Tag Archives: PHP

How to Speed Up Your WordPress Server (Part 2) … Plus Some Jokes

 

Wordpress Button Closeup

Welcome back, everyone. You coming back is proof that if we all stand together, come high water or demons gnashing their teeth or filibustering electric company representatives, we can make it in the Wonderful World of WordPress (now a theme park in Pumpkintown, South Carolina).

Let’s get right into it: speeding up our WordPress sites, with continuing thoughts from Jason McCreary at Pure Concepts. We looked at seven of his ideas in Part 1 and will survey eleven more below. Part 3 will get into several ideas from TekBrand on the same subject.

Note again that at Superb, we can give you a year and a half of WP hosting for the cost of a year! That’s a baker’s dozen, if there are 6 bakers at the Greensburg Muffin Emporium each throwing in an extra muffin. “One extra from each of us, Mrs. McCready.” “But I don’t need this many muffins.” “Mrs. McCready, we ask you kindly to respect our process, or we’ll be forced to have uniformed officers escort you off the premises.” “But I haven’t done anything wrong!” “That’s it, I’m calling 911. Run for it. Leave all the muffins here. We need to sell them to someone who appreciates them.” [Exit Gloria McCready at a full sprint.]

WordPress on Steroids: Faster Than a Ravenous Wild Boar

As a quick review of general comments from Jason in the first installment, WordPress is a “heavy” CMS, which means it is slowing down the Web on the whole. Speeding it up (perhaps by not giving it any food to increase its undomesticated swine rage) is essential to making the user experience as fast and efficient as possible: like fast food with no employee bathroom breaks, and no slowing down, ever, or we will be forced to have uniformed officers escort them off the premises. Here are more of Jason’s ideas (originally presented at WorldCamp Chicago and WorldCamp Louisville – neither of which should be confused with UniverseCamp Alpha Centauri Bb, which was cancelled due to fear that attendees would be incinerated).

  1. Content Delivery Network (CDN) Considerations – A quality CDN spreads your resources throughout the world, which speeds up your site and aids redundancy.
  2. Additional Domains – Typically a Web browser will perform a parallel download of two pieces of content at a time. If you have additional domains, additional downloads can occur simultaneously. Don’t go overboard though: it’s hypothermia weather. You want between 2 and 4 domains, one specific to static content such as style sheets and images. That will help cut down on cookies (which is good for you: remember what the doctor said, honey).
  3. Social Widgets – You want to be able to have social widgets on your site that don’t decrease the speed with JavaScript or CSS via an external domain. Understand them so you can optimize them for speed.
  4. Gravatar – If your blog allows comments, you can speed up the site noticeably (Jason says 10%) by going to Settings > Discussion and nixing Avatar Display: each one is a separate request.
  5. CSS Image Sprites – A CSS sprite can consolidate your images so that the site doesn’t require as many requests to load properly. Setup can be a bit of a pain (typically 8 on a scale of 10, according to sufferers of Sprite Setup Syndrome), but it’ll pay off in performance.
  6. Minify – Get rid of any characters you don’t need in the code. You can unify disparate files. Cascading Style Sheets (CSS), for example, can often be combined into one file. Condense to minimize requests.
  7. Compress – Use Smush.it to compress your images and gzip to do the same with your script (it’s safe, unlike removing two ribs to help you get the contortionist gig at the Bolshoi Circus). The latter reduces the strain on resources up to 70%, similarly to removing your slacker boyfriend from the checking account.
  8. Resource Cache – If you cache all the content you can, the static stuff (such as CSS, JS, and images – whatever applies to all site pages) will only be requested once, even with additional page loads. You may want to get rid of ETags as well: Jason and AskApache agree on this point.
  9. WP Cache – You don’t want WordPress code to load repeatedly, so make sure it’s caching as fully as possible. W3 Total Cache, unlike some WordPress plugins, is customizable and broad-spectrum.
  10. PHP Cache – Once you have cached WP, you can speed the site’s loading of WordPress further by caching PHP. The most popular way to cache PHP is via APC, which you can activate within W3 Total Cache.
  11. Hosting – Higher hosting costs will inevitably improve your site’s load times. We all like to keep our costs as low as possible (particularly when buying black-market arthritis medications), but you want to work with a hosting company that specializes in WordPress. To additionally boost performance, use a VPS (virtual private server).

Conclusion & Continuation

All right, now. Let’s keep on tucking. Why stop now? We’re almost to Texarkana, and that’s where we’re picking up the illegal arthritis medications to sell to the residents in your sister’s nursing home back in Chattanooga. Actually, we have another Part to this series as well, so while we drive, flip through the game plan for how we’re going to swindle the cartel guys into giving us the meds for half price. While you do so, I’ll give you a few more ideas from TekBrand to speed up your WP site. Let’s multi-task!

by Kent Roberts

Recent Web Hosting Vulnerabilities

If you have a spare moment to go through your control panels and check your up-to-date status, here are some recent warnings you might want to check against:

Serious Vulnerability Warning For Parallels Plesk Issued – traxarmstrong.com


Serious Vulnerability Warning For Parallels Plesk Issued - traxarmstrong.com | How to Grow Your Business Online | Scoop.it
From traxarmstrong.com – End of April 2013

There is a serious bug in Plesk Panel one of the most widely used hosting control panel solution that contains multiple privilege escalation vulnerabilities…

This blog goes to list the specific operating version that puts you at risk of this security vulnerability. You are NOT at risk if you have Apache web server running Fast CGI (PHP, perl, python, etc.) or CGI (PHP, perl, python, etc.).

Lesson Re-learned: Backups !


Lesson Re-learned: Backups ! | How to Grow Your Business Online | Scoop.it

From accuweaver.com – 1 week ago

I just shot my blog in the foot, or more accurately, I didn’t follow IT 101 and back things up before making a change. I had moved my site to be completely WordPress based a while ago…

Rob Weaver goes on to explain his own experience of how he came about relying on a faultless Plesk Auto-installation. And while I couldn’t help but chuckle, I’ve also been there. He’s currently rebuilding his site from a lucky idea of downloading the html files generated from his WP Cache Plugin.

Not too long ago I made a similar mistake of failing to save website backups… I rebuilt pages from the Google Cache HTML files, and recent pages that were not indexed were (and I’m not sure how lucky this is) rebuilt from scraper site copies. Yes! Those SEO fraudsters and mimics had decided my writing had enough value to be indiscriminately copied!

 

Hackers Increasingly Target Shared Web Hosting Servers


Hackers Increasingly Target Shared Web Hosting Servers for Use in Mass Phishing Attacks | How to Grow Your Business Online | Scoop.it

From www.cio.com – End of April 2013

Nearly half of phishing attacks seen during the second half of 2012 involved the use of hacked shared hosting servers, APWG report says.

Mass phishing attacks are also dubbed “whaling”. They tend to rely on auto-installations of PHP databases, where the username or database label is numerically generated – and therefore more predictable for patient hacker attacks.

If you’re on a shared web hosting plan. It might be a good idea every now and again to go into PHPmyAdmin and change password access, or even the database name to make predictability of these combinations less likely.

 

by – Juliana

cPanel vs. Plesk: The Value of Flipping a Coin 199 Times

 

CPanel

cPanel Control Panel and Parallels Plesk Panel are the two most popular control panels for the management of a network or website. Each platform of course has its own layout and set of features, so each has different appeal. How to choose, then? This article is an assessment of how cPanel compares to Plesk so you can decide which one might be the right choice for you.

I looked at a number of different opinions to assist with this piece. I referenced an article by Matt Hartley for Locker Gnome, an uncredited piece for Worth of Web, and one by Taniya Vincent for Bobcares. The piece is set up as a literature review – looking at the different points made by each source independently (as opposed to going step-by-step according to topic).

As 948 of 1000 of the world’s top IT professionals will tell you (source: Better Homes & Gardens), the best way to decide between cPanel and Plesk is simple:

  • Look at a few different opinions – as with any binary, people are often one-sided.
  • Get a sense of the strengths and weaknesses of each CP.
  • Flip a coin. Best out of 199 flips. Carefully chart your flips.

Perspective 1: Locker Gnome

This article looks at the initial establishment of a website using each of the two control panels. This helps give a sense of how intuitive each system is.

Plesk Setup & Overview

According to Hartley, Plesk is extraordinarily easy to use. As soon as Plesk loads its first screen, you add a domain and start following prompts, which are essentially a series of “Next” buttons to different screens allowing you to turn on/off different features, activate your FTP client (for loading files to the server), etc. As Hartley writes, “I cannot overstate how ‘droolingly’ simple Plesk makes this – it’s almost frightening.”

So the system is highly intuitive. Also, though, it’s not just simple/intuitive but extremely efficient. Rather than having to enter into different screens by navigating or searching, support for different languages of code (Perl, Python, PHP) is a toggle-option on one of the setup screens, as is your domain’s policy – just a step-by-step series of decisions.

Following the setup of one domain, the Plesk system moves on to establishment of e-mail accounts, creation of subdomains, etc.. It is a simplified system that Hartley does not see as oversimplified. He sees it as an easy, painless way to establish, organize, and manage websites.

How is your coin flipping going? Are you to 50 yet? Or have you just been reading? Just reading, huh? Wow, you really love to read – or you just aren’t into flipping coins. Huh. I’m going to jot this down in your psychological profile. Please continue.

cPanel/WHM Setup & Overview

Simply the name of this control panel makes it problematic to Hartley. It’s not in fact one control panel but two. To him this is excessively complex for anyone using the system for the first time. So that is a strike against it regarding ease-of-use.

Perhaps part of the problem with cPanel, based on Hartley’s observations, is its strong popularity – which has meant that the company has wanted to be careful about changing any of its functionality because people get used to the system being organized in a certain way, even if it’s not entirely intuitive.

Choosing between cPanel and WHM when you first enter the system is confusing. If you’re trying to set up a website, you might think that WHM seems right, since that is the web hosting management portal. Here was the intuitive flow that Hartley followed, which ended up being frustrating:

  1. Click into Basic cPanel/WHM Setup
  2. Enter default nameservers
  3. No place immediately here to add a domain or proceed through a step-by-step series
  4. Click home
  5. Enter into account details
  6. Enter into configure the server
  7. Enter into multi account functions
  8. Click cPanel link
  9. Scroll down screen – click on create new account
  10. This works.

Hartley views navigation of this system as dreadful. He does point out that for a user who is highly experienced, and especially one who is already familiar with cPanel, the control over the server may be preferable – all in all, though, his thumb is up for Plesk.

I’m going to go out and start flipping a coin for you. Just a second – I need to find a coin. Could I flip a credit card? No, that doesn’t seem right. Maybe I can flip my shoe. No, the weight isn’t unevenly distributed – classic rookie flipper mistake, trying to substitute tiny metal cylinders with footwear. Gosh. It’s time to get laundry quarters anyway.

Perspective 2: Worth of Web

This article looks at the two platforms in terms of five major characteristics: OS support, interface, cost, setup/UX, and migration.

OS Support

Generally speaking, Plesk is favored by Windows users, and cPanel is favored by Linux users. Plesk is gradually catching up regarding its breadth of OS support.

Interface

Everyone likes a GUI that is easy-to-use. Like Hartley, this article argues Plesk is the obvious choice. However, the familiarity of cPanel by itself is compelling – things are “where you expect them to be” if you are a veteran of that control panel.

Cost

This is somewhat of a tossup. cPanel has only one option, which is unlimited and annual. Plesk allows monthly subscribing but is slightly more expensive for small numbers of domains, significantly more expensive for unlimited use (almost double the price).

Setup/UX

This piece again follows some of the same logic regarding setup and intuitive use of the system as did the Locker Gnome piece. It points out two distinct ways in which cPanel is a little tougher to use:

  1. Separation of roles – two different applications for two different types of users. Plesk, on the other hand, allows login from a single position, with administrative entry giving access to a more robust set of features.
  2. Setup – initial setup that is not all in one place, no handholding. Plesk, in contrast, offers a step-by-step process similar to initial download of a new Windows application.

Migration

According to this article, migration is the main difference between the two systems (although it seems that UX and OS friendliness/compatibility are other key ingredients). Migrating to a different server is free with both platforms. Transitioning to a different control panel involves buying advanced migration features for either of the two control panels.

Okay, I’m back from the bank. Yeah, I got a roll of quarters. Sorry it took me so long. I went ahead and started a load of whites too. I use generic detergent because I don’t care if my clothing gets clean. It just makes me feel good to wash it. Anyway, clear off the table for the 199 flips. Move all your interior decoration magazines please.

Perspective 3: Bobcares

This piece, similar to the Worth of Web one, looks at a number of different features for the control panels. However, it divides them up to discuss them one at a time per platform.

cPanel attributes

  • Exceptionally fast load times – Very quick and efficient on the majority of servers. cPanel does not rely on an external database, which greatly improves its performance.
  • Better functionality – cPanel packages that you get through a hosting service will typically contain a stronger set of features. cPanel is better integrated with a wide swath of applications. This integration means that you have more options for easy and efficient operation on it than you do with Plesk.
  • Stronger reseller hosting – Both systems offer reseller hosting, though cPanel’s system is more long-standing and refined. You can create hosting packages, manage accounts, and monitor the usage of resources through the reseller system – simple model and easy access.
  • Linux specificity – Well, this is not entirely true. Enkompass is available for Windows users, but it has not gotten very good reviews.
  • Annoying maintenance – Configuration and security is time-consuming, with regular updating and patching to keep the system free from intrusion.

Okay, let’s see. So, we are at 48 heads and 46 tails, right? Wait a minute, I think we forgot something. Which side stands for which control panel? Otherwise we’re just flipping this thing for no reason. Let’s flip the coin 199 times to determine which side stands for which.

Plesk attributes

  • Allows clustering – This system is easier to use with a number of different servers. You can manage all of them from one GUI. Web servers, database servers, FTP servers, and all other types of servers can all be managed from one central location.
  • Windows friendly – Both major operating systems are supported. Web hosts have access to a fuller spectrum of clientele. The clients themselves can choose between whichever operating system they prefer.
  • Full Windows compatibility – The integration between Plesk and Windows is strong – it’s fully integrated, for instance, with Microsoft SQL Server.
  • Bad third-party compatibility – Plesk is not integrated with many independent apps designed for Linux. Plesk can be used with Linux of course, but it is not nearly as versatile as cPanel is for that OS.
  • Slower loading – Plesk, to put it simply, was not built for speed. It can become particularly slow on Linux servers. Even on very strong servers, Plesk can sometimes require a lot of patience.

Hm, I think we made the same mistake. I’ve flipped the coin 126 times now, and it’s dead even at 63 apiece. However, I can’t remember exactly why we’re flipping the coin – to determine which side is which control panel, but how exactly does that work? I think our logic is a little fuzzy.

Summary & Conclusion

There are certainly pluses and minuses of each system. The basic gist is this:

  • cPanel better for Linux, Plesk better for Windows.
  • Plesk generally easier to use.
  • cPanel generally faster at loading.

Good luck. Let’s stop flipping the coin. I don’t feel like we are getting anywhere. I’m kind of embarrassed for having suggested it. Go back to reading your magazines. As soon as you get your degree, I want 1940s Algerian decor in here. It can be your thesis project or something.

by Kent Roberts and Richard Norwood

Where to start when you want to begin websites?

Has it really been that long since I first hacked together some HTML and made my first website? The sheer availability of options for content management systems [CMS] now has to be daunting to any newcomer. This started to make me think about how I would make a start now, compared to years gone by.

Webhosts impress upon newbies that anyone can build a website, especially with tools at our disposal like web builders and one click installation of CMS platforms.

If you’ve borne with me thus far, then you’re interested in learning where to start. You probably have a few questions lined up like:

Should I build a One Page Website? Or which CMS should I use? And – How will my customers interact with me?

Hopefully I can point you in the direction of some cool websites to help you make your early decisions. Bookmark this page! You’ll need to come back for reference reassure yourself out of the hundreds of options out there – I’ve picked the easiest way through to seeing what works for most websites.

Creating a website for a small business is going in the right direction. However, as you choose the right direction, sometimes you come to a fork, and you need to decide which way you will turn.

Are you building a one page website or landing page, in which case like the remaining third on the internet are you going to build your site on a web-builder or drag and drop platform? I found a statistical site that lists the popularity of various Content Management Systems, and shows about 1/3rd of websites do not use a CMS:

Which Content Management Systems are the most popular?

W3Techs shows usage statistics and market share of Content Management Systems for Websites, April 2013

Despite the ugly mechanics of this site, the data provides an empirical way of making your decision.  Altogether 2/3rds of the internet is based on a content management system. Which CMS is the most popular? Without question we see WordPress mentioned a lot but based on the popularity ranking of each content management system, can you prioritize which type of CMS will best suit your business?

Anthony Myers from CMS Wire Magazine looks at some alternatives to the top runner “WordPress”  in the popular CMS platforms:

Considering WordPress as a Web content management system is something hundreds, and maybe thousands of website owners likely do on a daily basis, and we’ve got a ready-made short list of alternatives that we think are viable alternatives..

Here are 5 highly customizable CMS platforms for business that compare the WordPress system. I currently use WordPress and Blogger, and have not heard of any of these systems like Plone. Apparently these comparative CMS platforms were chosen because of their strength in the community support forums, however for the beginner, or someone who is new to code, I expect you would be left feeling like there’s something you missed or didn’t quite understand. Even WordPress can do this to me often, I have to go in and tweak the underlying PHP or code just to overcome a few browser discrepancies or plugin issues. I would feel daunted doing something similar on a less well supported platform.

by – Juliana

How To Be More Web Secure Concious

I received an email from my brother this morning…

My sites got hacked, they added 20+ new users to WordPress and changed my password so I couldn’t log into /wp-admin. I had to restore an earlier backup of the database and change my username and passwords for my admin account. I had no idea it had happened until I decided to post a new blog entry and couldn’t log in.

I host several websites, for the most part they are based on the WordPress CMS, and hearing about hacking is not uncommon. Apart from the initial glut of fear that happens to website owners when it’s first discovered, I’ve experienced it to be simple to deal with – if you have the right tools.

Here’s how my brother dealt with his immediate WordPress Hack problem:

use your cPanel access to check your SQL database for any unwanted user accounts This article is for those who have phpMyAdmin access to their database.

Instructions:
  • Log in to cPanel, then go to phpMyAdmin.
  • click on the database on the left and that list will change to show the wp_**** tables etc.
  • Click on wp_users and make sure you only have your own username in there.

 

Obviously once you have protected your site databases, you need to lock down on the scripts injected into your site. Vivek R, has posted a great article on how to detect and scrub this malware from your WordPress website.

 

Here is three step method to remove malicious code or unwanted back links from nulled or Free WordPress themes and plugins that are downloaded outside WordPress repository.

Juliana Payson‘s insight:

I’ve used Exploit Scanner on client websites, and it’s certainly helped reassure me of my housekeeping awareness when looking after other people’s websites. Most people are uncomfortable only because they don’t know what to expect, or how to deal with things such an event. Even Facebook made headlines yesterday with admitting a Trojan hack.

 

The recent hack on Facebook was traced back to one infected website called iPhoneDevSDK.com, but now it seems there may have been up to three infected websites involved.

The target of the Trojan infection was not just aimed at one type of user, but spread across many industries. It’s also a very difficult virus to track down. I would definitely recommend overlapping different virus scanners on your system is you feel you are at risk. Better to be safe than sorry!