Web Hosting Podcast - Taking the mystery out of hosting so you can be the master of your domain.

Backup WordPress with UpdraftPlus and hide the WordPress login url with WPS Hide Login.

By engineertim | August 13, 2018

Today on episode 23 Web Hosting Podcast.

Google Chrome 68 is now out and marking sites that do not use https as not secure. We cover a great backup plugin for wordpress called UpdraftPlus, this free plugin with premium options is a great way to ensure you have a regular backup of your WordPress site. Have you ever wanted to know how to hide the login url for wordpress, we go over how to do this in this episode.

Google Chrome 68 is now out and marking sites that do not use https as not secure. If you are not using https or SSL/TLS for your site you really need to get on this. Listen to episode 13 if you are not sure how to achieve this.

On the update front, wordpress 4.9.8 was released. This is just a maintenance release which squashes 46 bugs. They have also added the ability to try the new Gutenberg editor. I would strongly caution anyone that if you plan to try it, to do so on a test copy of your site and make sure you have a full backup of your site before attempting anything on a live website.

UpdraftPlus backup plugin for WordPress

UpdraftPluse Website or the plugin page at WordPress.
Classified as “The Worlds most trusted wordpress backup plugin”
Currently lists 1.0M active installs with a overall rating of 98% for the premium version.

Free and paid “Premium” version of this WordPress plugin.
Here are the differences between the two versions:
Both of the versions do the following;
Backup wordpress files and databasess
Translated to over 16 languages
Restore from backup
Backup to remote storage
Destinations – Dropbox, Google Drive, FTP, S3, Rackspace, Email are supported
Basic email reporting
Scheduled backups
Browse backup contents in WordPress

Not included in the free version and requires a premium license;
Free 1Gb stirage for UpdraftVault
Additional Destinations – WebDAV, Microsoft OneDrive, Google Cloud, Microsoft Azure, SFTP/SCP, encrypted FTP, BackBlaze
Backup extra files and databases
Migrate / clone (i.e. copy) websites
Advanced reporting features
Automatic backup when updating WP/plugins/themes
Send backups to multiple remote destinations
Database encryption
Restore backups from other plugins
No advertising links on UpdraftPlus settings page
Fix backup time
Network/Multisite support
Lock settings access
Download individual files from backup in WordPress
Personal support
Run From WP-CLI

Cost for premium plugin version for one year. This includes update and support for one year. You can then renew after the year at a 40% discount.

Personal Plan for 2 sites – $70
Business Plan for 10 sites – $95
Agency Plan for 35 sites – $145
Enterprise Plan for unlimited sites – $195

Installation was simple, just like most wordpress plugins. Login to your wordpress install, goto plugins then add plugins. Search for updraftplus, click install and then activate. Could not be simpler. I hooked my install into dropbox, I am a big fan of dropbox but if you prefer google drive that should be just as easy. Once I connected to dropbox, I chose to do an immediate backup. This created several separate files in zip format.
1 for the database
1 for the others
1 for plugins
1 for themes
1 for uploads
This is handy for doing a single file restore, but you can easily restore the entire backup with a single click.
Next you want to schedule your backups. Go into the updraftplus settings, wordpress -> settings -> updraftplus backups -> settings. You will want to choose a files backup schedule and a database schedule (See Pic).

For being a 100% free backup utility, I would highly recommend this. If you need additional features, then the $70 Premium version might be worth looking at for 2 sites. I am also very fond of backups, they have saved me my sites many times. Updates go wrong, sites get hacked, a simple backup and restore is a much needed wordpress website tool that everyone should have in their toolbox. If you do not have a one click installer like installatron that does regular backups, then this is the tool to use. Even if you are using the free version of managewp.com, this will come in handy. Add them all together, like I do, and you should have all of your backup needs will be taken care of. Do not rely on any web host to do the backups for you, I can’t stress this enough. Take this critical step into your own hands and do it right. If you decide to use managewp.com services, make sure to use the coupon code WHPOD to get $10 applied to your balance after you enter your paymen details.

Change login url for wordpress with WPS Hide Login.
WPS Hide Login
This is a great way to add additional security. This simple step keeps the commonly known wp-admin/wp-login URL hidden by using a URL of your choice. By hiding the login page, you help prevent brute force attacks from happening and increase the security of your wordpress website.

It is simple to setup the WPS Hide Login plugin from inside of wordpress. Before you make any changes to wordpress always be sure to get a full backup first. You can use UpdraftPlus, ManageWP, or any other method to generate a full backup of your site. Once the backup is done and safe, login to your wordpress site and go to Plugins -> Add New. In the search bar type in “WPS Hide Login” and click on the “install now” button, then click activate after it is installed. Once activated goto Settings -> WPS Hide Login. Here you need to choose the new URL you will use to login to wordpress. Make this something specific that you will know and remember. When using this URL you need to ensure you include the trailing “/” when accessing it. Otherwise you will end up with a 404 error message. Now that it is active, make sure nothing on your site has broken.

Podcast: Play in new window | Download

Share1

1 Shares

IDNS deceptive practices, IGTV is now live, cPanel now supports git.

By engineertim | July 16, 2018

Today on episode 22 of Web Hosting Podcast. iDNS misdirection, this is a public service announcement for the alleged service provided by iDNS. This company may send out actual mail to you in an attempt to trick you into renewing your domain name with them. IGTV (Instagram TV) is now live, did you even notice? cPanel now supports git.

IDNS

IDNS is a company that sends out actual mail when your domain is close to renewal. IDNS, or Internet Domain Name Service, sounds pretty official and the letter looks even more official. However this is not a bill and is an attempt to trick you into moving your domain to their registry. This letter looks so official that it has tricked many people into sending them money. IDNS, sends out these letters in an attempt to trick you into paying their exorbitant fees for domain renewals. A standard domain renewal from a legitimate company is averaging $10 for a .com, however IDNS tries to get you to pay $45 for each domain. This is then compounded by a fee if you want to move away from IDNS. I think we will start to see fewer of these letters since the GDPR is in place and effectively hides some of the required information IDNS needs for these mailings. If you get one of these letters be sure to send it to the shredder. Here is what these letters look like.

Git on cPanel

cPanel 72 now allows you to host git repositories as part of your cPanel account. This is great news for those of us that need to use git to share and track files.
From cPanels documentation page.
The Git™ Version Control feature allows you to easily host Git repositories on your cPanel account. You can use Git to maintain any set of files (for example, a website’s files and assets, a software development project, or simple text files). Here is a link to cPanel documentation. We will likely discuss Git in a future podcast episode in more detail.

IGTV

IGTV is part of Instagram or Facebooks attempt to bring video to the social media giants platforms. This is very different than the current use of Instagram stories which are only limited to 15 seconds and expires after 24 hours. IGTV allows users to upload videos up to 10 minutes or 1 hour for verified users and these do not expire after 24 hours. This medium, in my opinion, is very different than having a youtube channel. IGTV is really trying to go after the “In Real Life (IRL)” moments, where youtube is more of a “produced” format. That is not to say you can’t do produced video on IGTV, it is just not as easy of a workflow. IGTV and Instagram in general is for a cell phone viewing audiences where the viewing device is vertical. Being mobile first is Instagrams strong suit. As it is mobile views account for over half of the current watched content online and is expected to grow to 78% by 2021.

Why is IGTV important for you or your business?

I was very doubtful about IGTV at first. I watched some videos from people I follow and watched some information on IGTV on youtube. It took me a while to see the potential and understand what all the excitement was for this platform. The vertical format is very hard for me to get use to, I do prefer the tabloid viewing option of youtube. However, putting all of the issues I have aside I think this is a great platform for businesses or personal. Almost everyone is going to have a cell phone and that is all you need to get started. This makes the starting cost nothing, granted you can do the same thing with youtube but I think most people expect a higher quality video on youtube. Starting up a IGTV channel is super simple. Just go to instagram.com, login and click on the IGTV button, then click on the “get started” button. From here you have to create and setup your channel. This is just like setting up a youtube channel. Once this is done you can start uploading your content. Make sure your video is in the vertical format. You can also make a custom thumbnail for your video, along with a title and description when you upload.

Currently Instagram has reached the 1 billion monthly active user total. That is billion with a b, per month. Put that in perspective. If you are able to reach 1% of 1% of those users, that is 100,000 new customers for your business. Since this platform is very new, you can get ahead of your competition by putting out great content. Here are some ideas you could try.

Video about you and your business. Make sure to include any social media links, website links, etc..
Micro vlog. Instagram is perfect for doing a small micro sized vlog series. You could show behind the scenes elements of your business.
Public Service announcements. These could be short snippets about product awareness or new items you are offering on your storefron.
Flash sales. Test your Instagram reach by having a flash sale only through Instagram.

These are just samples of ideas, but I think you get the idea. I am planning on using IGTV for podcast promotion and public service announcements for security and product updates. So follow me on Instagram so you can get notifications of new videos.

IGTV Specs and info:

Podcast: Play in new window | Download

Share2

2 Shares

PCI DSS Changes to TLS and Chrome 68 marks sites as not secure.

By engineertim | July 5, 2018

Today on episode 21 Web Hosting Podcast. PCI (Payment Card Industry) changes that have come into affect. These changes make a dramatic shift to the encryption standard that you may not be aware of. If you are on a older operating system, and even some new ones, you may be left out in the cold and unable to get email or see your website. Chrome 68 is coming this month and if your site is not using https, then your visitors will start to see a “not secure” message. Moving your site to https should not break your budget with free SSL (AutoSSL) by cPanel.

What is PCI DSS (Payment Card Industry Data Security Standard)?
Payment Card Industry Data Security Standard applies to companies of any size that accept credit card payments online. If you accept credit cards as a form of payment for anything online, then you need to host your data securely with a PCI Compliant hosting provider. This is not the same as accepting PayPal payments on your website. This is strictly for credit card payment processing. Normally this is done through a payment gateway like authorize.net or others.

PCI DSS (Payment Card Industry Data Security Standard) changes for this year.
Primary change of interest happened on June 30th, 2018. This change made old and outdated forms of SSL/TLS no longer secure by standard. What this means is a higher level of encryption is now required if you are doing any form of credit card processing. This change has the potential to block out users on old outdated operating systems. It will also have the potential to disrupt your email workflow if you are not up to date on your email application. All forms of connections should be using a minimum of TLS 1.2. This means http(s), email, and ftp(s) have to be using TLS 1.2 to make a connection.

How this may directly affect you and your customers.
TLS 1.2 is a pretty old standard (2008), with TLS 1.3 on its way. However, some operating systems do not support TLS 1.2. This includes computers, tablets and phones. If you are currently not using a updated operating system, then you may not be able to send or receive email through your PCI compliant host. This is the most typical scenario I have seen. Most browsers have supported TLS 1.2 for a number of years. However, it has only been recently that IOS, for example, has supported TLS 1.2 in their own mail app.

What to do if you can’t get email or visit your site anymore.
Ensure you are running the most recent version of your operating system of choice. This means upgrade to Windows 10 or the latest Apple OS X. Simply updating Windows 7 to its latest release is not advised. You really need to run the latest operating system version. This also goes for any tablets or phones you may have. Once the latest version is installed you will likely not have any problems. For supported browsers for TLS 1.2, Firefox, Edge and Chrome support the latest TLS standard. For email clients, mail.app (on latest version of OS X 10.13) thunderbird and windows 10 mail.

Chrome 68 will start showing “Not Secure” for sites using http:// this month.
This should come as no surprise to anyone that develops sites or owns their own site. For the past 2 years google has been warning people that this day was coming (queue ominous music!). Google has even said your SEO ranking will suffer if you are not using https:// on your sites. If you are still some of the minor few that have not moved to https for your site, do not delay any longer. Web Hosting Podcast has discussed in many episodes how to use a free SSL certificate if you are on cPanel called AutoSSL. This is a SSL certificate process that is 100% free and will allow you to move to a more secure https. Gone are the days of having to purchase a SSL certificate every year, there really is no reason to not be using https for your site today. For more information on AutoSSL listen to these previous Web Hosting Podcast episodes.

Here, here and here

Podcast: Play in new window | Download

Share1

1 Shares

Beginner steps to launching a new website.

By engineertim | June 19, 2018

Today on episode 20 of Web Hosting Podcast. Beginner steps to launching a website. We will cover all the steps needed to go from concept to launch, for the beginner. It is now easier than it has ever been to get a brand new website online and serving content. Have you wanted to make the jump and have your own website? Follow along and learn how to get your own website online.

0. Brainstorm
Choosing the purpose of the website, whether you are going to sell something or just blog, is an important step. This will likely direct your choice on a domain name to use. After all, you want your domain name to reflect the sole and purpose of the web site you are going to launch. Outline and brainstorm what you are going to do with the site first. This includes things you may do later after launch. For example, if you are just going to blog now, but think you might like to sell some merchandise later on. Take this into account and write it down. Don’t leave any detail out. This process will also help you decide what software to build your website with.

1. Domain name.

Your domain is your site address or URL. For example, webhostingpodcast.com is my domain. A domain should be easy to remember and not very long. After all, you don’t want your visitors to have to remember a long confusing URL. For example, webhostingpodcast.com is long but a memorable and easy to remember name. However, the-greatest-web-hosting-podcast-of-all-time.com would be very hard to remember and contains characters that are diffficult. I normally recommend that you not use odd characters or misspelling in domains, unless you have to. This makes it harder to remember.

Domains have to be registered and purchased. This is more like a lease than a purchase. You have to renew the domain every time it comes up for renewal. This could be every year if you chose to register the domain for 1 year. Ultimately it depends on the length you decide. Domains can vary in price depending on what you choose. Typically they are about $14 per year.

2. Hosting.
Hosting is where your site lives and is served from. A good web host is key here. Do not skimp on choosing a great and dependable web host. Often, you can purchase your domain and hosting at the same time. But be aware of the potential hidden costs of doing this. A lot of times a host will give you a free domain for signing up for web hosting. Looking at what the cost to renew that domain per year is important. You don’t want to be surprised when you get a domain renewal charge. There is nothing wrong with registering your domain with one company, and hosting your website on another. You just have to remember that you will have 2 different bills. You can also use a online website builder like, wix, weebly, squarespace or blogger. If you don’t want to have your own personal domain (URL) then these might be a logical choice for you to put some online content. However, if you want the ability to fully customize and optimize your web site along with email, ftp, and other services, then web hosting will be needed.

Also, keep in mind that the actual website software you choose may affect your choice of host. If you are using wordpress, which most people do, then you will want to find a web host that is well equiped and educated about wordpress.

3. The website itself.
Most people starting out will want to use something simple. I highly recommend that you use Worpdress to do this. It is by far the number one blogging platform, but it does so much more. If you want to sell trinkets online, there is a plugin for that (woocommerce), if you want to do photo blogging there is a plugin for that (NextGen Gallery). If you can think of it, then there is likely a plugin for it. If you want to change the look of the site but are not a coding expert, you can just add a new template (these are the wordpress of themes). There are hundreds and possibly thousands of free templates available to change the look of wordpress, just check those ratings before installing anything you find.

If you have chosen WordPress for your site, then you likely will want to choose a WordPress specific host. These are hosts that have trained staff to help you sort out issue. Their servers are optimized for WordPress sites. They often have a simple way or even a automatic way to install WordPress as well as keep it updated automatically. These are the things that often trip people up and make you want to pull your hair out or shut down your website. You take your car, likely, to a certified mechanic when it has issues. Do yourself a favor and take your WordPress site to a Worpdress specific host. There are a lot of them out there to choose from that are reliable and knowledgeable.

For those that want a no fuss site and want to use the online site builders, here are a few that I have used in the past. Keep in mind that this will not give you the ability to have email on your domain. This means that @thedomain.com email addresses will not be available to you without doing more work and spending more money. You will still need to sort that out by using google or other means.

These are free or paid options that do not require a domain name use them.

wordpress.com
Blogger.com
Squarespace.com
weebly.com
wix.com

Podcast: Play in new window | Download

0 Shares

Is VR, virtual reality, part of your website design strategy?

By engineertim | June 5, 2018

Today on Episode 19 of Web Hosting Podcast. Is VR, virtual reality, part of your website design strategy? You could be missing out if you are not. With the release of the Oculus Go last month, high end VR experiences have come to the masses. You can take advantage of this by including VR elements easily on your new or current website. Also a very interesting thing happened over the weekend.

A interesting thing happened recently. I was notified by haveibeenpwned.com, that my email address was seen on a hacked site. Listeners may remember that this site was mentioned in Episode 13 as one of the useful tools segment. The site happened to be ticketfly, which was recently hacked and had all of its information released. The interesting part about this the fact that I was notified by haveibeenpwned.com, before news of ticketfly being hacked was released. If you are worried about your online data, and you should be, then I would recommend taking advantage of the free service provided by haveibeenpwned.com.

What is Virtual Reality (VR)?
Virtual reality, as defined by wikipedia is : “a computer-generated scenario that simulates experience through senses and perception.”
I don’t think all experiences have to be “computer generated”, remember those stereographs from the 1800’s? To me those were a form of Virtual Reality. Also, Viewmaster, made a toy that you could put in round slides that presented you with magical worlds. These were not computer generated or had anything to do with computers.

What is the difference between VR and 360?
360 video or pictures are elements wrapped in a sphere. Think of a big bubble that you sit in where the media is projected around you in a sphere, this is 360. Virtual Reality, is stereoscopic depth, interactive elements as well as immersion. The term VR and 360 are used interchangeably, they are decidedly different. Here is a great article on the main differences from Vimeo https://vimeo.com/blog/post/virtual-reality-vs-360-degree-video

Why is VR important for your website?
Remember when everyone thought siri, alexa and google home were just fads and would never take off not to mention the iPod. Now it is reported that 55% of homes have a smart voice device. VR is in its infancy, but it should certainly not be ignore. With the release of the Oculus Go, tether free VR is available to the masses. Lets also not forget that google street view is widely used and constantly adding locations. Google is doing a great job of covering the entire world. If you have a business, you can put your location on street view which will allow your customers to view inside your business. This works on desktop, phones, and VR headsets. I currently use this to view new locations I want to visit. It might be a restaurant, board game store, or a pub.

Types of VR devices.
Google Cardboard – uses a cell phone and lenses. This is like a viewmaster type device.
PlaystationVR – Sony released the Playstation VR headset to be used with a Sony Playstation 4.
HTC Vive and Oculus Rift – These are gaming PC driven tethered headsets. These require powerful gaming PCs and are physically connected to the computer by long cables. These are the top end VR experience.
Oculus Go – This is a simple stand alone headset. It offers a great experience for users and is not tethered to any device. The purchase price is very low at $200.
Other/Windows Mixed Reality – There are a few other devices out there that require a PC that uses windows mixed reality and are tethered to the PC.

History for me of VR.
First use of a streograph as a child. These date back to the 1800’s and used like photos to simulate a 3D (virtual) picture when viewed through a stereograph. Quite a thing to see if you have never used one before.
Then I purchased a viewmaster branded google cardboard device for my iPhone.
Stepped up to HTC Vive in 2016 – still currently in use.
Oculus Go, now used almost daily as a web browser to experience new things and new places.

How I use VR now.
Playing immersive video games on PC.
Browsing the web on oculus go. There are a lot of websites that support VR and have VR elements as well as 360 elements.
Viewing Street View and virtual tours on both VR headset (Oculus Go/HTC Vive) as well as iPhone and Computer.

What devices do I use?
HTC Vive
Oculus Go
Computer Monitor

Website design use cases.
Brick and mortar businesses
Product visualization
Location tours of your establishment

Other use cases for VR workflow.

Handicapped

visually impaired

agoraphobia

Software to help you develop for VR.
Great article on software for VR website developers. Link
Vizor.io – 360 Photo Editor.
Cupix.com – Create beautiful tours in VR from photos.

Sample 360 Photo I took.

Podcast: Play in new window | Download

0 Shares

Harden and secure wordpress, using managewp.com and GDPR.

By engineertim | May 21, 2018

Today on episode 18 of Web Hosting Podcast, I continue the discussion of the wordpress hack dissection. I have been asked, since the last episode, about ways to harden and secure a wordpress install and what I recommend to do about managing updates. Also in this episode, GDPR (General Data Protection Regulation), Are you ready for the coming changes on May 25th?

GDPR New rules for EU take affect May 25th, 2018 – Official Link
The most important pieces that change here
WordPress 4.9.6 was released with GDPR specifically in mind. Release Notes

Simple ways to keep your wordpress install safer.

Keep your wordpress install updated. Plain and simple. Have a update schedule and stick to it. Some plugins need the core of wordpress updated before it will be allowed to update the plugin in question. If you are on a old version of wordpress, it is very likely your plugins are outdated as well and possibly contain exploits used to hack your site.
Don’t use plugins that are outdated or no longer maintained. These could easily have old exploits that leave you open for a hack and they will never be updated. The plugin could also be purchased by a hacker group, which has happened, and they add code to exploit your install. If you see a plugin that has not had updates for many years then suddenly has 1 update recently, be wary.
Use strong passwords and don’t use the default username “Admin”
Use a plugin to block failed login attempts.
Move wp-admin url to something else.
Ensure the PHP version you are using is still being maintained. If you are using PHP 5.x series, you really should migrate to PHP 7.x.
Use common sense. Don’t login to your wordpress site, even over HTTPS, in a shared wifi environment. This would be coffee shops, bars, the mall, etc.. Even over HTTPS, information can be intercepted.

If you are new to wordpress and managing updates, you can use an external management application that provides additional services. I personally use managewp.com for this task. It has many features (listed below) and is 100% free for unlimited domains. Best of all, well maybe not best, they gave Web Hosting Podcast a coupon code to use after you sign up. Use WHPOD after you enter in your billing details, this will apply $10 to your account so you can try the paid options for nothing.

Initial questions about managewp that I am often asked by listeners and pretty much anyone that will tolerate me talking about this product.

Q: why would i want to use it?

Q: how difficult is it to signup?

Q: do i need to be a techie to set it up?

Q: how much for basic services?

Q: how much is x feature?

Q: can i get help?

Q: Is it secure?

Current pricing for a site is free for unlimited domains. This free plan includes the following addons.

manage updates, plugins and themes
Monthly Cloud Backup
1-click login
Performance Check
Security Check using sucuri
Collaboration
Analytics with google
Manage Comments
Code Snippets
Maintenance Mode
Client Report
Vulnerability Updates
Templates

The following addons are paid options per month per site. Total price for all Premium addons is $8/mo.

Premium Backups $2 +.13 per GB of traffic.
Clone (requires Premium Backups)
Safe Updates (requires Premium Backups)
Templates (requires Premium Backups if creating a template from a current site)
White Label $1
SEO Ranking $1
Uptime Monitor $1
Advanced Client Report $1
Automated Security Check $1
Automated Performance Check $1

Plugins I currently use the paid versions of:

Premium Backup – I schedule a nightly backup to their backup location and a weekly backup to DropBox. I also use “safe updates” which allows me to perform a backup before I run a update, then verify the screen image of before and after the update to determine if I need to roll back.

Security – This allows me to schedule a scan of my site daily. This not only scans my site for issues, it also checks for vulnerabilities in plugins and checks the web of trust to ensure my site is not listed on any “not safe” databases.

Uptime Monitor – This sends me a email and text message if my site goes offline, but not only that it also verifies that a specific keyword is found on my site. This helps let me know if my site has been defaced, which would still mean it is up and online.

SEO Ranking – I paid for this just to see how it works. This allows you to set up to 100 keywords and track them for your site with SEO.

Advanced Client Report – I also paid for this to see how it works. This allows me to get a weekly report for my site. it tells me what has been updated, SEO and Analytics reports as well as security audits. It pulls all the information from the plugins active in my account and sends me a nice little report every week.

Plugins I don’t pay for.
Advanced Performance – I already spend a lot of time using pagespeed tools to get the most performance I can. I am always tweaking things. It is just easier for me to trigger a Performance Check manually since I am always in my managewp dashboard.

My total monthly cost is $6. $2/mo. for Permium Backups, $1/mo. for Uptime Monitor, SEO, Client Reports and Security Check.

Podcast: Play in new window | Download

0 Shares

Dissection of a WordPress hack.

By engineertim | May 8, 2018

Today on episode 17 of Web Hosting Podcast, Megan and I, dissect a website hack we have been working on. We discuss the how, the what and ways to prevent future hacks. We also discuss the defacement of webhostingpodcast.com and how I recovered the site so quickly. And remember those quick tips I use to run? They are coming back in a new way!

Podcast phone line 971 249 2359 is manned by me on Thursdays 9AM PST – 12PM PST. Feel free to call in and press (2) to reach me directly during those hours. If you want to just leave me a message anytime, press (1) and it will send you directly to a voicemail box.

Dissection of a WordPress hack we have been dealing with, the topics we cover are.

How we think it happened.
How we cleaned it up.
What could have prevented it.

Info on what we found from sucuri, regarding this specific website hack.

You will find the plugin I used to find that the wordpress core files had been modified. This plugin is since abandoned by automattic (the makers of wordpress, woocommerce and jetpack to name a few) but it can still be used. You need to download the hash file for the version of wordpress you are using. I would just like to point out that other external and filesystem based scans did NOT find this hack. Only by careful examination of the output of the exploit scanner were we able to find the source of this hack. It is no longer enough to just scan with one tool and think the site is clean. I recommend that you scan with multiple sources if you think you have been hacked, or if a hack keeps coming back after being cleaned. I also, and I can not stress this enough, recommend a daily backup of your website. There are many tools out there that will help you obtain a regular backup to a external location, such as dropbox, s3, ftp, or google drive. There is no reason to not have this setup for your site.

This is the plugin link
And this is the location of the hash file on github.

Podcast: Play in new window | Download

Share2

2 Shares

Opus Interactive on location interview

By engineertim | April 23, 2018

Today on episode 16 of Web Hosting Podcast, I venture out on location to talk to Shannon and Eric about their company Opus Interactive. We also now have a phone number for the podcast for you to call into.

Opus Interactive is located in Hillsboro, Oregon at the Infomart Datacenter, this is the same world class facility that Linkedin chose to house their infrastructure. Opus Interactive has additional locations in Portland, Silicon Valley and Dallas with more coming online. The Hillsboro facility is 345,000 square feet and has 24 MW (megawatts) of power. That is enough to power almost 4,000 homes according to some sources. I would highly recommend that you visit their website for more information on Opus Interactive and the services they provide.

We now have a google talk phone number that you can all into the show on. On Thursdays, from 9am PST – 12PM PST, I will be taking calls. If you have a question, idea, or just need some guidance, feel free to call the number and press 2 when prompted. This will put you into a queue that will allow me to take your call on a first come first served basis. If you would like to just leave a message, you can press 1 and I will get that voicemail emailed to me. Please make sure to let me know if I can put the recording into the podcast. If you are not comfortable with that idea, then no problem, just let me know. Since this number is a google talk number, I have no idea how well it will work. This is an experiment that I have wanted to try for quite a while, please keep that in mind.

Web Hosting Podcast Phone:
971 249 2359

Podcast: Play in new window | Download

0 Shares

How is your web host possibly failing you?

By engineertim | April 9, 2018

Megan Ferrell of websites503.com joins me to discuss,

How is your web host possibly failing you?

Security communication – security (awareness of vulnerabilities), transparency of security information. Notification of security changes in the industry that could affect you and your potential customers. This would include things like PCI, GDPR , SSL/TLS changes just to name a few.
General information – weekly or more updates via newsletter with information that is valid and current. Not just a “hello we are alive, spend money please” Can be done via social media or blog posts as well. As long as it is active!
Keeping old software versions alive – old no longer supported versions of php, apache, mysql, etc with no hope of moving off of them. Ensuring your host provides current versions of software to ensure you are running current.
No other service options – not providing services you may need to grow (marketing advice, development advice, update services, moving to SSL)
Proactive and not reactive – notifying you that your site plan may need to be increased before it becomes a problem for you. Notifying you that you are running outdated software before it becomes a big problem for you. Working with you to ensure you are taken care of before things become your problem to deal with.
Easy to contact – whether via email, online chat, slack, phone call or smoke signals it should not be difficult to get a correct answer. The support person should be proven to be industry leaders, after all you are paying the hosting company to provide professional and competent employees.
Documentation – good current documentation, knowledge base, videos

Security news!

Security updates for drupal 7.X and 8.X that are critical!
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
Drupal Info Here

WordPress 4.9.5 addresses some security and bug fixes.

WordPress versions 4.9.4 and earlier are affected by three security issues.
WordPress Info Here

Podcast: Play in new window | Download

0 Shares

Robert Indries of dgstudio.com is our special guest to talk marketing, development and hosting.

By engineertim | March 27, 2018

In this episode I talk with Robert Indries of dgstudio.com about marketing, development and web hosting.

dgstudio.com is a full service creative agency for your business brand and website.

Robert, gives some great advice about getting your marketing brand out there. He provides several tips for things you can do for free as well as what not to do.

If you would like to be our next special guest on web hosting podcast, fill out the contact form here and we will make it happen. Please be sure to include a topic you would like to discuss.

Podcast: Play in new window | Download

0 Shares