Blesta 4.0 Beta Released

September 15, 2016 | Posted by Paul

With much anticipation, we are pleased to announce that Blesta 4.0.0 BETA 1 has been released! This release is shaping up to be the biggest since 3.0 with over 300 tasks completed.

Can I participate in the beta?

If you have an owned or monthly license with us directly, you may download in the client area now (Login Required). If you obtained your license from a reseller or distributor, you may be able to participate. Contact your reseller to find out. As with any beta, and especially a major release like this one this is for non-production use only and is unsupported. During installation, choose to start a free trial or use your dev license if you have one.

Once you are up and running, head to the forums to report any issues and let us know what you think!

Visit the Beta Forums!

MassMailer included in Blesta FOUR

So what is new in 4.0?

Version 4.0 includes an upgrade to minPHP 1.0, our PHP framework, and raises the minimum system requirements to PHP 5.4. We recommend running the beta under PHP 5.6. If you plan to run v4 under PHP 7, please wait for a subsequent beta release as there are known issues with PHP 7 in beta 1.

New or Updated Extensions

  • Mass Mailer Plugin lets you filter and email specific clients, or export to use in your email campaign software
  • Blesta License Module is now included with Blesta for Blesta resellers
  • Multicraft - Add support for v2 of API and force port 25565 (configurable) for dedicated IPs
  • SolusVM - Allow base IP quantity to be set for the Package
  • Order - Float order summary box to the top on order forms if page scrolls
  • Order - Preselect country and state/province using GeoIP during checkout
  • Order - Update ReCaptcha to version 2
  • Order - New order form visibility options: Public, Shared, Client Only
  • Order - Add link to client area to show available order forms
  • Order - Store IP address of order and add tag to order notifications

Also, an exciting new module will be included in a subsequent beta.

Changes to the Core

  • Add an “In Review” dialog for services at the top of the client dashboard (beta 2)
  • Added the ability to bulk void invoices on client profile pages (beta 2)
  • Refresh admin and client themes to give a new, cleaner look and feel
  • Updated buttons in the admin UI in favor of Bootstrap buttons
  • Updated all icons in the admin UI in favor of Font Awesome
  • Replaced navigation with a drop down menu instead for the admin area
  • Improved client area navigation and made it always visible
  • Replaced admin Dashboard and Billing Overview graphs with interactive nvd3 graphs

And a whole lot more! There’s over 300 tasks in this release, see the release notes for more details.

When is the final release?

Version 4.0 will be officially released after the beta phase has completed. Given that 4.0 is a major release, we expect there will be more betas than typical with a minor release. Once we deem 4.0 stable for production, a final release will be issued. You can help speed things along by participating in the beta!

Goodbye Wordpress

August 3, 2016 | Posted by Paul

When it comes to Content Management Systems, Wordpress dominates the market. ManageWP reports that nearly 75 Million websites are running Wordpress.

Wordpress is convenient. It’s easy to install, easy to use, and easy to customize. There are a seemingly endless supply of themes and plugins available to suit your every need. This very website has used Wordpress for many years, until now.

So why the change?

Consider the following:

  • There have been, and continue to be many vulnerabilities for Wordpress
  • Wordpress installations are the frequent target of brute force attacks and penetration tests
  • While caching can help to some degree, Wordpress is very slow and expensive to scale

Introducing Hugo

Hugo: A fast and modern static site generator

Hugo is a fast and modern static site generator. Like other static site generators, Hugo builds your website rather than serving it on the fly through a runtime like PHP, or a database like MySQL. Web servers are really good at serving static content, so this eliminates much of the overhead.

With all of the static site generators out there, why did we go with Hugo?

  1. Hugo is written in Go and is really, really fast. (~1 ms write time per page)
  2. Hugo builds pages and blog posts from Markdown files.
  3. Hugo has a built in web server for development, rendering changes on the fly.
  4. There is a wordpress-to-hugo exporter, so we were able to import existing posts.
  5. You can create your own themes.

Getting started with Hugo is really simple and Hugo will run on Windows, Linux, and OSX. Remember, Hugo is a static site generator, so you’ll install it on your computer and upload the distribution to your web server after it’s generated. Alternatively, you could run hugo on your web server and use source control to check out your updates and re-build your site.

If you want to try Hugo, take a look at their Quickstart guide. It’s quick and simple to get up and running with a prebuilt theme.

Creating a new theme is really the most difficult part of using Hugo, and their documentation is not great in this area but we were able to find a solution to most of our issues on their community forum.

This post was generated from a simple Markdown text file, cool right?


Some of us remember the days of Dreamweaver, and FrontPage, or writing our own HTML pages in Notepad. In a way, the Internet has come full circle. Static site generators are becoming the wave of the future, only this time for all the right reasons.

Hugo is for those of us that like to break free of the norm and try something different and better. Much like Blesta. Never settle.

Security Advisory

August 2, 2016 | Posted by Paul

We have released new updates for all supported versions of Blesta. These updates address security related concerns with Blesta and have an impact rating of Low. More information about how we rate vulnerabilities can be found on our Security Advisories page.

Affected Versions

Versions 3.0.0 through 3.6.1 are affected.


This update addresses two security concerns:

  1. An undemonstrated potential vulnerability. In cooperation with a competing software application, we will release further details about this issue and how it affects Blesta once a sufficient amount of time has passed.
  2. Full Path Disclosure.


If you are running 3.6.0 or 3.6.1, apply the following patch:

3.6.x -> 3.6.2 - Download Patch

If you are running a version prior to 3.6.0, upgrade to 3.6.2:

3.6.2 - Download Full

Be sure to run ~/admin/upgrade in your browser after updating the files. A new configuration variable will be written to your ~/config/blesta.php config file. Ensure that it is writable.

Related tasks: CORE-2228, CORE-2231


It is best to upgrade to 3.6.2, however, the Full Path Disclosure issue may be mitigated by changing the System.debug variable to false in ~/config/core.php. To do so, open ~/config/core.php and look for the following:

Configure::set("System.debug", true);

Change this to:

Configure::set("System.debug", false);

This will effectively disable stack traces within minPHP “Oh noes” error pages. When upgrading to Blesta 3.6.2, this option is defined and overridden in Blesta’s config file (~/config/blesta.php).


These items were reported by Sabri (@pwnsdx) in accordance with our Responsible Disclosure Policy.


Blesta 3.6.1 Patch Released

November 9, 2015 | Posted by Paul

A patch has been released for Blesta that addresses bugs discovered since 3.6.0 was released. As usual, a big thanks to everyone who reported and confirmed these bugs on our forums, we appreciate your help.

The release notes are available at

Always run /admin/upgrade in your browser after patching or upgrading your installation.

Download 3.6.1 Patch Download 3.6.1 Full

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

We recently migrated from Subversion to Git for version control as part of our effort to further streamline our development and build processes. We are also now using Composer for all Blesta extensions and have integrated this into our build process. As a result, you may see composer.json files included with extensions, which is normal going forward.

Blesta 3.6: Now Available

October 14, 2015 | Posted by Paul

Three SIX is here and it includes the ability to mass schedule cancellation of services, automatic cancellation of suspended services, new payment gateways and more.

Download 3.6

See the documentation for details on how to install or upgrade.

What’s new in 3.6?

  • Mass edit for scheduling cancellation of services
  • Automatic cancellation of suspended services
  • Ability to invoice renewing services separately
  • Move services to packages in different groups with the “Reassign Pricing” plugin

And more, see everything in the changelog!

A big shout out to KnownHost for sponsoring development again for several new items in 3.6! If your company is interested in sponsored development, we would love to hear from you!

The Marketplace

The Marketplace is now available. If you are a developer, list your extensions now if you haven’t already. If you have a developer license with us, you can log in to The Marketplace using the same credentials you use to manage your account at


Paymentwall recently released a payment gateway for Blesta. Download the gateway and find out more about Paymentwall in our new marketplace.

What’s next?

We are raising the minimum requirements to PHP 5.4 for Blesta 4.0. We recommend PHP 5.6 as active support for all older releases has ended. Here are a couple things to look forward to:

  • Mass Mailer
  • Usability Improvements
  • And..? :) Stay tuned. (or poke around for clues)

Also, it’s looking like 4.1 will be dedicated to improving domain registration support.

We do our best to prioritize development based on demand. Is there a feature you really want to see in a future release? Let us know on our feature requests forum!