On October 14, SiteGround had a live webinar #BeCyberSmart with SiteGround’s Updated Tools for Safer Sites, in which Hristo Pandjarov – WordPress Initiatives Manager – was supposed to reveal the newest security updates they developed. I received an email invitation to “save my spot”. Given the topic (i.e. security), I worked something out to free one hour of my time despite the scarcity of the latter. Would it be an informative webinar? I was indeed looking forward to learning:
Which are [their] latest security innovations
What types of vulnerabilities do they prevent
How using [their] tools can protect [my] websites
, as advertized in the email.
That being said, I have to admit that I had another reason to attend this webinar live. I wanted to raise the issue of their dysfunctional AutoUpdate tool.
We encourage you to write your questions throughout the whole webinar in the section “Ask a question” in Crowdcast so that the expert can see and answer them.The SiteGround Team
It started well with Hristo explaining that
security is not a single thing . . . it’s a process, it’s a mindset and him adding that
having good security habits is very important. It was supposed to be a 45-min presentation followed by the Q&A session. However, he was done, with his presentation, in less than 24 minutes…
It turns out that I was faster than expected!Hristo Pandjarov
… maybe because his presentation was devoid of any real content. The
latest updates from [there] security department was indeed nothing but a recap on their already existing tools. Here are the four main topics he covered:
- WAF and Server-side Protection Systems
- SSL Certificates, Backups, and Updates
- Improved Site Scanner
- The SiteGround Security Plugin
Granted, all are critical security features; still, all of them were already present when I get my web host three years ago (see SiteGround). The only exception would be their new security plugin1, which was indeed released this year. Just to briefly illustrate my point, in the first part, he talked about their WAF, Anti-bot AI Protection, Account Isolation, Regular Service Updates, and Zero-day Vulnerability Patches. Correct me if I am wrong, but their Anti-Bot AI was maybe new in 2017 but this is not a recent innovation anymore in 2021, even though… (see I am not a robot!).
Now, let me consider the case of Backups for a minute because, as you may know, if you follow this blog, it matters to me2. Admittedly, SiteGround brought some improvement to their existing services with the recently added geographical redundancy to their backup strategy3. However, they have also removed two convenient, and more importantly free, backup solutions (i.e. cPanel and Softaculous). Instead of providing a substitute, they are putting forward their SiteGround Backup solution; a $29.95 per backup alternative (with their StartUp plan) that does not even allow you to download backups locally!
In short (pun intended), I was disappointed because I didn’t learn anything new, except for the Custom Login URL feature of their security plugin. However, seeing my question being upvoted by others was easing my frustration.
Good to develop new tools, but what about fixing the existing ones. In particular, AutoUpdate, which was a great tool indeed, does not work anymore since the migration to Site Tools. Specifically, it fails to update WordPress (or, at best, does it a week after the release, despite being set to “immediate”). Therefore, owing to the code that disables WordPress’s automatic update (that cannot be removed/accessed anymore since the migration), using your tool puts our websites in danger!
While few other questions received more votes than mine, I was still on the top of the list with 3 votes. I was waiting (not so) patiently my turn; recalling my moment of glory during a previous webinar (see SiteGround New Client Area and Site Tools – part 3). I was next…
… when suddenly my question just vanished.
What the f…! At the second Hristo was about to address it, my question was removed from the list. Surprised and puzzled, taking a minute to collect my wits, I checked the Answered questions section, just to see. It was there indeed – with “an answer”, but not one that SiteGround wanted to showcase:
WordPressAupdate[sic] functionality is still included in our hosting plans. The reason why the autoupdate process is delayed a few days after each version release is that our team likes to research and test extensively the new version for any potential exploits.SiteGround
Of course, I commented immediately, hoping for a reply:
What about security release. They should be implemented immediately, not a week or more after!
Needless to say, that I am still waiting (for their reply). First, I reposted my question (back to the main list) with my added comment. A few times, I thought it will be answered… Oh, naïve! It was simply ignored by Hristo despite the question being upvoted again and next on the list. I was also checking the Answered questions section for any response to my comment but to no avail. Then, I assumed that it would be posted with all the unanswered questions on the SiteGround blog, as they usually do. However, as of today, there is still no blog post about the webinar; nothing but the video being available on their Youtube channel. I am afraid that the latter may have superseded their (good old) blog.
It is really important to keep your core WordPress files and all of your plugins updated to their latest versions. Most of the new WordPress and plugin versions contain security patches . . . Minor releases include security improvements and bug fixes and we recommend the immediate update for these. SiteGround (on their website)
So, to conclude, was it an informative webinar? I don’t think so, this was nothing but an advertising video! I have wasted one hour of my precious time.
1 I will have to cover this plugin soon. My first impression, after the How To Secure Your WordPress Site In A Few Steps webinar by Cal Evans last June, was not a good one. Now, the Custom Login URL feature roused my curiosity and I will have to reconsider the question. ^
2 See SiteGround New Client Area and Site Tools – part 1 and the following twelve posts of this mini-series. ^
3 As acknowledged in Site Tools (vs. cPanel) – part 4: Security. ^