We’ve rounded another busy week here at WebHostingBuzz. And as you may know, there’s always something new in what we’re doing.
Today we’ve got great news for our customers as well as for everyone who in some way or other is a part of the WordPress Community. We’ve been always very welcoming and open to WordPress users, so drum-roll…
And meet wpXtreme – a breath of fresh air in your WordPress experience!
WebHostingBuzz has partnered with wpXtreme – a company that knows WordPress since it was born back in 2003.
So what is it all about? Go ahead and check them out, but we’ll give you a sneak-peek anyway
It’s a free plugin providing access to WPX Store, from where you can install top quality plugins and themes for your WordPress website. Each and every plugin and theme in WPX Store goes through a multi-step validation process, ensuring quality and always up-to-date products.
Have I mentioned that WPX Store has free stuff in there? Well, now that you know – go give it a try, it’s super-easy (and free) to get started.
We’re going to share our own experience with wpXtreme soon, so stay tuned.
That fact may be a key reason why WordPress is in the news right now as the subject of a large-scale attack from a huge number of computers from across the internet – known as an automated botnet attack – attempting to take over servers that run WordPress.
Some are saying that this current attack is the precursor of a botnet of infected computers vastly stronger and more destructive than those of today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.
WordPress’ popularity comes at a price in a situation like this, as a perceived vulnerability in the platform’s ease of use is weak security by users.
That weak security typically means continuing to use the word ‘admin’ as a user name – this is the default administration account that’s created when you first install WordPress – along with a password that brute-force attempts to guess are likely to succeed, which is what’s happening with this attack.
If you’ve disabled the default ‘admin’ account in your WordPress installation – or, even better, you’ve deleted it – and have something else in its place as the main administrator of your WordPress dashboard, that will likely take you out of the immediate target area of the attackers.
And if you’ve set a strong password – at least eight characters and in a combination of upper- and lower-case letters along with numbers and extended characters – you’re in a good position to be passed by if or when a botnet comes calling at your WordPress front door.
Don’t be complacent, though – this attack serves as a great reminder that securing your WordPress blog or website so that no one can get into it unless they’re invited is something you do need to be sure about.
So what can you do to make your site secure enough right now to deter such attacks in the future?
If you still have an administrative user called ‘admin,’ there are two steps to take:
Create a new admin account with a different name and give it a strong password.
Delete the ‘admin’ user account; during that procedure, you’ll be asked by WordPress which other account should you assign posts, pages, etc, created by ‘admin’ to. Choose the new admin account name you just created.
Next, enable two-step verification for each user in your WordPress account. The simplest such service for a WordPress user to install and implement is the open source Google Authenticator. If you have that enabled for your Google account, or other services such as Dropbox or Amazon S3, then you’ll be familiar with how it works.
In my view, this is the bare minimum you should have set up in your self-hosted WordPress site that gives you a good level of security for your peace of mind. It would make it more difficult to hack into your site.
There’s a lot more you can do as well including steps to take to better secure the server on which your WordPress platform is installed. There’s a great tutorial on the WordPress Codex that can tell you more.
Don’t let spammers, hackers or botnets mess up your presence on the web. You can be secure.
As you may already be aware, the brute force attack on one of the most popular CMS worldwide – WordPress, is still in progress, and has reached world-wide scale. The consequences of this attack are seen not only by our company but by basically any company that provides hosting for WordPress sites. As a rule, we are able to address or filter similar attacks without much trouble, but the current situation is different in scale and the level of resources invested into it.
At the moment, we have taken a large number of measures to mitigate the results of this attack, but the situation is worsened by several facts:
1) first of all,the attack is launched from spoofed IP addresses, and blocking these IPs doesn’t have any long-term effect;
2) the attack’s algorithm is extremely sophisticated, and is constantly evolving: all our attempts to reduce the consequences of the attacks which were functional an hour ago, are reduced in effect by each new evolution and change in the attack’s pattern;
3) the amount of compromised websites grows with each day (mainly websites with weak or default passwords and login credentials), malicious scripts are uploaded to these sites, and these scripts cause a highened network activity and system resource consumption, which influences the function and speed of all services of a hosting server.
We are constantly monitoring the current situation, and implementing the necessary countermeasures to pro actively deny the attackers the opportunity to compromise the WordPress installations located on our servers, but we’d like to ask you to peripherally assist us in mitigating this difficult situation.
What you can do:
No in-depth technical knowledge is necessary for this. Below, you can find a directive which will allow you to increase your WordPress websites’ security, and lower the summary load conditions on the hosting server, caused by the brute-force attack on WordPress installations, through a complete access filtering to your WordPress dashboard login interface for third-parties, and allow access to this interface for your IP address and the IPs of your users, only. This is a useful security measure not only during the current brute-force attack, but also at any given time, since it strongly increases the difficulty of compromising your WordPress site’s admin area. We’d like to point out that the directive listed below will limit access only to the dashboard login interface of a WordPress website, and not the website as a whole, or any other of it’s components.
All that must be done is to add the following rule to the beginning of the “.htaccess” file, which is located in the directory with your WordPress site:
<Files wp-login.php> Order Deny,Allow Deny from all Allow from xxx.xxx.xxx.xxx </Files>
“xxx.xxx.xxx.xxx” – this is your IP address, which you can find by simply visiting this website. Please indicate the IP you see there instead of xxx.xxx.xxx.xxx.
We also strongly urge you to set a difficult-to-guess password for any admin users you may have, and update all components of your blog, including the WordPress engine itself, and all installed plugins, in a timely manner.
If you encounter any difficulties in implementing the measure suggested above, please simply contact our support team via our helpdesk, and we would be glad to assist you in making the necessary changes.
We must inform you that within the last 48 hours, worldwide malicious activity targeting WordPress CMS installations has spiked considerably.
WordPress is a widely popular blog CMS, which is used in a large percentage of Internet projects and presentations. Due to this, it takes considerably less effort for hackers to make use of WordPress engine vulnerabilities, insecure or outdated WordPress setups, compromised modules or similar means to compromise an existing WordPress installation. These types of attacks are common but we’ve noted a huge increase in such attacks over the past 2-3 day period.
In this case, a brute-force attack is taking place, in an attempt to pick WordPress admin area passwords, in the hopes of further usage of compromised accounts for malicious purpose. This issue is currently already known to many hosting providers, and is being discussed between our support teams. At the moment, several different solutions were implemented, including a number of firewall rules that are geared towards limiting the amount of possible login attempts from a single IP address to any wp-login file on a given server, with the subsequent block of the IPs that exhibit repeated malicious behavior in the server’s firewall rules.
This measure, developed by our team, has had a positive effect in halting the brute-force attack, but as a negative consequence, server load has increased, and customers are currently unable to access multiple WordPress Dashboards from a single IP address.
We urge all of our customers that are utilizing the WordPress CMS to upgrade to the latest stable release as soon as possible, change any WordPress admin area login credentials, and update any plugind and themes used, applying all available patches.
It is also recommended to reveiw the following security tips:
It’s been a while since we released the last infographic to the world, but we’re back! Now we’re discussing the latest trends in social sharing: the ecosystem gets busier and busier, and now everybody seems to share (and overshare) stuff all day within their social graph. We tried to zoom out as much as possible for you to be able to see the whole picture: the state of social sharing in the beginning of 2013 and everything you need to know about its eight major players. Click here to view full size image. Enjoy and let us know what you think!
It’s a good question. A very good one. And one that we need to answer and improve on as right now we’re doing an injustice to ourselves and our customer facing teams that work every hour under the sun to deliver the service that we do.
Let me take a step back and explain where this question comes from. I’ve just returned from a trip to London where I met some of our clients and attended LinkLove, a SEO/marketing conference that attracts some of the smartest SEO minds around.
I used this trip to also do some networking and meet with WebHostingBuzz clients. On Thursday, I met with Neville Hobson and Andrew Grill. Both are dedicated server clients who run high profile WordPress blogs on a WebHostingBuzz dedicated server. We met at The Hospital Club, one of Andrew’s favorite haunts, for an informal meeting. The agenda was blogging, WordPress, hosting, how they find our service and just a general catch up. We all enjoyed it and agreed to make this a regular event. But I came away from the meeting wondering why we aren’t doing more to promote just how good our service us. I know it’s good – I see the figures, the stats, the response times, the uptime that we deliver – but hearing this in person, verbatim, from two of the most influential bloggers around was extremely endearing.
Fast forward to Friday. Two different clients were attending LinkLove and we decided that we’d meet at the post-event networking session. These clients are ScreamingFrog and Spiral Media. ScreamingFrog are a highly innovative SEO agency (we use them ourselves) who have a managed server in our UK datacentre. Spiral Media build some pretty cool Magento-based e-commerce websites and also have a dedicated server with us. We all chatted over a drink at the post event networking session and almost the very same question came up; “Why don’t you tell people how good your support is?”.
That’s twice in two days. 4 different clients, 2 different datacenter locations. Neville and Andrew have US based servers while ScreamingFrog and Spiral Media have UK based servers. But our same team supports both and all 4 have noted just how good our support and service is. They benefit from and enjoy our sub-20 minute response times.
So let’s move on to actually answering that question and doing something about it. Our new website is a work of art. We spent a lot of time trying to make it a little different from the mundane sites our competitors offer. We tried to focus on that our USP is our service. We’re under no illusion that we’re not the cheapest web host (nor the most expensive). But it is obvious we need to do more in mentioning that we are the best for customer service. We’re going to be brainstorming this internally but we’re very open to your ideas and suggestions on how we can do this.
I’ll close by noting what we aspire to. What we do, enjoy and what makes us tick. We like nothing more than to help a client grow their website / business and we have an incredible number of success stories. It’s hugely rewarding to watch a client grow from a shared account to a full dedicated server, or in some cases, multiple dedicated servers. Knowing that we’ve helped them along by maintaining their hosting and providing the underlying infrastructure is something we take great pride in.
When was the last time you checked your website to ensure that it’s effectively supporting your business goals?
In this age of social communication that’s rapidly evolving as tools and channels like Facebook, Twitter, Pinterest and Vine become part of the mainstream experience for millions of consumers, is your digital presence up to scratch?
We’re now in the post-PC era, according to some, where access to and interaction with content of every type is on demand, anywhere, any time via the device you have to hand, so to speak.
And if you’re the kind of person who visits a store for product and price research and comparisons and then buys from Amazon or other online retailer via your mobile device – often while in that physical store – you’re not alone.
All this brings many important issues to the forefront of your thinking. Search engine optimization, lead generation and sales lead capture, site performance, content curation and marketing, website usability and engagement…and that’s just for starters.
There’s much to think about and future posts here will discuss many of those topics. Today, though, I’d like to address one that is a good place to begin – usability and engagement. Those two words speak to the question: How easy is it for people who land on your website via a mobile device to actually use your website?
Remember, the clear trend is towards mobile. Even though PCs and other fixed-location and portable devices still account for the vast majority of website traffic, more people are coming to your website via a mobile device, whether on the three-inch screen of an iPhone 4S or the ten-inch screen of a Galaxy Note 10.1 tablet and everything in between.
Mobile devices are ever more powerful with each new model, offering faster processor speeds and gorgeous graphics capabilities. Networks, wifi and cellular, are popping up everyone so you can be online wherever you are and whenever you want.
All of this translates into one key fact – when someone sees your website on their device screen, what happens at that point?
Do they get to what they want with a couple of swipes or taps? Or are they a bouncer, leaving your site in three seconds or less? If the latter, they’re gone and probably for good.
You can see where this is leading, right? Make sure your website is designed for mobile devices?
Absolutely, but not exclusively. You need to ensure that your website works for your visitors when they see your website on whatever device they are using, whether that’s a smartphone, tablet, laptop or desktop PC.
While discussion can get quite technical when you dive into topics like HTML5, not to mention the pragmatism of how much things will cost, there are three simple words you and I can easily understand.
In a nutshell, this is about enabling your content to be seen, consumed, shared and otherwise give value to those who come to see you online, no matter how they do it – with a smartphone, tablet, laptop or desktop PC.
Your website just works and works seamlessly on whatever device, delivering a consistent usability and user experience.
If you want to see what I mean, check out this imaginative video published by tech news website ReadWrite on their website relaunch last October. It’s the best video I’ve seen so far that lets you see exactly what ‘responsive web design’ means to the user.
Making sure your website is usable when seen on any device is not as complex as it may seem. And if you use a content management system such as WordPress, it gets even easier. Note, too, these broad web design trends.
Think about it. Delivering satisfied and engaged website users, on their terms using their preferred device, is today’s business aspiration.
We are launching iPad mini and Kindle giveaway for affiliates who perform most sales in March. This is on top of our already generous affiliate commissions!
We suggest you list WebHostingBuzz as the most prominent host on your website to increase your chances of winning. Need a custom coupon code, banner, graphic of landing page? Just email email@example.com and we’ll get this created for you.
1. First prize is an iPad mini 16GB for the affiliate who drives the most converted sales in March. Second prize is an Amazon Kindle Paperwhite Wifi for the affiliate who sends the second highest amount of sales in March.
2013 marks 30 years since the release of the Apple Lisa the first personal computer that featured a graphical user interface.
In a celebration that nerds would be proud of, we have created an interactive timeline of personal computers through the years. You can see this at www.webhostingbuzz.com/evolution-of-computer/. Don’t forget to hover over a computers name to read about it’s impact on the computing world. It’s worth noting that for some reason the timeline runs best in Firefox.
The timeline doesn’t cover every PC ever released but it covers those that were the greatest milestones in the evolution of the PC’s to what they are today.
We found oldcomputers.net to be a fantastic resource when we were researching the timeline and we recommend anyone looking into the history of computers to check it out.
Is your favourite PC missing from the timeline then let us know why it should be included in the comments below (these are powered by Facebook).