Tag Archives: wordpress

Do You Need To Take Care Of A Website Hosting Account?

Leave a reply
Do You Need To Take Care Of A Website Hosting Account?

Do You Need To Take Care Of A Website Hosting Account?

Setting up a website is become easier day-by-day. Whether it is paying for hosting or buying a template or installing a CMS, everything now requires just a couple of clicks. However, there are some things which are unavoidable and must be followed as a set of best practices to keep your website and web hosting account in good health.

Virus and Malware Scan

Adding this to your weekly maintenance check list is a must. Scanning your entire hosting account for virus and malware activity will help you stop a disaster in time. Although most of the time you will see that you account is clean, sometimes, in public upload folders or in incoming mail attachments you may notice a trigger being set off. Cleaning up these infections will help you to avoid more maintenance in future. As they say “A stitch in time saves nine”.

Resource Usage Check

Some hosts allow you to see your Resource usage on the shared hosting server and also show you how much of RAM, CPU and Apache Processes your account has used in the past few days. This can be a key factor in diagnosing issues and understanding how your website performs under different conditions. Noticing irregular behaviour at an early stage can avoid a major outage of your account. One of our clients noticed a large spike in CPU resources every night. Upon further investigation he identified a runaway rsync script as the cause. This avoided his site being throttled or limited by the server software. Checking the resource usage atleast once in 7 days is a good practice.

Backups

We don’t need to say this, but taking regular backups has hurt no one. Not only should you take backups for an emergency or downtime, but taking backups before each modification to your website will allow you to revert to a backed up version in case your code gets corrupt or your programmer goofs up. Before installing anything new or updating your CMS version be sure to take a backup. Spending a little money on backup will save you hundreds of dollars when you really need to go back to a previous version of your website. As a standard practice, you should backup your entire account atleast once a week preferably at off-peak hours. Download the backup on a remote machine.

Updates

You will be surprised at the amount of updates you will need to carry out on your website, especially if you have a database driven CMS. WordPress, Joomla, Drupal and other similar CMs systems push out updates atleast a couple of times a month. with auto installer software, updating is a piece of cake and can be done in seconds. However, you must also understand the implications of every update on your website code and customizations to the system. Ideally you should check for new updates every 2 days, so that a critical security flaw in your web app can be quickly patched before it is exploited by hackers or malware.

Suspicious Activity

Your web hosting control panel will definitely have the ability of showing you the activity and error logs of your account. These can be especially useful when you want to diagnose an error or understand your web apps behavior. An additional utility of the logs is to detect patterns of suspicious activity and timings of such behavior. Logs can help you avoid a major problem by showing you the patterns of the activity that you really want to know. An ideal interval for checking logs would be atleast once a week. Checking the visitor logs, apache error logs and any custom logs that your CMS generates can be extremely helpful.

Why Do Most Web Hosting Providers And Resellers Recommend WordPress?

Leave a reply
Why Do Most Web Hosting Providers And Resellers Recommend WordPress?

Why Do Most Web Hosting Providers And Resellers Recommend WordPress?

If you ask most web hosting providers about what their recommendation would be for a blogging platform or Content Management System for a website you will most probably hear WordPress as the first option. Day by day, the patronage for WordPress is on the rise, and with good reason too. This article explains why most web hosting providers would encourage the use of WordPress and why it may be their number one choice for clients.

Updates and Community Support

WordPress is regularly updated by the community and is kept bug free and as secure as possible at all times. If there is a vulnerability or exploit detected, many people work hard to plug the vulnerability and fix the flaws in the system. Since it is open source, this is all a team effort of the community. No dependence on a dedicated team or on a profit-focused software company. This gives much assurance to web hosting providers that the software is safe to run on their servers without a hitch.

Auto Installer Support

Almost all auto-installer software support the WordPress system and enable quick setup and maintenance of WordPress. With auto-installer software like Softaculous, you can auto-update WordPress when a new version is released, you can update all themes and plugins when new versions are released and you can also configure automatic backups to take place through cron jobs. This eases the burden on the web hosting provider in monitoring outdated installations and asking users to keep updating their obsolete software. This also comes in use when the web host needs to step in to provide support or fire-fight a website compromise.

Useful Documentation and Helpful Tutorials.

WordPress is well documented and the documentation is easily accessible on their website. This is a major relief to most web hosts, especially when troubleshooting client issues. A web host would always like to know if there is some issue with his server or there is a misconfiguration with the user’s install of WordPress. Although providing support for WordPress may not be covered in the scope of work of the hosting provider, it would definitely give them brownie points for pointing a distressed client in the right direction.

WordPress also has a lot of tutorials for newbie users and private bloggers. Many websites offer Video and Audio Tutorials for free, while some charge for premium guidance. YouTube also offers numerous free videos on WordPress issues and how to solve them.

Turn Around Time

A primary reason why web hosts and web developers love WordPress is due to the miniscule turnaround time for setting up a website and actually getting content online. The coming of auto-installers has further improved the speed of setup and updates. When a client trusts a web host for all their IT advice and expertise, they are sure to ask about WordPress. Setting up WordPress for an elderly client or a loyal patron is super fast and easy.

We have seen many clients struggling for months on end just to pick a suitable web designer. When they do pick one, it is an endless process to get the final site up and running. Either the Web Designer dilly-dallies or the client has very little time to give inputs. This process goes on for a couple of months, till the client realizes that the web hosting space they have taken is being wasted. When the client sits up and wants a website done yesterday, it’s the development team’s turn to act fussy. You can’t setup a full website quicker than with WordPress.

Is My WordPress Site Vulnerable To Hacking?

Leave a reply
Is My WordPress Site Vulnerable To Hacking?

Is My WordPress Site Vulnerable To Hacking?

WordPress websites have always been a sweet target for hackers and script kiddies looking to have some fun at the cost of damaging and defacing websites. In July 2014 the popular plugin “MailPoet Newsletters” was exploited to cause damage to over 50,000 websites across the internet. For a hacker, it is also worth investing time and money in identifying vulnerabilities, since millions of site’s across the world use WordPress, and being able to compromise one of them may lead you to be able to replicate it for other site’s with the same vulnerability as well.

The website WPvulndb.com lists all the known exploits and vulnerabilites and categorizes them under WordPress Core, Themes and Plugins. This article explains how you can test if your WordPress site is vulnerable and what precautions to take before you fall prey to an attack.

Plugins

In August 2014, the Custom Contact Forms Plugin allowed alterations and modification to the database using a flaw in the system. This affected thousands of websites which had downloaded and used that plugin. The security company Sucuri, tried to contact the developers but to no avail. They finally posted this message on their blog:

“Due to the unresponsive nature of the development team, we’d encourage you to pursue other sources for your WordPress form needs. There are various options with developers that are very responsive and are actively concerned with your security needs.”

Many free plugins for WordPress, maybe outdated, vulnerable, badly coded and may no longer be supported by an active development team. This means that using such a plugin may be detrimental to your website’s security and may lead you to being a hacking victim due to the flaws in that plugin. Always install plugins which have good reviews, good ratings, are compatible with your current version of WordPress and which are regular updated by an active developer team. You can see the plugin details and inspect them before integrating it with your website.

Themes

The same applies to WordPress Themes as well. Always read the theme reviews and see their rating before you choose a theme. Also, just because you pay for a theme does not mean that it is more secure or has no vulnerabilities, the only advantage will be that you will be able to contact the developers to patch your theme or update it. Bad coding in the themes may lead your site to become slow or open it up for hackers to exploit.

Update

Always keep your WordPress major version and all other themes and plugins up to date. You can do this manually or if your web host provides you with an auto installer, you can allow the auto installer to update WordPress, the themes and the plugins through a scheduled cron command. Keeping your site in sync with the latest version will prevent hackers from exploiting old vulnerabilities, for which a fix is already available. Although this is a very simple and easy counter-measure, keeping updated software can go a long way in ensuring security.

Backup

Always backup your site regularly and maintain a remote backup location in case of a disaster or damage to your site. Keeping a remote backup location is ideal, so that you “do not keep all your eggs in one basket”. Make sure that your backup is easy to restore in the event of an emergency. While you can backup parts of your website separately Eg: Database, Files, Image etc. you can also have a compressed zip backup of your entire website in a single file. Auto Installer software allow you to schedule nightly backups and set the backups to happen automatically.

Testing

Don’t forget to test your website for any known exploits or vulnerabilities before the hackers do. Free online tools like Sucuri Website Scanner will scan your website and suggest some security measures. They will also alert you of any major flaws in the system and will also indicate any outdated WordPress versions. Better scan your website before the hackers do.

How WordPress Makes Friends With Search Engines. A Look At Google, Yahoo And Bing

Leave a reply

WordPress has always been the most preferred blogging platform and Content Management System on the internet. It does contain many out of the box features for making your website or blog easy for search engines to crawl and index. But there is a lot that can be improved too. This article explains a couple of the out of the box features and some more features which you can add using the help of plugins, to make your site truly SEO friendly for search engines such as Google, Yahoo and Bing.

How WordPress Makes Friends With Search Engines. A Look At Google, Yahoo And Bing

How WordPress Makes Friends With Search Engines. A Look At Google, Yahoo And Bing

Human-Readable URLs with Keywords

On a fresh install of WordPress, you will notice that your Page URL’s or Permalinks look something like http://news.hostingxtreme.com/?p=213452098346 which obscures the true content of the article or information contained on that page. Not only do Humans find it difficult to recall a page number or URL with a number in it, but even Search Engines detest these obscure URLs which are non-descriptive. Instead Search Engines will prefer to see something with a category and a name in it. Hence, WordPress allows you to setup Permalinks which will automatically change the URLs to a modified version of the article’s Title. So an article titled “How Auto Installers Enhance Your WordPress Experience” will have a URL like “http://news.hostingxtreme.com/how-auto-installers-enhance-your-wordpress-experience/”.

This type of URL will be easily understandable by Search Engines and also contains the keywords which the author would like to promote. This allows Search Engines to retrieve that URL more easily and in a more systematic manner.

Featured Images, Categories and Tags

WordPress allows you to add a featured image in your article page or post, which can be used to identify your article and to give it a boost in image results. An article on Fire Extinguishers may have the picture of a Fire Extinguisher set as the Featured Image, so that in Image Searches, it will be given priority for those keywords.

You can also add your article to Categories and Tags. You can setup these categories and tages prior to writing the article and also add new categories and tags as you are writing the article. Adding a category for the pages and posts facilities the internal search engine and also external crawlers from understanding the structure of your website and the grouping of similar articles. This will allow the searcher to be presented with many suggestions based on the category selection of the article. The category may also influence the URL of the article, which may be rewritten to incorporate the category name as well.

Image Information

Search engines cannot see an image. They can only read the textual content of your website. Which is why we have Captcha code’s on forms, to prevent automated submission of the form by software. When inserting an image from the media library, the Alt Tags and Image title is automatically picked up from the Image Name and Image Meta Information that maybe present. This allows your image to be easily searched and indexed by search engines so that the image search results will pop up your image when the associated keywords are searched. You can alter or modify the alt tags and title tags and also add a caption to the image, to make search engines easier to find.

Plugins for everything

For all the SEO optimization features that are not built-in to WordPress, you can always install plugins to do the job for you. XML Sitemaps generation is one such SEO feature which you must have, and can be easily created using a simple WordPress Plugin which is free. You can also tweak page URLs and customize them further using other plugins for that purpose. There are numerous plugins which help you to optimize your site for Search Engines like Google, Bing, Yahoo, in a step-by-step manner. You could also try Plugins like All in One SEO Pack for WordPress and WordPress SEO by Yoast which are popular and recommended by the champions of the industry. Don’t forget that SEO is hard work and needs your time and patience to produce quality results.

How The Softaculous Auto-Installer Enhances Your WordPress Experience With Newer Features

Leave a reply

How The Softaculous Auto-Installer Enhances Your WordPress Experience With Newer Features

Softaculous is an Auto-Installer like Fantastico and Installatron. While WordPress is not included in its Free Scripts, the price for a paid version of Softaculous is about $2.5 per month. This is quite a small price to pay for the benefits that it will give you. This article deals with the value addition that Softaculous has to offer as far as your WordPress experience is concerned. The aim of this article is to highlight the need for an Auto-Installer to make WordPress Management easy and less troublesome.

Auto Fill

The Softaculous installer automatically fills in the installation form when you are about to install WordPress. This means that it auto-fills field like the Database Name, Database Table Prefix, Site Name, Site Description, Admin username, Admin password, the admin email address and the Default Language to be used. Auto-filling these field helps to maintain consistency of the naming conventions (like database prefix) and also helps to randomize values (like database name and admin password) so that it becomes difficult for hackers to guess the password or database name. This saves the admin the headache of cooking up some innovative options and allows WordPress to be installed in a jiffy. It also aids newbie users by prompting them on what values should be ideally put into the text fields. This can be a big relief for people who were previously intimated by the built-in WordPress installer, which was not newbie friendly. If you are not satisfied with what Softaculous has suggested, you can always modify the values in the text box of the form. This ensures flexibility for those who want customization.

Advanced Options

Softaculous Contains a set of Advanced options which allows you to ensure the safety and data integrity of your WordPress blog or website. The form allows you to setup Update Notifications which will alert you when a new WordPress version becomes available for installation. This means that you don’t need to bother to keep a check on whether you have the latest WordPress software which is more secure as compared to earlier versions.

Automatic upgrade of WordPress is another feature which Softaculous provides. This means that you can setup Softaculous to automatically backup your WordPress files and upgrade them to the latest WordPress version as soon as it becomes available. This means that you need not bother about upgrading your WordPress installation and can concentrate on building good content for your site.

Automatic Upgrade of Plugins and Themes

This is a newer feature of Softaculous. It allows you to upgrade all your Plugins and Themes to their latest version. Buggy plugins are a major cause of security exploits in WordPress. This means that any 3rd party software that you install may contain some vulnerabilities which may be rectified in newer versions of the plugin. Although WordPress allows you to update the plugins and themes from inside the Admin interface, softaculous allows you to schedule updates and automatically updates the core plugin and theme files, without your intervention. It is always advisable to take a regular backup of your site, incase the automatic process fails and causes your site to crash.

Automatic Backups

Softaculous allows you to Automate backups of your WordPress install. This means that you can automatically backup your website on a daily, weekly or monthly basis into your home directory of your hosting account. You can then download the files to your computer at a later date. Incase you have a plan with limited space, you can choose to rotate the backups i.e. If the backup rotation limit is reached, Softaculous will delete the oldest backup for that WordPress installation and create a new backup.

Softaculous also pulls the information from your WordPress config file and displays the details of the install in a simple form, which you can use to sharethe backend details with your development team.

Softaculous needs to be bought by your hosting provider and installed on their server. We highly recommend Softaculous due to the ease of use and smooth functioning with cPanel / WHM. It is easy for the Admin as well as the end user. Softaculous and cPanel are an awesome combination which is a must have.

Do You Need An SSL Certificate For Your WordPress Website?

Leave a reply
Do You Need An SSL Certificate For Your WordPress Website?

Do You Need An SSL Certificate For Your WordPress Website?

SSL Certificates have been in vogue in the recent past, partially due to the high level of education on website security and PCI Compliance and also due to the fact that many people are ignorant about what it is and just want to go with the flow. Even webmasters who own a simple blog want to sport the https:// in their URL without any other reason. However, having an SSL certificate even if you don’t need it, doesn’t do any harm to your website. This article explains the hype about the SSL Certificate and whether you need one for your WordPress website. We will also take a look at how the SSL Certificate can be helpful in building your online reputation.

The Hype About SSL Certificates

in May 2014, we had a couple of clients asking us whether we provide SSL Certificates and how we could implement it on their websites. You also need to take a dedicated IP Address for your SSL Certificate, so that your website can be uniquely identified on the internet. This can be a bit expensive, especially if you don’t need it. When we visited the client’s website, we noticed that they were running nothing more than static HTML pages on their website. They had an order form page, for which they specifically wanted the SSL Certificate. We did explain to them that the SSL Certificate will encrypt data being sent from the users browser to our server, so that it cannot be intercepted in between. However, since there was no critical information like credit card numbers or passwords being transmitted, having an SSL Certificate would not achieve much. The cost of the SSL Certificate and Dedicated IP Address would cost much more than the average amount of payment orders that they were receiving from the form.

Where an SSL certificate is really required

An SSL Certificate is highly recommended when you are carrying on financial transactions and storing personal / sensitive information which if leaked or intercepted could cause financial loss or personal injury. The SSL Certificate is just a Proof of Identification which groups the domain name with the server name or hostname. It allows cross-verification and lets your computer know that you have reached the correct server, which has been verified by a certifying authority.

Does your WordPress website or blog need one?

Generally, a personal blog or website does not benefit significantly by having an SSL Certificate. It does not prevent hack attempts or brute force attempts on your web server. An SSL Certificate cannot shield a weak password or bad coding. It will not prevent a vulnerability in the WordPress system from being exploited, neither will it protect an obsolete software from security bugs.

Along with an SSL Certificate you need to take a dedicated IP Address, and may also need to take professional help to install the certificate. If you are doing it just for fun or to show off, it’s just not worth it.

With a recent announcement by Google, that having an SSL Certificate does give you preference in the Search Engine Rankings, many people are rushing to buy them. However, you may want to weigh the costs and benefits before you do it. Although there no harm in having an https website, it may be expensive to maintain.

Does Your Auto-Installer Software Improve Your WordPress Experience? Softaculous, Fantastico and more

Leave a reply

Does Your Auto-Installer Software Improve Your WordPress Experience?

Till recently, WordPress had to be manually installed if you planned to run a self-hosted WordPress website. You had to download the files from WordPress.org, upload them to your hosting account, unzip them and then run the php file to install it along with the database. Prior to the inbuilt php installer file, even the database had to be manually created and configuration information added to the config file in WordPress. All this is pretty much history, in fact all these steps are done instantly using an Auto-Installer Software. These software also have many other features, which make your entire WordPress experience a pleasure. While it is not mandatory to have an Auto-Installer to manage WordPress,it becomes safer, secure and more convenient when using an Auto-Installer to perform various tasks. This article explains some of the other reasons why Auto-Installers are recommended by us, if you are looking at setting up a WordPress website.

Backups

Auto-installers not only allow you to install scripts like WordPress, they also allow you to manage your website and help you back it up as well. The backups are stored in the home directory of your account and you can download them to your local computer at a later time. The auto-installers only create a backup of the software and not of your entire hosting account. Hence, only your WordPress files will be backed up. This is ideal when you are making changes or major modifications to your website files and want a copy of the files to keep in case your changes are broken. The ability to create these backups comes along with the power to restore them in case of lost or damaged files. The restore process allows you to use the backups that you have created in the past and restore the website to its exact state as on the date of the backup.

Upgrades

You can setup the auto-installer to notify you of any available updates or you can set it to upgrade WordPress automatically. As soon as a new version is available, the software will send out an email alert to you. You can also set it up to run a cron job to take a backup and process the upgrade automatically without your intervention, but in case of lack of space, the upgrade might not work out.

Software Information

Auto-Installers also provide you with handy information for each installed application. They list out the details like: Installation Directory, Live URL, Database Name, Database Username, Database Password, Database hostname, Software version installed, Installation time etc. This allows you to work with multiple installations of different software in the same hosting account. It prevents confusion and allows you to see the details in a single screen in a GUI, rather than searching the config file for details. You can use it to give the details to your developer or support teams.

Frequent Updates

The main advantage of an auto-installer is the frequency of updates and the ability to notify you when an update becomes available. This allows you to update WordPress to the latest stable version and also to implement quick fixes or patch vulnerabilities which may be a threat to the security of your website.

Setting up WordPress is easy - it becomes easier when you have an Auto-Installer in your arsenal. You can choose from many different Auto-Installers for your Control Panel, but we recommend Softaculous, Installatron and Fantastico.