Stripe Card Fees will not be retroactively charged - they will be waived until the invoicing issue is remedied.

Please accept our apologies for this error and we appreciate your patience while we work to resolve the problem.

If you have any questions or concerns, please contact us directly at contact@wpnet.nz or open a support ticket.

Thank you.

WP NET Support

Thank you for your continued support through 2025!

WP NET Support is available throughout the holiday period, though we are running at reduced staffing levels, and responses may be delayed.

We return to normal from 12 January, 2026.

Accordingly, we will be reducing the Stripe Card Fee that we charge.

• Card processing fees will reduce from 2.70% + NZ$0.30 to 2.65% + NZ$0.30

Note: WP NET only on-charges the Stripe Card Fee for payments of NZD$100 or more. The new rate is effective from 1 December 2025.

The Stripe Card Fee is 2.65% + $0.30. (as at 27/2/2026)

Payments made via NZ Bank Direct Debit (GoCardless) incur no processing fee. To avoid the Stripe Card Fee, please pay via GoCardless.

For help, please see Change Payment Method on the Payment & Billing Options Knowledgebase article.

If you need any help with changing payment method or setting up payments, please open a support ticket and we’ll sort it for you ASAP.

For all the details, please see Product Updates - September 2025.

• WP Shield (Multisite) – Price increase to NZD$60 / month.
• WP Server – New pricing for all WP Server products.
• Stripe Card Fee – A fee will apply to credit & debit card payments of NZ$100 or more. No fee applies to Direct Debit (GoCardless) payments.
• Domain Fees – New pricing for several TLDs, including all .nz extensions.

A full Product Update and email notification will be sent in the coming days.

Due to price increases from our wholesale domain registrar, effective from 1 July 2025, we are adjusting our retail prices accordingly.

Cost increases range from 10-22%.

For full price details of all available domain extensions (TLDs), please see the Domain Checker page. 

The period of time that an account can remain in arrears before the service(s) are suspended is now 14 days.

Accounts in arrears for 30 days will have the service(s) terminated.

Please see our Terms & Conditions for details.

You can read about this release on the WordPress.org blog post.

Detailed release notes are also available on the WordPress.org Docs page.

The underlying algorithm that’s used to hash and store user passwords in the database will be changed in WordPress 6.8 from phpass portable hashing to bcrypt. The adoption of bcrypt hardens password security in WordPress by significantly increasing the computational cost of cracking a password hash.

In addition, application passwords, user password reset keys, personal data request keys, and the recovery mode key will switch from using phpass to the cryptographically secure but fast BLAKE2b hashing algorithm via Sodium.

Read more on the Make WordPress blog post.

You can read about this release on the WordPress.org blog post.

Detailed release notes are also available on the WordPress.org Docs page.

Some customers are reporting fatal PHP errors on their sites in the last couple of hours.

Investigation reveals that an Elementor Pro update (3.25) appears to be breaking 3rd party integrations, and so numerous themes and plugins that include support for Elementor Pro are throwing critical errors after updating to v3.25.0.

Rolling back to Elementor Pro v3.24.4, fixes the problem.

At time of writing, the Elementor Pro changelog makes no mention of the problem, and no version past 3.25 is available.

https://elementor.com/pro/changelog/

If you use Elementor Pro, but have not yet updated to v3.25, we recommend that you hold off on installing the update for a day or so, or until you see that the latest version is at least 3.25.1.

If you're experiencing any issues with your Elementor based sites, or have need any assistance, please open a support ticket and we'll be happy to help.

TLDR: The regular "WordPress Updates Notification" emails for WP Site customers are being discontinued. Vulnerability Reports will now be sent instead. Read on for details.

Customers on our WP Site (Plesk) hosting plans will be familiar with the email notifications that are sent, informing you of all new updates for your WordPress plugins and themes.

We are aware that some of our customers find these email notifications to be a nuisance, while others find them useful as a reminder to jump into their WordPress Dashboard now and again and install pending updates.

We appreciate the concerns that some customers have raised - that these emails can be too frequent - and we have been working on a solution, trying to find the balance between security and keeping our customers informed, while not pestering them with too many emails.

Current Policy

As a reminder - on WP Site plans - only updates that fix known vulnerabilities are installed automatically. General, day-to-day updates are left to the customer to install on their own schedule.

For quite a while now, our policy has been to not send email notifications about these discovered vulnerabilities. Primarily, because the updates are set to install automatically (so in many cases, no action is required). We also don't want to alarm customers unecessarily and send yet more emails. However, a trend that we have noticed over the last several months has lead us to reconsider this approach.

WordPress EcoSystem - Change is the only constant

More frequently, we are finding that a vulnerability is discovered in a plugin (and sometimes a theme) - but no update is immediately available - so Plesk is not able to install an update and patch the vulnerability. Sometimes a fix is released in the following days, and Plesk will install the update automatically, when it becomes available.

Other times, the plugin has been discontinued and the only option is to deactivate or remove the plugin completely. As this is likely to have some impact on the operation of your website, we can't automate this process, so the we need to reach out the customer and discuss their options. 

Another increasingly regular occurance is that a vulnerability fix for a "premium" or "paid" WordPress plugin cannot be installed because the license has expired and so automatic update of the plugin is blocked.

In these cases, we have been sending a support ticket to the customer, prompting a discussion of the best course of action.

WordPress Vulnerabilities Email Notifications

The new notifications will use the subject line: "WP Toolkit - Vulnerability Report".

This means that you will receive fewer emails, but the emails you do receive will be more important. Often, the notification will just be informing you that vulnerabilities have been found and that updates were automatically installed. In these cases, the message you will see is:

"The following vulnerabilities are handled by WP Toolkit right now based on site autoupdate policy:"

In other cases, the notification will inform you that an update is not available or can't be installed (if possible, an explanation will be included), and therefore some user action is required. In these cases, the message you will see is: 

"The following vulnerabilities need your attention because they have to be addressed manually:"

We hope that this change will reduce the email clutter sent to our customers, while also keeping you more informed of the most important updates that affect your websites.

Want to change the email address that these notifications are sent to?

You can change the recipient email address for all WP Site (Plesk) email notifications by logging into your Plesk Panel and going to Edit Profile, in the top menu bar.

Note that this is separate from any email addresses and notification settings in My WP NET. The WP Toolkit notifications are sent from the Plesk Panel, and so the recipient email address must be set there. The benefit of this is that you can use a different address to receive WP Toolkit notifications (such as your WP developer), while leaving all your My WP NET notifications as they are now.

These changes will be rolled out to all WP Site servers over the next few days. If you receive a vulnerability notification and don't know what to do - or just have questions - please don't hesitate to open a support ticket and we'll be happy to help!

First, the not-so-great news. We continue to face increasing costs in a very competitive space. Therefore, we are making a few small price adjustments, all the details are included below.

We work very hard to avoid price changes where ever possible and also to keep any price increases to a minimum. I'm pleased to say that the changes this year are minimal and will have little impact on most of our customers.

Except for domain registration price changes (which take affect immediately) all other changes take affect from October 7, 2024.

Domain Registration - New TLDs and Price Changes

We're pleased to announce that we are adding some new TLDs that customers have requested. You can now register or transfer .maori.nz, .kiwi and .website domains!

We can now register or renew all supported TLDs for 1-5 years. Previously, some domains were limited to 2 years.

Many TLDs have had wholesale price changes in the last year, and we are now updating our retail prices accordingly. 

Lastly, just a note that we have intentionally absorbed any price increase for .nz domains, as we like to keep these at the lowest possible price for our customers.

Please see below for all new pricing effective immediately. 

Domain Pricing

• .nz | .co.nz | .net.nz | .org.nz | .geek.nz | .kiwi.nz | .maori.nz — $50 / year (no change)
• .kiwi — $85 / year
• .com | .net — $45 / year
• .org — $40 / year (no change)
• .biz | .website — $55 / year
• .info — $65 / year

Domain pricing is per year, in NZD, excluding GST.

WP Site  - Price Changes

We're just making one small change: the WP Site 1 plan price is increasing to $35 per month.

WP Site 1 & 2 receive a 5% discount for annual payment, reducing the monthly price (per site) to $33.25 and $28.50 respectively!

We regularly review our competitors, and even with these pricing changes, we still believe our WP Site plans represent excellent value when considering the service features and level of support that we offer.

Many similar, NZ-based providers charge up to $60 per month for similar WordPress hosting & support services! (We still reckon we're better tho...)

All other WP Site pricing remains the same.

WP Site - Storage Addon Changes

Upon reviewing our customer's usage of storage upgrades, we found that almost all were using at least 2GB of addon storage. We have therefore decided to drop the 1GB addon and these will now be sold in units of 2GB, at $5 per 2GB upgrade.

Also, just a reminder that back in February of this year, we increased the included storage space for all WP Site plans by up to 100%!

New pricing is as follows:

• +2GB - $5 / month
• +4GB - $10 / month
• +6GB - $15 / month
• +8GB - $20 / month
• +10GB - $25 / month

All customers who currently use a disk space upgrade will have their site automatically upgraded or downgraded as appropriate, to fit within the new plans.

WP Server

There are no pricing changes for WP Server to announce at this time. However, we do have some exciting updates in the works. We'll have more information on this shortly.

What I can say is that we are planning huge improvements to our vulnerabilty patching & auto-updates, along with new client-facing resource monitoring for WP Servers. 

New Website Coming Soon!

We usually like to release an annual refresh of our main website at this time, but we've been so busy working on our client's sites, that we haven't managed to complete our new site build in time.

We hope to launch this within the next few weeks!

If you have any questions or concerns regarding these changes, please don't hesitate to contact me directly on gb@wpnet.nz or open a support ticket.

We really appreciate the commitment of our customers and the positive feedback we regularly receive is incredibly motivating!

Thank you for taking the time to read this and for your continued business and support!

You can read about this release on the WordPress.org blog post.

Detailed release notes are also available on the WordPress.org Docs page.

More information on this issue is available here:

• https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-websites-all-you-need-to-know 
• https://sansec.io/research/polyfill-supply-chain-attack

WP NET support has conducted a through search of all servers and only a very small number of references were found. Some were false-positives, while a few were out-dated plugins which included libraries from polyfill.io.

All cases have been mitigated and we don't expect any issues for our customers.

Please do contact us directly by opening a support ticket if you have been experiencing any issues with your sites, or if you have any questions.

Please read the System Status notice.

You can read about this release on the WordPress.org blog post.

Detailed release notes are also available on the WordPress.org Docs page.

Where possible, WP NET will deploy this update on behalf of our customers, but in some cases incompatibility with themes and / or other plugins may prevent us from doing so.

We recommend that all WooCommerce users update to 8.2 at your earliest convenience.

If you need assistance, please open a support ticket.

Details on the PatchStack website.

• Author+ Arbitrary File Upload vulnerability <= 6.6.15 (CVSS score: 8.4)
• Cross Site Scripting (XSS) vulnerability <= 6.6.14 (CVSS score: 6.5)

For more details, please see this PatchStack page.

Due to the fact that Revolution Slider is a premium / paid plugin and is often bundled with a WordPress theme, this does pose a challenge for WP NET to rollout updates, as automatic update of the plugin is rarely possible.

However, due to the relatively serious nature of one of these vulnerabilities (Author+ Arbitrary File Upload vulnerability), we think it's important that we take what steps we can to ensure that our customer's websites are safe and secure. Whereever possible, we will manually deploy the patched version of Slider Revolution (v6.6.18) over the next few days.

If you use Slider Revolution on your website, and you have an active license, we strongly urge you to ensure that you are using at least version 6.6.16.

If Slider Revolution was bundled with your theme, we suggest you contact your theme author and request an updated version.

If you have any questions or concerns, or just need some help, please open a support ticket.

WordPress core automatically installs security updates, however at time of writing many sites have not yet updated. Therefore, we are now pre-emptively pushing out 6.3.2 to all WP NET customers.

Also note that this update is back-ported to previous WordPress versions, from 4.1 to 6.2.

At time of writing, no patch has yet been made available.

The plugin has been temporarily removed from the WordPress plugin repository.

This plugin has been closed as of 29 September 2023 and is not available for download. This closure is temporary, pending a full review.

As a precaution, to protect our customers we have now deactivated and removed the plugin from WP NET customers sites.

If you have any questions or concerns, please open a support ticket.