Featured Video: Liquid Web Managed WordPress and Image Compression

The key to running a successful blog or website is having great content and making it easy for your users to find what they need. Part of providing great blog content usually involves using images and graphics to enhance your articles, posts and pages. Doing so will provide your readers with visual context and can help break up large blocks of text. Using lots of visual elements and images isn’t without its trade-off though.

The more HD photos you use, the more data a user has to download when reading your articles. This can mean longer load times for users, and higher disk and bandwidth usage for your server. That’s why you should always optimize your website’s images since long page loads can cost you views. In this featured video Chris Lema shows how our Managed WordPress improves this with a default plugin.

Website performance is a big deal and we know you care about keeping your site fast. The most common reason for a slow site is caused by uploading full size HD images. So to improve your WordPress sites performance we’re building our own image compression solution. Since building our own solution will take some time and we don’t want you to wait, so we’ve loaded the Compress JPEG & PNG Images plugin for you.

Normally optimizing the first set of images is free and you pay a small fee for images after that, but you wont! We’ve partnered directly with TInyPNG and Liquid Web will be covering that cost so you can use this solution until we complete our own.

To learn more, or signup, take a look on our Managed WordPress page.

Protecting Against CVE-2016-3714 (ImageMagick)

Overview

A security vulnerability has been discovered in the ImageMagick software suite that can potentially allow remote code execution.

Impact

All versions of ImageMagick are affected. An updated version has been committed and should be rolling out to repositories in the near future. Until a patch is available for all systems, Liquid Web is taking steps to block the offending payloads. Additionally, a direct modification to ImageMagick’s policy file can reduce the risk of an exploit due to the vulnerability.

Resolution

A full resolution is not possible until a patch is released and applied. While that is anticipated to be available soon, in the interim, policies specifically blocking known exploits can be added directly to ImageMagick’s policy file, policy.xml. The file will be located in one of two possible directories, depending on how the software was installed:

  • /etc/ImageMagick/policy.xml
  • /usr/local/etc/ImageMagick-6/policy.xml

Once located, open policy.xml in your preferred text editor and add the following nine lines to the bottom of the file to help minimize the risks of exploit:

<policy domain="coder" rights="none" pattern="EPHEMERAL" />
<policy domain="coder" rights="none" pattern="HTTPS" />
<policy domain="coder" rights="none" pattern="MVG" />
<policy domain="coder" rights="none" pattern="MSL" />
<policy domain="coder" rights="none" pattern="TEXT" />
<policy domain="coder" rights="none" pattern="SHOW" />
<policy domain="coder" rights="none" pattern="WIN" />
<policy domain="coder" rights="none" pattern="PLT" />
<policy domain="path" rights="none" pattern="@*" />

Note: This post has been updated to reflect policies for four additional coders identified as potentially vulnerable, and one that prevents indirect reads entirely. ImageMagick still should be upgraded when the latest release is made available even if the policy file has been manually edited.

Managed customers who need help editing the policy file may contact Heroic Support® for assistance.