Changelog

SELinux Enforcement & Server Hardening

December 18, 2025

Version 1.4.3 / Security, Infrastructure & Server Operations

Overview

This update completes a major SELinux enforcement and server hardening initiative across all Hostbotica WordPress and ColdFusion environments. The work standardizes SELinux behavior, modernizes NGINX hosting configuration, and introduces new Hostbotica Remote Control (HRC) tooling to ensure consistent, repeatable security posture moving forward.

Highlights

SELinux Activation & Standardization

  • Activated SELinux enforcing mode across all WordPress and ColdFusion 2023 servers.
  • Completed troubleshooting and remediation of policy conflicts to ensure uninterrupted application operation.
  • Standardized SELinux contexts for WordPress and ColdFusion services.

HRC Tooling Enhancements

  • Created hrc-selinux-wordpress-defaults for managing baseline SELinux contexts on WordPress systems.
  • Updated hrc-server-startup to support SELinux configuration sourced directly from centralized HRC configuration.
  • Updated hrc-server-shutdown to ensure correct handling of NGINX services and SELinux boolean capitalization.

NGINX & Hosting Configuration

  • Converted NGINX to name-based hosting across all environments for improved scalability and configuration clarity.
  • Performed general server and domain cleanup across WordPress and ColdFusion installations.

Server Maintenance & Reliability

  • Applied DNF updates across all virtual machines.
  • Completed security updates and controlled reboot of the production host.
  • Copied VM backups to the master backup system and verified integrity.

Performance & Stability Fixes

  • Tuned PHP-FPM on the WordPress systems to resolve CPU overload conditions.
  • Deployed updated MU-plugins and NGINX configuration changes as part of WordPress maintenance.

Notes

  • All production systems verified under SELinux enforcing mode post-deployment.
  • No service interruptions observed during enforcement, migrations, or reboots.
  • This update lays the groundwork for future automated compliance and hardened default deployments across Hostbotica infrastructure.

Plugin Enforcement & Monitoring Enhancements

November 11, 2025

Version 1.4.2 / Security & Compliance

Overview
Expanded plugin integrity and monitoring systems across all WordPress environments.
This update finalizes the integration between the Hostbotica Plugin Audit and Plugin Blocklist MU-plugins, ensuring that all plugin actions are both traceable and compliant with Hostbotica’s security policies.

Highlights

  • Blocklist Enforcement Improvements
    Prevents disallowed plugins from activating and displays contextual in-dashboard notices for site administrators.
  • Integrated Plugin Audit Awareness
    Plugin Audit now automatically ignores events for blocked plugins, eliminating false activation alerts.
  • Optimized Event Timing
    Moved detection and enforcement hooks to init and admin_init, ensuring complete accuracy in plugin state detection during load.
  • Domain-Tagged Email Reports
    All audit and blocklist emails now include the site domain in the subject line for quick identification across environments.
  • Plaintext Email Standardization
    Unified all outgoing audit messages under a clean, structured plaintext format with timestamps, site identifiers, and actor details.

Notes
These updates strengthen Hostbotica’s WordPress governance model, ensuring consistency between automated compliance systems and administrative visibility.

Security & Maintenance Update

November 10, 2025

Version 1.3.4 / System & Security Enhancements

Overview
This update addresses upstream Red Hat advisories mirrored in AlmaLinux 9/10 and focuses on critical security updates for database, kernel, and container environments across all Hostbotica production nodes.

Highlights

  • MariaDB Security Update (RHSA-2025:19572 / RHSA-2025:19584)
    Applied patched builds across all WordPress and ColdFusion database clusters to address privilege escalation and data integrity vulnerabilities.
  • runC / Containerd Update (RHSA-2025:19927)
    Updated container runtime packages to resolve multiple container escape and arbitrary write vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881).
  • BIND9 Resolver Update (RHSA-2025:19912 / 19793)
    Updated internal DNS resolver packages to prevent potential cache poisoning and query amplification exploits.
  • Kernel Security Patch (RHSA-2025:19886+)
    Rolled out to all AlmaLinux 9/10 systems to mitigate privilege escalation and memory corruption issues.
  • libssh Library Update (RHSA-2025:19472)
    Updated SSH-linked libraries used by Git and system utilities for improved session handling and authentication safety.
  • Redis Security Update (RHSA-2025:19399)
    Prepared for future Redis deployments; applied to staging systems for compatibility verification.

Notes

  • All production nodes verified under SELinux enforcing mode post-update.
  • No service interruptions were detected during rolling reboots.
  • ColdFusion and WordPress application stacks remain fully operational under updated environments.

Infrastructure & Cloudflare Updates

November 2, 2025

Upgraded Primary External Data Lines to Provider
Enhanced upstream network capacity and redundancy to improve connection stability.

CRON Log and Schedule Cleanup
Standardized task intervals (1→5 minutes) and optimized log rotation for systemd journals.

Cloudflare Updates
Reduced NGINX load by offloading XML-RPC traffic management through Cloudflare rules.

Version 1.4.1 / Network Infrastructure

Plugin Monitoring Deployment

October 31, 2025

Plugin Activity Monitor
Created and deployed a MU-plugin for real-time plugin activation and deactivation tracking.

Version 1.4.0 / WordPress Automation

NGINX Configuration & Security Headers

October 25, 2025

Updated Configuration for All WordPress Sites
Unified NGINX settings across all installations for consistent performance.

Added Global Security Headers
Updated CSP, X-Frame-Options, and X-Content-Type-Options headers for improved protection.

Version 1.3.9 / Security & Optimization

Migration & Branding Updates

October 24, 2025

Primary Backup Migration to Starbase
Migrated primary backup operations from Windows to Starbase for improved reliability and speed.

Logo Updates and Standardization
Deployed unified branding and logo assets across all WordPress installations.

AlmaLinux 10 Deployment Series

  • ColdFusion on ARCH (failed due to binary incompatibility)
  • WordPress on ARCH (successful deployment)
  • Base Web Template on Silicon ARCH (completed)

Version 1.3.8 / System Migration

Application & Process Improvements

October 22, 2025

Email Header and Footer Troubleshooting
Resolved formatting inconsistencies in automated system emails.

Project Management and Communications
Improved internal tracking and documentation for infrastructure projects.

Application Migration from Default Package
Migrated applications from legacy E19 hosting configurations to Hostbotica’s modular platform.

Version 1.3.7 / Application & Process

SEO and System Updates

October 17, 2025

WordPress SEO Cleanup
Refined Yoast and schema settings for improved rich result visibility.

Sitemap Delivery to Google Search Console
Verified XML sitemap indexing and search coverage across hosted WordPress sites.

SELinux Reenabled on All Servers
Reinstated SELinux enforcement on all production nodes to strengthen system security.

Version 1.3.6 / SEO & Security

Enhanced SELinux Security Policies

September 19, 2025

Strengthened our server security posture by refining SELinux implementations across all production nodes.

  • Applied least-privilege policies for web services (httpd)
  • Enabled controlled network access (e.g. httpd_can_network_connect) to support outbound service calls
  • Documented and standardized SELinux context management for future deployments

Version 1.3.1 / Security & Compliance