WooCommerce oops!

A critical vulnerability has been discovered in WooCommerce prior to version 5.5 (the current version). You can read about it here, but they don’t give much info on what might happen.  I dug into the code and I think that if someone exploited this on your store, they could have access to order, customer, and administrative information via a cleverly crafted search string.

CloudLinux - CloudLinux Blog - New vulnerability discovered - the fix for  CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare

It is extremely important that if you have WooCommerce installed you upgrade to 5.5.1 as a matter of urgency.  Once these vulnerabilities become public, the baddies know about and start using them.Please don’t ignore this.  And while you are at it, check that WordPress is at version 5.7.2

If you subscribe to the 123Host WordPress Management service, I have already upgraded WooCommerce for you.

May 2021 newsy thing

Thanks for your ongoing support for 123host by being a customer. 123host is your classic “small business”, which means I can give personalised support and be agile, not necessarily having rigid policies. I get the opportunity to watch projects progress from an idea to fruition…you aren’t an anonymous username to me.

Why you should invest in a .com.au domain name - eBranding.com.au

Keep in mind that pretty soon plain .au domains are going to become available.  For example I will most definitely register 123host.au.  If you have a .au domain (.com.au, .org.au etc) already, you will be given first option to grab your domain in plain .au.  You don’t have to do this, but I don’t think it will be expensive.  I will update everyone when I hear more.

While we are on domains, some of you are going to receive an email from the domain registry, emailing on behalf of 123host.  It seems they have done an audit of ABNs and Business Numbers used to register .au domains and have identified those that have expired or are invalid for some reason. There are about 30 people with domains that won’t be able to be renewed if their details aren’t updated.  This is completely out of my hands and I am happy to give you some ideas if you do receive one of these emails.  The first thing to do is not panic, in most cases it will be easy to resolve if you want to keep the domain – contact me.

I learned something recently, but first some background. If you have a multi-word domain, especially if it has the same letter at the end of one word and the start of the next, it can be hard to read when written e.g. beattheearthheart.com.au (I just made that up). Many of you would have had me suggest Camel Case, so the domain would read BeatTheEarthHeart.com.au – this is perfectly legitimate and doesn’t need any settings or anything…just get in the habit of writing your domain like that. It is much easier to read and more memorable.

But I learned there are other lettering cases too.

camelCase, PascalCase, snake_case, kebab-case - notacje w kodzie - YouTube

As I mentioned, my favourite, Camel Case; “TheQuickBrownFoxJumpsOverTheLazyDog”. But did you know that there is also Snake Case? “the_quick_brown_fox_jumps_over_the_lazy_dog”? I didn’t. So I did a bit of research and discovered the delightfully named Kebab Case “the-quick-brown-fox-jumps-over-the-lazy-dog”. I suggest you drop this bit of trivia into a conversation one day to appear very smart and geeky.

I know I waffle on about awesome customer service and truly try to live up to the 123host slogan of “giving the level of customer service I wish I received elsewhere“. I shake my head when I send an email somewhere and they auto respond “you should receive a reply in 48 – 72 hours“. I reckon I am living up to the 123host promise; during May, 58% of support tickets were answered within 1 hour and 73% were answered within 4 hours. I am pretty happy with that. To open a support ticket you can either log into the client area at https://123host.com.au (this verifies you) or send an email to support@123host.com.au – if it is an email, I may ask you to verify yourself if I need to make any critical changes.

CleverReach® Official Newsletter Plugin for WordPress

WordPress continues to dominate as the software of choice. Please make sure your are keeping your plugins and the WordPress core up to date (Currently 5.7.1) or you may suffer the same fate as a new 123host customer whose site had been shut down elsewhere because out of date plugins had allowed malware to be inserted into his site. Keeping things up to date is relatively easy. Log into your WP dashboard and you should be notified of anything out of date. Updating is a couple of clicks.

If you want it to be even easier, subscribe to the 123host WordPress management service. I keep everything up to date for you and help with other administrative and security related tasks. You receive a monthly report on all the activity carried out. It is only $55 per year and includes some bonuses like a Divi license and any other perks I spot for subscribers. More information at https://blog.123host.net.au/wordpress-management/

Divi theme…I’m getting interested

If you use WordPress you need to have a theme. There are thousands and thousands of them ranging from the free default theme through to expensive premium themes.

One popular theme is Divi and the associated Divi builder. I’ll be honest and admit I don’t know a lot about it apart from having tweaked a few Divi sites, so I can find my way around it.

But I do own a lifetime multi-site Divi license that I purchased for 123host.com.au customers who subscribe to the WordPress management service I offer.

As part of that I was also added to the Divi mailing list. As a rule as soon as I get the first email from something like this I unsubscribe, but in this case I have actually found them to be a bit useful, so I pick the eyes out of the content.

I keep adding their freebies to the Divi pack customers have access to and today I found out they have a YouTube channel with a load of tutorials which look like a great resource for getting your Divi on.

I might check it out…

WordPress management

While doing some research for a recent email to all customers about a severe WordPress bug, I came across a solution where I can manage the administration side of your WordPress site without having to log in to it.

The task I look after on your behalf include

    • Updating WordPress
    • Update plugins
    • Update themes  (on request. I am reluctant to update themes in case it over-writes your customisation)
    • Scanning for malware and known vulnerabilities
    • Wordfence Security
    • Uptime monitoring
    • Broken link checking
    • Monthly report to you
    • Ensure https compliance
    • much more

123host is pretty much all inclusive.  I have always disliked the way some hosting businesses start with a cheap base price and then charge extra for every little thing.

However subscribing to this service is quite expensive for me and I pay based on the number of sites connected, so if you would like to have me manage the trickier part of your WordPress dashboard the cost is $55 inc GST per year* for your first site and $33* for additional sites.  This about $1 per week for peace of mind!

* yeah, the fine print - these prices were correct when I wrote this, it might have changed.

Possible service disruption

This coming Saturday morning (March 4th [NOT February 4th like I said in the email :o( ] ) from 0200 Eastern Australia Time there is a possibility of individual sites being down for a short period. While this is bad news, it is the prelude to some good news.

123host is growing and is moving to a brand new more powerful server with an upgraded operating system and component software. I’ll give some technical details later and not bore those that aren’t interested.

The data centre has suggested that since they are going to move sites individually and change the settings for each account one at a time, disruption will be minimal if at all. This is promising…in theory…but I know that nothing is foolproof, hence this email to give you notice.

We have investigated settings and as far as we can tell you likely won’t even notice the change except things may be faster. However if there are any problems come Saturday morning, send an email to support@123host.com.au immediately.

Tech specs of the new server – if you are interested in what it all means, do ask.

  • E3-1270v5 Latest Intel Skylake Architecture
  • 48GB DDR4 RAM
  • 4 x 2TB SATA Drives
  • Hardware RAID 10
  • 10TB Bandwidth
  • CentOS 7.x latest
  • PHP 7
  • cPanel latest

If you are one of the people who opted out of newsletters, stop reading now!


Ages ago I advised about free SSL certificates being issued to every domain. Read this https://blog.123host.net.au/123host-weeks-ahead-of-the-pack/ for my thoughts going back to September last year.

I know that some of you have moved your sites to https instead of http and I have assisted with a few of them. Unfortunately it sometimes isn’t straightforward and here is the unavoidable technical talk made as simple as possible

When using an SSL certificate, data is encrypted while transferred back and forward between the 123host server and a visitor to your site.   People may intercept your data (unlikely), but shouldn’t be able to decrypt it. Easy to understand so far?

The problem comes when within your site some content is included using http instead of https, it could be a link to a style sheet, an embedded image or something else. This results in a ‘mixed content’ warning because insecure content (http) is being included in a secure page (https). Still with me?

When there is mixed content, instead of the page having a ‘secure’ padlock


it is displayed as insecure.





Not only is the data not secure, there is also apparently a penalty in search engine ranking for insecure sites.

You can test your site easily. Simply use https:// instead of http:// and see what happens. If you get the padlock and secure notification jump in the air and click your heels being careful not to hurt your back. If it doesn’t work as expected you can sort it out yourself or ask for my help – and I am happy to lend a hand. But…

This is my final offer to help people switch to https for free. After April 1st I will charge $55 inc GST to help you do this no matter how simple or complex. You already have the free SSL certificate, it is now up to you.

Looking for a unique domain?

I have just added hundreds of new domain types to the list of domains to register.  You can now register domains such as MyBudget.wedding, JudySmith.photography, JoeBloggs.yoga and more – there is wide enough choice to suit just about every individual or business.

Here’s an offer to get you started; for a limited time .me domains are only $15 per year to register and then $35 per year to renew. But if you grab www.(YourName).me for up to 5 years when registering, you get the discount price for the duration.

How Very.cool is that? – and yes, this is a real URL these days.


This won’t apply to everyone, only those of you using WordPress.

I am pretty easy going and try to be generous with my time and skills, but am going to start billing people who have problems and they haven’t listened when I advise about upgrading WordPress. There are some serious issues with older versions, several sites had content injected into them earlier this month when a security hole was discovered.

The current version of WP is 4.7.2 and upgrading is usually trivial – log into your dashboard and in the At A Glance box it will tell you the version number and generally advise if there is an upgrade available…one click will then do the job.

Here’s another ‘amnesty’ offer. If you need help upgrading ask before April 1st or you are the fool as it will cost you $55.


And to finish up, I have been pretty disillusioned with the unfunny stuff on facebook recently to the point where I have cut down how much I use it.  So here’s something to lift my, and hopefully your, spirits https://www.youtube.com/watch?v=M1F0lBnsnkE and a compilation of Buster Keaton stunts to make you laugh https://www.youtube.com/watch?v=_J8XM1_rOTg

Scheduled Maintenance

Any websites that use mySQL database (this includes all WordPress sites) will experience an outage during a 2 hour window from 2AM Australian Eastern Standard Time on Saturday 8th October.

Powered by MariaDB

Many WordPress users are seeing warnings from various plugins about the mySQL version being out of date.  This upgrade will resolve this issue.  Don’t worry if you don’t know what this means, but I will be switching the database software from mySQL to MariaDB which should see many improvements.  If you are interested in some geek speak read this https://mariadb.com/blog/why-should-you-migrate-mysql-mariadb

I apologise for the interruption, but upgrades are necessary for both performance and security reasons, some can’t be done without downtime.  I have deliberately chosen what is a ‘quiet’ time for the server.

If you have any questions, feel free to ask.

123host – weeks ahead of the pack

I have been banging on about SSL certificates here and here and it turns out I was quite prescient.

In January 2017 Google is shifting the balance of internet security and the Chrome browser will report http:// websites as being not secure compared to https:// websites, it is likely all browsers will follow suit. You can read the Google blog post here

I am not going to go too deeply into SSL certificates and what it all means, you can read this if you are interested – but do note that their business model is now broken as SSL certificates are free – for everyone.

The good news is that if your hosting is with 123host you already have a free SSL certificate installed and you have https:// available whether you are using it or not.

Go ahead and try your domain but put https:// in front of it instead. There should be no error or warnings unless the domain is less than 24 hours old – certificates are checked and issued every night.  You’ll see a padlock next to the url

SSL enabled URL

So what do you do next? If you are using WordPress go into the dashboard and change the URL from http:// to https:// in two places there.  If the links in your blog have been constructed properly it should all just work.

If you have a custom website of some sort simply start using https:// instead.  Again it should all work assuming it has been built properly.

If you are having any problems with https:// on your site open a ticket and the security gnomes will go into action.

Don’t ignore this. If you do, after January 2017 people will see something like this if they visit your site in Chrome.

Google error message

If you don’t act now and need my help in 2017 I will charge for any work done.  How’s that for forcing the issue :o)

Free SSL for everyone!


If you recall a few months ago I announced Free SSL certificates now available.  This was pretty cool, Lets Encrypt started making SSL certificates available for free.  This is huge, the sale of SSL has been big business for a long time, way overpriced.  As often happens, someone has come along and disrupted the model and it has collapsed.

Now free SSL certificates are becoming the norm.  So much so that an upgrade to the 123host server happening as I write this, is automatically applying a free certificate for every single domain.  Even yours!

What does this mean?  Why SSL?  To find out you can read this article.

So what do you need to do to have your site use the certificate that is available?  Just use https:// instead of http:// and you will see a green padlock appear in the address bar, like this


If you are using WordPress you can make this the default URL by going into the dashboard > Settings and change the URL in two places by just putting the s in there and making it https://


Easy Peasy.

If you aren’t using WordPress and you need some help, open a support ticket https://support.123host.com.au – did you see what I did there?