New in Version 15.0 page published

Today, we published the New in Version 15.0 page.

EmEditor v15.0 will be released soon.

Thank you for using EmEditor!

Emurasoft Customer Center was moved

The Emurasoft Customer Center was moved to If you have a bookmark with the old URL (, please change the URL to the new location ( as the old URL will become unavailable in the future. The Emurasoft Customer Center is the website where you can find your registration keys and purchase history.

Thank you for using EmEditor!


The 64-bit portable version released. File hosting switched to the Amazon S3 cloud

Today, we released EmEditor v14.8.0, and we also released the 64-bit version of the portable version, in addition to the installer and 32-bit portable versions today. All the installers of all the formats are available to download at the Download page.

Moreover, the file hosting was switched from the old web hosting server to the Amazon S3 cloud service. We hope this change will bring us faster and more stable downloads and updates.

We will continue improving our services. Please contact us if there are any issues with downloading or updating.

Thank you for using EmEditor!

Restored the old updater configuration files

We notice that many customers still use EmEditor v14.5.3 (or older). In order to remind users who have not noticed new updates, we have restored the updater configuration files in the old locations (for versions v10.0 through v14.5.3). Although our server is safe since we have switched our server hosting company and placed new security measures, we still recommend every user to update to the newest version as soon as possible if you are still using older versions.

Thank you for using EmEditor!


Server Maintenance is Completed

Yesterday, we started switching our server host to a more secure and fast platform. We are pleased to announce that the transition has been completed. Thanks for your patience.

Thank you for your support of EmEditor.

Server Maintenance

Thank you for using EmEditor.

Today, we will begin switching our server host to a more secure and fast platform, and the transition might take several days.  For this reason, connections to our server and the SSL encryption might be temporarily disrupted.  Please refrain from posting new messages to our forums until our transfer is completed.  There is no effect on the access to Emurasoft Customer Center and EmEditor updates using the Update Checker.

Thanks for your patience.

Please update to a newest version

This is an important security message.

We notice that many customers still use EmEditor v14.5.3 (or older). The updater in the old versions of EmEditor contained security vulnerability. For the safety of our customers, the updater in the older versions had been disabled since we removed the update configuration files in our server in response to the security incident. Although this incident was resolved, it is still potentially unsafe to continue using the old versions of EmEditor (from v10.0 through v14.5.3). The new versions of EmEditor (v14.5.4 or newer) is safe because it uses the improved updater which will not run an installer if the digital signature of the installer mismatches our signature.

If you are still using an old version of EmEditor (from v10.0 through v14.5.3), please download the newest version from our download page and install.

If you have not installed v14 before, you might need a v14 registration key. Your v14 key can be found in the Resend Keys page of Emurasoft Customer Center. Many customers already have lifetime licenses without their noticing, and so please check this page. If you don’t have a lifetime license nor a v14 key, you might need to purchase a new license.

Including this reason, if for some reasons, you can’t install the newer version, please disable the updater by selecting the Customize Update Checker on the Help menu of EmEditor.

If you have once installed a new version and want to revert to an old version, you can uninstall the new version, and then install the old version. You can find an old version in the sub folder of C:\ProgramData\Emurasoft\EmEditor\updates\update.

If you have issues with installing or uninstalling, please refer to our FAQ.

We apologize for any inconveniences. If you have any questions, please contact us using this form.

Switching to Avangate

We are excited to announce that we are switching our online payment partner to Avangate. Our customers will appreciate more features including telephone support in many counties, the ability to control the renewal option during check-out as well as the new fresh user interface. Optional Backup CD and Download Insurance Service are now unselected by default.

If you experience any issues during the checkout, please don’t hesitate to contact us. We always value your feedback.

Thank you.


Investigation report about the hacking incident

Yesterday, we received the final investigation report from JPCERT/Coordination Center.

How unauthorized hacking was happened

From the various remained access logs, we could not identify the cause for the unauthorized hacking. We confirmed suspicious accesses (web and ftp) from 203.194.144.#, and we confirmed traces of attack attempts in early August. However, we couldn’t identify how the hacker entered our site just by these traces. There were no successful logins from these IP addresses.

About unauthorized redirects

From the remained access logs, the following 2 accesses were considered unauthorized accesses redirected by the .htaccess that was placed by a hacker.

#.#.#.# - - [18/Aug/2014:05:41:38 -0500] "GET /pub/updates/emed64_updates_ja.txt HTTP/1.1" 200 884 "-" "AdvancedInstaller"
#.#.#.# - - [18/Aug/2014:06:19:04 -0500] "GET /pub/updates/emed64_updates_ja.txt HTTP/1.1" 200 884 "-" "AdvancedInstaller"

These accesses match with the IP addresses written in the .htaccess, the time frame when the incident happened. Also, the number of bytes written in the access log (884) was different from the number of bytes written in the other accesses in the other time frame and other IP addresses.

Usually access logs look like:

#.#.#.# - - [10/Aug/2014:03:45:09 -0500] "GET /pub/updates/emed64_updates_ja.txt HTTP/1.1" 200 855 "-" "AdvancedInstaller"

the number of bytes is 855 for this file, but the above two accesses show the number of bytes as 884 bytes.

The clients who own the above IP addresses were contacted by JPCERT/CC, and found there were no malware infections. The access logs record all accesses including merely update checking without actual installation.

Future measures

In addition to routine updates of WordPress plug-ins and themes, we periodically scan our site for malware, monitor files on the server, access logs, and block suspicious IP addresses. On August 29th, we protected the entire site of with SSL encrypted connections. We are also planning to move our forums to another site or an electronic mailing list for improved security.

The next version of Advanced Installer that we used to make the Update Checker will be able to block update installers without the same digital signature as ours. The future EmEditor versions will restore the Update Checker with improved security.

We apologize for any inconveniences that this situation might have caused you

See also:

Possible malware attack by EmEditor Update Checker

Possible malware attack by EmEditor Update Checker

Dear EmEditor user,

We have found malicious files were placed in a subfolder of the EmEditor website, and we estimate these files were placed by a hacker between 6:36 am and 11:20 am on August 18th in the Pacific Daylight Time (USA and Canada), or between 1:36 pm and 6:20 pm on August 18th in the UTC. If a user uses EmEditor Update Checker from one of certain IP addresses, a malicious program, not EmEditor, might have been installed. The IP addresses are:

For the following list, * represents any number between 0 and 255. All 256 numbers between 0 and 255 are IP addresses in question.


For the following list, # represents a number between 0 and 255, but only one number represents the IP address in question. To protect users’ privacy, the actual IP address is hidden by #. If your IP address is included in this list, please contact us at with your IP address, and we will let you know your IP address is included.

210.164.30.# (2 IP addresses)

If your IP address is included in any of the above lists, and if you use the Update Checker of EmEditor during the above time frame, there is a possibility that your computer might have been infected by a virus. If so, please use anti-virus software to clean your computer.

To check your IP address, please go to, enter “My IP”.

Currently, our server hosting company is scanning the whole website. As soon as the scan is completed, we plan to resolve the issue completely by all means.

We will keep you informed of our progress. If we cannot get access to our website, we might use Twitter, Google+, or Facebook to make announcements.

We apologize for any inconveniences that this situation might have caused you.