The pros and cons of dedicated WordPress hosting

wp341dash

Some web hosting companies specialize in delivering services dedicated to very specific types of software. WordPress is one example of popular open source software that a hosting company may feature. There are both advantages and disadvantages to this type of hosting.

Some of the advantages include:

  • Expertise in the software you want to use. The company knows WordPress well because that is all it does. This means, at least in theory, that you will get good support if you have any problems with the software.
  • Guaranteed compatibility. Since it is their only product, the host will make sure WordPress runs well and installs without any problems. As such, you will never have to worry about compatibility issues.
  • Additional tools. Presumably, a host dedicated to WordPress will also provide useful tools and plugins to enhance the experience, as that is the only way the host can have a real edge over competition.

Some of the disadvantages are:

  • Limited exclusively to WordPress. Yes, this advantage can also be a disadvantage. If you ever want to switch to another content management system or blogging platform, you will have to look for a new host. If you ever want any other type of software installed, it may or may not be allowed by your host.
  • Narrow support. This host may be good at providing support for WordPress-specific issues, but anything beyond that, even if they allow it, will likely not be supported.
  • Not unique. While exclusivity might sound like a plus, it really may not present any real advantages over a host that offers the same features in addition to support for other software. A good host that can install WordPress and many other web applications may give you more for your money.

Hosts that specialize in WordPress hosting may know some of the caching and content delivery tricks that less-experienced hosts may not have encountered. The true advantages, however, pretty much stop there.

In the end, it is a better idea to search for a host based on standard criteria, such as the quality of service, customer support, and technology. Many will offer the same features as WordPress-exclusive hosts while also offering so much more.

This post was first published on the WebHostingBuzz blog on June 30, 2012, as What are the benefits of using a web host that is dedicated to WordPress hosting?

WebHostingBuzz offers a wide range of hosting services – web hosting, business web hosting, reseller hosting, virtual private servers and dedicated servers – as well as specialized services such as WordPress, Joomla, Magento and Drupal hosting plus e-commerce hosting. The company says it has over 30,000 customers worldwide, in over 200 countries, hosting more than 100,000 websites at datacentres in the US and in The Netherlands. Check out what they offer: US | Europe

WebHostingBuzz is a sponsor of NevilleHobson.com (which runs on WordPress).

Hosted by WebHostingBuzz

No frills for a while

If you’re a previous visitor to this site, you’ll probably notice that it looks very different today compared to your last visit. What you see is the look and feel of the default WordPress theme known as Twenty Eleven that’s included with the latest version of the content management system, instead of the customized Thesis theme with colourful banner at the top that has defined the appearance of this site for over four years.

Why the sudden change? Reverting back to default is a start point in troubleshooting an issue that’s been plaguing the site – and me, and maybe you as well – for the past few months. Take a look at this chart:

vpsresourcescharts

It shows memory and processor usage over the past month on the virtual private server I use at my hosting service DreamHost. To summarize it all very simply, the red and blue lines constantly spike into areas well outside what I’m allocated to use. This results in frequent site downtime among other things.

That means you get errors when you try to get here. No content. Or, very slow page loading. According to Pingdom which monitors the site for downtime, this site has suffered 14 outages totalling 8 hours 59 minutes and 58 seconds between September 1 and October 2. That’s a full working day when nothing here was accessible by anyone.

And that doesn’t include the frequent outages for just a few minutes which have been happening every single day in recent weeks, especially whenever I publish new content via Windows Live Writer.

I have some helpful suggestions from DreamHost technical support which I’m now going to implement. Part of that is starting by reverting to defaults on most things including the theme. I’ve also deactivated (and will uninstall) nearly all plugins – I had over 40 running.

Probably all a bit much really.

So no frills for a while as I see if DreamHost’s recommendations and my execution of those over time solve the problems.

Of course, if you only read content here via an RSS subscription or other means of remote consumption, you probably won’t notice any difference. But thanks for reading this anyway, published in the interests of timely communication.

How to protect your blog from viruses, backdoor Trojans and other nasty stuff

id4virusIf you’ve ever been hit with a virus on your computer, you know how difficult it can be to thoroughly clean the machine, even when you have security software that does all the heavy work.

Take that picture and apply it to your blog and you have a migraine-inducing situation, precisely what I’ve experienced during this past week with an iframe virus and a malware attack involving a backdoor Trojan that temporarily created some havoc on this WordPress blog until they were eliminated.

What I learned from this experience is simple things any blogger can do to help ensure the security of your site.

I became aware that something wasn’t right when publishing a post using Windows Live Writer produced an access error. Likewise, accessing the blog via the WordPress app for Android on my phone also gave an error. I thought it might be related to a known error with XML-RPC and PHP that I encountered a few years ago. But a quick peek at the source code of the home page showed me a different likelihood.

viewsource

Notice the string of text highlighted in red that starts line 1 – code to create an iframe and then access another website on every page load. Given that I hadn’t inserted that code, nor had it anything at all to do with WordPress, then the chances were pretty certain it was done by someone who had gained unauthorized access to my server.

Line 1 should start with this –

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

A simple search on Google and a chat with my hosting service, DreamHost, speedily confirmed the worst: the blog was infected. Identifying precisely with what, and fixing it, was a clear priority.

Looking around the web produced lots of helpful posts recounting the experiences of others who have addressed similar issues as mine, all of which were very useful in the actions I took to rid my site of this most unwelcome visitor.

Immediate three steps:

  1. Change the passwords and log ins for all blogs and my hosting account.
  2. Review list of users who have admin authority on the blog. If there are any there I don’t recognize, either delete them or at least change their access levels to one which gives no ability to write content on the site. For all others, disallow their admin rights temporarily
  3. Change the password for my own FTP access account and cancel access of every other FTP account.

If the hacker had got in via a lax security measure – like a weak password or FTP access – then that simple route was now blocked.

Now, some detective work.

[Read more...]

Trust is key to avoiding a bad WordPress theme

beautystore

A red flag waving is how I saw Siobhan Ambrose’s post a few days ago on why you should never search for free WordPress themes in Google or anywhere else.

What Ambrose presents in her post is the result of some credible and compelling research she carried out into what could be going on behind the scenes and unknown to you in the WordPress theme you might be running on your blog if you obtained that theme as a result of, well, googling for one.

With copious screenshots (including the one above), Ambrose analyses ten WordPress themes that showed up in the search results when she typed the phrase into Google “free wordpress themes.”

Most of the the themes she downloaded, installed on a local test server and then ran through builtBackwards Theme Authenticity Checker and Donncha O Caoimh‘s Exploit Scanner showed that the theme authors concerned very clearly didn’t have your blogging interests at heart when they wrote and made available their themes.

Here’s one of her conclusions that’s typical of most themes she analysed:

[...] Nice themes but contain 5 backlinks to random people who you probably aren’t interested in linking to. It goes so far as to tell you that if you remove the links your theme won’t work. Of course, we know that this isn’t true – but a beginner WordPress user might think twice about removing them. As for the eval function, well it could be harmless but I don’t know enough about javascript (probably like many average WordPress users) to tell you if in this case it is or it isn’t.

My suggestion

Avoid!

Much of the issue with the themes that Ambrose writes about is that it’s hard to tell whether the stuff she uncovered is malicious or not. A lot of it is to do with Base64, an encoding scheme commonly used when there is a need to encode binary data that needs be stored and transferred over media that are designed to deal with textual data. This is to ensure that the data remains intact without modification during transport, and which may have a legitimate purpose. (That concise explanation comes from a detailed Wikipedia entry which you can read if you’re inclined to immerse yourself in a relatively complex technical subject.)

tac-resultsStill, as Ambrose points out, why would a theme developer include hidden code in a theme, with no explanation or notation about it anywhere in the theme documentation, including code that hides itself where you need a special software decoder to uncover it?

As a simple test, I ran the Theme Authenticity Checker plugin on my own blog. The themes I have installed including the one I’m currently using all came up clean: nothing going on in the background that rang any alarm bells. (Whew!)

I’m convinced that one reason for that is simple – every theme I have used in the past few years and use now are from trusted sources. That means either the WordPress Theme Directory or what I’ve discovered from friends’ recommendations.

So if you’re looking for a new theme for your blog, here are three tips:

  1. If you’re running a recent version of WordPress, use the search capability within your WordPress dashboard. You’ll find it under Appearance -> Themes -> Install Theme. What that does is search the WordPress Theme Directory, a place you should have confidence in. Or just browse or search the directory directly (but doing it from within WordPress is likely easier for you as theme installation that way is automated).
  2. If a friend or colleague has a design that appeals to you, ask them where they got it from (hopefully not by googling “free wordpress themes”).
  3. Never download and install a theme that you find by googling “free wordpress themes” or variations of that – I googled “wordpress themes” and some of Ambrose’s results showed up there.

Check Amrose’s post for additional information including links for decoding tools, plugins and further reading.

Make sure you trust your sources. Stay safe!

How to automate your copyright year

footercopyrightThe other day, I noticed that the copyright notice I display in the footer of this blog still said ‘2010.’ So I dived into the code in the footer template in the WordPress theme I use and made the change so that the copyright year now correctly states ‘2011.’ Then I tweeted it as I’ve noticed many other blogs still showing last year, suggesting people hadn’t thought about it.

Earlier today, I had one of those slap-on-the-forehead moments after reading Marcie Bell’s tweet that WordPress automates copyright automatically. I think that means WordPress.com hosting and depends on your theme. Still, it was the word ‘automates’ that gave me the "d’oh!" moment as doing this manually is a little ridiculous when there are easy ways to automate it, and it’s simple to set up yourself even if you know little about PHP coding.

What I did was edit my blog’s footer template (called, logically ‘footer.php’) to include this standard PHP date code where I have the copyright text:

<?php echo date("Y") ?>

The full copyright text in the footer looks like this:

Original content copyright 2011 by Neville Hobson. Some rights reserved: see Creative Commons license for information.

In terms of what you see, nothing’s changed with the substitution of the PHP code for the actual year, 2011. The point is that, come January 1, 2012, the copyright statement will update automatically to reflect the new year now that the PHP date code is there.

The underlying code that renders the above text looks like this:

Original content copyright <?php echo date("Y") ?> by Neville Hobson. Some rights 
reserved: <a href="http://creativecommons.org/licenses/by-nc-sa/2.0/uk/" alt="
Don't steal content!" title="Don't steal content!">see Creative Commons license</a> 
for information.

You can do this yourself on any blog platform – not only self-hosted WordPress, the one I use – that lets you directly edit the code of your blog template files. There are a number of ways to do it. With WordPress, for instance, it’s easy to edit the footer.php file from the theme editor you can access from your admin dashboard. Or you could edit the file remotely and then upload it via FTP to your server. Or, perhaps you have a theme that offers user-friendly editing of some of the theme components via a choice on a theme-specific admin section in your dashboard.

However you do it, it’s automatic simplicity.

Phone in your post to WordPress

audiopost A new feature for users of WordPress.com, the hosted WordPress blog service, was launched this week called Post By Voice – you phone in your blog post rather than type it.

To use it, you enable the feature in your WordPress.com blog which generates a secret code. Then, you call a US phone number, enter the code, record your message – which can be up to an hour – and hang up.

After a short time, your recording appears on your blog as a blog post, as the screenshot shows of the audio post I did on my WordPress.com blog.

I like it and can see how it may appeal to some WordPress.com users. It’s easy to set up, requires no configuration work, and it’s simple to use. Likely, therefore, to attract users wanting to try it out. The US phone number may put off people outside the US but it works with Skype so at least you can minimize your phone bill (if you have the paid-for SkypeOut service).

WordPress Post By Voice is an experiment, says WordPress founder Matt Mullenweg.

[...] We’re making it free and allowing recording lengths up to sixty minutes, but that limit may go down without a paid upgrade in the future. Mostly we’re just curious to see how people use this.

Indeed, I wonder how people will use this. While it is simple to use as I mentioned, it does have some major limitations in its current offering.

As you can see from my audio post (and in the screenshot above), it posts with the generic title ‘Audio post.’ I wonder what would happen with URL conflicts if you did more than one in a single day. Also, you don’t have a chance to add any text to the post before it’s published, nor set a category or tag,  although maybe that’s something that would miss the point of phoning in your post.

It’s a pretty crowded space with quite a few competitive offerings I’ve tried (and still use in some cases) that do provide more features than this WordPress service:

  • Cinch from BlogTalk Radio. Call in to a US phone number. Launched last year.
  • Audioboo. Undoubtedly the coolest audio-blogging service from an iPhone. Simplicity itself to record and publish your audios with the free iPhone app (an app for Android phones, too) as well as from the website itself. The company is also experimenting with recording from normal phones with their Phoneboo service.
  • ipadio. While this service also has apps for iPhone and Android, its strength (on an almost industrial level) is the breadth and depth of what you can develop with the service – much more than purely an individual phoning in a commentary for recording. Group recordings, radio station-like channels, and much more.

There are others, too, but these three are primary services I’ve tried and which have now developed robust user numbers and strong user communities. All are free for individual use.

Post By Voice is powered by the Twilio API. It’s currently available only on the WordPress.com hosted service; no information on if or when it might be available (as a plug-in?) for WordPress self-hosted blogs like this one.

Still, WordPress’ offering has only just entered the market and, as Mullenweg says, they’re curious to see how people use it – and he has some ideas himself – so expect the service to evolve in the coming months.

Related posts: