Tag: backup

WordPress 5 release date, Social Media experiment and CloudFlare turns 8.

WordPress 5 release date, Social Media experiment and CloudFlare turns 8.

Today on episode 26, Web Hosting Podcast. WordPress 5 gets a tentative release date. I discuss a social media experiment I tried. And cloudflare celebrated its 8th birthday in style by releasing some great new features and services.

 

WordPress 5 has a tentative release date of November 19th, 2018 Release Notes
This date could be pushed back as needed and even moved to 2019. It appears that this may coincide with the coming release of PHP 7.3, which is due December 13th, 2018. If you are currently using the Gutenberg editor plugin in your current version of WordPress, then version WordPress 5 will be familiar to you. You will still have the ability to go back to the classic editor, the one currently in use, by installing a plugin. However, there are likely big code changes that are still going to break a lot of plugins and themes when WordPress 5 comes out. Here are some things you must know before the big WordPress 5 release comes out.

1. Test your plugins and themes as well as any custom code you may be using on your site.

Option 1, for a while, there was a Gutenberg database of listed plugins that you could use to validate your install. This project has since been abandoned and is no longer maintained. The CSV file is still available to download, but it is likely very outdated. Use with caution as it might not be complete or current. Download CSV here.

Option 2, copy your current website to a staging url. Something like test.yoursite.com or dev.yoursite.com. Then activate the Gutenberg plugin. You will then need to manually test every plugin and theme you use. This is a very tedious task and is fraught with perils. You really are going to need to know what you are doing. I would recommend, if you plan to try this, to disable all plugins and set the theme to a default theme after you copy/clone your site to the staging environment. Then one by one, make sure your plugins are updated and then activate them and test. If you find a plugin that does not work, then you may have to start over unless you know how to debug plugins or deactivate plugins using ftp/sftp methods. Once you are completed with the plugins testing, then I would update and activate your theme. You will have to test again and again after each and every change. This sounds like a monumental task, and lets be honest it is, but it is something either you or your developer really needs to do. The last thing you want happen is for your site to be updated and then break.

2. Make sure you have a full and complete backup of your WordPress install and you know how to restore from it. I can’t stress this enough at this point. If you do NOT know how to make a backup or do a restore using the backup, then you or your developer need to get on this. I mention backups in almost every episode and it is very very important that you take this step seriously. If your site automatically updates and things break, there is likely no way to go back to a previous version even if you try the classic editor plugin, your site may still not function as expected or just not render at all. There are dramatic code changes in a major release that my just not work, even in classic mode.

Before hitting that update button on WordPress 5, make sure you have all your options thought out. Backups, any testing needed, a good developer on standby and a restore plan. It is very likely that a large number of installs will break and your web host of choice will very likely have their hands full. They may not even help you at all without charging for it. So be prepared for the worst and work backwards from there.

Social media

Top social media platforms in the U.S.
Facebook – 2 billion active monthly users
YouTube – 1.9 billion active monthly users
Instagram – 1 billion active monthly users

Last month, I did something as a test for myself. I used social media heavily and I mean really heavily. I challenged myself to post regularly on twitter and instagram, preferring to use instagram as my platform of choice for video. My personal challenge was to promote the podcast, but to also have fun and be myself. I posted random cloud photos, pictures of my dog, and information about my podcast. The task was to see if doing this would have any impact on my podcast downloads and website hits. I posted at least once a day, but more as needed or when the desire struck. I primarily used instagram, but by doing this I also allowed instagram to post to facebook and twitter. My primary use for twitter is to post news articles that I find relating to hosting or security. My results shocked me, in the 3 weeks that I tried this I gained almost 600 new podcast downloads and it is still climbing. I went from having 1 or 2 downloads a day to having 20 or 30 a day.

Think about that, in the case of a podcast they are listeners, but in a business that could be customers and potentially big sales opportunities. Now, it should be noted that I am not a social media master or anything like that. I just do what most others do, post, and I use what I have access to. Meaning, posting pictures of clouds or my dog, is my staple and easy for me to do. I don’t post pictures of my family, other than the dog, online unless I have some form of control of the content. So I am left with what I have access too. I also have some skills in video, so making a short video on the do’s and don’ts of hosting was easy for me to do. Those types of videos I posted on instagram as posts, not stories, so everyone could see them. I did not always promote my brand, or podcast. Again, I had fun with it and let people see my human side, not just the business side.

I think what I learned is that anyone can do this type of thing but the biggest thing is to have fun. I don’t worry about the number of followers, and actually I don’t watch my podcast download count either. Neither of those really mean anything to me. What I do keep an eye on is the interactions. If someone comments on a post, I thank them or answer their question. If someone retweets a tweet, then I might follow them. Things that can generate a conversation or communication of some sort is what I go for. That would be my first piece of advice. Don’t fret over numbers, if someone does not hit the “heart” button don’t assume it was not seen. Don’t worry about the total number of followers and likes you get. If you do that, then you are likely going to add stress and not have fun. That would be my second piece of advice, have fun. Social media is social, it is a chance to let your guard down a bit and let people into your life, have fun with it. I would rather see photos/videos of someones dog chasing its tail then another almost informative ad on a product. I am sure most other people would too, but if you post product info every third post, that might work.

Anyone that is listening to this, I challenge you to promote on social media. Get creative with it and have fun. The results you see might surprise you as it did me.

CloudFlare

CloudFlare recently had its 8th birthday and did so with a bang.
If you have not heard of or use CloudFlare, I invite you to listen to Episode 2 here
For the most part, CloudFlare is a software as a service cache that does a whole lot more. Now celebrating their 8th birthday, congratulations by the way, CloudFlare does even more. In addition to adding caching features to your site and helping to keep it secure, CloudFlare offers domain registrations at wholesale prices and adds domain privacy for free. This service is currently in early access and I invite you to head over to their site to check out all of their service offerings, most of which are free. I use CloudFlare on all of my sites and love it, I can’t wait to be able to also register domains through them.

Dissection of a WordPress hack.

Dissection of a WordPress hack.

Today on episode 17 of Web Hosting Podcast, Megan and I, dissect a website hack we have been working on. We discuss the how, the what and ways to prevent future hacks. We also discuss the defacement of webhostingpodcast.com and how I recovered the site so quickly. And remember those quick tips I use to run? They are coming back in a new way!

Podcast phone line 971 249 2359 is manned by me on Thursdays 9AM PST – 12PM PST. Feel free to call in and press (2) to reach me directly during those hours. If you want to just leave me a message anytime, press (1) and it will send you directly to a voicemail box.

Dissection of a WordPress hack we have been dealing with, the topics we cover are.

How we think it happened.
How we cleaned it up.
What could have prevented it.

Info on what we found from sucuri, regarding this specific website hack.

You will find the plugin I used to find that the wordpress core files had been modified. This plugin is since abandoned by automattic (the makers of wordpress, woocommerce and jetpack to name a few) but it can still be used. You need to download the hash file for the version of wordpress you are using. I would just like to point out that other external and filesystem based scans did NOT find this hack. Only by careful examination of the output of the exploit scanner were we able to find the source of this hack. It is no longer enough to just scan with one tool and think the site is clean. I recommend that you scan with multiple sources if you think you have been hacked, or if a hack keeps coming back after being cleaned. I also, and I can not stress this enough, recommend a daily backup of your website. There are many tools out there that will help you obtain a regular backup to a external location, such as dropbox, s3, ftp, or google drive. There is no reason to not have this setup for your site.

This is the plugin link 
And this is the location of the hash file on github.

Disaster plan or success planning your website.

Disaster plan or success planning your website.

Do you have a web site disaster plan in order?
I am betting you likely don’t.

Why is a disaster plan important?

The unknown is ever present in the world of technology. With the rise of malware and CPU defects, the chances of your site going down by unseen forces is getting higher every day. You literally could wake up one morning and your site is no longer online, or worse it is being held for ransom. Add into the mix the number of web hosting companies that go out of business or are sold to another company. If you don’t have a worse case disaster plan in place, it is my opinion you are not doing yourself any favors. It is very easy to put together and can be accomplished by anyone. This would be like having an emergency go bag if you live in a earthquake zone.

What are some key things you need to have on your disaster plan?

Login details for your Domain and where it is registered (username, password, phone number and support email address).
It may or may not be registered with the same company that hosts your website. I would make a document that includes your login details, contact phone number and support email address. Put this along with the others we will be covering into a envelope and seal it, then put that in a safe place.

Login details for your hosting account (username, password, phone number and support email address).
This is the location where your website is actually being served from. Put this information in the same envelope as the rest of the ones we are covering. It is also important to have a phone number and support email address along with your login details.

A current backup or archive.
We have discussed this several times on this podcast. You should have a current backup or archive you can work with of at least your website, and possibly of your whole hosting account. If you have been backing up externally or manually copying to a local disk drive, put this information and location of the backup in the envelope with the other information.

Now that you have your login details sorted out, you need to have some basic DNS information. I personally like to have a complete zone listing of all of my DNS entries. These are things like;

  • What are my nameservers and where are they pointing? Nameservers are vital to knowing where your zone record is being kept. If your nameservers vanish, your domain vanishes from the internet.
  • Where does www and yourdomain.com point to?
  • What are my MX records?
  • Do I have a custom record that is used for connecting to my mail server? For example, do you use mail.yourdomain.com and if so where is it pointing too?
  • Are there any other records I need for my site to be online? Custom records for a cdn, custom txt records that have been added, SPF records? There are many types of records that can be added to DNS. Some of them are for email, some are for proving you own a domain (google validation comes to mind). All records should be tracked and kept with your disaster plan records. You never know when you may need to recreate a zone entry.

 

Success plan not unlike the disaster plan.

What happens if your site starts getting a large amount of traffic. Good for you, bad for your hosting company if your on shared hosting. I have seen this type of thing happen time and time again. A article you may have written, or a product you are offering gets picked up by national news or celebrity likes your product. This is great news for you, but this can often result in your site going down or even being taken offline by your hosting company. How do you deal with a “scuccess” hit often involves the same things as a disaster plan. You may find yourself needing to move to a new host rather rapidly. Have those contact information and login details at the ready in your disaster plan packet. Lets just call this the “What if” packet.

If you are just experiencing some temporary increased traffic, meaning you don’t think it will last for very long as the hype dies down. There are a few steps you can do to help with the site traffic increase, which will likely help with server load.

  1. Use a caching service like cloudflare. We have discussed this in the past. Basic cloudflare services are free and it only takes a minute to setup. This will act as a buffer between your host and the people trying to access your site.
  2. Make sure you use expires and headers so files are cached. Another topic we have discussed in the first episode.
  3. Make sure you are compressing the site files with mod_deflate. See episode 1 for more details. Or listen to the end of this episode for the quick tip.
  4. Enable a caching plugin in your framework. Something like wp super cache or w3 total cache for wordpress will save you a lot of headaches with a sudden spike in site traffic. This will also lower server load by reducing the mysql queries required to load your site by making some of the site pages almost static in nature. This will in turn keep your host happy. This is not the same as cloudflare caching service.
  5. Serve a static site during the increase in traffic. This one is a little more tricky, but it is definitely possible. By removing the need to have mysql and php render pages, your site will load faster and have almost zero load on the server. This requires planning ahead however and having static pages ready to go.
  6. Work with your hosting provider to see if you can to keep your site online. If they are less than helpful, then reach out to the world and get a recommendation for a new host. A good host will want you to grow and be a part of your growth process. If they just suspend your account because you are successful suddenly, then they are impeding your growth and should be removed from the equation. If the host offers some suggestions to you, no matter if they sound complicated, and want to work with you in providing even a temporary solution to the situation, then you should listen and see if they can help.

Things to NOT do. Do not allow your host to move you to a tiny VPS of your own. This is the number one thing I see and it will kill your site, but save your hosts butt. If your site is already creating a problem on a very large shared servers with possibly many CPU cores and many Gigs of ram, what good is moving you to a 1 core and 1 gig of ram VPS going to do. They just want you off their shared server as fast as they can, they are not offering a solution but passing the buck to you and making a few bucks in the process. You site will never stay online in a small VPS unless you have someone that you can call on to make massive tweaks to the VPS itself, install specific software and configure it, this often requires a system administrator/engineer to do.

Do NOT try and block the inbound traffic that is being generated, this includes changing the URL, blocking IPs in .htaccess or server firewall. You want that traffic to come in, if there are elements on that page that require external resources, like a facebook or twitter feed, remove that code during the spike in traffic. These can potentially slow down your page speed.

The biggest take away I want to share with everyone is to be proactive and not reactive. Whether it is a disaster plan or a success plan, the “what if” scenario should be on the minds of everyone. And if you are not ready for it, it can be devastating to your site, your finances and even your emotional state. Like any other disaster preparedness scenario, regaining control of the situation as fast as possible will allow you to continue on with your life. It will remove stress and worry. If you get an email from your hosting provider saying, “your site has been shutdown because….” you will know how to proceed because of your planning. Take some time out of your busy week and determine the best way to handle your “what if” scenario, it will make your life a lot better. If you have already put together a “what if” packet, then please share your experience and tips you may have with me. I would love to hear about them.

Quick tip today is gzip compression in cPanel, you can also see a video I did on this here.

Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

What is the difference between a Backup and a Archive?

A backup is for short term recovery. This means a backup is likely a more current snapshot in time. Often a backup will be done daily/weekly/monthly. You should be able to restore your site from any of these backups. But what happens if the backup is corrupt, or your site is hacked and has been hacked for a while? This is where a Archive comes in. A archive, to me, is a snapshot in time of your site that you are comfortable and capable of starting from.

Example: You have a site or a blog, you do a weekly and monthly backup. You find out that it has been hacked and has hundreds of files that contain malicious code. You can spend all of your time, and possibly a large amount of money cleaning the site up. Or you could restore from a backup, but what if your backup also contains the hacked code? Maybe your site has been hacked for more than a month. Now those backups will likely not do you much good or save you time and ultimately money. A archive is what you will need to restore from. A snapshot in time, where you know your site is clean and functional and can also be rebuilt from. It is a starting point that you are comfortable with. it may not be a ideal situation to have to do, but at least you know you can do it. The alternative is to possibly spend hundreds of hours and maybe thousands of dollars with a developer or systems administrator cleaning up your now hacked site. It is possible that starting from the archive will be the quickest and safest path. If you do decide to restore from a archive, and it is because of a hack, be sure that you update everything and if possible determine how the hack originated. It would not hurt to change passwords and follow standard procedures for dealing with a hack, see episode 7 Web Hosting Podcast.

Backups in cPanel are created using a .tar.gz file format.

What is a .tar.gz file?
The .tar in the filename stands for Tape Archive. The .gz is a compression method known as GZIP. These can be opened with standard Windows, Mac and Linux applications. The first thing it will do is unzip the file, or decompress it. This will then leave a .tar file. This can then be extracted to get the contents of the full archive.

Generating a full backup through cPanel will generate a .tar.gz file in your chosen destination. To do this, login to cPanel and search for backup. This will show you either, backup or backup wizard. If you want a step by step process, use the wizard. If you want specific files then choose backup. They both will ultimately give you the same thing. If you choose to create your backup file in your home directory, be aware that this could take your account over quota and start breaking things rather quickly. Other options for backup destinations are FTP and SCP. You can also choose to download a current near line backup, which will download to the Downloads folder set by your web browser. If you plan to make a archive, be sure to generate a new full backup of your entire home directory. This will include mysql databases, email and your website directories.

Other things that are good to do at the start or end of a year?

Verify your whois data is current. This should be done regularly and is required by domain owners. Whois data is maintained through the company you registered the domain with.

Determine if there are domains that you no longer wish to keep before they are renewed. I find myself over the year purchasing domains for ideas I may have. Some of these ideas never see the light of day and become abandoned. This is a good time to determine if you wish to proceed with keeping these domains and websites going. This can save you a bit of money if you no longer wish to keep them going.

Do you have specific things you do to bring in the New Year for your website? I would love to hear what they are and discuss them on a future podcast episode. Contact me through the contact form.

In our quick tip, autoresponders for email.