to a website so that you can focus on using your apps, rather than spending time on installing/managing them.

cPanel's Paper Lantern Theme Deprecation

cPanel Jupiter Theme

We understand that some of our customers prefer Paper Lantern because of its visual icons.

And until now, customers have had the ability to switch between the two themes that cPanel provides: Paper Lantern and Jupiter.

However, the cPanel team has deprecated the Paper Lantern theme.

So we will be switching all cPanel accounts to the new Jupiter theme on Friday, the 7th of February 2022.

If you would want to switch to Jupiter before then, please log in to your cPanel.

Take a look at the upper right side of the cPanel interface (the General Information panel).

You will be able to select Jupiter as your default cPanel theme from the drop-down menu.

You can read more about the Jupiter theme by visiting https://dashboard.webhostingmagic.com/announcements/23/Introducing--Jupiter-Our-New-cPanel--ThemeorStyle.html

As always, we're available 24/7 and will be here to assist you if you need help getting this done.

Please stay safe and healthy.

WordPress Toolkit Backup/Restore MySQL 8.0 Database Issue

It was recently discovered that databases with special functions in MySQL 8.0 fail to backup. 

This is due to a change in MySQL 8.0 when handling specific types of data. 

The MySQL documentation states the following:

Incompatible Change: Access to the INFORMATION_SCHEMA.FILES table now requires the PROCESS privilege.

This change affects users of the mysqldump command, which accesses tablespace information in the FILES table, and thus now requires the PROCESS privilege as well. Users who do not need to dump tablespace information can work around this requirement by invoking mysqldump with the --no-tablespaces option.

This error is specific to users created under cPanel accounts, for use with applications (such as DB_USER variable in WordPress wp_config.php). 

There is no known workaround to allow this to function in the WordPress Toolkit though the WordPress Toolkit developers are aware of the issue.

Until they release a solution for this issue, please use either:

  1. PHPMyAdmin
  2. cPanel's Backup Wizard or 
  3. Jetbackup

to take backups of MySQL databases of your WordPress websites.

WordPress Database Malware Infection Clean-up Made Simple


Database infections are destructive.

But even more so, they can be a persistent threat. 

With over 30% of all malicious files caused by this kind of infection, cleaning them up can be very tasking to you, the website owner.

The vector of infection can be a situation:

  • where a developer copies and pastes a code without understanding what it actually does.
  • via an installed plugin or extension.
  • or a deliberate infestation that occurred because the website owner has not enforced available two-factor authentication and someone gains access to his or her system.

It doesn't matter how this happens.

One thing that is certain is that this often stays hidden and the authors can selectively call them to function without anyone being any wiser.

But even more so is that the account will stay compromised and will cause malicious files to keep on reappearing.

Today, we are announcing a Malware Database Scanner feature.

Our Malware Database Scanner gets to the bottom of such problems and eliminates those DB infections.

It is a solution designed to get to the bottom of the problems and eliminate those DB infections.

MDS automatically uses information from WordPress configuration files to get DB connection details for each CMS. 

Then it safely and reliably backs up suspicious DB data ensuring that each step can be unmade in case an issue arises.

This happens 100% out of sight without you needing to do anything at all.

No SQL knowledge, no connection strings, passwords, etc needed.

For the moment, only WordPress databases are supported.

But it is good to know that all WordPress CMS hosted on our systems have access to this feature.

But the feature will be extended to include all content management systems (CMS) once released.

Please note that while this has been enabled, it is still a beta feature.

Our team (alongside the CL engineers) is closely monitoring its performance and hoping that it will help protect you even better.

If you noticed any odd database behavior, do let us support team know at once.

Thanks and have a beautiful and wonderful weekend.

Show Previous EntriesShow Previous Entries