Navigation indicator

Securing Your Websites Against 0-Day Threats: How Varial Hosting Responded to This Week’s Critical Security Vulnerabilities

May 1, 2026

Securing Your Websites Against 0-Day Threats

TLDR; Our servers are fully patched against this week’s high-profile cPanel (CVE-2026-41940) and “Copy Fail” Linux (CVE-2026-31431) security threats. No action is required on your part; our team has already handled these updates for you.

This week was a busy one for our security team.

Rapid Response to the cPanel Authentication Vulnerability

On Tuesday, April 28th, a critical vulnerability was identified in cPanel (CVE-2026-41940). This flaw was particularly serious because it allowed for an “authentication bypass”—essentially meaning an attacker could gain administrative access to a server without needing a password.

Because we stay active in core industry security circles, we were alerted to this risk early. Following best practices, we took the proactive step of temporarily restricting access to cPanel, WHM and Webmail. This “closed the door” while we waited for the official software patch to be finalized.

Once the patch was released that afternoon, our team tested and deployed it across our entire network immediately—finishing the work many hours before standard nightly maintenance would have even begun.

By the time cPanel’s official email alert reached most server owners the following day, the digital landscape was already seeing a massive spike in exploit attempts. We are pleased to report that because of our team’s early intervention, Varial Hosting servers were fully secured before these global attacks even began.

Protecting Server Integrity Against the “Copy Fail” Threat

The very next day, Wednesday, April 29th, a second global threat emerged.

A vulnerability nicknamed “Copy Fail” (CVE-2026-31431) was discovered, affecting almost all Linux-based systems worldwide. This flaw could allow a low-level user to “escalate” their permissions to gain total control of a server.

Because the primary risk involved secure shell (SSH) access, we took the immediate precaution of temporarily disabling customer SSH and implementing early defenses while waiting for an official fix from our OS vendors.

When it became clear that a final patch would take some time to arrive, we decided not to wait. We implemented a “kernel-level” mitigation—a deep-system fix that required a full server reboot to activate.

Prioritizing Security Over Uptime

While we take pride in our ability to perform “rebootless” updates (some of our servers hadn’t needed a restart in over two years!), the emerging risk was too high to ignore. Security experts warned that hackers might try to use outdated or compromised WordPress sites as a “back door” to trigger this exploit. To ensure your data remained 100% isolated and secure, we performed a controlled reboot across our fleet last night.

As of this morning, we are happy to confirm that all servers are now running the fully patched kernel, and this vulnerability is closed.

Our Commitment to Your Security

At Varial Hosting, we know that you count on us to manage the complex world of server security so you don’t have to. While “0-day” threats like these make headlines, they are a routine part of our workday. Our team remains vigilant, monitoring global threat feeds 24/7 and testing patches before they are even officially announced to the general public.

We take these proactive steps to ensure that your business remains online and your data remains private, without you ever having to lift a finger.

Questions?

If you have any questions about these updates or our security protocols, our support team is always here to help. Feel free to open a support ticket or reach out to us directly.

23 years of Varial Hosting (and a favour to ask)

April 23, 2026

Ryan Smith - Varial Hosting 23 Years

This June, Varial Hosting will mark 23 years of serving the Canadian web.

In an industry dominated by giant, faceless conglomerates, we’ve managed to stay a boutique, independent provider for over two decades. We know our customers, and that is something I take a lot of pride in.

Today, I’m writing to you with a challenge we’ve set for ourselves: to double the size of our business over the next five years.

I want to be transparent with you about why. Like many of you, we’ve seen our operating expenses climb rapidly—from server hardware to the software licensing required to keep your sites secure. Combined with a tighter economy, this led us to increase prices earlier this year. It is something I want to avoid doing again at all costs.

Our plan is simple: Instead of just charging more, we are going to grow. We are refreshing our website, expanding our marketing and launching new services to keep our core hosting prices stable for everyone.

But first, let’s have a conversation.

It’s been over ten years since we sent out a customer survey. I actually started creating a new one last week, but then I realized: I hate filling those things out. So, let’s just talk.

I’d love to hear how we are doing. Is there something we’re doing really well that you’d like to see more of? On the flip side, is there a “bug” or a service you wish we offered that would make your life easier? Whether it’s a success story or a frustration you haven’t gotten around to telling us about, I want to hear it. If you have feedback, please reach out to me directly. I read every single message personally.

Coming Soon: WordPress Care (Total Peace of Mind)

We are preparing to launch a WordPress Care & Maintenance Plan designed for those who get stressed out performing updates in fear of breaking their website. We want to become your personal webmaster. The plan includes:

  • 24/7 Monitoring: We don’t just check if your server is up; we monitor to ensure your pages are actually rendering correctly for your visitors.
  • Human-Reviewed Updates: We don’t just click ‘update’—we personally review and test updates for your WordPress core, themes and plugins to ensure total compatibility.
  • Staging Environments: We test all updates in a sandbox environment before pushing them to your live production site.
  • Performance & PHP Management: We handle PHP upgrades and server-level caching configuration to keep your site fast.
  • 30 Minutes of “Small Tasks”: Every month, you get 30 minutes of our time for those quick site changes or fixes you need.

Want early access? If you’d like to add this plan before our public launch, let me know and I’ll send you the details.

We are also looking for your “vote” on a few other ideas:

  • Redis Object Caching: Want a faster WordPress site? We’re considering adding Redis to our Turbo and Max plans. It stores database queries in the server’s RAM for near-instant delivery—making your site feel significantly snappier.
  • Node.js Hosting: Are you a developer or “vibe coder” needing a high-performance, Canadian home for your apps?
  • Fully Managed VPS: Are you hitting the limits of our Max or XL plans and need more computing power, but with the same managed feature set you already trust?

If any of these would make your life easier, please send me your thoughts.

Varial Hosting CEO Ryan Smith and his wife in Saskatoon, celebrating over two decades as an independent Canadian web hosting provider.
Independent, family-owned and proud to be Saskatoon’s home for web hosting.

A Small Favour to Help Us Grow

If you’ve been happy with us over the last 23 years, there are three quick ways you can help us reach our 5-year goal:

  • Testimonials: We are refreshing our website and would love to feature you. Shorter is better! We’ll include a link back to your site, which provides a nice SEO boost for your business.
  • Google Reviews: Have a spare minute? Leave us a rating or review here.
  • Referrals: Our Affiliate Program pays a 10% recurring commission for the life of the account. We have many clients who actually cover their own hosting costs just through a few referrals.

Thank you for being part of the Varial Hosting story for the last two decades. I’m looking forward to hearing from you.

Best regards,

Ryan Smith
CEO, Varial Hosting

Electronic Funds Transfer (EFT) Payments Now Accepted

April 13, 2026

We are pleased to announce that Electronic Funds Transfer (EFT) is now an accepted method of payment for Canadian customers.

If your business or organization would like to submit payment by EFT, please contact billing@varialhosting.com to request our EFT payment instructions.

2025 Year in Review

January 5, 2026

2025 Year in Review

Happy New Year!

Thank you for being part of our family and selecting Varial Hosting as your independent hosting provider.

If you are new to our company or have been a customer with us from the start, we value you and greatly appreciate your support of our business, your phone calls and emails that help us get to know you, your referrals and recommendations, and having the ability to watch your websites come to life.

When we first started 22 years ago there were many companies like us. Small, local hosting providers that offered very personal service. Few companies like us exist any more. The hosting providers we modelled ourselves after in our early years have all been bought up by large investment firms, owned by billionaires seeking to control the market. This centralization has led to an Internet that is now owned and controlled by only a handful of massive corporations.

We are a family owned and operated business that are committed to providing personal service. Our 24/7 support ticket response time average for 2025 was just 20 minutes!

2025 also saw our best server stability ever. All of our servers achieved >99.99% uptime including scheduled maintenance with some servers even having 100% uptime. This is thanks large in part due to our large investment in new server hardware last year and improvements made in the stability of our software stack.

AI was a hot topic in our workplace this year.

No we aren’t trading in our human support experts for AI agents. 😆

AI and machine learning have played a large part in securing our servers for years. They help to train our firewalls to recognize and block attacks, even before reaching your website.

While WordPress is still our customer’s top choice for a website development platform, our Sitejet Builder is emerging as a great alternative for clients looking to create a simple website themselves. With the launch of its new AI website generator, with just your company name, business type, and a short description about your company, Sitejet can instantly generate a beautiful, responsive website for you with content and page structures best suited to your business.

AI has also been a real nuisance this year.

AI scrapers have begun aggressively visiting websites, often overwhelming them with traffic to scrape website contents as quickly as possible. While search engine bots will adhere to rules on how quickly to browse pages and what content they should not access, many AI scrapers do not play nice. In fact some AI scraper bots act more like attackers, hiding their identities to look like real visitors, and using botnets and proxy networks to connect from thousands of locations all at once to make blocking them extremely difficult.

This is a challenge that we and the entire hosting industry are working to find solutions for.

Thank you for another amazing year! If you have any questions, concerns, or suggestions for our company, we would love to hear from you.

Wishing you all the best in 2026!

Sincerely,

Ryan Smith, CEO
Varial Hosting

Gmail to Discontinue Fetching Email from 3rd Party Email Accounts

November 4, 2025

While not a change to our service, we know that many of our customers use Gmail’s website to check their email accounts that are hosted by us.

Starting January 2026, Gmail will discontinue the fetching of email from 3rd party email accounts using POP fetching. This feature is referred to as “Check mail from other accounts” in your Gmail account settings.

Once Gmail has discontinued this feature they will no longer fetch email from your email accounts hosted by us if you were using this feature.

To work around this you can either:

1. Create an Email Forwarder in cPanel to forward email sent to your email accounts hosted by us to your @gmail.com address.

or

2. Use our Webmail or any IMAP email application like Outlook or Apple Mail to check your email accounts that are hosted by us.

Introducing Sitejet AI Website Generator

July 15, 2025

Finally, a good use for AI!

With just your company name, business type and a short description about your company, Sitejet Builder’s new AI Website Generator will instantly generate a beautiful, responsive website for you with matching layout, content and design.

Once generated, you’ll see a full preview of the design and can fine-tune colours, fonts and page sections before moving into Sitejet Builder for final adjustments and publishing.

Sitejet Builder’s AI Website Generator is now available to all Varial Hosting customers.

Building a website has never been quicker!

2024 Year in Review

January 3, 2025

Happy New Year!

Thank you for being part of our family and selecting Varial Hosting as your independent hosting provider.

With Cara’s return from maternity leave, we’re once again operating as a family-owned mom and pop shop!

2024 was a very busy year.

The entire first half of the year was spent meticulously planning and executing our recent server migrations and upgrades which saw the majority of our customers moved to brand new server hardware.

With this work now complete, our servers are faster and more reliable than ever!

2024 introduced our new Sitejet website builder, PHP 8.3 support, team management in cPanel, faster backups and restores, email compression, as well as outgoing email spam scanning to protect our server’s email sending reputations.

This summer we launched a new line of hosting plans with a huge introductory 67% discount offer which led to us breaking our record for new orders in a single day when back to school season started. In fact, we broke this record two days in a row at the start of September!

We strive to provide the best support for our services as possible. With that said, I’m pleased to announce that our 24/7 support ticket response time average for all 366 days of 2024 was just 19 minutes!

As a final project for 2024 we launched a new knowledgeable on our website for those looking to quickly find answers to common questions. We’ll be spending much of 2025 rewriting all of our support articles to be as up to date and helpful as possible.

Thank you for an amazing year. Your business and support is much appreciated.

Wishing you all the best in the new year!

Sincerely,

Ryan Smith, CEO
Varial Hosting

Change in .COM domain name pricing

August 15, 2024

Effective August 15, 2024, pricing for new .COM domain name registrations and transfers will change to reflect an increase in price of all .COM domain names as announced by Verisign and ICANN, the operators of the .COM TLD.

.COM domain names due for renewal within the next 30 days will renew at existing rates. No changes will be made to existing renewal invoices.

.COM domains due for renewal on or after September 15, 2024 will renew at the following rates:

Was $20.99CAD >> Now $22.99CAD/year
Was $15.99USD >> Now $16.99USD/year

Whois privacy protection remains free for all eligible domain names.

Varial Introduces New Line of Hosting Plans

August 1, 2024

It’s been eight years since we last revised our hosting plans, and with the recent completion of our operating system and server hardware upgrades, we thought it would be a great time to shake things up a bit.

Introducing our new Startup, Plus, Turbo and Max hosting plans.

All plans include a massive 67% discount with the pre-paid purchase of a 12-month hosting plan, making our new line of hosting plans start at just $3.99*/month!

* Special prices are applicable for the first invoice. For all subsequent renewals regular prices apply.

In addition to these massive savings, all plans feature blazing fast SSD storage, unlimited bandwidth, email service included, free SSL certificates, our new Sitejet website builder, optimized WordPress features and expert support at no additional cost!

Our new line of hosting plans can now be purchased at:
https://varialhosting.com/

Behind the Scenes of our Recent Server Migrations and Upgrades

July 2, 2024

When we launched our next-generation hosting platform back in 2016, we had deployed our servers on the CloudLinux 7 operating system (based on CentOS Linux) which had just gained compatibility with our cPanel hosting platform at the time. 8 years later, this operating system has now reached its end of life and has been discontinued.

Traditionally when a server operating system reaches its end of life, our only option was to setup a new server running a newer operating system and migrate customers to it, a time consuming but tried and true method we are very experienced with.

This year introduced a new option, the ELevate Project which could perform in place upgrades from CloudLinux 7 to CloudLinux 8 on existing servers.

While cPanel compatibility with CloudLinux 9 and a stable release of the ELevate Project had been promised for mid-2023, unfortunately these dates were not met as cPanel did not gain support for CloudLinux 9 until until March 2024 and the ELevate Project wasn’t considered stable until April. This created a lot of pressure for everyone in the hosting industry as both cPanel and CloudLinux repeated that they would not provide extended lifecycle support for CloudLinux 7, meaning running it past the June 30, 2024 end of life date would pose a major security risk.

As such, we finalized our migration plans in January and got to work. We knew we did not want to risk using the ELevate project as an issue with a failed upgrade could be catastrophic, resulting in lengthy downtime if a server wouldn’t boot and needed to be restored from backups. We also wanted to retire our oldest servers and upgrade the hardware components of others, so moving customers off of those servers was our best choice.

So the decision was made to migrate all customers to new servers. We had some CloudLinux 8 servers already deployed so we would start by migrating some customers to those servers while we waited for cPanel to introduce compatibility with CloudLinux 9 so we could skip to the newest operating system for the bulk of our migrations.

As CloudLinux 9 dropped support for a number of legacy applications such as PHP versions older than 5.6, we identified customers still requiring these versions and migrated them to our existing CloudLinux 8 servers first to keep their websites operational.

With cPanel growing closer to providing compatibility with CloudLinux 9 we deployed and configured many new servers and waited to begin the bulk of our migrations as soon as that compatibility was deemed stable.

In the past when performing server migrations we would schedule them for a weekend and we’d work around the clock for two or three days straight migrating all accounts from the server at once. With the growing size of our company and a need for a better work-life balance, we knew this wouldn’t be a feasible option this time.

Instead we reviewed each and every account, making note of those that could have potential challenges, such as requiring manual DNS updates, and scheduled anywhere from 10 to 50+ accounts for migration per day, every single day, from March until mid-June until all customer migrations had been completed.

While so significantly time consuming, this has been our most successful migration to date with a record low number of support tickets raised.

With an extensive 6 months of work and planning behind us, we can now breathe a sigh of relief to have completed our migrations before the deadline.

Other hosts weren’t so lucky. The delays with ELevate’s stability and cPanel’s CloudLinux 9 compatibility left many other providers without sufficient time to upgrade their server fleets. As such, at the end of May, cPanel and CloudLinux reversed course and announced a paid, extended lifecycle support program for CloudLinux 7 for an additional 18 months to prevent the security nightmare of having so many out of date servers on the Internet. While we wouldn’t need it, we were among those very vocal that such a program was critical given the time constraints introduced.

If you’ve read this far you may be asking, what does all of this mean for you?

1. Faster servers. Our oldest equipment has been retired and replaced with brand new, faster servers.
2. 100% solid state storage. All hard disk drives have been decommissioned and replaced with solid state drives. We spent tens of thousands on SSDs over the past few months to complete this upgrade. With the faster storage we have also doubled Disk IO limits across all of our hosting plans.
3. Team management. You can now create multiple logins for a cPanel account (Manage Teams feature) with the ability to limit access.
4. Email compression. Emails in your inbox are now compressed, significantly reducing the storage space they require.
5. Faster backups and restores. With an all-new offsite backup server and JetBackup upgraded to v5 across all servers, backup times have dropped from 8-12 hours per server to just 1-2 hours!

And several more new features are coming soon! Welcome to the new, next-generation of Varial Hosting!