Blogging. A way of expressing your thoughts, ideas, emotions, achievements and so much more online. And WordPress makes building and maintaining your own blog so easy that any other blogging platform is almost a no-brainer. You can be up and running with your first post, a customized theme, your own domain name and email address is under 5 minutes. We wrote a post on our Wiki in how to build a blog in 5 minutes last year.
The ease of getting started and low time to live that WordPress offers does have some downsides. It lulls us into a false sense of security. We’re so excited to get some blog post on our new website that we often overlook simple precautionary measures that make WordPress much more secure.
For many years, as a security conscious web host, we’ve preached:
- Regularly update WordPress. WordPress 3.6 does make this easier with automatic updates. WP users should still regularly check they’re up to date with particular focus on the plugins. Our Softaculous WordPress installer also sends customers an email alert when an update is available
- Use a hard to guess username/password (i.e. non-dictionary word)
And thankfully, we’ve seen our clients and users take these points seriously and practice better security.
But we’ve started to see a new trend in security incidents. We’ll call this the Starbucks Effect.
The Starbucks Effect
The Starbucks Effect is when you take your laptop/iPad/Android tablet (yes, Microsoft Surface too) to Starbucks, McDonalds or any other venue with free public wifi. Nothing beats writing that blog post while enjoying a cup of not-much-tax-paid coffee or a juicy Big Mac. You immediately hop on to the WordPress admin area, you login with your secure username and password and write about your lunch. You probably take a photo of it on Instagram.
However, you have probably just made one fatal flaw. In an effort to login as quickly as possible, you may well have logged in via the regular http:// connection with no encryption, no SSL security and have submitted your non-standard username and hard-to-guess password as plain text over public wifi. Ouch! There could be some less than honest individual parked in their van just behind Starbucks and sniffing all of the network traffic going through the free public wifi. It isn’t that hard to do and many applications offer easy ‘network monitoring’. This less than scrupulous individual more than likely knows that obtaining bank/credit card data over this connection is difficult. Online banking forces https:// connections as do most major ecommerce stores when taking card payments.
WordPress, however, is different.
By default, WordPress does not enforce https:// connections. You can login with zero security and immediately present your username/password to the hacker sniffing the network connection. Any other security measures you’ve taken (hard to guess passwords, regular updates, security plugins) are circumvented as the hacker now has your main username and password.
And WordPress is attractive. It powers over 50% of the websites online. Any would-be hacker knows this, and also knows the above. We believe that hackers sniff network traffic specifically looking for WordPress credentials passed over unsecured wifi connections.
And we believe this because we’re seeing this more and more. Customers of ours get in touch saying their WordPress has been hacked. Their site has been defaced. It may have been deleted, or the hacker more than likely injected with some adult / inappropriate material. This could be affiliate links for them to earn some money, it could be do-follow links for them to try and boost the ranking of another website. We’ve seen a lot of different scenarios.
Understandably, our client is frustrated as they’ve practiced good security. They ask if it is a server issue. It isn’t, our servers are locked down Fort Knox tight. The logs show that the hacker got in using the blog admin credentials but the client claims they are secure and haven’t been released to anyone.
So we did a very simple test.
We started asking affected customers if they had logged in from a public wifi hotspot within the past few weeks. We asked if this security incident occurred since they had. We then asked if they had logged in via a secure SSL https:// connection.
The overwhelming consensus was yes, they had logged in from a public wifi hotspot. Yes, the security incident happened after they had. And no, they had not logged in using any type of encrypted connection.
You can guess what I’m going to say next.
Use the secure SSL https:// connection when accessing wp-admin.
You can use a self-signed SSL certificate for free. It will display a browser warning the first time you do this but it is still secure, and you can trust this connection in Firefox. Alternatively, you can buy a cheap SSL certificate for under $10 per year; a small price to pay when any would be hacker could delete years worth of work with your admin login.
As a host, we can help you force https:// connections to your wp-admin via .htaccess rules to help you remember to always use the secure connection with a self-signed certificate or a paid certificate.
When I started out building websites around 1997 the Web was still pretty new. To create and publish online you needed a lot of knowledge and skills compared to now. While I knew HTML for example – I taught myself coding using Notepad, the minimalistic default Windows text editor, or how to use FTP and edit images pretty soon - I didn’t know much about hosting sites. After all I got free hosting from my college at first and then I used free hosting services like Geocities and the likes as a student. When I registered my first domain in 2001 I finally knew why you need quality hosting.
Today you get affordable hosting packages all over the place and while webmasters do not have to know everything themselves to publish online properly working hosting is still crucial to your site’s success.
The offers look very similar everywhere but the devil is in the details. Some hosting issues can for example affect your Google rankings negatively while leaving your visitors waiting at closed doors. Some hosting problems can indeed downright kill your SEO. While everybody knows that a hacked site for example is awful some of these problems happen often but don’t always get noticed and fixed.
What are critical hosting issues for SEO?
Slow site speed
Site speed is officially a Google ranking factor for years now yet you do not often read about improving it. In contrast many people seem not to care about it at all. They use huge images, lots of often redundant scripts or slowly loading third party site elements. My own site is no exception. You can see a screenshot from Pingdom tools below. While it says that it’s “faster than 42%” of all tested websites it means that it’s also slower than 58%:
So even I have still work to do after 15 years of online publishing. You are never expert enough not to make your site even faster. Some common issues are too many scripts, e.g. animations, third party widgets, Webfonts, even Facebook elements can slow your site down. In my case it’s probably the 5 analytics tools I use (Google Analytics, Woopra, Reinvigorate, Piwik and Mixpanel) that add up. SEO 2.0 is my testing site so that I use that many, usually I’d advise you to use at least two but not more than three analytics tools.
Where can you find out about your site speed? There are many tools out there. For a start you need to use
What’s worse than a site that loads slowly? A site that doesn’t load at all or displays an error message instead. Recently I have seen a site featured in many web design galleries that when visited only showed “bandwidth limit exceeded!” for a a few days in a row. I’ve witnessed the same error message on other sites as well. The one example was really awful though. The site was down for several days.
After a few days of downtime Google will remove your site from the index.
Even when it’s back up it doesn’t mean you get the lost rankings back automatically. You get flagged as an unreliable resource and rank below your former positions that were based on relevance and authority. That’s why you need to monitor your site all the time. I use free tool for that purpose, it’s called Uptime Robot.
As you see in the screen shot above there have been many downtimes on my own site recently, some of them longer than 30 minutes. I have already contacted my webhosting provider about that.
Data base connection failures
Another error message often appearing is “internal server error”. It can mean anything and everything basically but when it comes to WordPress sites it often simply means there is no access to the data base. Sometimes the error message is more apt saying that “database connection failed”. That happens for example when too many concurrent users are accessing the data base at peak times. For example your latest article gets popular at social media and boom, everybody wants to read it at once but only a select few will if at all as the sheer amount of users visiting your site will crash it altogether.
There is a tool for WordPress to deal with such data base issues, it’s called WP Super Cache. Above you see a screen shot of me testing it on my blog. What it does is caching your postings by simply transforming them into static HTML files so that no data base connection is needed anymore for a popular item. It’s a great way to deal with large traffic when it only comes occasionally. Ultimately you may have to upgrade to a dedicated server or use a so called CDN service in future in case your site experiences heavy load frequently, be it just the data base connections or overall server load.
Shared hosting with spammers
This might be a rare yet still feasible problem: when using shared hosting you really share your web space with third party websites. Your neighbors on your server can harm your site as well. Matt Cutts has been declaring that it’s only the case when there is overwhelming evidence that the majority of sites co-hosted with you are really bad so
you don’t want to risk getting hosted with lots of spammy, NSFW or XXX sites for example.
So it’s a good idea to either check who else is on the same server or even make sure that you are the only site using it. Look at SERPs.com, the site I write for:
SERPs.com offers SEO software numerous business users reliy on so it doesn’t use shared hosting at all, it dwells on its own server. You can check your neighborhood using a so called “Reverse IP Lookup” that checks what other sites have the same IP and server as your site. Don’t get me wrong, shared hosting is perfectly sufficient for most private and small business sites. I use shared hosting myself. Just don’t get associated with an ugly neighborhood full of brothels and petty criminals.
Generally most people assume that you have a .com address, even outside the US, both .com and the local country top level domain (co.uk for the UK, .fr for France, .de for Germany etc.) are the norm. So when naming your business or domain you have to be very careful. Most short and memorable .com domains are already gone, many of them have been grabbed by domain squatters long ago. In recent years there has been a big marketing effort to push the Colombian top level domain .co as a an alternative to .com domains. Sadly the promising offer has proven impractical in reality. Why? Well,
most people still assume that you have a company.com domain not company.co so that they will type in the .com even in case you own just the .co
That way you lose large amounts of type in traffic by people who trust you and remember your brand name (but not your URL). These people may end up on questionable sites or parked domains and assume it’s your site. This might be not a direct hosting issue but is surely affects your website’s performance when it comes to SEO. You get also fewer links because people who find a bogus .com site instead of yours won’t link to you.
Also Google might assume that your atypical domain is a local one from a country somewhere else in the world. Your rankings may suffer additionally. So don’t just use .it or .at because it sounds English, Google will think you are targeting Italy or Austria.
Choose a “.co” domain as an useful nice to have but not as the main backbone for your business.
All of these things can negatively impact your Google performance but don’t have to.
- You can use a .co domain as a redirect to you real domain.
- You can share servers with other legit businesses.
- You can cache data base driven pages
- you can monitor uptimes and site speed.
So don’t hurt your SEO by neglecting your web hosting.
* Creative Commons image by Ken Bondy
Internet marketing has changed significantly over the last few years and much of the industry has failed to adjust to the changes. Many SEOs are living in the past and selling customers SEO services which have no effect on their search engine rankings — and services which could have significant negative effects on their search engine rankings. Business owners are often left in the dark about latest developments in search engine marketing as they trust service providers’ ability to improve their rankings. Some service providers themselves may be operating on outdated information or in some cases simply rely on ignorance to keep selling their established services.
It is then important to do independent research and testing to keep up to date on what actually works, and what does not, at any point in time. Here is a straightforward update on a few popular strategies based on our experience and research.
Blog commenting does not work anymore for building links. The vast majority of blogs add the rel=nofollow attribute to comment links, which cause those links to be ignored by the major search engines. Most of the blogs that do not use the rel=nofollow attribute have been spammed to death and as a result silently blocked from passing PageRank and relevance.
Commenting still has value as a person-to-person marketing technique, if done well. Each comment should be seen as a message from your brand. With messaging, quality trumps quantity. Insightful and well-reasoned comments are valued by blog owners and may earn you a real link sometime in the future.
Registering forum profiles and adding profile links does not work. The major search engines ignore those links — and may even penalize you for them. Links in forum posts may have some very minor value, but forums tend to spread their domain authority over so many pages that a link in a forum post carries so little weight as to be inconsequential.
On the other hand, forum posts are like blog comments in that they are an opportunity for you to represent your brand directly with existing and potential customers, so long as your posts are useful and relevant to forum members and readers.
Also, most forums sell banner ads or other forms of advertising — at reasonable prices. Sponsoring a friendly forum is an excellent method of building relationships with potential customers.
Answer sites like Yahoo Answers and Answers.com are constantly spammed. As a result, most have severely limited the cases where they allow links to be placed without automatically appending the rel=nofollow attribute. The search engines, seeing the ridiculous amounts of spam on most answer sites, most likely ignore links from those sites even if the rel=nofollow attribute is not present.
However, like forum posting and blog commenting, posting to answer sites can give you an opportunity to promote your brand — when done properly. My recommendations are to post only on legitimate questions relating to your industry niche. You may be tempted to create fake questions to give yourself an opportunity to promote your brand. This can sometimes be important, because Google is currently ranking answer sites (including incredibly low-quality answers spam on highly authoritative domains) very well in the search results. You may be forced to participate in these answer sites as part of your reputation management activities.
Some directory links appear to still pass link juice. The best directories are the ones which operate within a specific niche. General purpose directories are far more likely to be blocked by Google from passing PageRank and relevance. Review the directory before submitting your site to it. Ask yourself this question: “Are the sites in this directory the kind of web sites with which I want my site to be associated?” If the answer is no, move on.
Submitting articles to article directories no longer works. Google has been successful at preventing all of the public article directories from passing PageRank and relevance. As few people read articles posted at the article directories, they are not useful even for branding or marketing purposes.
Guest Blog Posting
Some guest blog posting works, if you write for quality blogs. The vast majority of blogs that accept guest posts are low-quality productions which Google has blocked from passing PageRank and relevance. If the blog you are considering writing for is signed up to any of the popular guest blog networks, it probably isn’t worth writing for. These blogs are pretty easy to spot, as they most often contain large numbers of off-topic posts.
On the other hand, contributing quality articles to blogs within your industry niche helps build links and helps build your brand. It’s a double win.
Press releases done through automated systems like PRWeb do not work for SEO purposes. Google automatically ignores those links. However, if a webmaster, blogger, or journalist happens to see one of your press releases and decides to write a unique article based upon the press release, that link will be counted. A better strategy for many businesses is to reach out to journalists, webmasters, and bloggers via telephone and personalized email contacts. It helps if your press releases are professional, but easy to read, and announce a compelling product or service.
Social media is not useful for direct link building, because all of the links are rel=”nofollow”. However, the brand visibility you gain through social media can cause webmasters to build organic links to you in the future.
In addition, Google is now ranking Facebook and Twitter pages quite well for many competitive queries. It is not difficult to rank a Facebook page and use that to drive traffic to your company web site. Encourage your visitors and customers to like your Facebook pages, follow you on Twitter or Google Plus, and make sure to post updates on a regular basis. Social media posts which are interesting and engaging, even potentially viral, can significantly help increase your brand visibility.
Web 2.0 Platforms
Google appears to be ignoring both nofollow and dofollow links from “Web 2.0″ platforms like Squidoo, Hubpages, WordPress.com, Blogger, etc… However, much like social media sites, pages on these domains can be relatively easy to rank — even for competitive search terms. You can build pages on these platforms and use them to drive traffic to your business site. You can also use these platforms as a reputation management tool by using them to dominate the entire first page of search results for your brand name.
Link trading is very difficult for Google to spot algorithmically and scalably. The trouble with link trading is that most people who trade links will trade with anyone, which means they are most likely already blocked from passing PageRank and relevance. In link trading, you only want to trade links with webmasters who are extremely selective in who they will link to. This makes effective link trading extremely time consuming.
Google hates link buying and will penalize you for it, but it can work extremely well. Much like link trading, the trouble with link buying is that the vast majority of link sellers are already blocked from passing PageRank and relevance. Link buying usually only works if you buy links from a webmaster who does not sell links. It’s a bit of a Catch-22. In practice, it means that link buying is very time consuming and difficult to scale. In addition, being caught buying links can seriously damage the reputation of your brand. Proceed with caution.
Knowing what works and what doesn’t allows you to avoid wasting time and money on ineffective strategies, and instead focus on what will create actual results. Quality and human engagement will typically trump quantity, so an effective Internet marketing strategy will be a combination of pure link building and relationship building which may result in quality links indirectly, as a desirable side-effect.
Take these suggestions into account when planning your Internet marketing strategy or evaluating SEO service providers, and do your own research to remain informed about the actual effectiveness of any given strategy.
We maintain a forum at http://forum.webhostingbuzz.com to serve our customers, to facilitate to discussion and to use as an occasional announcement platform. Of late, it has been largely redundant due to our updated status platform and our increasingly popular Facebook, Twitter and Google+ channels. But the forum generally sits there, minding it’s own business and getting the odd post from some of our older customers and generally those that don’t talk to us on social media. I still check the forum on a daily basis, as do a number of my team.
vBulletin & spam
vBulletin, the forum platform we use, does horde a dark and dirty secret. It is a very attractive forum for spammers to target and attempt to use for link building techniques. It is important to note two things;
- vBulletin has tried had to bring in anti-spam measures to make forums harder to spam. These generally seem less effective than WordPress, but many of the vBulletin spam is done by real people that can circumvent automatic checks
- Google has long since banned these link building techniques and they’re more likely to get you a penalty than do you any good
Nontheless, on an almost daily basis, we have to remove spammy forum posts. Sometimes these are attempts at links, despite us having a minimum threshold before a link is activated. And other posts are weak attempts to boost post counts to a level where a member can actually post links. Most of these spam bots or spam humans stop posting before they reach this level, or we catch them in the act.
But one thing we don’t do is moderate forum registrations. We get a lot of people that register on our forum that never visit or post. I guess that it’s a PageRank 6 forum helps and makes it attractive for these link spammers.
Today, for the first time, we received a link removal request from a company that has previously spammed our forum.
Link removal request received from a forum spammer
We generally don’t hold grudges. The IP of the forum spammer, mentioned in that link, traces back to an ISP in Pakistan. So my assumption is the company requesting the link removal either hired this person, or hired an SEO agency that used this person in the hope of artificially inflating their rank. Many people, us included, have fallen foul of so called ‘SEO Agencies’ offering supposed white hat techniques. But this particular forum spammer registered just 1 year ago back in April 2012. This was well into evolved Panda and Penguin territory so there’s really no excuse to be practicing such poor link building techniques.
I feel our offer is fair. It takes time to remove these spammy links but more importantly, we’ve spent a countless amount of time trying to keep our forum clean. Let’s see if they take us up on our generous offer. Updates will be posted here.
Google unveiled a number of changes to it’s Cloud Platform at Google i/o yesterday. One of these major changes is the availability of the PHP runtime on Google’s cloud, allowing you to run the likes of WordPress from Google’s cloud. Google even mention WordPress as an application that Google Cloud is designed to support. But before everyone runs off to host WordPress on Google’s cloud, its important we do some further digging into the benefits/disadvantages of hosting a WordPress blog on one of the big public clouds.
Why is Google building a cloud platform? It is a rhetorical question but let me answer with an image.
Amazon Web Services market share (courtesy of OnApp)
Google’s cloud is a direct competitor to Amazon’s AWS. Both Google and Amazon have hundreds of thousands of servers hosted around the world at various international datacenters. Amazon originally used this huge infrastructure farm to support Amazon.com operations around the globe. But in 2006, Amazon saw the value in using the technology they’d developed for their own website for a big public customer cloud and thus, AWS was formed.
AWS has evolved from being a more of a hotshot among the developer community owning more than 80% of the public IAAS cloud market. Many businesses, from big to small, rely on AWS to power their websites, their applications and their critical business systems. A pay as you use, fully scalable, fully redundant cloud with no capex costs is most web businesses every dream. No more 6 or 7 figure server hardware purchases with no guarantees that all that server capacity will actually be used. And Bloomberg recently published a fascinating article on how Netflix’s operations are powered by AWS. Netflix believe they understand AWS even better than Amazon do and better leverage the resources that it offers. Ditlev Bredahl’s recent presentation at the Dell Cloud Summit in London shows just how big AWS is.
It’s easy to see why Google wants a slice of this action. And in Google’s recent announcement, Google talks about ushering in the next generation of computing.
But what does this mean for the regular WordPress webmaster? For the small or medium business that does not want to deal with the complexity of the pricing platforms of AWS or Google cloud? Or for the vast majority of webmasters and web users that want a friendly support team to help then when they encounter difficulties? While there’s no denying that the likes of AWS and Google Cloud are great for developers, great for applications that require infinite scaling up/down of compete resources and great for businesses that need vast amounts of worldwide infrastructure at their immediate disposal, there’s plenty of reasons to stay away from these big public clouds. And I’ve identified 4 of them here:
- Ease of use
- Customer support
The real benefits of hosting from a true hosting company
My goal here isn’t to sing our own praises. I know that we’re good. I also know that some of our competitors are good, and I commend them for being so. We’re in this battle against AWS and Google Cloud together. And the following points I make apply to any good hosting company that puts its customers first.
The real cost of AWS or Google Cloud
AWS is expensive. Google Cloud is expensive. It has a fixed price per app per month for the paid version ($9 per app at the time of writing). On top of this, you pay per hour for front-end instances ($0.08/hour). You pay for storage ($0.24 per GB) And you pay for outbound bandwidth ($0.12 per GB). Confused by the pricing model? It’s easy to see why. But lets work with Google’s numbers to see just how expensive it would cost to host a moderately busy WordPress blog. Let’s assume:
- Average blog size of 10GB (includes some large photos/images and rich media)
- Reasonably busy using 20GB of bandwidth per month
Some quick math shows that with Google, this will cost:
- $9/month for the application
- $2.40 / month for the storage
- $2.40 / month for the bandwidth
- A total of $13.80 per month
Most web hosts have WordPress compatible plans around the $5 per month mark with considerably more storage and bandwidth. Need cloud redundancy? It’s not something we offer (this is coming summer 2013) but other reputable hosts offer this for under $10/month with considerably better offerings than Google’s cloud. And there’s more to come…
What happens when you get a traffic spike? On a typical shared platform from a reputable host, you’ll have plenty of room to grow. At WebHostingBuzz, we leave at least a 50% overhead on shared servers to cover traffic spikes. And pay more for cloud hosting and you’ll be able to scale across multiple machines.
So what about the extremely busy WordPress blogs? Webmasters have several options. From my figures above, you can determine just how much it would cost to host with Google. And AWS is similarly priced. One alternative is WordPress.com, who have a VIP service, costing thousands of dollars per month. But a more cost effective option is to choose a true web host offering a range of products and can suggest one to meet your needs.
Let’s say your busy WordPress blog does 10,000 GB of bandwidth each month. That’s the amount we include as standard with any of our US-based dedicated servers, and one well configured dedicated server can easily handle this much traffic when managed by a competent team of system admins. Our entry level server costs just $139 per month. Pushing that much bandwidth on Google’s cloud would cost a whopping $2400 per month! That’s enough to buy 13 of our entry level dedicated servers. If you want to buy 13 dedicated servers, just get in touch! We’ll happily configure a load-balanced cluster offering full redundancy and scalability in a cluster or private cloud setup
So what about at the other end of the spectrum? A trio of big cloud providers admit at the $10,000 / month level you’d be better off moving to your own dedicated servers or datacenter in this article on TheRegister. But my math above clearly shows this is true at levels below a $10k/month spend.
Reliability and outages
One of the most common advantages cited by public cloud advocates is reliability. And while in theory, cloud should be more reliable, it isn’t always the case. Cloud, by abstracting the hardware, means that any individual hardware failure should not impact on the service delivered by the cloud instance. Other physical machines take over from the failed machine. And the customer / visitor / developer never even notices that one of the physical machines has dropped off.
In principal, this is a great idea. And a lot of the time it works. The problem is when it doesn’t work, a failure isn’t just a server reboot or a hard drive swap. It’s a catastrophic failure, affecting tens of thousands of applications/websites and impacting millions of customers/visitors. AWS had 3+ major outages in 2012, detailed by Wikipedia. Google has also had it’s own fair share of problems.
This is actually one of the reasons we have been slower to the market with our own cloud products. Cloud has been on our radar for many years. We’ve done an unprecedented amount of testing covering different hardware/software/virtualization stacks/closed source/open source and more. For a team of our size, about 45 people, this has been a huge investment in R&D. We’ve tested all of the major cloud platforms. We’ve tested more hardware than I can count. And it means that when we do launch, we’re highly confident of just how reliable our cloud will be. And we’ll also have tried and tested procedures to deal with emergencies.
I mentioned the cost of $2400 per month in my comments on the real cost of cloud. This figure gets into the ballpark of where we can configure a load-balanced redundant cluster with CDN integration, attached to a 100% uptime SLA. This is one of the main reasons that dedicated servers and dedicated hosting platforms are still so popular. They’re proven. They’re trusted. And traditional hosting platforms still account for the majority of the hosting market share, despite cloud’s growth.
Cloud market share May 13 (courtesy of OnApp)
So ArsTechnica, don’t write off shared hosting just yet
For $2400 per month we can also design, build and deploy a decent size OnApp-based private cloud with cost-effective bandwidth, full redundancy and great scalability.
Ease of use
Granted, AWS and Google Cloud don’t really position themselves at newbies and novices. But even for more advanced web professionals, the sheer amount of products and their options offered by the big public clouds can be confusing. Add in the pay per use component pricing platform and it is overwhelming. I’ve had many a seasoned WordPress webmaster / blogger say to me how confusing AWS is. And in my mind, Google is opening a can of worms by suggesting WordPress can ‘easily’ run on it’s cloud product. I have not personally tested this (yet) but plenty of users are complaining how difficult it is to get WordPress functioning using Google’s closed PHP service and custom SQL server (no MySQL).
How do us traditional web hosts compare? Many of use use cPanel. We do, we’re a distributor. And cPanel powers almost 80% of websites hosted in the US. We, and some competitors, use a clever little application called Softaculous that allows you to install WordPress in just 1 click. It takes less than 5 minutes to install and configure a WordPress blog on any shared, reseller, vps or dedicated server that has Softaculous installed.
And here’s the real kicker. This applies to the reputable web hosts that I keep mentioning, and includes us. I’ll use us as an example; around 35 of our 45 employees are in customer facing roles. We understand that our value proposition is being here to help you online. Whether that’s helping you put your first website online, or whether it’s helping your website grow and evolve, it’s what we do. It’s part of our DNA.
With Google’s new Cloud, their $9/month paid option does not include support. Pay for their premier option (which starts at $150/month) and you get “Operational Support”. Just what is operational support? What does it cover? How fast do you get a reply? Do you have piece of mind that if something goes wrong, someone’s got your back? I doubt it. On the other hand, WebHostingBuzz customers do. Just look at a Tweet a few days ago from a popular blog, a WebHostingBuzz customer, who had an issue with his server. You can see the Tweet at https://twitter.com/AndrewGrill/status/334299776277434368
AWS’s support is expensive. Fast responses are guaranteed if you spend a serious amount of money with them. The full pricing breakdown can be found here, but to summarize, pay $49 per month for the Developer edition and you get a 12 hour response time. 12 hours? Anything above 30 minutes in our support system raises an orange flag for urgent attention. Anything above 60 minutes raises a red flag for immediate attention. And this isn’t counting our 24×7 Live Support where you get a response in seconds and minutes.
We’re not the only host with great support. Some of our competitors place similar pride in going above and beyond in supporting their customers. And unless you are Netflix, you’re never going to get the same level of support and attention from AWS or Google Cloud.
Don’t write off shared hosting yet. Definitely don’t write off traditional web hosts.
For most normal WordPress users and bloggers, a typical web host will offer a lower price, a better customer experience, better ease of use and much better customer support.
And cloud. It’s great. It’s come a long way since 2006 and continues to evolve. I’m a firm believer that web hosts deploying and maintaining clouds will provide a more useful service for the average joe than huge conglomerates. And that includes WordPress. So stay tuned for a series of posts covering our thoughts on this in the run up to our own cloud launch.
An interesting new blog platform is just around the corner. Funded through a KickStarter project, Ghost aims to simplify the blogging and publishing world. While WordPress now aims to be a full web operating system and a powerful CMS, Ghost is solely aimed at bloggers. Projects like this that cross our hosting radar are always interesting.
Ghost Blogging Platform
In Ghost’s case, we’re particularly interested because:
- Around 55% ofthe sites we host are WordPress
- WordPress is great but it isn’t for everyone. There are security issues if the base install and plugins are not regularly updated. We do make this easy through our 1-Click installer and updater (Softaculous) but it can still catch people out
- WordPress is simply too complicated for some of our audience
- The amount of options, plugins, themes and more that WordPress has can be overwhelming
Just to be clear that I have nothing against WordPress. I use it for some of my personal sites, we use it for our WebHostingBuzz.com blog (i.e. this one!) as well as for the WebHostingBuzz.co.uk Blog, and we host some of the most popular blogs in the world. A couple of these include NevilleHobson.com and LondonCalling.co - both highly ranked by Cision for readership and influence.
Ghost, however, promises to shake up the defacto blog platforms and should offer a viable WordPress alternative. Mr O’Nolan, Ghost’s founder, is well qualified. He’s:
- Built WordPress sites since 2005
- Worked as deputy head of the WordPress UI Group from 2009-11
- Helped design and develop the WordPress user interface
- Spoke at conferences all over the world about designing in WordPress
Ghost’s funding on KickStarter has also raised eyebrows. Ghost initially sought £25,000 which was quickly met, leading to Ghost going for a revised funding goal of £250,000. Given the tech press coverage Ghost has received from the likes of Wired, Forbes and TechCrunch, it seems highly likely that Ghost will meet this higher target. At the time of writing, £123,996 has been pledged towards the £250,000 total (50%) with 12 days still to run.
So what about Ghost and WebHostingBuzz? And Ghost web hosting?
We reached out to Ghost to express our partnership interest. It seems like we missed the window for the early-stage partner opportunities but we’ll closely monitoring developments, and Ghost has our contact details. Ghost talks about a cloud version of the product and how it will solve some of the ‘complications’ associated with self-hosted WordPress blogs. We assume (and hope) that Ghost does not discount a self-hosted version. We know as well as you do, most WordPress hosting complications are as a result of poor hosting service and not the principal of self-hosting. In fact, if Ghost bring a carefully moderated platform in which tested themes/plugins are approved and suggested to Ghost users, many of the problems that WordPress users face would be solved. I’m advocating a system as closed as Apple’s, but something better than the Android-esque approach used by WordPress would benefit users and web hosts alike. It’s very easy to develop a poor WordPress plugin then buy some positive reviews on Fiverr. People then trust this plugin assuming these reviews are legitimate. And this is where security problems start.
When more details of a self-hosted version of Ghost surface, we will do plenty of groundwork to insure our hosting platform is fully compatible. We’ll quickly look to build a 1-click / auto-installer to make Ghost installation simple for our clients. And our team will conduct an intensive Ghost training course upon launch, guaranteeing we can support Ghost to the level we and you are used to.
Ghost is still a few months out. More information on their timeline can be found at http://www.kickstarter.com/projects/johnonolan/ghost-just-a-blogging-platform#faq_58417
I’ll close by wishing John and Ghost the best of luck!
We’ve been busy enhancing our dedicated server range both sides of the Atlantic. Launching this week is our new Dallas, TX based range of 2x CPU Intel Xeon E5-2620 series servers! These powerhouse servers each come with 2 of the latest Intel E5 CPU offering 12 physical cores (24 with HT) of pure processing power. It doesn’t get faster than this!
Intel Xeon E5 CPU
The full configurations we are offering are:
Dual Intel E5-2620 SATA
- 2 x Intel E5-2620 CPUs – 12 x 2.0Ghz with 15MB Cache
- 32 GB DDR3 ECC RAM
- 2 x 1000GB SATA Hard Drives
- 10,000GB Bandwidth
- $439 per month with free setup
Dual Intel E5-2620 SSD
- 2 x Intel E5-2620 CPUs – 12 x 2.0Ghz with 15MB Cache
- 64 GB DDR3 ECC RAM
- 2 x 256GB SSD Samsung 840 Pro Hard Drives
- 10,000GB Bandwidth
- $539 per month with free setup
These will be appearing on our dedicated server page shortly. In the mean-time, please contact email@example.com to order. Stocks are limited so act now. P.s. do check our prices against our competitors and see just how competitive these servers are!
We’ve rounded another busy week here at WebHostingBuzz. And as you may know, there’s always something new in what we’re doing.
Today we’ve got great news for our customers as well as for everyone who in some way or other is a part of the WordPress Community. We’ve been always very welcoming and open to WordPress users, so drum-roll…
And meet wpXtreme – a breath of fresh air in your WordPress experience!
WebHostingBuzz has partnered with wpXtreme – a company that knows WordPress since it was born back in 2003.
So what is it all about? Go ahead and check them out, but we’ll give you a sneak-peek anyway
It’s a free plugin providing access to WPX Store, from where you can install top quality plugins and themes for your WordPress website. Each and every plugin and theme in WPX Store goes through a multi-step validation process, ensuring quality and always up-to-date products.
Have I mentioned that WPX Store has free stuff in there? Well, now that you know – go give it a try, it’s super-easy (and free) to get started.
We’re going to share our own experience with wpXtreme soon, so stay tuned.
One of the easiest content management systems to set up and use is WordPress, the largest self-hosted blogging platform in the world, powering more than 60 million websites worldwide.
That fact may be a key reason why WordPress is in the news right now as the subject of a large-scale attack from a huge number of computers from across the internet – known as an automated botnet attack – attempting to take over servers that run WordPress.
Some are saying that this current attack is the precursor of a botnet of infected computers vastly stronger and more destructive than those of today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.
WordPress’ popularity comes at a price in a situation like this, as a perceived vulnerability in the platform’s ease of use is weak security by users.
That weak security typically means continuing to use the word ‘admin’ as a user name – this is the default administration account that’s created when you first install WordPress – along with a password that brute-force attempts to guess are likely to succeed, which is what’s happening with this attack.
If you’ve disabled the default ‘admin’ account in your WordPress installation – or, even better, you’ve deleted it – and have something else in its place as the main administrator of your WordPress dashboard, that will likely take you out of the immediate target area of the attackers.
And if you’ve set a strong password – at least eight characters and in a combination of upper- and lower-case letters along with numbers and extended characters – you’re in a good position to be passed by if or when a botnet comes calling at your WordPress front door.
Don’t be complacent, though – this attack serves as a great reminder that securing your WordPress blog or website so that no one can get into it unless they’re invited is something you do need to be sure about.
So what can you do to make your site secure enough right now to deter such attacks in the future?
First, make sure you have the latest WordPress version installed. As of today, that version is 3.5.1.
If you still have an administrative user called ‘admin,’ there are two steps to take:
- Create a new admin account with a different name and give it a strong password.
- Delete the ‘admin’ user account; during that procedure, you’ll be asked by WordPress which other account should you assign posts, pages, etc, created by ‘admin’ to. Choose the new admin account name you just created.
Next, enable two-step verification for each user in your WordPress account. The simplest such service for a WordPress user to install and implement is the open source Google Authenticator. If you have that enabled for your Google account, or other services such as Dropbox or Amazon S3, then you’ll be familiar with how it works.
And you’re in luck for your self-hosted WordPress site as there’s an excellent plugin that sets it up for you – Google Authenticator plugin for WordPress.
Grab it now, either by downloading it from the WordPress plugin repository or installing it via the ‘add new plugin’ function in your WordPress dashboard.
You’ll need the free Google Authenticator app for your smartphone in order to use this security feature. There are versions for Android, Blackberry and iOS.
And if you then follow the excellent “How To Enable 2-Step Authentication On Your Self-Hosted WordPress.org Site” guide published last week by Techfleece, you’ll be up and running in no time with a WordPress site that will give you more peace of mind than you had before.
In my view, this is the bare minimum you should have set up in your self-hosted WordPress site that gives you a good level of security for your peace of mind. It would make it more difficult to hack into your site.
There’s a lot more you can do as well including steps to take to better secure the server on which your WordPress platform is installed. There’s a great tutorial on the WordPress Codex that can tell you more.
Don’t let spammers, hackers or botnets mess up your presence on the web. You can be secure.
As you may already be aware, the brute force attack on one of the most popular CMS worldwide – WordPress, is still in progress, and has reached world-wide scale. The consequences of this attack are seen not only by our company but by basically any company that provides hosting for WordPress sites. As a rule, we are able to address or filter similar attacks without much trouble, but the current situation is different in scale and the level of resources invested into it.
At the moment, we have taken a large number of measures to mitigate the results of this attack, but the situation is worsened by several facts:
1) first of all,the attack is launched from spoofed IP addresses, and blocking these IPs doesn’t have any long-term effect;
2) the attack’s algorithm is extremely sophisticated, and is constantly evolving: all our attempts to reduce the consequences of the attacks which were functional an hour ago, are reduced in effect by each new evolution and change in the attack’s pattern;
3) the amount of compromised websites grows with each day (mainly websites with weak or default passwords and login credentials), malicious scripts are uploaded to these sites, and these scripts cause a highened network activity and system resource consumption, which influences the function and speed of all services of a hosting server.
We are constantly monitoring the current situation, and implementing the necessary countermeasures to pro actively deny the attackers the opportunity to compromise the WordPress installations located on our servers, but we’d like to ask you to peripherally assist us in mitigating this difficult situation.
What you can do:
No in-depth technical knowledge is necessary for this. Below, you can find a directive which will allow you to increase your WordPress websites’ security, and lower the summary load conditions on the hosting server, caused by the brute-force attack on WordPress installations, through a complete access filtering to your WordPress dashboard login interface for third-parties, and allow access to this interface for your IP address and the IPs of your users, only. This is a useful security measure not only during the current brute-force attack, but also at any given time, since it strongly increases the difficulty of compromising your WordPress site’s admin area. We’d like to point out that the directive listed below will limit access only to the dashboard login interface of a WordPress website, and not the website as a whole, or any other of it’s components.
All that must be done is to add the following rule to the beginning of the “.htaccess” file, which is located in the directory with your WordPress site:
Deny from all
Allow from xxx.xxx.xxx.xxx
“xxx.xxx.xxx.xxx” – this is your IP address, which you can find by simply visiting this website. Please indicate the IP you see there instead of xxx.xxx.xxx.xxx.
We also strongly urge you to set a difficult-to-guess password for any admin users you may have, and update all components of your blog, including the WordPress engine itself, and all installed plugins, in a timely manner.
You can also find useful information on securing your WordPress website at the official WordPress site.
As always, we are here for you:
If you encounter any difficulties in implementing the measure suggested above, please simply contact our support team via our helpdesk, and we would be glad to assist you in making the necessary changes.