We maintain a forum at http://forum.webhostingbuzz.com to serve our customers, to facilitate to discussion and to use as an occasional announcement platform. Of late, it has been largely redundant due to our updated status platform and our increasingly popular Facebook, Twitter and Google+ channels. But the forum generally sits there, minding it’s own business and getting the odd post from some of our older customers and generally those that don’t talk to us on social media. I still check the forum on a daily basis, as do a number of my team.
vBulletin & spam
vBulletin, the forum platform we use, does horde a dark and dirty secret. It is a very attractive forum for spammers to target and attempt to use for link building techniques. It is important to note two things;
- vBulletin has tried had to bring in anti-spam measures to make forums harder to spam. These generally seem less effective than WordPress, but many of the vBulletin spam is done by real people that can circumvent automatic checks
- Google has long since banned these link building techniques and they’re more likely to get you a penalty than do you any good
Nontheless, on an almost daily basis, we have to remove spammy forum posts. Sometimes these are attempts at links, despite us having a minimum threshold before a link is activated. And other posts are weak attempts to boost post counts to a level where a member can actually post links. Most of these spam bots or spam humans stop posting before they reach this level, or we catch them in the act.
But one thing we don’t do is moderate forum registrations. We get a lot of people that register on our forum that never visit or post. I guess that it’s a PageRank 6 forum helps and makes it attractive for these link spammers.
Today, for the first time, we received a link removal request from a company that has previously spammed our forum.
Link removal request received from a forum spammer
We generally don’t hold grudges. The IP of the forum spammer, mentioned in that link, traces back to an ISP in Pakistan. So my assumption is the company requesting the link removal either hired this person, or hired an SEO agency that used this person in the hope of artificially inflating their rank. Many people, us included, have fallen foul of so called ‘SEO Agencies’ offering supposed white hat techniques. But this particular forum spammer registered just 1 year ago back in April 2012. This was well into evolved Panda and Penguin territory so there’s really no excuse to be practicing such poor link building techniques.
I feel our offer is fair. It takes time to remove these spammy links but more importantly, we’ve spent a countless amount of time trying to keep our forum clean. Let’s see if they take us up on our generous offer. Updates will be posted here.
Google unveiled a number of changes to it’s Cloud Platform at Google i/o yesterday. One of these major changes is the availability of the PHP runtime on Google’s cloud, allowing you to run the likes of WordPress from Google’s cloud. Google even mention WordPress as an application that Google Cloud is designed to support. But before everyone runs off to host WordPress on Google’s cloud, its important we do some further digging into the benefits/disadvantages of hosting a WordPress blog on one of the big public clouds.
Why is Google building a cloud platform? It is a rhetorical question but let me answer with an image.
Amazon Web Services market share (courtesy of OnApp)
Google’s cloud is a direct competitor to Amazon’s AWS. Both Google and Amazon have hundreds of thousands of servers hosted around the world at various international datacenters. Amazon originally used this huge infrastructure farm to support Amazon.com operations around the globe. But in 2006, Amazon saw the value in using the technology they’d developed for their own website for a big public customer cloud and thus, AWS was formed.
AWS has evolved from being a more of a hotshot among the developer community owning more than 80% of the public IAAS cloud market. Many businesses, from big to small, rely on AWS to power their websites, their applications and their critical business systems. A pay as you use, fully scalable, fully redundant cloud with no capex costs is most web businesses every dream. No more 6 or 7 figure server hardware purchases with no guarantees that all that server capacity will actually be used. And Bloomberg recently published a fascinating article on how Netflix’s operations are powered by AWS. Netflix believe they understand AWS even better than Amazon do and better leverage the resources that it offers. Ditlev Bredahl’s recent presentation at the Dell Cloud Summit in London shows just how big AWS is.
It’s easy to see why Google wants a slice of this action. And in Google’s recent announcement, Google talks about ushering in the next generation of computing.
But what does this mean for the regular WordPress webmaster? For the small or medium business that does not want to deal with the complexity of the pricing platforms of AWS or Google cloud? Or for the vast majority of webmasters and web users that want a friendly support team to help then when they encounter difficulties? While there’s no denying that the likes of AWS and Google Cloud are great for developers, great for applications that require infinite scaling up/down of compete resources and great for businesses that need vast amounts of worldwide infrastructure at their immediate disposal, there’s plenty of reasons to stay away from these big public clouds. And I’ve identified 4 of them here:
- Ease of use
- Customer support
The real benefits of hosting from a true hosting company
My goal here isn’t to sing our own praises. I know that we’re good. I also know that some of our competitors are good, and I commend them for being so. We’re in this battle against AWS and Google Cloud together. And the following points I make apply to any good hosting company that puts its customers first.
The real cost of AWS or Google Cloud
AWS is expensive. Google Cloud is expensive. It has a fixed price per app per month for the paid version ($9 per app at the time of writing). On top of this, you pay per hour for front-end instances ($0.08/hour). You pay for storage ($0.24 per GB) And you pay for outbound bandwidth ($0.12 per GB). Confused by the pricing model? It’s easy to see why. But lets work with Google’s numbers to see just how expensive it would cost to host a moderately busy WordPress blog. Let’s assume:
- Average blog size of 10GB (includes some large photos/images and rich media)
- Reasonably busy using 20GB of bandwidth per month
Some quick math shows that with Google, this will cost:
- $9/month for the application
- $2.40 / month for the storage
- $2.40 / month for the bandwidth
- A total of $13.80 per month
Most web hosts have WordPress compatible plans around the $5 per month mark with considerably more storage and bandwidth. Need cloud redundancy? It’s not something we offer (this is coming summer 2013) but other reputable hosts offer this for under $10/month with considerably better offerings than Google’s cloud. And there’s more to come…
What happens when you get a traffic spike? On a typical shared platform from a reputable host, you’ll have plenty of room to grow. At WebHostingBuzz, we leave at least a 50% overhead on shared servers to cover traffic spikes. And pay more for cloud hosting and you’ll be able to scale across multiple machines.
So what about the extremely busy WordPress blogs? Webmasters have several options. From my figures above, you can determine just how much it would cost to host with Google. And AWS is similarly priced. One alternative is WordPress.com, who have a VIP service, costing thousands of dollars per month. But a more cost effective option is to choose a true web host offering a range of products and can suggest one to meet your needs.
Let’s say your busy WordPress blog does 10,000 GB of bandwidth each month. That’s the amount we include as standard with any of our US-based dedicated servers, and one well configured dedicated server can easily handle this much traffic when managed by a competent team of system admins. Our entry level server costs just $139 per month. Pushing that much bandwidth on Google’s cloud would cost a whopping $2400 per month! That’s enough to buy 13 of our entry level dedicated servers. If you want to buy 13 dedicated servers, just get in touch! We’ll happily configure a load-balanced cluster offering full redundancy and scalability in a cluster or private cloud setup
So what about at the other end of the spectrum? A trio of big cloud providers admit at the $10,000 / month level you’d be better off moving to your own dedicated servers or datacenter in this article on TheRegister. But my math above clearly shows this is true at levels below a $10k/month spend.
Reliability and outages
One of the most common advantages cited by public cloud advocates is reliability. And while in theory, cloud should be more reliable, it isn’t always the case. Cloud, by abstracting the hardware, means that any individual hardware failure should not impact on the service delivered by the cloud instance. Other physical machines take over from the failed machine. And the customer / visitor / developer never even notices that one of the physical machines has dropped off.
In principal, this is a great idea. And a lot of the time it works. The problem is when it doesn’t work, a failure isn’t just a server reboot or a hard drive swap. It’s a catastrophic failure, affecting tens of thousands of applications/websites and impacting millions of customers/visitors. AWS had 3+ major outages in 2012, detailed by Wikipedia. Google has also had it’s own fair share of problems.
This is actually one of the reasons we have been slower to the market with our own cloud products. Cloud has been on our radar for many years. We’ve done an unprecedented amount of testing covering different hardware/software/virtualization stacks/closed source/open source and more. For a team of our size, about 45 people, this has been a huge investment in R&D. We’ve tested all of the major cloud platforms. We’ve tested more hardware than I can count. And it means that when we do launch, we’re highly confident of just how reliable our cloud will be. And we’ll also have tried and tested procedures to deal with emergencies.
I mentioned the cost of $2400 per month in my comments on the real cost of cloud. This figure gets into the ballpark of where we can configure a load-balanced redundant cluster with CDN integration, attached to a 100% uptime SLA. This is one of the main reasons that dedicated servers and dedicated hosting platforms are still so popular. They’re proven. They’re trusted. And traditional hosting platforms still account for the majority of the hosting market share, despite cloud’s growth.
Cloud market share May 13 (courtesy of OnApp)
So ArsTechnica, don’t write off shared hosting just yet
For $2400 per month we can also design, build and deploy a decent size OnApp-based private cloud with cost-effective bandwidth, full redundancy and great scalability.
Ease of use
Granted, AWS and Google Cloud don’t really position themselves at newbies and novices. But even for more advanced web professionals, the sheer amount of products and their options offered by the big public clouds can be confusing. Add in the pay per use component pricing platform and it is overwhelming. I’ve had many a seasoned WordPress webmaster / blogger say to me how confusing AWS is. And in my mind, Google is opening a can of worms by suggesting WordPress can ‘easily’ run on it’s cloud product. I have not personally tested this (yet) but plenty of users are complaining how difficult it is to get WordPress functioning using Google’s closed PHP service and custom SQL server (no MySQL).
How do us traditional web hosts compare? Many of use use cPanel. We do, we’re a distributor. And cPanel powers almost 80% of websites hosted in the US. We, and some competitors, use a clever little application called Softaculous that allows you to install WordPress in just 1 click. It takes less than 5 minutes to install and configure a WordPress blog on any shared, reseller, vps or dedicated server that has Softaculous installed.
And here’s the real kicker. This applies to the reputable web hosts that I keep mentioning, and includes us. I’ll use us as an example; around 35 of our 45 employees are in customer facing roles. We understand that our value proposition is being here to help you online. Whether that’s helping you put your first website online, or whether it’s helping your website grow and evolve, it’s what we do. It’s part of our DNA.
With Google’s new Cloud, their $9/month paid option does not include support. Pay for their premier option (which starts at $150/month) and you get “Operational Support”. Just what is operational support? What does it cover? How fast do you get a reply? Do you have piece of mind that if something goes wrong, someone’s got your back? I doubt it. On the other hand, WebHostingBuzz customers do. Just look at a Tweet a few days ago from a popular blog, a WebHostingBuzz customer, who had an issue with his server. You can see the Tweet at https://twitter.com/AndrewGrill/status/334299776277434368
AWS’s support is expensive. Fast responses are guaranteed if you spend a serious amount of money with them. The full pricing breakdown can be found here, but to summarize, pay $49 per month for the Developer edition and you get a 12 hour response time. 12 hours? Anything above 30 minutes in our support system raises an orange flag for urgent attention. Anything above 60 minutes raises a red flag for immediate attention. And this isn’t counting our 24×7 Live Support where you get a response in seconds and minutes.
We’re not the only host with great support. Some of our competitors place similar pride in going above and beyond in supporting their customers. And unless you are Netflix, you’re never going to get the same level of support and attention from AWS or Google Cloud.
Don’t write off shared hosting yet. Definitely don’t write off traditional web hosts.
For most normal WordPress users and bloggers, a typical web host will offer a lower price, a better customer experience, better ease of use and much better customer support.
And cloud. It’s great. It’s come a long way since 2006 and continues to evolve. I’m a firm believer that web hosts deploying and maintaining clouds will provide a more useful service for the average joe than huge conglomerates. And that includes WordPress. So stay tuned for a series of posts covering our thoughts on this in the run up to our own cloud launch.
An interesting new blog platform is just around the corner. Funded through a KickStarter project, Ghost aims to simplify the blogging and publishing world. While WordPress now aims to be a full web operating system and a powerful CMS, Ghost is solely aimed at bloggers. Projects like this that cross our hosting radar are always interesting.
Ghost Blogging Platform
In Ghost’s case, we’re particularly interested because:
- Around 55% ofthe sites we host are WordPress
- WordPress is great but it isn’t for everyone. There are security issues if the base install and plugins are not regularly updated. We do make this easy through our 1-Click installer and updater (Softaculous) but it can still catch people out
- WordPress is simply too complicated for some of our audience
- The amount of options, plugins, themes and more that WordPress has can be overwhelming
Just to be clear that I have nothing against WordPress. I use it for some of my personal sites, we use it for our WebHostingBuzz.com blog (i.e. this one!) as well as for the WebHostingBuzz.co.uk Blog, and we host some of the most popular blogs in the world. A couple of these include NevilleHobson.com and LondonCalling.co - both highly ranked by Cision for readership and influence.
Ghost, however, promises to shake up the defacto blog platforms and should offer a viable WordPress alternative. Mr O’Nolan, Ghost’s founder, is well qualified. He’s:
- Built WordPress sites since 2005
- Worked as deputy head of the WordPress UI Group from 2009-11
- Helped design and develop the WordPress user interface
- Spoke at conferences all over the world about designing in WordPress
Ghost’s funding on KickStarter has also raised eyebrows. Ghost initially sought £25,000 which was quickly met, leading to Ghost going for a revised funding goal of £250,000. Given the tech press coverage Ghost has received from the likes of Wired, Forbes and TechCrunch, it seems highly likely that Ghost will meet this higher target. At the time of writing, £123,996 has been pledged towards the £250,000 total (50%) with 12 days still to run.
So what about Ghost and WebHostingBuzz? And Ghost web hosting?
We reached out to Ghost to express our partnership interest. It seems like we missed the window for the early-stage partner opportunities but we’ll closely monitoring developments, and Ghost has our contact details. Ghost talks about a cloud version of the product and how it will solve some of the ‘complications’ associated with self-hosted WordPress blogs. We assume (and hope) that Ghost does not discount a self-hosted version. We know as well as you do, most WordPress hosting complications are as a result of poor hosting service and not the principal of self-hosting. In fact, if Ghost bring a carefully moderated platform in which tested themes/plugins are approved and suggested to Ghost users, many of the problems that WordPress users face would be solved. I’m advocating a system as closed as Apple’s, but something better than the Android-esque approach used by WordPress would benefit users and web hosts alike. It’s very easy to develop a poor WordPress plugin then buy some positive reviews on Fiverr. People then trust this plugin assuming these reviews are legitimate. And this is where security problems start.
When more details of a self-hosted version of Ghost surface, we will do plenty of groundwork to insure our hosting platform is fully compatible. We’ll quickly look to build a 1-click / auto-installer to make Ghost installation simple for our clients. And our team will conduct an intensive Ghost training course upon launch, guaranteeing we can support Ghost to the level we and you are used to.
Ghost is still a few months out. More information on their timeline can be found at http://www.kickstarter.com/projects/johnonolan/ghost-just-a-blogging-platform#faq_58417
I’ll close by wishing John and Ghost the best of luck!
We’ve been busy enhancing our dedicated server range both sides of the Atlantic. Launching this week is our new Dallas, TX based range of 2x CPU Intel Xeon E5-2620 series servers! These powerhouse servers each come with 2 of the latest Intel E5 CPU offering 12 physical cores (24 with HT) of pure processing power. It doesn’t get faster than this!
Intel Xeon E5 CPU
The full configurations we are offering are:
Dual Intel E5-2620 SATA
- 2 x Intel E5-2620 CPUs – 12 x 2.0Ghz with 15MB Cache
- 32 GB DDR3 ECC RAM
- 2 x 1000GB SATA Hard Drives
- 10,000GB Bandwidth
- $439 per month with free setup
Dual Intel E5-2620 SSD
- 2 x Intel E5-2620 CPUs – 12 x 2.0Ghz with 15MB Cache
- 64 GB DDR3 ECC RAM
- 2 x 256GB SSD Samsung 840 Pro Hard Drives
- 10,000GB Bandwidth
- $539 per month with free setup
These will be appearing on our dedicated server page shortly. In the mean-time, please contact firstname.lastname@example.org to order. Stocks are limited so act now. P.s. do check our prices against our competitors and see just how competitive these servers are!
We’ve rounded another busy week here at WebHostingBuzz. And as you may know, there’s always something new in what we’re doing.
Today we’ve got great news for our customers as well as for everyone who in some way or other is a part of the WordPress Community. We’ve been always very welcoming and open to WordPress users, so drum-roll…
And meet wpXtreme – a breath of fresh air in your WordPress experience!
WebHostingBuzz has partnered with wpXtreme – a company that knows WordPress since it was born back in 2003.
So what is it all about? Go ahead and check them out, but we’ll give you a sneak-peek anyway
It’s a free plugin providing access to WPX Store, from where you can install top quality plugins and themes for your WordPress website. Each and every plugin and theme in WPX Store goes through a multi-step validation process, ensuring quality and always up-to-date products.
Have I mentioned that WPX Store has free stuff in there? Well, now that you know – go give it a try, it’s super-easy (and free) to get started.
We’re going to share our own experience with wpXtreme soon, so stay tuned.
One of the easiest content management systems to set up and use is WordPress, the largest self-hosted blogging platform in the world, powering more than 60 million websites worldwide.
That fact may be a key reason why WordPress is in the news right now as the subject of a large-scale attack from a huge number of computers from across the internet – known as an automated botnet attack – attempting to take over servers that run WordPress.
Some are saying that this current attack is the precursor of a botnet of infected computers vastly stronger and more destructive than those of today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.
WordPress’ popularity comes at a price in a situation like this, as a perceived vulnerability in the platform’s ease of use is weak security by users.
That weak security typically means continuing to use the word ‘admin’ as a user name – this is the default administration account that’s created when you first install WordPress – along with a password that brute-force attempts to guess are likely to succeed, which is what’s happening with this attack.
If you’ve disabled the default ‘admin’ account in your WordPress installation – or, even better, you’ve deleted it – and have something else in its place as the main administrator of your WordPress dashboard, that will likely take you out of the immediate target area of the attackers.
And if you’ve set a strong password – at least eight characters and in a combination of upper- and lower-case letters along with numbers and extended characters – you’re in a good position to be passed by if or when a botnet comes calling at your WordPress front door.
Don’t be complacent, though – this attack serves as a great reminder that securing your WordPress blog or website so that no one can get into it unless they’re invited is something you do need to be sure about.
So what can you do to make your site secure enough right now to deter such attacks in the future?
First, make sure you have the latest WordPress version installed. As of today, that version is 3.5.1.
If you still have an administrative user called ‘admin,’ there are two steps to take:
- Create a new admin account with a different name and give it a strong password.
- Delete the ‘admin’ user account; during that procedure, you’ll be asked by WordPress which other account should you assign posts, pages, etc, created by ‘admin’ to. Choose the new admin account name you just created.
Next, enable two-step verification for each user in your WordPress account. The simplest such service for a WordPress user to install and implement is the open source Google Authenticator. If you have that enabled for your Google account, or other services such as Dropbox or Amazon S3, then you’ll be familiar with how it works.
And you’re in luck for your self-hosted WordPress site as there’s an excellent plugin that sets it up for you – Google Authenticator plugin for WordPress.
Grab it now, either by downloading it from the WordPress plugin repository or installing it via the ‘add new plugin’ function in your WordPress dashboard.
You’ll need the free Google Authenticator app for your smartphone in order to use this security feature. There are versions for Android, Blackberry and iOS.
And if you then follow the excellent “How To Enable 2-Step Authentication On Your Self-Hosted WordPress.org Site” guide published last week by Techfleece, you’ll be up and running in no time with a WordPress site that will give you more peace of mind than you had before.
In my view, this is the bare minimum you should have set up in your self-hosted WordPress site that gives you a good level of security for your peace of mind. It would make it more difficult to hack into your site.
There’s a lot more you can do as well including steps to take to better secure the server on which your WordPress platform is installed. There’s a great tutorial on the WordPress Codex that can tell you more.
Don’t let spammers, hackers or botnets mess up your presence on the web. You can be secure.
As you may already be aware, the brute force attack on one of the most popular CMS worldwide – WordPress, is still in progress, and has reached world-wide scale. The consequences of this attack are seen not only by our company but by basically any company that provides hosting for WordPress sites. As a rule, we are able to address or filter similar attacks without much trouble, but the current situation is different in scale and the level of resources invested into it.
At the moment, we have taken a large number of measures to mitigate the results of this attack, but the situation is worsened by several facts:
1) first of all,the attack is launched from spoofed IP addresses, and blocking these IPs doesn’t have any long-term effect;
2) the attack’s algorithm is extremely sophisticated, and is constantly evolving: all our attempts to reduce the consequences of the attacks which were functional an hour ago, are reduced in effect by each new evolution and change in the attack’s pattern;
3) the amount of compromised websites grows with each day (mainly websites with weak or default passwords and login credentials), malicious scripts are uploaded to these sites, and these scripts cause a highened network activity and system resource consumption, which influences the function and speed of all services of a hosting server.
We are constantly monitoring the current situation, and implementing the necessary countermeasures to pro actively deny the attackers the opportunity to compromise the WordPress installations located on our servers, but we’d like to ask you to peripherally assist us in mitigating this difficult situation.
What you can do:
No in-depth technical knowledge is necessary for this. Below, you can find a directive which will allow you to increase your WordPress websites’ security, and lower the summary load conditions on the hosting server, caused by the brute-force attack on WordPress installations, through a complete access filtering to your WordPress dashboard login interface for third-parties, and allow access to this interface for your IP address and the IPs of your users, only. This is a useful security measure not only during the current brute-force attack, but also at any given time, since it strongly increases the difficulty of compromising your WordPress site’s admin area. We’d like to point out that the directive listed below will limit access only to the dashboard login interface of a WordPress website, and not the website as a whole, or any other of it’s components.
All that must be done is to add the following rule to the beginning of the “.htaccess” file, which is located in the directory with your WordPress site:
Deny from all
Allow from xxx.xxx.xxx.xxx
“xxx.xxx.xxx.xxx” – this is your IP address, which you can find by simply visiting this website. Please indicate the IP you see there instead of xxx.xxx.xxx.xxx.
We also strongly urge you to set a difficult-to-guess password for any admin users you may have, and update all components of your blog, including the WordPress engine itself, and all installed plugins, in a timely manner.
You can also find useful information on securing your WordPress website at the official WordPress site.
As always, we are here for you:
If you encounter any difficulties in implementing the measure suggested above, please simply contact our support team via our helpdesk, and we would be glad to assist you in making the necessary changes.
We must inform you that within the last 48 hours, worldwide malicious activity targeting WordPress CMS installations has spiked considerably.
WordPress is a widely popular blog CMS, which is used in a large percentage of Internet projects and presentations. Due to this, it takes considerably less effort for hackers to make use of WordPress engine vulnerabilities, insecure or outdated WordPress setups, compromised modules or similar means to compromise an existing WordPress installation. These types of attacks are common but we’ve noted a huge increase in such attacks over the past 2-3 day period.
In this case, a brute-force attack is taking place, in an attempt to pick WordPress admin area passwords, in the hopes of further usage of compromised accounts for malicious purpose. This issue is currently already known to many hosting providers, and is being discussed between our support teams. At the moment, several different solutions were implemented, including a number of firewall rules that are geared towards limiting the amount of possible login attempts from a single IP address to any wp-login file on a given server, with the subsequent block of the IPs that exhibit repeated malicious behavior in the server’s firewall rules.
This measure, developed by our team, has had a positive effect in halting the brute-force attack, but as a negative consequence, server load has increased, and customers are currently unable to access multiple WordPress Dashboards from a single IP address.
We urge all of our customers that are utilizing the WordPress CMS to upgrade to the latest stable release as soon as possible, change any WordPress admin area login credentials, and update any plugind and themes used, applying all available patches.
It is also recommended to reveiw the following security tips:
Should any questions or issues arise, please contact our technical department via our helpdesk https://www.whbsupport.com
After reading so many stories about what is happening to FeedBurner (the RSS distribution service bought by Google in 2007), I have decided to say a final goodbye to the service.
It’s been a while since we released the last infographic to the world, but we’re back! Now we’re discussing the latest trends in social sharing: the ecosystem gets busier and busier, and now everybody seems to share (and overshare) stuff all day within their social graph. We tried to zoom out as much as possible for you to be able to see the whole picture: the state of social sharing in the beginning of 2013 and everything you need to know about its eight major players. Click here to view full size image. Enjoy and let us know what you think!
Infographic: Who’s Sharing What – The State of Social Sharing in 2013 by WebHostingBuzz
640 pixels wide version
Infographic: Who’s Sharing What – The State of Social Sharing in 2013 by WebHostingBuzz
800 pixels wide version
Infographic: Who’s Sharing What – The State of Social Sharing in 2013 by WebHostingBuzz