Hosting

eQPress – secure hosting with Deflect

In the last few months, the Deflect team has set up a hosting platform that allows anybody to have an easy-to-manage, secure website (or even a multisite) that protects you not only from DDoS attacks, but also from other problems that may arise if your hosting provider is poorly resourced, unable to handle basic attacks or easily susceptible to social engineering.

We are now proud to present eQPress to the world: a WordPress-based platform protected by Deflect and by our team’s experience with infrastructure hardening and secure service provision where you can migrate your WordPress-based website or create a new one from scratch.

Built on the easypress.ca managed WordPress framework, eQPress codebase has been reviewed, refactored and finally open-sourced by eQualit.ie’s team. This framework offers a peace of mind to you when it comes to manage your website(s) and to us in terms of technical security and stability. Most importantly, it keeps the hosting server completely hidden behind the Deflect network, preventing direct brute force and denial of service attacks against your website.

Other features included in eQPress are:

  • A customized plugin for administration tasks that would otherwise require shell access
  • A “lockdown” feature, so that normal users cannot “break the site” and attackers cannot inject malicious scripts
  • A secure system for generating passwords and distributing them to users
  • Full disk LUKS encryption on eQPress infrastructure and fully encrypted external backup
  • High performance nginx, php-fpm
  • Quick WordPress install of single sites and multisites
  • A sustainable and easily replicable system

And the good news is that if you meet our eligibility criteria and already have a WordPress-based website or want to create one, you can be hosted on eQPress too!

Read More

Use the Console to manage your eQPress account

When you first create a website on eQPress, what you need to know is how to configure it and how to use WordPress. But if you’ve ever managed a WordPress-based website or blog and/or have just migrated your existing site to eQPress, you will probably be already familiar with the WordPress Dashboard and don’t need any introduction to its usage.

What you will find different in the eQPress administration panel, though, is the Console – an additional administration panel that enhances the functionalities of the common WordPress admin interface. Through the Console, you can perform some administrative tasks that would otherwise require shell access, like changing some settings that would be complicated to edit otherwise and enhancing the security of your website.

By accessing the Console, you will be able to:

To access this interface, click “Console” in the sidebar on the left of your WordPress admin panel.

 

console1

View your statistics

In the “Website Stats” section of the Console, you can view the exact number of times your site has been accessed in the last few months (“Monthly Stats”) and days (“Recent Daily Stats”), with a highlight on the busiest day your website has recorded. Please, note that robots and spiders are also included in the total number.

console2

Click “Website Stats” in the Console menu in the left-hand sidebar and then click the “Show Web Stats” button: after a moment your monthly and daily statistics will be visualized, including: the number of visited pages (“Hits”); the number of visits and unique visitors, and the amount of transferred data (“Transferred”).

This tool is a good compromise if you want to monitor how your website is doing in terms of traffic and engagement without violating your visitors’ privacy. By installing a specific plugin for statistics, you would have a more precise vision of your public, but most of these plugins often track users for commercial purposes. Please, consider what risks this might imply for your visitors before you decide to install additional plugins for statistics.

Delete the server cache

The “Manage Cache” section provides you a way to delete the server cache.

console3

If you are making changes to your content and need to see them immediately, you can use this feature to purge the web server’s cache. Just click the “Delete cache” button and wait a bit: it might take up to a minute for the cache to be removed depending on its size.

console3b

View web and PHP logs

By clicking on “View Logs” in the Console sidebar, you will be able to view the following log files:

  1. PHP error log – contains a record of all PHP errors produced by plugins and themes.
  2. Web server access log – contains a record of every file transferred from your site.
  3. Web server error log – contains a record of every error encountered by the web server.

console4

To view each of these logs, click the respective button.

Reset your file permissions

The “File Permissions” feature allows you to reset the permissions and ownership on your files back to the default settings: by clicking the “Reset Now” button, you will reset all directories and files under your document root to be owned by the web server user.

You may want to use this feature because sometimes, after uploading or installing a plugin manually, you may need to change its permissions for it to work properly. Since you have uploaded the plugin through your SFTP account, that directory is owned by your SFTP user, which is different from the web server user that is making your website, together with the installed plugins, work. So when the plugin tries to write to a file or directory that is owned by your SFTP user, it fails because the web server user is trying to change something it doesn’t have the permission to change.

console5

This default setting is very convenient for installing and updating plugins and themes but is not the most secure way to configure a WordPress environment. This is why the Console also includes a “Security Lockdown” feature.

console5b

Protect your website from hacks with the Security Lockdown

You can use the “Security Lockdown” feature of your eQPress Console to secure your website from potential hacks that try to create or download new files in your SFTP root directory in order to take control of your site and/or of your server. This risk can be prevented by stopping the web server from writing to any of your files or directories, which is what happens if those files are owned by a user different from the web server user.

The Security Lockdown feature does just that: it allows you to change the permissions and assign the ownership of all the files and directories under your document root to your SFTP user. If you want to protect your website from this kind of hacks, click the “Lockdown” button and wait for the changes to take effect before you leave the page. Once the process is completed, none of your files will be owned by the web server user, which will effectively prevent it from writing to any of your files or directories.

console6 console6b console6c

When the site is locked down, you will see the text “Site Locked Down” in your admin bar at the top of the page. This is also a link to the “Security Lockdown” section of the Console.

console6e

 

Important: When the site is locked down, you will not be able to install new plugins or themes. You will not be able to update plugins, themes or WordPress itself. This is not a bug, but a feature: it’s exactly what the Security Lockdown is supposed to do. If you need to update or install a plugin (or theme), simply unlock your site, perform the update or installation and then lock the site down once again.

SFTP info and password reset

By clicking on “Reset Password” in the Console sidebar, you will access a panel with information on your SFTP user name and host. You can access this page in case you need to find quickly the SFTP credentials you received by email when your eQPress account was activated, or to check that the host address hasn’t changed.

console7

The “Reset Password” section of the Console also gives you the possibility of resetting your SFTP password: by clicking the “Reset Password” button in this page, you will change your SFTP password and the new password will be temporarily visualized under the line with your SFTP host, as well as sent to you by email.

console7b

Please note: If what you want to change is not your SFTP password but your WordPress admin password, click on your user name in the right end of the admin bar at the top of the WordPress panel to open your Profile page, and then click the button “Generate Password” in the Account Management section: a new password will be generated for your WordPress user. Make sure to store this password in a secure place: the best way to do this is to use a password manager like KeePass. To change your database password, read this guide.

Protect your login and admin panel with SSL

SSL provides confidentiality between your browser and the web server. By encrypting the communication between you and the server, you are making it very difficult for malicious hackers to steal your private information. If you use SSL, credentials such as user names and passwords will be undecipherable if they are intercepted while in transit. The same applies to your authentication tokens, such as the cookies that are sent every time you view or make changes via the admin panel.

The Console offers you 3 choices when configuring WordPress to use SSL. To change the settings, click the relevant button and wait for the process to be finished before you leave the page.

1. Enable SSL for logins and all admin screens.
This is the most secure choice, and will protect both your access credentials and your connection to the server through the admin panel.
console8b
2. Enable SSL for logging in only.
This choice will protect your credentials from being intercepted when you log into the eQPress admin panel.
console8d
3. Disable SSL.
If you choose to disable SSL, your connection to the server will not be protected.
console8

Please note that if you enable SSL you will be using our SSL certificates, and therefore you will encounter SSL warnings the first time you visit your admin screens. If you have your own SSL certificates, you can install them to solve this problem: please get in touch with the Deflect team through the Deflect dashboard and we will do it for you.

You can read more about Administration Over SSL on the WordPress Codex.

Disable or enable the Plugin and Theme Editor

Occasionally you may wish to disable the Plugin or Theme Editor in your WordPress admin panel so as to prevent overzealous users from editing sensitive files and potentially crash the site. Disabling the editor also provides an additional layer of security if a hacker gains access to a well-privileged user account.

There are 2 choices:

  1. Enable plugin and theme editing via the admin screens.
  2. Disable plugin and theme editing via the admin screens.
console9b console9c console9

Please note that for the changes to take effect you will need to wait until the end of the process before you leave the “Code Editor” page.

Read more about Disabling the Plugin and Theme Editor on the WordPress Codex.

Read More

Creating a Hosts File Entry

If you wish to access your domain before your DNS has been updated, you can update your local ‘hosts file’, which will allow your computer to view your new site. Follow the appropriate instructions below.

Please note that this will work only with HTTPS and not with HTTP.

If you need any help with this procedure (for example because nslookup is not installed in your system and you can’t figure out what the IP of your SFTP server is), we are ready to help: please contact us through the Dashboard or send us an email.

OS X:

  1. Open Terminal
  2. Launch the following command (replacing SFTP_host with the address of your SFTP host you received in your activation email):

    $ nslookup SFTP_host

  3. The result will be something like the following output. The last line contains the IP address of your SFTP host, which you will need to add to your hosts file (numbers arranged in this form: XX.XX.XX.XX).

    Server:        YY.ZZ.XX.ZZ
    Address:    YY.ZZ.XX.ZZ#53

    Non-authoritative answer:
    Name:    grwtrcweg.deflect.ca
    Address: XX.XX.XX.XX

  4. Type ‘sudo nano /private/etc/hosts’
  5. Press Ctrl+Shift+V to take you to the end of the file
  6. Enter the text ‘XX.XX.XX.XX <yourdomain>’ (replacing `XX.XX.XX.XX` with the actual IP of your SFTP host and <yourdomain> with the URL of your website).
  7. Press Ctrl+x to exit
  8. Press y to save

Alternatively you can download the Hosts preference pane helper from here: https://github.com/specialunderwear/Hosts.prefpane/downloads

Windows:

  1. Launch the Command Prompt and enter:

    C:\>nslookup example.com

    whereby you need to replace example.com with your SFTP host address.

  2. The result will contain the IP address of your SFTP host, which you will need to add to your hosts file (numbers arranged in this form: XX.XX.XX.XX).

    Address: XX.XX.XX.XX

  3. Click “Start” button
  4. Click “All Programs”
  5. Click “Accessories”
  6. Right-click on Notepad and then click Run as administrator.
  7. If you are prompted for an administrator password or for a confirmation, type your password, or click Allow/Yes.
  8. Open the Hosts file. Discover the location for your version of windows here (https://en.wikipedia.org/wiki/Hosts_(file)#Location_in_the_file_system)
  9. Enter the text ‘XX.XX.XX.XX <yourdomain>’ (replacing `XX.XX.XX.XX` with the actual IP of your SFTP host and <yourdomain> with the URL of your website).
  10. Click Save on the Edit menu. (If using Windows 7, you will need to click Save on the File menu.)

Linux:

  1. Open a terminal.
  2. Launch the following command (replacing SFTP_host with the address of your SFTP host you received in your activation email):

    $ nslookup SFTP_host

  3. The result will be something like the following output. The last line contains the IP address of your SFTP host, which you will need to add to your hosts file (numbers arranged in this form: XX.XX.XX.XX).

    Server:        YY.ZZ.XX.ZZ
    Address:    YY.ZZ.XX.ZZ#53

    Non-authoritative answer:
    Name:    grwtrcweg.deflect.ca
    Address: XX.XX.XX.XX

  4. Open the file /etc/hosts with vim or your favourite editor as root:

    $ sudo vim /etc/hosts

  5. Add the following line, replacing `XX.XX.XX.XX` with the IP address of your SFTP host, `example.com` with the URL of your website and `example` with the name of your website:

    XX.XX.XX.XX example.com example

  6. Ensure that the nsswitch.conf file is correct. The nsswitch.conf file controls in which order services will be consulted for name service lookups, in our case we are looking for the “hosts” service:

    $ grep host /etc/nsswitch.conf hosts: files dns

    Check that “files” comes before “dns”. If it doesn’t, edit the file to obtain the above result.

  7. Check that your changes produced the wanted effect with this command:

    $ ping -c 1 example.com

    The result should be something like this (with XX.XX.XX.XX being replaced by the IP of your SFTP host):

    PING example.com (XX.XX.XX.XX) 56(84) bytes of data.

Read More

Migrating Your WordPress Site to Us

If you already have a working WordPress site that you wish to move to eQPress, the first thing you need to do is sign up with Deflect and specify that you would like to move your existing website to eQPress, providing us with the first and last name of your admin (they don’t have to be the official ones!). It would be also helpful to know if your WordPress instance contains a single website or is a multi-site with subdomains (http://sub.example.com) or subdirectories (http://example.com/sub).

This post contains information for migrating your website to eQPress. If you need any help, don’t hesitate to ask for our support.

What we need:

  1. A database dump of your existing WordPress site. You may need to request this from your existing hosting provider if you do not have the facilities to make a database dump yourself, or you can follow these instructions.
  2. The complete backup of your existing WordPress site files, which you can easily obtain by following this guide.

If you want, you can use a plugin to obtain your database dump and website backup. There are many such plugins for WordPress, and you can pick the one you prefer from this list.

Read More

How to Flush Your Local DNS Resolver’s Cache

If your computer cannot reach a certain website this could be because your local DNS resolver’s cache contains an outdated record. For example, you updated your DNS records to point to eQPress but instead you are seeing your old website. This is when flushing your DNS cache will speed things up.

Mac (OS X)

In the Command Terminal, type one of these commands:

sudo killall -HUP mDNSResponder
sudo discoveryutil udnsflushcaches

sudo dscacheutil -flushcache
sudo lookupd -flushcache

Windows

Run the following command in a Command Prompt window:

ipconfig /flushdns

Read More

Moving Your Site to HTTPS

HTTPS (adding an S for “secure” to HTTP) is an internet communication protocol that protects your users’ connections to your website. Data sent using HTTPS is secured in that HTTPS provides 3 layers of protection:

  1. Encryption: while the user is browsing a website, nobody can see their conversations, track their activities in the website, or steal their information.
  2. Integrity: data cannot be tampered with as it travels from your website to the user’s computer and vice versa.
  3. Authentication: ensuring that your users are really communicating with your website. This layer of protection prevents man-in-the-middle attacks and stops attempts at attracting your users to connect to a fake site or to download falsified files.

While the purpose of enhancing security is certainly a very good reason to move your website to HTTPS, consider that this could also slightly improve your website’s ranking.

TL;DR – How to activate HTTPS on eQPress

If you already have generated an HTTPS certificate for your website, you can install it via the Deflect dashboard. By following the procedure to install your TLS certificate, your website will be accessible on HTTPS.

If you don’t have an HTTPS certificate yet, you can contact us through the Deflect dashboard or send us an email and we will generate it for you.

Keys and Certificates

For TLS (formerly SSL) to work, you need a private key and a public key. After the public key is signed by a certificate authority, your public key becomes your certificate. The private key and the certificate need to live on the server that your website is hosted on, so the web server software that sends your web pages to your visitors can also create the secure (TLS) connection to the browser to secure the link. If you know how, you are free to generate your keys and then send them to us through the Deflect dashboard. Otherwise, we are happy to generate the key pair for you.

Certificate Authority

To generate a free certificate signed by a certificate authority, the easiest way is to use Let’s Encrypt, a free, automated, and open certification authority run for the public’s benefit.

If you prefer to have your HTTPS certificate signed by a different certification authority, here’s a short list of services that will sign it for you:

RapidSSL
NameCheap

Analytics and Tracking

If you use analytics tools like Google Analytics, you will want to update the URL that you are tracking from HTTP to HTTPS. Make sure you do this both in analytics and Google Webmaster Tools.

Read More

Recommendations for Improving Your WordPress SEO

When it comes to search engine optimization (SEO), choosing the right WordPress theme framework becomes critical. Genesis does a great job of doing all the right things for search engine optimization (SEO). You will want to add some kind of analytics tracking to your site so you can gain insight about who is visiting your site and how your site is being used. Typically most people use Google Analytics, but if you are considering to use it in your website, please consider that eQPress Console already shows you some statistics and that Google Analytics, as well as other tools for website statistics, track users and can violate your readers’ privacy. If you decide to use one of these tools, Genesis provides a field on the Theme Settings page (wp_footer) to enter your analytics tracking code.

There are other great theme frameworks that are just as effective as Genesis, but if you choose not to use a framework or prefer to build your own theme, then you should use a plugin such as wordpress-seo by Yoast and use that to further optimize your pages and posts for SEO. The plugin has a ton of options which can be a bit overwhelming, but typically the defaults are fine. The plugin will also analyse your pages and give you recommendations on how to improve your content, title and other aspects of the page to make it better for SEO. There are lots of tutorials on using the plugin and of course the author of the plugin is a great source for learning about SEO: https://yoast.com

A couple more recommendations: in addition to a Google Analytics account for your site, you should also create a Google Webmaster Tools account and link it to your analytics account. And the other thing is to create a sitemap.xml file. The search engine crawlers look for that to more accurately index your site. The wordpress-seo plugin will create one for you, but there are simpler plugins to get this task done such as google-sitemap-plugin.

Read More

Choosing a Canonical Website Address

Canoni-what?

Canonical is the word used to describe the one address that you want the world to go to when they look you up. The typical choices are whether to use www in front of your domain or not. The classic example follows:

http://www.example.com/

or

http://example.com/

Choosing what your canonical website address (URL) will be is totally up to you. It’s a preference and there’s no right answer. As you can see by looking up at your browser’s location bar now, eQualit.ie has chosen a URL without www. If you start taking notice of the other websites you visit, you’ll probably see that there’s no regular pattern. Google chooses www. The wordpress.org team chooses non-www. It really doesn’t matter. What does matter is making that choice early and sticking with it.

Considering the Apex

One unique factor (with respect to hosting on) in your decision-making process is whether or not your domain will be hosted by a DNS company that supports pointing the non-www (officially called the apex record) address to a CNAME. If your DNS host does not support this feature, we recommend you choose www to be your canonical website address.

References

Here’s an article at Google Webmaster Tools called Use Canonical URLs that will help you to learn more about their view of canonical URLs.

Also, Matt Cutts provides some very helpful insight and a FAQ about SEO and URL canonicalization.

Read More

Changing Your Database Password

We are serious about our passwords here at Deflect. You might have noticed our 23 random character passwords for your WordPress admin user we generated during the installation of your site. That’s the kind of password that will keep your site safe from brute force and dictionary attacks. The random.org site provides some tools for generating super long passwords.

So why would you ever want to change your database password? Typically you won’t ever need to because we set it initially during installation to another unique 23 random character string. But there might be a good reason to change it. The one that comes to mind is Heartbleed. So, here we go…

Changing Your Database Password

Warning: Changing your database password can disable your site. Make sure you know what you are doing or send us an email if you need help

  1. Log into adminer. For example, if your site is example.com then go to https://example.com/adminer/.
  2. You can get your DB username and current DB password by SFTP’ing to your site and looking in your wp-config.php file which is located in the wordpress directory.
  3. Click on the “Privileges” link.
  4. Click on the “Edit” link beside “localhost”.
  5. Make sure the “Hashed” checkbox is unchecked.
  6. Use KeePassX or random.org to generate a long random password. Copy it and paste it into the Password field, then scroll to the bottom and click the Save button while simultaneously…
  7. Pasting the password you just set in adminer into your wp-config.php file on the line with define(‘DB_PASSWORD’, ‘password’); by replacing “password” with the new password.
Read More

First Steps with Your eQPress Site

Your shiny new eQPress site is ready to go! Now what? Here are some recommendations.

  1. Enable “pretty” permalinks under “Settings” -> “Permalinks”.
    Typically “Post name” is a good option, but you can choose whichever setting you prefer other than “Plain”. The reason for doing this is two-fold: on the one hand, your URLs just look nicer, on the other hand this could also increase your performance because this type of URL has better chances of getting cached.
  2. Next install a plugin to protect your website against comment spam. Anti-spam is easy to use, needs no configuration and just works.

Now that you’ve made some initial steps, you can take some time to read the official guide: First Steps with WordPress

Read More

The Best Options for Email Subscriptions with WordPress

The best option is to use MailChimp to manage your subscriber lists and also to send the emails. There are plugins that can integrate with your MailChimp account but even that is unnecessary if all you want is to add email addresses and then send emails when you write a new blog post. The way it works is MailChimp will check your RSS feed every day for new posts and when one is found it will automatically send it to everyone on your list.

MailChimp is very powerful and easy to use. Here are some articles that will help you get started.

The next best option is to use the Subscription feature that’s part of the JetPack plugin. You will need a WordPress.com account to use it but it’s very easy to sign up for one. The plugin will guide you through the process. Click this lovely link to read more about JetPack Subscriptions

Read More

Creating Your New WordPress Site

Whether you are a first time WordPress user or not you may need to build your new site while your existing site continues to run. If you immediately update your DNS settings to point to eQPress without having migrated your website yet, what you’ll see is a default installation of WordPress. That’s probably not what you want. So, you have a few options when it comes to building your new site.

  1. You can update you local computer’s hosts file during the migration so your browser loads the site at eQPress. Here’s an article that will help.
  2. If you can withstand a bit of downtime then putting up a “coming soon” page is by far the simplest. Just point your DNS to the IP address supplied in the Welcome email and read this guide.
  3. If neither of these options suit you, send us an email or contact us through the Dashboard, and we’ll change the settings of your eQPress site so it will respond to dev.example.com. This will let you work on it and keep your current site active. When you are ready to switch, we can make the necessary changes to the database so the site responds to example.com.

We have written a follow-up to this article which explains the whys and hows of migrating your WordPress data. There’s also a more in-depth section on the WordPress Codex about moving a WordPress site.

Read More

Learning WordPress

Here are some great resources for learning how to use WordPress.

The Official WordPress User Manualhttps://make.wordpress.org/support/user-manual/
This is a living document created and maintained by the amazing and dedicated WordPress.org team.

Easy WP Guide – https://easywpguide.com/
You won’t find any talk of HTML, PHP or creating WP Themes here. What you will find is an easy to follow WordPress manual that will help you understand the basics of editing your site content.

Codex for the WordPress Projecthttp://codex.wordpress.org/
The online manual for WordPress and a living repository for WordPress information and documentation.

WordPress TVhttp://wordpress.tv/
Videos from WordCamps and more about our favourite CMS and blogging platform.

WP 101http://www.wp101.com/
Some free but mostly pay access video tutorials about learning the ins and outs of WordPress.

Read More

Restricting Access to Your Website

There are times when you want to prevent the world from seeing your website. One reason might be that you are in the process of designing and developing and don’t want to share your progress with the world, since it might not be ready for all eyes. Another reason might be that you only want registered users to have access to view your content. The following plugins can help restrict access to your WordPress website:

Ultimate Coming Soon Page – http://wordpress.org/plugins/ultimate-coming-soon-page/

Restrict Site Access – http://wordpress.org/plugins/restricted-site-access/

Read More

Removing the WordPress admin User

Brute-force login attempts are typically carried out against the “admin” user. “Admin” used to be the default username of the first administrator created when installing WordPress, but now the installation asks you what you want to name it, and on eQPress it will be your administrator’s name and surname (not necessarily the “official” ones!).

If you have an old WordPress installation that you have migrated to eQPress, though, your website could still have an “admin” user. By removing this user, you will force the malicious hackers out there to guess not only your password but also your username. Here’s how to rename your “admin” user:

  1. Sign into your wp-admin as the admin user.
  2. Use the “Users->Add New” screen to create a new user.
  3. Provide a new username that’s not “admin”.
  4. The new user’s role must be set to “administrator”.
  5. Specify a super long passphrase. You can follow this guide to create a secure one.
  6. Click “Add new user”.
  7. Sign out as the “admin” user.
  8. Sign in as the new user.
  9. Delete the old “admin” user and assign all posts, pages and comments to your new admin user.
Read More

Protecting Your WordPress Website

Hosted behind the Deflect network, eQPress is designed to prevent your site from getting attacked or hacked. Security is best practiced as a series of countermeasures against known vulnerabilities or threats. We provide the essential underlying protective layers and the rest is up to you. There is no protection against a weak password, so…

The single most effective way to keep your WordPress website secure is to use strong passphrases. Use a password manager such as KeePassX, so you don’t need to remember those crazy long passwords. Alternatively, you can use your brower’s built in password manager (but keep in mind that if you don’t use a Master Password to protect it, all your passwords will be visible to anybody who may access your computer). To generate a long and random passphrase that is secure enough, you can use KeePassX itself or just click here to have 5 passwords generated automagically.

eQPress Console plugin provides a feature to put your site into lockdown mode, which makes all files and directories unwritable by the web server.

If you want to check your website for known malware, blacklisting status, website errors, and out-of-date software, you can use one of these third-party scanners:

Read More

Debugging the Dreaded “White Screen of Death”

If you are here because you recently installed a plugin, then take a look at this flow chart.

Both PHP errors and database errors can manifest as a white screen, a blank screen with no information, commonly known in the WordPress community as the WordPress White Screen of Death (WSOD).  Here are some basic steps you can follow to begin debugging this problem if it’s not been caused by a new plugin that you’ve just installed:

  1. SFTP to your document root (contact us through the Dashboard or send us an email if you’ve lost your SFTP credentials).
  2. Change into the wordpress directory.
  3. View or download the php-errors.log file.
  4. Take a look at the last few lines of the error log to determine the cause of the white screen.

You might see a very specific PHP error which will provide a line number in the file that’s causing the problem. At this point you can:

  1. Download the file that’s causing the problem.
  2. Go to the line that was listed in the error log.
  3. Fix the issue.
  4. Upload the file back to the server.
  5. Test your website.

If the white screen does not go away, repeat all of the steps above. Sometimes there could be more than one error.

Read More

How often is my site backed up?

Backup are important so we take a multi-layered approach. The first is an enterprise level solution which encrypts all data and transfers the archives to Amazons S3. We retain 30 daily backups, and 15 weekly backups which will allow you to restore from archives that are up to 3 months old.

The next layer of backups is done at the virtual machine level. We take full image snapshots every night which includes all website data. The 3rd layer is live replication. That’s happening in real time at the database level and on a regularly scheduled basis for files.

In the event of a catastrophic failure it’s possible that you could lose some recently uploaded files. Your content will be replicated immediately so any blog posts or pages you create would not be affected by a server failure unless you were in the middle of creating it when the failure happened.

Read More

When will my WordPress core get updated?

WordPress periodically releases maintenance updates. These are typically for significant bug fixes or security issues. Since these upgrades might have security implications, and because WordPress’s popularity makes it susceptible to an exploit being quickly released, we attempt to apply these upgrades as quickly as possible.

Here’s what the different versions look like:

  • Major release: 4.1
  • Maintenance and/or security release: 4.1.1

Our goal is to upgrade all websites within 6 hours of when a version addressing security issues is made publicly available. All sites will be upgraded no later than 24 hours from the time when the official announcement is made on the WordPress Project’s News blog.

Major releases provided by WordPress can significantly affect its compatibility with plugins and themes. Typically there are no security patches applied therefore the urgency to upgrade is lower. We will provide guidance via our announce mailing list of how the upgrades will eventually be applied to all websites hosted on the platform.

Read More

Antispam Recommendations

Spam is a bummer, as we’re sure most of you agree. Here are some antispam tools we’ve personally used. This first one is great.

Anti-spam

Pros

  • super simple, no configuration
  • integrates seamlessly with any theme
  • free

So far no cons. Crazy, right?

Another strategy is to use 2 plugins together. For example, we’ve had excellent results using Antispam Bee and Spam Free WordPress. Antispam Bee alone sometimes misses spam posted by a spambot and since a blog can receive thousands of these per month, even a small percentage can mean quite a lot of spam removal to deal with. By adding Spam Free WordPress into the mix, you can pretty much eliminate automated (spambot) comment spam. Unfortunately, this plugin fails to catch some of the manual spam added by real people, which is where Antispam Bee shines, since it’s using the Project Honeypot which publishes a list of the top URLs, domains, and keywords being promoted by comment spammers. Project Honey Pot also publishes a list of the top IP addresses being used by comment spammers.

Plugins

Antispam Bee

Pros

Cons

  • doesn’t always work against automated (spambots) comment spam
  • support seems to be non existent or only in German

Spam Free WordPress

Pros

  • blocks 100% of automated (spambots) comment spam
  • free

Cons

  • may need some work to fit in with your theme
  • can be tricked by human spammers (actual people paid to add spam manually)

Service

Akismet

Pros

  • free for personal use
  • integrates seamlessly with any theme

Cons

Read More