WORDPRESS 5 RELEASE DATE, SOCIAL MEDIA EXPERIMENT AND CLOUDFLARE TURNS 8.
WordPress 5 release date, Social Media experiment and CloudFlare turns 8.

WordPress 5 release date, Social Media experiment and CloudFlare turns 8.

By |
Tweet
Share
Share
0 Shares

Today on episode 26, Web Hosting Podcast. WordPress 5 gets a tentative release date. I discuss a social media experiment I tried. And cloudflare celebrated its 8th birthday in style by releasing some great new features and services.

 

WordPress 5 has a tentative release date of November 19th, 2018 Release Notes
This date could be pushed back as needed and even moved to 2019. It appears that this may coincide with the coming release of PHP 7.3, which is due December 13th, 2018. If you are currently using the Gutenberg editor plugin in your current version of WordPress, then version WordPress 5 will be familiar to you. You will still have the ability to go back to the classic editor, the one currently in use, by installing a plugin. However, there are likely big code changes that are still going to break a lot of plugins and themes when WordPress 5 comes out. Here are some things you must know before the big WordPress 5 release comes out.

1. Test your plugins and themes as well as any custom code you may be using on your site.

Option 1, for a while, there was a Gutenberg database of listed plugins that you could use to validate your install. This project has since been abandoned and is no longer maintained. The CSV file is still available to download, but it is likely very outdated. Use with caution as it might not be complete or current. Download CSV here.

Option 2, copy your current website to a staging url. Something like test.yoursite.com or dev.yoursite.com. Then activate the Gutenberg plugin. You will then need to manually test every plugin and theme you use. This is a very tedious task and is fraught with perils. You really are going to need to know what you are doing. I would recommend, if you plan to try this, to disable all plugins and set the theme to a default theme after you copy/clone your site to the staging environment. Then one by one, make sure your plugins are updated and then activate them and test. If you find a plugin that does not work, then you may have to start over unless you know how to debug plugins or deactivate plugins using ftp/sftp methods. Once you are completed with the plugins testing, then I would update and activate your theme. You will have to test again and again after each and every change. This sounds like a monumental task, and lets be honest it is, but it is something either you or your developer really needs to do. The last thing you want happen is for your site to be updated and then break.

2. Make sure you have a full and complete backup of your WordPress install and you know how to restore from it. I can’t stress this enough at this point. If you do NOT know how to make a backup or do a restore using the backup, then you or your developer need to get on this. I mention backups in almost every episode and it is very very important that you take this step seriously. If your site automatically updates and things break, there is likely no way to go back to a previous version even if you try the classic editor plugin, your site may still not function as expected or just not render at all. There are dramatic code changes in a major release that my just not work, even in classic mode.

Before hitting that update button on WordPress 5, make sure you have all your options thought out. Backups, any testing needed, a good developer on standby and a restore plan. It is very likely that a large number of installs will break and your web host of choice will very likely have their hands full. They may not even help you at all without charging for it. So be prepared for the worst and work backwards from there.

Social media

Top social media platforms in the U.S.
Facebook – 2 billion active monthly users
YouTube – 1.9 billion active monthly users
Instagram – 1 billion active monthly users

Last month, I did something as a test for myself. I used social media heavily and I mean really heavily. I challenged myself to post regularly on twitter and instagram, preferring to use instagram as my platform of choice for video. My personal challenge was to promote the podcast, but to also have fun and be myself. I posted random cloud photos, pictures of my dog, and information about my podcast. The task was to see if doing this would have any impact on my podcast downloads and website hits. I posted at least once a day, but more as needed or when the desire struck. I primarily used instagram, but by doing this I also allowed instagram to post to facebook and twitter. My primary use for twitter is to post news articles that I find relating to hosting or security. My results shocked me, in the 3 weeks that I tried this I gained almost 600 new podcast downloads and it is still climbing. I went from having 1 or 2 downloads a day to having 20 or 30 a day.

Think about that, in the case of a podcast they are listeners, but in a business that could be customers and potentially big sales opportunities. Now, it should be noted that I am not a social media master or anything like that. I just do what most others do, post, and I use what I have access to. Meaning, posting pictures of clouds or my dog, is my staple and easy for me to do. I don’t post pictures of my family, other than the dog, online unless I have some form of control of the content. So I am left with what I have access too. I also have some skills in video, so making a short video on the do’s and don’ts of hosting was easy for me to do. Those types of videos I posted on instagram as posts, not stories, so everyone could see them. I did not always promote my brand, or podcast. Again, I had fun with it and let people see my human side, not just the business side.

I think what I learned is that anyone can do this type of thing but the biggest thing is to have fun. I don’t worry about the number of followers, and actually I don’t watch my podcast download count either. Neither of those really mean anything to me. What I do keep an eye on is the interactions. If someone comments on a post, I thank them or answer their question. If someone retweets a tweet, then I might follow them. Things that can generate a conversation or communication of some sort is what I go for. That would be my first piece of advice. Don’t fret over numbers, if someone does not hit the “heart” button don’t assume it was not seen. Don’t worry about the total number of followers and likes you get. If you do that, then you are likely going to add stress and not have fun. That would be my second piece of advice, have fun. Social media is social, it is a chance to let your guard down a bit and let people into your life, have fun with it. I would rather see photos/videos of someones dog chasing its tail then another almost informative ad on a product. I am sure most other people would too, but if you post product info every third post, that might work.

Anyone that is listening to this, I challenge you to promote on social media. Get creative with it and have fun. The results you see might surprise you as it did me.

CloudFlare

CloudFlare recently had its 8th birthday and did so with a bang.
If you have not heard of or use CloudFlare, I invite you to listen to Episode 2 here
For the most part, CloudFlare is a software as a service cache that does a whole lot more. Now celebrating their 8th birthday, congratulations by the way, CloudFlare does even more. In addition to adding caching features to your site and helping to keep it secure, CloudFlare offers domain registrations at wholesale prices and adds domain privacy for free. This service is currently in early access and I invite you to head over to their site to check out all of their service offerings, most of which are free. I use CloudFlare on all of my sites and love it, I can’t wait to be able to also register domains through them.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

some of the most common cpanel tools you will use.
cPanel tools you will use most often.

cPanel tools you will use most often.

By |
Tweet
Share
Share
0 Shares

Today on episode 25, Web Hosting Podcast. Some of the most common cPanel tools you will use after you signup. Did you know there is a app for cPanel access that also includes webmail? We will be going over installing, and then configuring the app which is available for both iOS and Android.

cPanel App for iOS and Android.

Go into your devices app store and search for cPanel. Go through the process of installing the app, like you would any other app.
Before you launch the newly installed cPanel app, you will need to have your cPanel login information. The items you will need are:
Domain: This is normally the website on your hosting account.
Username: This is the cPanel username, not your CMS username, that you use to login to cPanel.
Password: This is the cPanel password, not your CMS password, that you use to login to cPanel.

You will also want to have your email address and password if you want to setup access to your webmail account in the app.

Open the cPanel app that you previously installed.
You are now presented with a few options to add an account, don’t worry we will be going over all of the settings you need.

In the server information are three boxes, name, address, service.
In the name area, give this a unique name. This can be anything you would like to identify this connection.
In the address area, this is where you will put the login url you use to get into your cPanel account. This can possibly be your website url, or the server hostname. If one does not work try the other. Hopefully you were sent a welcome email when you signed up with this information.
In the service, change this to cPanel. Do not use WHM or Webmail.

Now in the authentication box do the following.
In the username box, put in your cPanel username.
In the password box, put in your cPanel password.
In the touchID, if your devices supports it I would highly recommend using it. This is the same as unlocking your iPhone with a fingerprint. If you do not use touchID, then you will be asked to enter your password every time you want to connect.

Once these are filled in, click on “CONNECT”. If everything went correctly, you should now have a setting that will connect, it should have logged you in. If not, check your settings and try again. Make sure you are using the correct username and password. As a diagnoses process, you can try logging into your cPanel account through a web browser first.

Once you are logged in, you can now do anything you would normally do from a web browser inside cPanel.

To setup webmail, click on the “+” icon to add another setup. Give this a unique name as well in the name field.
In the address area, enter the address to connect to your webmail. This too will often be the domain you use for your email.
In the service area, change this to webmail.
In the username field enter in your full email address. This is important, the full email address including the “@” is required.
In the password field enter in your password for your email address.
In the touchID, if your devices supports it I would highly recommend using it. This is the same as unlocking your iPhone with a fingerprint. If you do not use touchID, then you will be asked to enter your password every time you want to connect.

Once these are filled in, click on “CONNECT”. If everything went correctly, you should now have a setting that will connect, it should have logged you in. If not, check your settings and try again. Make sure you are using the correct username and password. As a diagnoses process, you can try logging into your webmail account through a web browser first.

You should now be presented with a few options, depending on your web hosting provider. In my app, I am able to choose between horde, roundcube and squirrelmail. Horde is the only one that seems to be mobile friendly. All of them do work but you will have to move around on the screen to see everything. Below these options, you are presented with the mail client automatic configuration scripts, mail client manual settings and the ability to email setup instructions to a specific email address for the account you logged in with.

Mail Client Automatic Configuration Scripts.
This is used if you are on a desktop client and do not seem to work on a iOS/Android device. It is best to just ignore these.

Mail Client Manual Settings.
These are provided to you so that you may manually setup your email client of choice. These are great instructions for the do it yourselfer. The instructions provide the username, incoming and outgoing mail server, and the ports needed.

Email Instructions.
This allows you to email the same settings from the manual settings to a specific email address. This is handy if you have a user that has a gmail or other email account already and you would like to provide them with specific email setup information for an account you have setup for them.

Why you would want to use the app.
The app is a handy and convenient way to be able to login to cPanel quickly. Using the fingerprint to be able to login means you only have to remember the password once, then use your fingerprint to login. Once into cPanel, you have full control of your cPanel account, just as if you were using a normal browser. This means you can use one click installers to add a website or setup a email address. Being able to access it from your phone, means you can access cPanel from anywhere you have cell coverage for internet or on the go. No longer do you need to race home and pull out a computer to make a change or add a domain. The ability to access webmail is just icing on the cake. If you can login to webmail on the desktop and don’t want to mess with setting up a email client, you can quickly get into webmail through this app and do your business.

In short, I think this is a wonderful addition to your cPanel hosting environment. In the past the app was pretty buggy. Since I have started using it over the last 4 months, I have had zero issues with it. I have used it to access webmail, cpanel, and even log into my wordpress install through installatron.

If you are a admin and manage your own cPanel server, this is also a handy tool. One additional option that we did not cover is the ability to login to WHM. WHM is the administration level control panel for the server itself. This is only used if you have root access to the server and only if you manage your own cPanel server. I can say it works wonderfully to access WHM and allows me to things when I am on the go in a pinch.

The most common cPanel tools you will use.
This is a list of just a few of the most used and common cPanel tools that I use and think you will use. Even if you have used these in the past, cPanel updates the features of these tools to add to the already expansive option list. If it has been a while since you looked at the full option list for these tools, I would recommend you take a moment to revisit them.

Email Accounts
This is the place to manage your email accounts. From here you can create, delete, suspend among many other useful tasks. To create a email account, click on the Email Accounts button. Depending on your cPanel theme, things may be a little different from here. You should be presented with the option to create a email address, and have places for a name, domain, password and quota size. In the name area, enter what you would like the email address to be. If you have more than one domain on your account, a drop down will be available to you to select the domain you would like to use for the email account. In the password field, enter or generate a secure password. Please be sure not to use something like password123. The simplest thing is to use the generate button to create a password, then copy this to someplace secure. Yes, they are going to be difficult to remember and type out, but that is the whole point of a secure password. Password security is likely the most important thing you can do for yourself, so do not make this easy to guess. In the quota field, enter in a number in megabytes you would like to use or choose unlimited. The quota is used to prevent a single email account from using all of your disk space, which can happen. This is why I recommend not using unlimited, choose a value that you can live with and know that you can change this value to something higher if you hit the quota limit. You can uncheck the “Send welcome email” unless you really want to send this out. This is not needed if you are setting up a email account for yourself. At this point, hit the “Create Account” button to create your new email account.

  • Some additional things of note on this area. On the “Email Accounts” tab, you can do the following.
  • Access webmail – simple way to get to webmail.
  • Change quota value for the account.
  • Manage Suspension. This is useful if the account has been hacked or is sending spam. You can prevent sending, receiving and login individually or all three at the same time.
  • Change Password. This is where you would change the password for the email account.
  • Configure Devices. This allows you to view connection information for email clients like Outlook or thunderbird.
  • Delete. This is how you delete the email account.

Some things to consider when creating email accounts. Some hosting providers limit the number of email accounts you can create. Keep this in mind when creating email accounts. Keep an eye on the disk use for email accounts. This will add up faster than you might think and cause you to go over quota. If you whole cPanel account goes over the plans quota, then your site will stop working until the quota is either increased or lowered below the threshold. If you need to create email accounts and want those accounts to not contain a mailbox, a place for mail to be stored on disk, then use a forwarder.

Forwarders.
Email forwarders are a simple way to have a email address that do not store mail to disk, instead they accept the mail and then pass it onto another actual account. This is very handy if you are limited by the number email accounts you can create or just do not want a large number of email accounts to setup on your external devices. Nothing is worse than have to setup a bunch of email accounts and be checking them constantly. Instead setup a single email account that you will check, and then setup forwarders for all other email addresses you may want. You can even setup rules to put email in specific folders that are sent to forwarder addresses in your email client of choice. Forwarders are your friend. Just remember if you reply to a email that came from a forwarder, it will show as being sent from the actual email address and not the forwarder address.

Addon Domain.
This is where you add a new domain to your cPanel account. You will need to ensure the domain is registered and owned by you first. Do not add a domain that you do not own or control. To add a new domain click on the “Addon Domain” button. From here you are presented with a few options. In the “New Domain Name” field enter the domain name you want to add. Be sure to enter the exact name with the “.” and the tld. The subdomain option should be filled in for you after entering the domain name. This can be changed if you would like. This is used by cPanel and really should not be used by you directly. In the document root field, this too should be auto filled in. The is the location on disk, starting from your home directory, where your site files will be served from and where you will put your site files. This should not be located in your default, public_html, folder used for the primary account site files. The reason for this is simple, if one site is hacked then they are all going to be hacked. Keeping them in unique folders away from each other adds a little layer of security as well as making it easier to orgranize and backup. Another reason to do this is site indexing. If you have a site in public_html and then add another site in the same folder so it looks like public_html/site2 , you will then be able to browse the second site by going to the first site, adding a slash “/” and entering in the folder name for site2. Google will find this and index it along with your real website. Just keep things separated.

Aliases.
Aliases are like forwarders but for domains. For example if you have a .com domain, but also own the .net and .org versions but want the .org and .net to go to the .com site, then you want to use a alias. Make sure the domain is registered, then click on “Aliases”. From here enter in the domain you want to have pointed to your live web site. You will be able to change the redirection settings after you add the alias. You can always remove the alias and start over or point it to a new location too.

SSL/TLS Status – Access to AutoSSL
To access this, click on the “SSL/TLS Status” button. From here you can run the free AutoSSL certificate service provided by cPanel. Depending on your web hosting provider this may not be available for you to use. To generate a AutoSSL certificate for your domain, it must be added to your account using the Addon Domain feature or be the primary domain on your cPanel account. If you see your domain listed, you should be good to go. At this point, you can click on the “Run AutoSSL” button. This will generate the needed pieces to get you a free SSL certificate for your domain. Once you click the button your request is added to a queue and will take some time to get and install a valid certificate. Do not keep hitting this button, it will not do anything after the first click. If for some reason you do not see a new SSL certificate after a few hours, you may have to contact your hosting provider to see what may be wrong. Some common issues are Drupal .htaccess file does not permit AutoSSL access to the needed folder to validate the domain. If you are using Drupal, you may need to modify your .htaccess file to permit this to happen correctly. Another issue could be you already have a expired or valid paid SSL certificate installed, you must remove this certificate before running AutoSSL, it is not likely that it will replace a already installed SSL certificate valid or not. You can also exclude domains from AutoSSL, in the event that you have a purchased SSL certificate for your domain. You can also click on the “View Certificate” area to see the status of your installed ssl certificate. Things like expiration date, what domains it is valid for, uninstall the certificate along with a few other options.

Optimize Website
This is the ill fated name for gzip compression. Don’t ask me why it is named this, I have no clue. But this is used to enable gzip compression on your website files. Click on “Optimize Website”, then click on “Compress All Content” and then click “Update Settings”. If you have more questions on this useful option, please listen to Episode 1 WHPOD.

MySQL Database Wizard
The “MySQL Database Wizard” is used to manually create a MySQL database and user inside of cPanel. This is useful if you do not have a one click installer and you want to install a application that requires a MySQL database and a user, like wordpress. Click on “MySQL Database Wizard” button, this will present you with a area to create a database using a unique name. Enter in a name to call your new database. It will prepend your cPanel username followed by a underscore, then the new database name. Make sure this is a unique name as no two database names can match. Once you enter the name click the “Next Step” button. You will now need to create a new user to access this database. Just like the database, the username should be a unique name. Enter the name in the username field, it will prepend the cPanel username with a underscore, just like the database name. Now you need to enter a password. I highly recommend using the password generator and copying the password to a safe location for use later on. Now a database and user are created the next step in the wizard is the permissions the user has for the database. It is very common to just click on the “All Priveledges” button, this gives full read/write permissions for the chosen user to the chosen database. Now we just need to click on “Next Step” one last time. The database and user, with its permissions, are ready to be used.

Virus Scanner.
Depending on your hosting provider this may not be available. Click on “Virus Scanner”, now you are presented with a few options. Scan email, scan home directory, scan public web space and scan public ftp space. If you click on “Scan email”, cPanel will start scanning all of your email accounts for viruses that it has in its definition files. This is a great way to check all your email accounts for malicious viruses. If it finds a virus here, you can choose to quarantine it or delete the infected file. The “Scan Home Directory” is the other option that I recommend you do on a regular basis. If a virus is found in a file you will be given the same option to quarantine the file or delete it. If the file is part of a installed website, it might be best to make a note of the file and take a look at the file. Deleting the file could potentially break your website, so keep that in mind. If you do not have the ability to look at the file or have someone that can examine the file, then contact your web host and see if they can help you out. This might be something they would charge for, so keep that in mind. It is not something you want to ignore as you could be spreading a virus to your website visitors and google will eventually mark your site as unsafe. It is also possible, as well as very rare, that the scanner marks a file as a virus when it is not. This is a false positive result, it should still be investigated to determine the status of the file in question. I would recommend that you scan your whole home directory at least once a month and scan your email every other week.

Cron Jobs.
Cron jobs allow you to automate certain commands or scripts on your site. Cron jobs are useful if you have a website that needs to process something regularly. I often setup a cron for wordpress to run wp-cron.php instead of having wordpress take care of it. Click on “Cron Jobs”, this will present you with a few options and examples. The first entry area is for a email address, this is used to send the results of the command when it processes. This is not likely something you want to get. If you are having issues getting a cron to work, then you can enter a email address here to get the notification. Once the cron is working, I would recommend removing the email address and sending the output of the cron command to /dev/null (more on that in a moment). In the drop down called “Common Settings” is a list of common time settings. Since crons run at a specific time, this drop down allows you to choose quite a few of the most common times from every minute to once per year. Do not run cron scripts every minute, this is a bad thing to do. You have to give your script time to run and running something every minute can be a great way to cause scripts to overlap as well as get your hosting provider angry at you for using a lot of CPU. Just be aware of this when you setup your cron job. I like to use twice per hour or once per hour for my cron jobs unless I need something very specific. Now that you have picked your time, you have to enter the command you want to run. I am going to assume that the command you want to run is a php script, in reality this can be anything you want to run on a regular basis. In the command window we are going to first start by calling “php”, so type php then press the space bar. Now we need to tell php what script we want it to run. This is done by typing the full path on disk to the file we want to execute. This will likely be /home/cPanel_Account/filename.php. There should be a example command entry at the top of the page with a full path that includes your cPanel username. So after your php command enter in the path to your script. The final thing we want to do is to tell the script to send its results someplace, I like to use /dev/null, so the results just get deleted. If you do not do this step then you may start to see a lot of files show up in your cPanel home directory that will eventually fill up your disk space. This is because cron must do something with this output status, so do yourself a favor and use /dev/null. To tell cron to send the output to /dev/null , just add >/dev/null 2>&1 after the command path. Make sure to put a space after the command and before the output. Now click on the “Add New Cron Job” to add that entry to your crontab. Adding crons can be a bit overwhelming at first, and quite confusing. Do not be discouraged by all the info, cPanel will do a large majority of the setup for you. Just pick a time to run, add your command, make sure to send the output to either email or /dev/null. If you have issues, I would recommend contacting your web host to see if they can help you out.

File Manager.
The File Manager is just what it sounds like. If you have ever used a computer, then the file manager should feel familiar, just in a web browser. Click on the “File Manager” button and you will be presented with a whole new window with a lot of buttons and folders. On the left side is the directory structure of your home folder. From here you can choose to make new folders, or browse to current folders. The right window will show you what files are in the folder you have chosen on the left. You can select files, or folders, in the right pane that you may want to modify. For example, if you want to modify your .htaccess file for a given site. One gotcha is the fact that, by default, cPanel does not show hidden files. These are files that start with a “.” period. To enable viewing and modifying of hidden files/folder, click on the settings button located in the very top right. A new window will pop up, find the option for “show hidden files (dot files)” and put a check next to it and click save. You should now see all the hidden files and folders. Now you can browse to the .htaccess file you want to edit, select the file and click “edit”, a new window will open, make your change and then click “save changes”. Some other options you might use is “view”. This allows you to safely view the contents of a file without the possibility of accidentally changing the file. Copy is used to make a backup copy of the file. I would highly recommend creating a backup copy of a file before making a change, accidents do happen. Never delete any folders that you are not sure you can live without on the left pane. Some of these folders are created by cPanel for various reasons and applications. Deleting folders at random, or accidentally could result in your cPanel account needing to be restored or mail being deleted. You don’t want to run into issues, so use caution when in the file manager. Folders of note, public_html, is the location of your primary account domain. Any folder outside of this area with a name like a domain, will likely be a addon domain that was created. Any folder named “.well-known” is used for AutoSSL, do not delete these folders. The folder named mail, is where your email is stored. The folder named etc and var, is where cPanel stores some critical config files for your account. Public_ftp is the public ftp space, if you have one setup. I just want to stress, do not delete random folders and files, bad things will happen. If you start deleting stuff, make sure you have a full backup of your cPanel account just to be safe.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

Google pagespeed insights headache.
Google pagespeed insights headache.

Google pagespeed insights headache.

By |
Tweet
Share1
Share
1 Shares

Today on Episode 24, Web Hosting Podcast. Are you obsessed with page speed ranking? Speed is always a great thing to have but the realization is, getting that perfect score is almost impossible with a website. Megan joins me to discuss some things that may cause your site to be slow. We also dive into pagespeed insights and discuss some surprising and shocking results we got.

 

What can make your website slow?

  • Slow hosting environment
  • Images too large
  • No caching setup on website, expires
  • long database queries
  • Running old versions of software, PHP, Apache, CMS software (WordPress, Drupal, Joomla, etc..)

If you use google pagespeed insights or pingdom website speed test, you may have got a low score for your website. A low score would be something in the 60-70 range. Anything above a 80 would be considered a pretty good score. I just want to point out that you should not obsess about getting a perfect score.

google pagespeed insights

Pingdom website speed test

Both of the pagespeed tests use a score from A (great) to F (fail). Of course you want to try and get all A in your grade score. But sometimes it is just not possible.

For a base line, I installed a default version of wordpress (4.9.8) on a domain I own. Right after installing, I ran both google pagespeed and pingdom website speed tests. The site is being served over SSL using the default free cPanel SSL certificate.

Google – Mobile = 70
Google – Desktop = 92

Pingdom = Overall 88 (B)

When you first run the test, you will get a list of currently applied optimizations as well as improvement recommendations.
My list of currently applied optimizations on a default install are as follows. NOTE: these may be different depending on your hosting providers setup and environment.

Avoid landing page redirects
Enable compression
Minify HTML
Optimize images
Prioritize visible content

From the list, you can see that I do not have redirects for the landing page, I have gzip compression enabled, my html is minified, my images are optimized, and I have content that is visible that is prioritized. But what does this all mean?

Landing Page Redirects :
This occurs when you redirect the main site the user is going to, to another page. Google provides some great examples.
Here are some examples of redirect patterns:
example.com uses responsive web design, no redirects are needed – fast and optimal!
example.com → m.example.com/home – multi-roundtrip penalty for mobile users.
example.com → www.example.com → m.example.com – very slow mobile experience.

Enable Compression :
We actually discussed this in the very first episode and it is worth noting again. Compression will shrink down elements before sending them to the browser. This saves bandwidth and can improve site speed by sending smaller elements through the internet. You can enable gzip compression in cPanel by going to “optimize website” and click on compress all content.

Minify HTML :
According to google here is what they mean by Minify HTML:
Minification refers to the process of removing unnecessary or redundant data without affecting how the resource is processed by the browser – e.g. code comments and formatting, removing unused code, using shorter variable and function names, and so on.
You should minify your HTML, CSS, and JavaScript resources:
To minify HTML, try HTMLMinifier
To minify CSS, try CSSNano and csso.
To minify JavaScript, try UglifyJS. The Closure Compiler is also very effective. You can create a build process that uses these tools to minify and rename the development files and save them to a production directory.

Optimize Images :
This rule triggers when PageSpeed Insights detects that the images on the page can be optimized to reduce their filesize without significantly impacting their visual quality.
This means that I do not have a image that is to large and scaled to fit the area. Do not scale images in your web framework. Always scale the image before uploading.

My initial run of items that needed improvement.

Reduce server response time
In our test, your server responded in 0.64 seconds.
There is not much to be done here. That is almost 1/2 a second for a response time. It could certainly be better, but this value will shift up and down depending on a lot of factors. If this value is higher than 1 second, then you may have a overloaded server.

Eliminate render-blocking JavaScript and CSS in above-the-fold content
Your page has 1 blocking CSS resources. This causes a delay in rendering your page.
None of the above-the-fold content on your page could be rendered without waiting for the following resources to load. Try to defer or asynchronously load blocking resources, or inline the critical portions of those resources directly in the HTML.

Leverage browser caching
Setting an expiry date or a maximum age in the HTTP headers for static resources instructs the browser to load previously downloaded resources from local disk rather than over the network.
This is simply setting a cache header or expires header. We covered this in Episode 1.

Minify CSS
Compacting CSS code can save many bytes of data and speed up download and parse times.
Like the Minify of HTML above, this is the same only for CSS. Removing objects and comments that are not needed will shrink the file size and allow the file to be served faster.

Minify JavaScript
Compacting JavaScript code can save many bytes of data and speed up downloading, parsing, and execution time.
Like the Minify of HTML above, this is the same only for JavaScript. Removing objects and comments that are not needed will shrink the file size and allow the file to be served faster.

Now here is where things get sketchy with these reports. Remember, my initial scan was Desktop 92, Mobile 70. On my next run, the test was worse and the only thing I changed was the .htaccess to allow for caching (See below). Now with this single change in place, my score is Desktop 90, Mobile 57. What gives here? Dropping 2 points on desktop after applying a fix makes no sense, and even worse is mobile dropping 13 points. To make matters worse, running the test a 3rd time with no changes except caching results in even lower numbers. Desktop 89, and Mobile is back up to 64. So lets make some more changes and see what happens.

Browser caching in .htaccess file
# 3 Months
<FilesMatch “\.(flv|gif|jpg|jpeg|png|ico|swf)$”>
Header set Cache-Control “max-age=7257600”

# 1 Week
<FilesMatch “\.(js|css|pdf|txt)$”>
Header set Cache-Control “max-age=604800”

Deleted two plugins
Hello Dolly and Akismet

Added
w3 total cache.
For this plugin, I enabled and then set the following options to turn them on. The first time I enabled this plugin, I got a 500 error. I had to remove the browser cache line from above, then the site rendered and I was able to adjust the settings for w3 total cache. Once the settings were saved, I was able to add the browser cache from above and things worked fine.

Page Cache enabled and using Disk : Enhanced
Minify enabled and using Disk : Enhanced
Database Cache enabled and using Disk
Object Cache enabled and using Disk
Browser Cache enabled
Fragment Cache set to disk

Click on Save All Settings and purge any cache by going to Performance in the top menu and Purge all caches.

After removing those two plugins, and adding w3 total cache my scores are as follows on the first run.
Desktop 97
Mobile 93
These numbers held after repeated attempts over several hours. It is still a mystery as to why the numbers dipped so bad after just adding caching, which should have helped the numbers not hurt them.

The changes above resulted in only needing two fixes, according to google.
Eliminate render-blocking JavaScript and CSS in above-the-fold content
Leverage browser caching

I am not going to worry about the first one, Eliminate render-blocking JavaScript and CSS. But what gives with the second one, I thought we added browser caching already. Well, we did, but there are some things you may not want to cache, or in this case W3 total cache does not want cached. The file in question is a minified JavaScript file, and it is likely that this file will change over time as you build your website and add plugins. If you cache a file that is known to change, then your users may not get the new file until the cache expires. So be aware when you want to cache files, make a note on which ones might change regularly.

With these settings my pingdom website speed score went from 88 (B), to 96 (A).

As you can see it is pretty simple to get some good scores, if you are worried about that. And you should be worried about some of them. Browser caching, minify files, everything helps improve the user experience. But focusing on getting that 100 is a lofty goal and not practical for a website that has valuable content. Try and keep it real by getting in the 90+ range and resolve the issues you can fix. W3 Total Cache is one of the easiest plugins to setup and use just to get these speed benefits and get your score up. There is no coding it is all done for you.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

IDNS deceptive practices, IGTV is now live, cPanel now supports git.
IDNS deceptive practices, IGTV is now live, cPanel now supports git.

IDNS deceptive practices, IGTV is now live, cPanel now supports git.

By |
Tweet
Share2
Share
2 Shares

Today on episode 22 of Web Hosting Podcast. iDNS misdirection, this is a public service announcement for the alleged service provided by iDNS. This company may send out actual mail to you in an attempt to trick you into renewing your domain name with them. IGTV (Instagram TV) is now live, did you even notice? cPanel now supports git.

IDNS

IDNS is a company that sends out actual mail when your domain is close to renewal. IDNS, or Internet Domain Name Service, sounds pretty official and the letter looks even more official. However this is not a bill and is an attempt to trick you into moving your domain to their registry. This letter looks so official that it has tricked many people into sending them money. IDNS, sends out these letters in an attempt to trick you into paying their exorbitant fees for domain renewals. A standard domain renewal from a legitimate company is averaging $10 for a .com, however IDNS tries to get you to pay $45 for each domain. This is then compounded by a fee if you want to move away from IDNS. I think we will start to see fewer of these letters since the GDPR is in place and effectively hides some of the required information IDNS needs for these mailings. If you get one of these letters be sure to send it to the shredder.  Here is what these letters look like.

IDNS-Deception
IDNS-Deception

Git on cPanel

cPanel 72 now allows you to host git repositories as part of your cPanel account. This is great news for those of us that need to use git to share and track files.
From cPanels documentation page.
The Git™ Version Control feature allows you to easily host Git repositories on your cPanel account. You can use Git to maintain any set of files (for example, a website’s files and assets, a software development project, or simple text files). Here is a link to cPanel documentation.  We will likely discuss Git in a future podcast episode in more detail.

IGTV

IGTV is part of Instagram or Facebooks attempt to bring video to the social media giants platforms. This is very different than the current use of Instagram stories which are only limited to 15 seconds and expires after 24 hours. IGTV allows users to upload videos up to 10 minutes or 1 hour for verified users and these do not expire after 24 hours. This medium, in my opinion, is very different than having a youtube channel. IGTV is really trying to go after the “In Real Life (IRL)” moments, where youtube is more of a “produced” format. That is not to say you can’t do produced video on IGTV, it is just not as easy of a workflow. IGTV and Instagram in general is for a cell phone viewing audiences where the viewing device is vertical. Being mobile first is Instagrams strong suit. As it is mobile views account for over half of the current watched content online and is expected to grow to 78% by 2021.

Why is IGTV important for you or your business?

I was very doubtful about IGTV at first. I watched some videos from people I follow and watched some information on IGTV on youtube. It took me a while to see the potential and understand what all the excitement was for this platform. The vertical format is very hard for me to get use to, I do prefer the tabloid viewing option of youtube. However, putting all of the issues I have aside I think this is a great platform for businesses or personal. Almost everyone is going to have a cell phone and that is all you need to get started. This makes the starting cost nothing, granted you can do the same thing with youtube but I think most people expect a higher quality video on youtube. Starting up a IGTV channel is super simple. Just go to instagram.com, login and click on the IGTV button, then click on the “get started” button. From here you have to create and setup your channel. This is just like setting up a youtube channel. Once this is done you can start uploading your content. Make sure your video is in the vertical format. You can also make a custom thumbnail for your video, along with a title and description when you upload.

Currently Instagram has reached the 1 billion monthly active user total. That is billion with a b, per month. Put that in perspective. If you are able to reach 1% of 1% of those users, that is 100,000 new customers for your business. Since this platform is very new, you can get ahead of your competition by putting out great content. Here are some ideas you could try.

Video about you and your business. Make sure to include any social media links, website links, etc..
Micro vlog. Instagram is perfect for doing a small micro sized vlog series. You could show behind the scenes elements of your business.
Public Service announcements. These could be short snippets about product awareness or new items you are offering on your storefron.
Flash sales. Test your Instagram reach by having a flash sale only through Instagram.

These are just samples of ideas, but I think you get the idea. I am planning on using IGTV for podcast promotion and public service announcements for security and product updates. So follow me on Instagram so you can get notifications of new videos.

IGTV Specs and info:

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

PCI DSS Changes to TLS and Chrome 68 marks sites as not secure.
PCI DSS Changes to TLS and Chrome 68 marks sites as not secure.

PCI DSS Changes to TLS and Chrome 68 marks sites as not secure.

By |
Tweet
Share1
Share
1 Shares

Today on episode 21 Web Hosting Podcast. PCI (Payment Card Industry) changes that have come into affect. These changes make a dramatic shift to the encryption standard that you may not be aware of. If you are on a older operating system, and even some new ones, you may be left out in the cold and unable to get email or see your website. Chrome 68 is coming this month and if your site is not using https, then your visitors will start to see a “not secure” message. Moving your site to https should not break your budget with free SSL (AutoSSL) by cPanel.

What is PCI DSS (Payment Card Industry Data Security Standard)?
Payment Card Industry Data Security Standard applies to companies of any size that accept credit card payments online. If you accept credit cards as a form of payment for anything online, then you need to host your data securely with a PCI Compliant hosting provider. This is not the same as accepting PayPal payments on your website. This is strictly for credit card payment processing. Normally this is done through a payment gateway like authorize.net or others.

PCI DSS (Payment Card Industry Data Security Standard) changes for this year.
Primary change of interest happened on June 30th, 2018. This change made old and outdated forms of SSL/TLS no longer secure by standard. What this means is a higher level of encryption is now required if you are doing any form of credit card processing. This change has the potential to block out users on old outdated operating systems. It will also have the potential to disrupt your email workflow if you are not up to date on your email application. All forms of connections should be using a minimum of TLS 1.2. This means http(s), email, and ftp(s) have to be using TLS 1.2 to make a connection.

How this may directly affect you and your customers.
TLS 1.2 is a pretty old standard (2008), with TLS 1.3 on its way. However, some operating systems do not support TLS 1.2. This includes computers, tablets and phones. If you are currently not using a updated operating system, then you may not be able to send or receive email through your PCI compliant host. This is the most typical scenario I have seen. Most browsers have supported TLS 1.2 for a number of years. However, it has only been recently that IOS, for example, has supported TLS 1.2 in their own mail app.

What to do if you can’t get email or visit your site anymore.
Ensure you are running the most recent version of your operating system of choice. This means upgrade to Windows 10 or the latest Apple OS X. Simply updating Windows 7 to its latest release is not advised. You really need to run the latest operating system version. This also goes for any tablets or phones you may have. Once the latest version is installed you will likely not have any problems. For supported browsers for TLS 1.2, Firefox, Edge and Chrome support the latest TLS standard. For email clients, mail.app (on latest version of OS X 10.13) thunderbird and windows 10 mail.

Chrome 68 will start showing “Not Secure” for sites using http:// this month.
This should come as no surprise to anyone that develops sites or owns their own site. For the past 2 years google has been warning people that this day was coming (queue ominous music!). Google has even said your SEO ranking will suffer if you are not using https:// on your sites. If you are still some of the minor few that have not moved to https for your site, do not delay any longer. Web Hosting Podcast has discussed in many episodes how to use a free SSL certificate if you are on cPanel called AutoSSL. This is a SSL certificate process that is 100% free and will allow you to move to a more secure https. Gone are the days of having to purchase a SSL certificate every year, there really is no reason to not be using https for your site today. For more information on AutoSSL listen to these previous Web Hosting Podcast episodes.

Here, here and here

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

Beginner steps to launching a website.
Beginner steps to launching a new website.

Beginner steps to launching a new website.

By |
Tweet
Share
Share
0 Shares

Today on episode 20 of Web Hosting Podcast. Beginner steps to launching a website. We will cover all the steps needed to go from concept to launch, for the beginner. It is now easier than it has ever been to get a brand new website online and serving content. Have you wanted to make the jump and have your own website? Follow along and learn how to get your own website online.

0. Brainstorm
Choosing the purpose of the website, whether you are going to sell something or just blog, is an important step. This will likely direct your choice on a domain name to use. After all, you want your domain name to reflect the sole and purpose of the web site you are going to launch. Outline and brainstorm what you are going to do with the site first. This includes things you may do later after launch. For example, if you are just going to blog now, but think you might like to sell some merchandise later on. Take this into account and write it down. Don’t leave any detail out. This process will also help you decide what software to build your website with.

1. Domain name.

Your domain is your site address or URL. For example, webhostingpodcast.com is my domain. A domain should be easy to remember and not very long. After all, you don’t want your visitors to have to remember a long confusing URL. For example, webhostingpodcast.com is long but a memorable and easy to remember name. However, the-greatest-web-hosting-podcast-of-all-time.com would be very hard to remember and contains characters that are diffficult. I normally recommend that you not use odd characters or misspelling in domains, unless you have to. This makes it harder to remember.

Domains have to be registered and purchased. This is more like a lease than a purchase. You have to renew the domain every time it comes up for renewal. This could be every year if you chose to register the domain for 1 year. Ultimately it depends on the length you decide. Domains can vary in price depending on what you choose. Typically they are about $14 per year.

2. Hosting.
Hosting is where your site lives and is served from. A good web host is key here. Do not skimp on choosing a great and dependable web host. Often, you can purchase your domain and hosting at the same time. But be aware of the potential hidden costs of doing this. A lot of times a host will give you a free domain for signing up for web hosting. Looking at what the cost to renew that domain per year is important. You don’t want to be surprised when you get a domain renewal charge. There is nothing wrong with registering your domain with one company, and hosting your website on another. You just have to remember that you will have 2 different bills. You can also use a online website builder like, wix, weebly, squarespace or blogger. If you don’t want to have your own personal domain (URL) then these might be a logical choice for you to put some online content. However, if you want the ability to fully customize and optimize your web site along with email, ftp, and other services, then web hosting will be needed.

Also, keep in mind that the actual website software you choose may affect your choice of host. If you are using wordpress, which most people do, then you will want to find a web host that is well equiped and educated about wordpress.

3. The website itself.
Most people starting out will want to use something simple. I highly recommend that you use Worpdress to do this. It is by far the number one blogging platform, but it does so much more. If you want to sell trinkets online, there is a plugin for that (woocommerce), if you want to do photo blogging there is a plugin for that (NextGen Gallery). If you can think of it, then there is likely a plugin for it. If you want to change the look of the site but are not a coding expert, you can just add a new template (these are the wordpress of themes). There are hundreds and possibly thousands of free templates available to change the look of wordpress, just check those ratings before installing anything you find.

If you have chosen WordPress for your site, then you likely will want to choose a WordPress specific host. These are hosts that have trained staff to help you sort out issue. Their servers are optimized for WordPress sites. They often have a simple way or even a automatic way to install WordPress as well as keep it updated automatically. These are the things that often trip people up and make you want to pull your hair out or shut down your website. You take your car, likely, to a certified mechanic when it has issues. Do yourself a favor and take your WordPress site to a Worpdress specific host. There are a lot of them out there to choose from that are reliable and knowledgeable.

For those that want a no fuss site and want to use the online site builders, here are a few that I have used in the past. Keep in mind that this will not give you the ability to have email on your domain. This means that @thedomain.com email addresses will not be available to you without doing more work and spending more money. You will still need to sort that out by using google or other means.

These are free or paid options that do not require a domain name use them.

wordpress.com
Blogger.com
Squarespace.com
weebly.com
wix.com

 

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

Is VR, virtual reality, part of your website design strategy?
Is VR, virtual reality, part of your website design strategy?

Is VR, virtual reality, part of your website design strategy?

By |
Tweet
Share
Share
0 Shares

Today on Episode 19 of Web Hosting Podcast. Is VR, virtual reality, part of your website design strategy? You could be missing out if you are not. With the release of the Oculus Go last month, high end VR experiences have come to the masses. You can take advantage of this by including VR elements easily on your new or current website. Also a very interesting thing happened over the weekend.

A interesting thing happened recently. I was notified by haveibeenpwned.com, that my email address was seen on a hacked site. Listeners may remember that this site was mentioned in Episode 13 as one of the useful tools segment. The site happened to be ticketfly, which was recently hacked and had all of its information released. The interesting part about this the fact that I was notified by haveibeenpwned.com, before news of ticketfly being hacked was released. If you are worried about your online data, and you should be, then I would recommend taking advantage of the free service provided by haveibeenpwned.com.

What is Virtual Reality (VR)?
Virtual reality, as defined by wikipedia is : “a computer-generated scenario that simulates experience through senses and perception.”
I don’t think all experiences have to be “computer generated”, remember those stereographs from the 1800’s? To me those were a form of Virtual Reality. Also, Viewmaster, made a toy that you could put in round slides that presented you with magical worlds. These were not computer generated or had anything to do with computers.

What is the difference between VR and 360?
360 video or pictures are elements wrapped in a sphere. Think of a big bubble that you sit in where the media is projected around you in a sphere, this is 360. Virtual Reality, is stereoscopic depth, interactive elements as well as immersion. The term VR and 360 are used interchangeably, they are decidedly different. Here is a great article on the main differences from Vimeo https://vimeo.com/blog/post/virtual-reality-vs-360-degree-video

Why is VR important for your website?
Remember when everyone thought siri, alexa and google home were just fads and would never take off not to mention the iPod. Now it is reported that 55% of homes have a smart voice device. VR is in its infancy, but it should certainly not be ignore. With the release of the Oculus Go, tether free VR is available to the masses. Lets also not forget that google street view is widely used and constantly adding locations. Google is doing a great job of covering the entire world. If you have a business, you can put your location on street view which will allow your customers to view inside your business. This works on desktop, phones, and VR headsets. I currently use this to view new locations I want to visit. It might be a restaurant, board game store, or a pub.

Types of VR devices.
Google Cardboard – uses a cell phone and lenses. This is like a viewmaster type device.
PlaystationVR – Sony released the Playstation VR headset to be used with a Sony Playstation 4.
HTC Vive and Oculus Rift – These are gaming PC driven tethered headsets. These require powerful gaming PCs and are physically connected to the computer by long cables. These are the top end VR experience.
Oculus Go – This is a simple stand alone headset. It offers a great experience for users and is not tethered to any device. The purchase price is very low at $200.
Other/Windows Mixed Reality – There are a few other devices out there that require a PC that uses windows mixed reality and are tethered to the PC.

History for me of VR.
First use of a streograph as a child. These date back to the 1800’s and used like photos to simulate a 3D (virtual) picture when viewed through a stereograph. Quite a thing to see if you have never used one before.
Then I purchased a viewmaster branded google cardboard device for my iPhone.
Stepped up to HTC Vive in 2016 – still currently in use.
Oculus Go, now used almost daily as a web browser to experience new things and new places.

How I use VR now.
Playing immersive video games on PC.
Browsing the web on oculus go. There are a lot of websites that support VR and have VR elements as well as 360 elements.
Viewing Street View and virtual tours on both VR headset (Oculus Go/HTC Vive) as well as iPhone and Computer.

What devices do I use?
HTC Vive
Oculus Go
Computer Monitor

Website design use cases.
Brick and mortar businesses
Product visualization
Location tours of your establishment

Other use cases for VR workflow.

Handicapped
visually impaired
agoraphobia

Software to help you develop for VR.
Great article on software for VR website developers. Link
Vizor.io – 360 Photo Editor.
Cupix.com – Create beautiful tours in VR from photos.

Sample 360 Photo I took.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

Harden and secure wordpress, using managewp.com and GDPR
Harden and secure wordpress, using managewp.com and GDPR.

Harden and secure wordpress, using managewp.com and GDPR.

By |
Tweet
Share
Share
0 Shares

Today on episode 18 of Web Hosting Podcast, I continue the discussion of the wordpress hack dissection. I have been asked, since the last episode, about ways to harden and secure a wordpress install and what I recommend to do about managing updates. Also in this episode, GDPR (General Data Protection Regulation), Are you ready for the coming changes on May 25th?

GDPR New rules for EU take affect May 25th, 2018 – Official Link
The most important pieces that change here
WordPress 4.9.6 was released with GDPR specifically in mind. Release Notes

Simple ways to keep your wordpress install safer.

  1. Keep your wordpress install updated. Plain and simple. Have a update schedule and stick to it. Some plugins need the core of wordpress updated before it will be allowed to update the plugin in question. If you are on a old version of wordpress, it is very likely your plugins are outdated as well and possibly contain exploits used to hack your site.
  2. Don’t use plugins that are outdated or no longer maintained. These could easily have old exploits that leave you open for a hack and they will never be updated. The plugin could also be purchased by a hacker group, which has happened, and they add code to exploit your install. If you see a plugin that has not had updates for many years then suddenly has 1 update recently, be wary.
  3. Use strong passwords and don’t use the default username “Admin”
  4. Use a plugin to block failed login attempts.
  5. Move wp-admin url to something else.
  6. Ensure the PHP version you are using is still being maintained. If you are using PHP 5.x series, you really should migrate to PHP 7.x.
  7. Use common sense. Don’t login to your wordpress site, even over HTTPS, in a shared wifi environment. This would be coffee shops, bars, the mall, etc.. Even over HTTPS, information can be intercepted.

 

If you are new to wordpress and managing updates, you can use an external management application that provides additional services.  I personally use managewp.com for this task.  It has many features (listed below) and is 100% free for unlimited domains.  Best of all, well maybe not best, they gave Web Hosting Podcast a coupon code to use after you sign up.  Use WHPOD after you enter in your billing details, this will apply $10 to your account so you can try the paid options for nothing.

Initial questions about managewp that I am often asked by listeners and pretty much anyone that will tolerate me talking about this product.

Q: why would i want to use it?

Q: how difficult is it to signup?

Q: do i need to be a techie to set it up?

Q: how much for basic services?

Q: how much is x feature?

Q: can i get help?

Q: Is it secure?

Current pricing for a site is free for unlimited domains. This free plan includes the following addons.

  • manage updates, plugins and themes
  • Monthly Cloud Backup
  • 1-click login
  • Performance Check
  • Security Check using sucuri
  • Collaboration
  • Analytics with google
  • Manage Comments
  • Code Snippets
  • Maintenance Mode
  • Client Report
  • Vulnerability Updates
  • Templates

The following addons are paid options per month per site. Total price for all Premium addons is $8/mo.

  • Premium Backups $2 +.13 per GB of traffic.
  • Clone (requires Premium Backups)
  • Safe Updates (requires Premium Backups)
  • Templates (requires Premium Backups if creating a template from a current site)
  • White Label $1
  • SEO Ranking $1
  • Uptime Monitor $1
  • Advanced Client Report $1
  • Automated Security Check $1
  • Automated Performance Check $1

Plugins I currently use the paid versions of:

Premium Backup – I schedule a nightly backup to their backup location and a weekly backup to DropBox. I also use “safe updates” which allows me to perform a backup before I run a update, then verify the screen image of before and after the update to determine if I need to roll back.

Security – This allows me to schedule a scan of my site daily. This not only scans my site for issues, it also checks for vulnerabilities in plugins and checks the web of trust to ensure my site is not listed on any “not safe” databases.

Uptime Monitor – This sends me a email and text message if my site goes offline, but not only that it also verifies that a specific keyword is found on my site. This helps let me know if my site has been defaced, which would still mean it is up and online.

SEO Ranking – I paid for this just to see how it works. This allows you to set up to 100 keywords and track them for your site with SEO.

Advanced Client Report – I also paid for this to see how it works. This allows me to get a weekly report for my site. it tells me what has been updated, SEO and Analytics reports as well as security audits. It pulls all the information from the plugins active in my account and sends me a nice little report every week.

Plugins I don’t pay for.
Advanced Performance – I already spend a lot of time using pagespeed tools to get the most performance I can. I am always tweaking things. It is just easier for me to trigger a Performance Check manually since I am always in my managewp dashboard.

My total monthly cost is $6. $2/mo. for Permium Backups, $1/mo. for Uptime Monitor, SEO, Client Reports and Security Check.

 

 

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

Dissection of a Wordpress HACK
Dissection of a WordPress hack.

Dissection of a WordPress hack.

By |
Tweet
Share2
Share
2 Shares

Today on episode 17 of Web Hosting Podcast, Megan and I, dissect a website hack we have been working on. We discuss the how, the what and ways to prevent future hacks. We also discuss the defacement of webhostingpodcast.com and how I recovered the site so quickly. And remember those quick tips I use to run? They are coming back in a new way!

Podcast phone line 971 249 2359 is manned by me on Thursdays 9AM PST – 12PM PST. Feel free to call in and press (2) to reach me directly during those hours. If you want to just leave me a message anytime, press (1) and it will send you directly to a voicemail box.

Dissection of a WordPress hack we have been dealing with, the topics we cover are.

How we think it happened.
How we cleaned it up.
What could have prevented it.

Info on what we found from sucuri, regarding this specific website hack.

You will find the plugin I used to find that the wordpress core files had been modified. This plugin is since abandoned by automattic (the makers of wordpress, woocommerce and jetpack to name a few) but it can still be used. You need to download the hash file for the version of wordpress you are using. I would just like to point out that other external and filesystem based scans did NOT find this hack. Only by careful examination of the output of the exploit scanner were we able to find the source of this hack. It is no longer enough to just scan with one tool and think the site is clean. I recommend that you scan with multiple sources if you think you have been hacked, or if a hack keeps coming back after being cleaned. I also, and I can not stress this enough, recommend a daily backup of your website. There are many tools out there that will help you obtain a regular backup to a external location, such as dropbox, s3, ftp, or google drive. There is no reason to not have this setup for your site.

This is the plugin link 
And this is the location of the hash file on github.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS