Navigation indicator

Important Security Update: How to Protect Your WordPress Website

June 12, 2026

Over the past few months, the landscape of website security has experienced a sudden and dramatic paradigm shift. We want to share what we have been facing behind the scenes, how our industry is evolving and—most importantly—the practical steps you can take to keep your website safe.

The New Reality: AI-Accelerated Exploits

Historically, website security operated at a predictable pace. A critical vulnerability might surface once or twice a year, giving website owners and system administrators plenty of time to review change logs, assess threats and schedule a convenient patch window.

That era is officially over.

As detailed in our recent blog post, Securing Your Websites Against 0-Day Threats, we have faced a rapid, continuous barrage of critical zero-day threats occurring weekly, and at times even daily.

This shift is being driven by the maturation of advanced AI tools. Both security researchers and malicious actors are now using AI to audit source code at lightning speed.

  • The Good: Defenders can find deep, systemic flaws that went unnoticed by human eyes for years.
  • The Bad: The moment a patch or a public disclosure is released, automated tools can instantly reverse-engineer it to find the exploit.

As a result, vulnerabilities are being actively exploited in the wild mere hours after public disclosure. The traditional concept of “scheduling a patch window next week” is no longer viable. Maintaining security now requires constant, immediate attention.

Looking Ahead: The Next 3 to 12 Months

Our security vendors have declared that we are in the middle of a permanent industry shift. Experts project that this rapid pace of vulnerability discoveries will persist aggressively for the next 3 to 6 months, with an elevated threat environment remaining for the next 1 to 2 years as AI tools continue to improve.

Continuous, automated updating is the new standard for web safety.

Why Keeping Your WordPress Software Current Matters

Because the vast majority of our customers run on WordPress, it’s vital to understand how this impacts your daily operations.

The #1 cause of website compromises is failing to keep website software up to date.

WordPress plugins are highly targeted by attackers using AI tools to find hidden flaws. A prime example occurred recently with UpdraftPlus, a massive backup plugin with millions of installations. A critical vulnerability was discovered that allowed for full website compromise if left unpatched.

When your site runs outdated plugins, it is only a matter of time before automated scripts locate the vulnerability.

Server-Level Defence vs. Core Patching

To help counter these threats, all Varial Hosting plans include an AI-driven, proactive firewall designed to help intercept malicious traffic and mitigate many zero-day exploits in real time. Powered by our Imunify360 security suite, its malware protection also adds an extra layer of defence by working to automatically detect and quarantine known malicious code before it can cause damage to your site.

While these server-level features are must-have modern security tools, patching vulnerable application code directly remains the single best defence against exploits.

3 Ways to Keep Your WordPress Site Up to Date

To protect your business and reputation, you need an update strategy that fits your workflow. We provide three distinct paths to handle this on our platform:

1. Manual Updates via WP-Admin (Self-Managed)

You can log directly into your WordPress wp-admin dashboard regularly to manually update your WordPress core, plugins and themes. Because of the accelerated timeline of modern attacks, you should frequently check for and apply updates to ensure you aren’t left exposed to active exploits.

2. Automated or Manual Updates via Installatron in cPanel (Recommended)

You can utilize the Installatron tool located inside your cPanel control panel. Installatron offers a massive safety net: it automatically takes a complete backup of your website before performing any update, allowing you to easily roll back with a single click if there are any issues.

  • WordPress Core (Our Default): By default, Installatron is set to automatically update your core WordPress software. Core releases are heavily tested and rarely introduce bugs.
  • Plugins and Themes (Optional): Automatic updates for plugins and themes are optional and turned off by default. Because anyone can write a plugin, they may not be as thoroughly tested and could occasionally introduce conflicts or functionality changes that could negatively impact your website. If you choose to enable automatic updates for plugins and themes, we highly recommend reviewing your website after receiving an update notification to ensure everything is working properly.

3. WordPress Care & Maintenance Plan (Fully Managed)

For businesses and organizations that want total peace of mind without the hassle, our fully managed WordPress Care & Maintenance Plan is available.

With this plan, our team handles the entire process for you. We don’t just blindly update your site; we deploy and test all updates in a private staging environment first to ensure there are no conflicts or layout issues before safely pushing them live. This allows you to focus 100% on running your business while we ensure your website remains locked down.

The security landscape has changed permanently, but by shifting to a proactive, continuous update mindset, you can keep your data and websites secure.

If you would like to enrol in our Care & Maintenance plan, or need help configuring Installatron for automated backups and updates, please contact us or open a ticket with our support team.

cPanel Upgraded to v134 Across All Servers

May 5, 2026

cPanel Logo

We are excited to announce that all Varial Hosting servers have been upgraded to the latest version of cPanel (v134). This update brings several new tools to help you manage your website and email more easily.

Here are the most helpful changes for you:

Easier Website Testing & Management

  • Temporary Domain Names: Ever wanted to start building your website before your domain name was officially registered or moved to us? You can now create a temporary domain to preview and test your site during development.
  • Simplified Security: We’ve combined several security pages into one Unified SSL/TLS interface. This makes it much easier to see if your website’s “padlock” icon is active and up to date.
  • Centralized Settings: You can now manage your account password, contact info and language preferences from one single location in cPanel, saving you from clicking through multiple menus.

Better Email Experience

  • Webmail Filtering: You can now create and manage email filters (rules that automatically move or delete certain emails) directly inside Webmail. You no longer need to log into the main cPanel dashboard to organize your inbox.
  • Enhanced Mail Security: We’ve upgraded our mail server software to improve performance. For your protection, this version requires stronger password security. If you haven’t changed your email password in many years, you may be prompted to update it to a more secure one.

Behind-the-Scenes Improvements

  • Faster Performance: With upgrades to Perl and better support for modern operating systems, your hosting environment is now faster, more stable and better equipped to run the latest web applications.

Securing Your Websites Against 0-Day Threats: How Varial Hosting Responded to This Week’s Critical Security Vulnerabilities

May 1, 2026

Securing Your Websites Against 0-Day Threats

TLDR; Our servers are fully patched against this week’s high-profile cPanel (CVE-2026-41940) and “Copy Fail” Linux (CVE-2026-31431) security threats. No action is required on your part; our team has already handled these updates for you.

This week was a busy one for our security team.

Rapid Response to the cPanel Authentication Vulnerability

On Tuesday, April 28th, a critical vulnerability was identified in cPanel (CVE-2026-41940). This flaw was particularly serious because it allowed for an “authentication bypass”—essentially meaning an attacker could gain administrative access to a server without needing a password.

Because we stay active in core industry security circles, we were alerted to this risk early. Following best practices, we took the proactive step of temporarily restricting access to cPanel, WHM and Webmail. This “closed the door” while we waited for the official software patch to be finalized.

Once the patch was released that afternoon, our team tested and deployed it across our entire network immediately—finishing the work many hours before standard nightly maintenance would have even begun.

By the time cPanel’s official email alert reached most server owners the following day, the digital landscape was already seeing a massive spike in exploit attempts. We are pleased to report that because of our team’s early intervention, Varial Hosting servers were fully secured before these global attacks even began.

Protecting Server Integrity Against the “Copy Fail” Threat

The very next day, Wednesday, April 29th, a second global threat emerged.

A vulnerability nicknamed “Copy Fail” (CVE-2026-31431) was discovered, affecting almost all Linux-based systems worldwide. This flaw could allow a low-level user to “escalate” their permissions to gain total control of a server.

Because the primary risk involved secure shell (SSH) access, we took the immediate precaution of temporarily disabling customer SSH and implementing early defenses while waiting for an official fix from our OS vendors.

When it became clear that a final patch would take some time to arrive, we decided not to wait. We implemented a “kernel-level” mitigation—a deep-system fix that required a full server reboot to activate.

Prioritizing Security Over Uptime

While we take pride in our ability to perform “rebootless” updates (some of our servers hadn’t needed a restart in over two years!), the emerging risk was too high to ignore. Security experts warned that hackers might try to use outdated or compromised WordPress sites as a “back door” to trigger this exploit. To ensure your data remained 100% isolated and secure, we performed a controlled reboot across our fleet last night.

As of this morning, we are happy to confirm that all servers are now running the fully patched kernel, and this vulnerability is closed.

Our Commitment to Your Security

At Varial Hosting, we know that you count on us to manage the complex world of server security so you don’t have to. While “0-day” threats like these make headlines, they are a routine part of our workday. Our team remains vigilant, monitoring global threat feeds 24/7 and testing patches before they are even officially announced to the general public.

We take these proactive steps to ensure that your business remains online and your data remains private, without you ever having to lift a finger.

Questions?

If you have any questions about these updates or our security protocols, our support team is always here to help. Feel free to open a support ticket or reach out to us directly.

23 years of Varial Hosting (and a favour to ask)

April 23, 2026

Ryan Smith - Varial Hosting 23 Years

This June, Varial Hosting will mark 23 years of serving the Canadian web.

In an industry dominated by giant, faceless conglomerates, we’ve managed to stay a boutique, independent provider for over two decades. We know our customers, and that is something I take a lot of pride in.

Today, I’m writing to you with a challenge we’ve set for ourselves: to double the size of our business over the next five years.

I want to be transparent with you about why. Like many of you, we’ve seen our operating expenses climb rapidly—from server hardware to the software licensing required to keep your sites secure. Combined with a tighter economy, this led us to increase prices earlier this year. It is something I want to avoid doing again at all costs.

Our plan is simple: Instead of just charging more, we are going to grow. We are refreshing our website, expanding our marketing and launching new services to keep our core hosting prices stable for everyone.

But first, let’s have a conversation.

It’s been over ten years since we sent out a customer survey. I actually started creating a new one last week, but then I realized: I hate filling those things out. So, let’s just talk.

I’d love to hear how we are doing. Is there something we’re doing really well that you’d like to see more of? On the flip side, is there a “bug” or a service you wish we offered that would make your life easier? Whether it’s a success story or a frustration you haven’t gotten around to telling us about, I want to hear it. If you have feedback, please reach out to me directly. I read every single message personally.

Coming Soon: WordPress Care (Total Peace of Mind)

We are preparing to launch a WordPress Care & Maintenance Plan designed for those who get stressed out performing updates in fear of breaking their website. We want to become your personal webmaster. The plan includes:

  • 24/7 Monitoring: We don’t just check if your server is up; we monitor to ensure your pages are actually rendering correctly for your visitors.
  • Human-Reviewed Updates: We don’t just click ‘update’—we personally review and test updates for your WordPress core, themes and plugins to ensure total compatibility.
  • Staging Environments: We test all updates in a sandbox environment before pushing them to your live production site.
  • Performance & PHP Management: We handle PHP upgrades and server-level caching configuration to keep your site fast.
  • 30 Minutes of “Small Tasks”: Every month, you get 30 minutes of our time for those quick site changes or fixes you need.

Want early access? If you’d like to add this plan before our public launch, let me know and I’ll send you the details.

We are also looking for your “vote” on a few other ideas:

  • Redis Object Caching: Want a faster WordPress site? We’re considering adding Redis to our Turbo and Max plans. It stores database queries in the server’s RAM for near-instant delivery—making your site feel significantly snappier.
  • Node.js Hosting: Are you a developer or “vibe coder” needing a high-performance, Canadian home for your apps?
  • Fully Managed VPS: Are you hitting the limits of our Max or XL plans and need more computing power, but with the same managed feature set you already trust?

If any of these would make your life easier, please send me your thoughts.

Varial Hosting CEO Ryan Smith and his wife in Saskatoon, celebrating over two decades as an independent Canadian web hosting provider.
Independent, family-owned and proud to be Saskatoon’s home for web hosting.

A Small Favour to Help Us Grow

If you’ve been happy with us over the last 23 years, there are three quick ways you can help us reach our 5-year goal:

  • Testimonials: We are refreshing our website and would love to feature you. Shorter is better! We’ll include a link back to your site, which provides a nice SEO boost for your business.
  • Google Reviews: Have a spare minute? Leave us a rating or review here.
  • Referrals: Our Affiliate Program pays a 10% recurring commission for the life of the account. We have many clients who actually cover their own hosting costs just through a few referrals.

Thank you for being part of the Varial Hosting story for the last two decades. I’m looking forward to hearing from you.

Best regards,

Ryan Smith
CEO, Varial Hosting

Electronic Funds Transfer (EFT) Payments Now Accepted

April 13, 2026

We are pleased to announce that Electronic Funds Transfer (EFT) is now an accepted method of payment for Canadian customers.

If your business or organization would like to submit payment by EFT, please contact billing@varialhosting.com to request our EFT payment instructions.