Overview

This update completes a major SELinux enforcement and server hardening initiative across all Hostbotica WordPress and ColdFusion environments. The work standardizes SELinux behavior, modernizes NGINX hosting configuration, and introduces new Hostbotica Remote Control (HRC) tooling to ensure consistent, repeatable security posture moving forward.

Highlights

SELinux Activation & Standardization

• Activated SELinux enforcing mode across all WordPress and ColdFusion 2023 servers.
• Completed troubleshooting and remediation of policy conflicts to ensure uninterrupted application operation.
• Standardized SELinux contexts for WordPress and ColdFusion services.

HRC Tooling Enhancements

• Created hrc-selinux-wordpress-defaults for managing baseline SELinux contexts on WordPress systems.
• Updated hrc-server-startup to support SELinux configuration sourced directly from centralized HRC configuration.
• Updated hrc-server-shutdown to ensure correct handling of NGINX services and SELinux boolean capitalization.

NGINX & Hosting Configuration

• Converted NGINX to name-based hosting across all environments for improved scalability and configuration clarity.
• Performed general server and domain cleanup across WordPress and ColdFusion installations.

Server Maintenance & Reliability

• Applied DNF updates across all virtual machines.
• Completed security updates and controlled reboot of the production host.
• Copied VM backups to the master backup system and verified integrity.

Performance & Stability Fixes

• Tuned PHP-FPM on the WordPress systems to resolve CPU overload conditions.
• Deployed updated MU-plugins and NGINX configuration changes as part of WordPress maintenance.

Notes

• All production systems verified under SELinux enforcing mode post-deployment.
• No service interruptions observed during enforcement, migrations, or reboots.
• This update lays the groundwork for future automated compliance and hardened default deployments across Hostbotica infrastructure.

The post SELinux Enforcement & Server Hardening appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

Overview
Expanded plugin integrity and monitoring systems across all WordPress environments.
This update finalizes the integration between the Hostbotica Plugin Audit and Plugin Blocklist MU-plugins, ensuring that all plugin actions are both traceable and compliant with Hostbotica’s security policies.

Highlights

• Blocklist Enforcement Improvements
  Prevents disallowed plugins from activating and displays contextual in-dashboard notices for site administrators.
• Integrated Plugin Audit Awareness
  Plugin Audit now automatically ignores events for blocked plugins, eliminating false activation alerts.
• Optimized Event Timing
  Moved detection and enforcement hooks to init and admin_init, ensuring complete accuracy in plugin state detection during load.
• Domain-Tagged Email Reports
  All audit and blocklist emails now include the site domain in the subject line for quick identification across environments.
• Plaintext Email Standardization
  Unified all outgoing audit messages under a clean, structured plaintext format with timestamps, site identifiers, and actor details.

Notes
These updates strengthen Hostbotica’s WordPress governance model, ensuring consistency between automated compliance systems and administrative visibility.

The post Plugin Enforcement & Monitoring Enhancements appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

Overview
This update addresses upstream Red Hat advisories mirrored in AlmaLinux 9/10 and focuses on critical security updates for database, kernel, and container environments across all Hostbotica production nodes.

Highlights

• MariaDB Security Update (RHSA-2025:19572 / RHSA-2025:19584)
  Applied patched builds across all WordPress and ColdFusion database clusters to address privilege escalation and data integrity vulnerabilities.
• runC / Containerd Update (RHSA-2025:19927)
  Updated container runtime packages to resolve multiple container escape and arbitrary write vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881).
• BIND9 Resolver Update (RHSA-2025:19912 / 19793)
  Updated internal DNS resolver packages to prevent potential cache poisoning and query amplification exploits.
• Kernel Security Patch (RHSA-2025:19886+)
  Rolled out to all AlmaLinux 9/10 systems to mitigate privilege escalation and memory corruption issues.
• libssh Library Update (RHSA-2025:19472)
  Updated SSH-linked libraries used by Git and system utilities for improved session handling and authentication safety.
• Redis Security Update (RHSA-2025:19399)
  Prepared for future Redis deployments; applied to staging systems for compatibility verification.

Notes

• All production nodes verified under SELinux enforcing mode post-update.
• No service interruptions were detected during rolling reboots.
• ColdFusion and WordPress application stacks remain fully operational under updated environments.

The post Security & Maintenance Update appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

CRON Log and Schedule Cleanup
Standardized task intervals (1→5 minutes) and optimized log rotation for systemd journals.

Cloudflare Updates
Reduced NGINX load by offloading XML-RPC traffic management through Cloudflare rules.

Version 1.4.1 / Network Infrastructure

The post Infrastructure & Cloudflare Updates appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

Version 1.4.0 / WordPress Automation

The post Plugin Monitoring Deployment appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

Added Global Security Headers
Updated CSP, X-Frame-Options, and X-Content-Type-Options headers for improved protection.

Version 1.3.9 / Security & Optimization

The post NGINX Configuration & Security Headers appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

Logo Updates and Standardization
Deployed unified branding and logo assets across all WordPress installations.

AlmaLinux 10 Deployment Series

• ColdFusion on ARCH (failed due to binary incompatibility)
• WordPress on ARCH (successful deployment)
• Base Web Template on Silicon ARCH (completed)

Version 1.3.8 / System Migration

The post Migration & Branding Updates appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

Project Management and Communications
Improved internal tracking and documentation for infrastructure projects.

Application Migration from Default Package
Migrated applications from legacy E19 hosting configurations to Hostbotica’s modular platform.

Version 1.3.7 / Application & Process

The post Application & Process Improvements appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

Sitemap Delivery to Google Search Console
Verified XML sitemap indexing and search coverage across hosted WordPress sites.

SELinux Reenabled on All Servers
Reinstated SELinux enforcement on all production nodes to strengthen system security.

Version 1.3.6 / SEO & Security

The post SEO and System Updates appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.

• Applied least-privilege policies for web services (httpd)
• Enabled controlled network access (e.g. httpd_can_network_connect) to support outbound service calls
• Documented and standardized SELinux context management for future deployments

Version 1.3.1 / Security & Compliance

The post Enhanced SELinux Security Policies appeared first on Managed WordPress & ColdFusion Hosting | Hostbotica.