Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting http://www.rfehosting.com We offer Premium web hosting solutions for personal or business needs. RFE takes pride in our Live Never-Outsourced Customer Support. Services we offer: Web Hosting, Domain names, SSL Certificates, VPS/Dedicated Servers, and more! Fri, 05 Sep 2014 16:33:42 +0000 en-US hourly 1 Hardening WordPresshttp://www.rfehosting.com/guides/hardening-wordpress http://www.rfehosting.com/guides/hardening-wordpress#respond Wed, 02 Jul 2014 21:06:26 +0000 http://www.rfehosting.com/?p=2245 Credit: WordPress.org Security in WordPress is taken very seriously, but as with any other system there are potential security issues that may arise if some basic security precautions aren’t taken. This article will go through some common forms of vulnerabilities, and the things you can do to help keep your WordPress installation secure. This article […]

The post Hardening WordPress appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
Credit: WordPress.org

Security in WordPress is taken very seriously, but as with any other system there are potential security issues that may arise if some basic security precautions aren’t taken. This article will go through some common forms of vulnerabilities, and the things you can do to help keep your WordPress installation secure.

This article is not the ultimate quick fix to your security concerns. If you have specific security concerns or doubts, you should discuss them with people whom you trust to have sufficient knowledge of computer security and WordPress.

What is Security?

Fundamentally, security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. A secure server protects the privacy, integrity, and availability of the resources under the server administrator’s control.

Qualities of a trusted web host might include:

  • Readily discusses your security concerns and which security features and processes they offer with their hosting.
  • Provides the most recent stable versions of all server software.
  • Provides reliable methods for backup and recovery.

Decide which security you need on your server by determining the software and data that needs to be secured. The rest of this guide will help you with this.

Security Themes

Keep in mind some general ideas while considering security for each aspect of your system:

Limiting access
Making smart choices that reduce possible entry points available to a malicious person.
Containment
Your system should be configured to minimize the amount of damage that can be done in the event that it is compromised.
Preparation and knowledge
Keeping backups and knowing the state of your WordPress installation at regular intervals. Having a plan to backup and recover your installation in the case of catastrophe can help you get back online faster in the case of a problem.
Trusted Sources
Do not get themes from untrusted sources. Restrict yourself to the WordPress.org repository or well known companies. Trying to get themes (or plugins) from the outside may lead to issues.

Vulnerabilities on Your Computer

Make sure the computers you use are free of spyware, malware, and virus infections. No amount of security in WordPress or on your web server will make the slightest difference if there is a keylogger on your computer.

Always keep your operating system and the software on it, especially your web browser, up to date to protect you from security vulnerabilities. If you are browsing untrusted sites, we also recommend using tools like no-script (or disabling javascript/flash/java) in your browser.
Vulnerabilities in WordPress

Like many modern software packages, WordPress is updated regularly to address new security issues that may arise. Improving software security is always an ongoing concern, and to that end you should always keep up to date with the latest version of WordPress. Older versions of WordPress are not maintained with security updates.

Updating WordPress

Main article: Updating WordPress.

The latest version of WordPress is always available from the main WordPress website at http://wordpress.org. Official releases are not available from other sites — never download or install WordPress from any website other than http://wordpress.org.

Since version 3.7, WordPress has featured automatic updates. Use this functionality to ease the process of keeping up to date. You can also use the WordPress Dashboard to keep informed about updates. Read the entry in the Dashboard or the WordPress Developer Blog to determine what steps you must take to update and remain secure.

If a vulnerability is discovered in WordPress and a new version is released to address the issue, the information required to exploit the vulnerability is almost certainly in the public domain. This makes old versions more open to attack, and is one of the primary reasons you should always keep WordPress up to date.

If you are an administrator in charge of more than one WordPress installation, consider using Subversion to make management easier.
Reporting Security Issues

If you think you have found a security flaw in WordPress, you can help by reporting the issue. See the Security FAQ for information on how to report security issues.

If you think you have found a bug, report it. See Submitting Bugs for how to do this. You might have uncovered a vulnerability, or a bug that could lead to one.

Web Server Vulnerabilities

The web server running WordPress, and the software on it, can have vulnerabilities. Therefore, make sure you are running secure, stable versions of your web server and the software on it, or make sure you are using a trusted host that takes care of these things for you.

If you’re on a shared server (one that hosts other websites besides your own) and a website on the same server is compromised, your website can potentially be compromised too even if you follow everything in this guide. Be sure to ask your web host what security precautions they take.

Network Vulnerabilities

The network on both ends — the WordPress server side and the client network side — should be trusted. That means updating firewall rules on your home router and being careful about what networks you work from. An Internet cafe where you are sending passwords over an unencrypted connection, wireless or otherwise, is not a trusted network.

Your web host should be making sure that their network is not compromised by attackers, and you should do the same. Network vulnerabilities can allow passwords and other sensitive information to be intercepted.

Passwords

Many potential vulnerabilities can be avoided with good security habits. A strong password is an important aspect of this.

The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed. Many automatic password generators are available that can be used to create secure passwords.

WordPress also features a password strength meter which is shown when changing your password in WordPress. Use this when changing your password to ensure its strength is adequate.

Things to avoid when choosing a password:

  • Any permutation of your own real name, username, company name, or name of your website.
  • A word from a dictionary, in any language.
  • A short password.
  • Any numeric-only or alphabetic-only password (a mixture of both is best).

A strong password is necessary not just to protect your blog content. A hacker who gains access to your administrator account is able to install malicious scripts that can potentially compromise your entire server.

In addition to using a strong password, it’s a good idea to enable two-step authentication as an additional security measure.

FTP

When connecting to your server you should use SFTP encryption if your web host provides it. If you are unsure if your web host provides SFTP or not, just ask them.

Using SFTP is the same as FTP, except your password and other data is encrypted as it is transmitted between your computer and your website. This means your password is never sent in the clear and cannot be intercepted by an attacker.

File Permissions

Some neat features of WordPress come from allowing various files to be writable by the web server. However, allowing write access to your files is potentially dangerous, particularly in a shared hosting environment.

It is best to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create specific folders with less restrictions for the purpose of doing things like uploading files.

Here is one possible permission scheme.

All files should be owned by your user account, and should be writable by you. Any file that needs write access from WordPress should be writable by the web server, if your hosting set up requires it, that may mean those files need to be group-owned by the user account used by the web server process.

/
The root WordPress directory: all files should be writable only by your user account, except .htaccess if you want WordPress to automatically generate rewrite rules for you.
/wp-admin/
The WordPress administration area: all files should be writable only by your user account.
/wp-includes/
The bulk of WordPress application logic: all files should be writable only by your user account.
/wp-content/
User-supplied content: intended to be writable by your user account and the web server process.

Within /wp-content/ you will find:

/wp-content/themes/
Theme files. If you want to use the built-in theme editor, all files need to be writable by the web server process. If you do not want to use the built-in theme editor, all files can be writable only by your user account.
/wp-content/plugins/

Plugin files: all files should be writable only by your user account.

Other directories that may be present with /wp-content/ should be documented by whichever plugin or theme requires them. Permissions may vary.

Changing file permissions

If you have shell access to your server, you can change file permissions recursively with the following command:

For Directories:

find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;

For Files:

find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

Regarding Automatic Updates

When you tell WordPress to perform an automatic update, all file operations are performed as the user that owns the files, not as the web server’s user. All files are set to 0644 and all directories are set to 0755, and writable by only the user and readable by everyone else, including the web server.

Database Security

If you run multiple blogs on the same server, it is wise to consider keeping them in separate databases each managed by a different user. This is best accomplished when performing the initial WordPress installation. This is a containment strategy: if an intruder successfully cracks one WordPress installation, this makes it that much harder to alter your other blogs.

If you administer MySQL yourself, ensure that you understand your MySQL configuration and that unneeded features (such as accepting remote TCP connections) are disabled. See Secure MySQL Database Design for a nice introduction.

Restricting Database User Privileges

For normal WordPress operations, such as posting blog posts, uploading media files, posting comments, creating new WordPress users and installing WordPress plugins, the MySQL database user only needs data read and data write privileges to the MySQL database; SELECT, INSERT, UPDATE and DELETE.

Therefore any other database structure and administration privileges, such as DROP, ALTER and GRANT can be revoked. By revoking such privileges you are also improving the containment policies.

Note: Some plugins, themes and major WordPress updates might require to make database structural changes, such as add new tables or change the schema. In such case, before installing the plugin or updating a software temporarily allow the database user the required privileges.

Securing wp-admin

Adding server-side password protection (such as BasicAuth) to /wp-admin/ adds a second layer of protection around your blog’s admin area, the login screen, and your files. This forces an attacker or bot to attack this second layer of protection instead of your actual admin files. Many WordPress attacks are carried out autonomously by malicious software bots.

Simply securing the wp-admin/ directory might also break some WordPress functionality, such as the AJAX handler at wp-admin/admin-ajax.php. See the Resources section for more documentation on how to password protect your wp-admin/ directory properly.

The most common attacks against a WordPress blog usually fall into two categories.

  1. Sending specially-crafted HTTP requests to your server with specific exploit payloads for specific vulnerabilities. These include old/outdated plugins and software.
  2. Attempting to gain access to your blog by using “brute-force” password guessing.

The ultimate implementation of this “second layer” password protection is to require an HTTPS SSL encrypted connection for administration, so that all communication and sensitive data is encrypted. See Administration Over SSL.

Securing wp-includes

A second layer of protection can be added where scripts are generally not intended to be accessed by any user. One way to do that is to block those scripts using mod_rewrite in the .htaccess file. Note: to ensure the code below is not overwritten by WordPress, place it outside the # BEGIN WordPress and # END WordPress tags in the .htaccess file. WordPress can overwrite anything between these tags.

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>

# BEGIN WordPress

Note that this won’t work well on Multisite, as RewriteRule ^wp-includes/[^/]+\.php$ – [F,L] would prevent the ms-files.php file from generating images. Omitting that line will allow the code to work, but offers less security.

Securing wp-config.php

You can move the wp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder.

Note: Some people assert that moving wp-config.php has minimal security benefits and, if not done carefully, may actually introduce serious vulnerabilities. Others disagree.

Note that wp-config.php can be stored ONE directory level above the WordPress (where wp-includes resides) installation. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission).

If you use a server with .htaccess, you can put this in that file (at the very top) to deny access to anyone surfing for it:

<files wp-config.php>
order allow,deny
deny from all
</files>

Disable File Editing

The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard. Placing this line in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users:

define(‘DISALLOW_FILE_EDIT’, true);

This will not prevent an attacker from uploading malicious files to your site, but might stop some attacks.

Plugins

First of all, make sure your plugins are always updated. Also, if you are not using a specific plugin, delete it from the system.

Firewall

There are many plugins and services that can act as a firewall for your website. Some of them work by modifying your .htaccess file and restricting some access at the Apache level, before it is processed by WordPress. A good example is Better WP Security. Some firewall plugins act at the WordPress level, like WordFence and try to filter attacks as WordPress is loading, but before it is fully processed.

Besides plugins, you can also install a WAF (web firewall) at your web server to filter content before it is processed by WordPress. The most popular open source WAF is ModSecurity.

A firewall can also be added between your hosting company and the Internet (security in the middle), by modifying your DNS records to pass-through the firewall. That causes all traffic to be filtered by the firewall before reaching your site. A few companies offer such service, like CloudFlare and Sucuri.

Plugins that need write access

If a plugin wants write access to your WordPress files and directories, please read the code to make sure it is legit or check with someone you trust. Possible places to check are the Support Forums and IRC Channel.

Code execution plugins

As we said, part of the goal of hardening WordPress is containing the damage done if there is a successful attack. Plugins which allow arbitrary PHP or other code to execute from entries in a database effectively magnify the possibility of damage in the event of a successful attack.

A way to avoid using such a plugin is to use custom page templates that call the function. Part of the security this affords is active only when you disallow file editing within WordPress.

Security through obscurity

Security through obscurity is generally an unsound primary strategy. However, there are areas in WordPress where obscuring information might help with security:

  1. Rename the administrative account: On a new install you can simply create a new Administrative account and delete the default admin account. On an existing WordPress install you may rename the existing account in the MySQL command-line client with a command like UPDATE wp_users SET user_login = ‘newuser’ WHERE user_login = ‘admin';, or by using a MySQL frontend like phpMyAdmin.
  2. Change the table_prefix: Many published WordPress-specific SQL-injection attacks make the assumption that the table_prefix is wp_, the default. Changing this can block at least some SQL injection attacks.

Data Backups

Back up your data regularly, including your MySQL databases. See the main article: Backing Up Your Database.

Data integrity is critical for trusted backups. Encrypting the backup, keeping an independent record of MD5 hashes for each backup file, and/or placing backups on read-only media increases your confidence that your data has not been tampered with.

A sound backup strategy could include keeping a set of regularly-timed snapshots of your entire WordPress installation (including WordPress core files and your database) in a trusted location. Imagine a site that makes weekly snapshots. Such a strategy means that if a site is compromised on May 1st but the compromise is not detected until May 12th, the site owner will have pre-compromise backups that can help in rebuilding the site and possibly even post-compromise backups which will aid in determining how the site was compromised.

Logging

When performing forensics logs are your best friend. Contrary to popular beliefs, logs allow you to see what was done and by who and when. Unfortunately the logs will not tell you who, username, logged in, but it will allow you to identify the IP and time. Additionally, you will be able to see any of these attacks via the logs – Cross Site Scripting (XSS), Remote File Inclusion (RFI), Local File Inclusion (LFI) and Directory Traversal attempts. You will also be able to see brute force attempts.

If you get more comfortable with your logs you’ll be able to see things like, when the theme and plugin editors are being used, when someone updates your widgets and when posts and pages are added. All key elements when doing forensic work on your web server.

There are two key open-source solutions you’ll want on your web server from a security perspective, this is a layered approach to security.

OSSEC can run on any NIX distribution and will also run on Windows. When configured correctly its very powerful. The idea is correlate and aggregate all the logs. You have to be sure to configure it to capture all access_logs and error_logs and if you have multiple websites on the server account for that. You’ll also want to be sure to filter out the noise. By default you’ll see a lot of noise and you’ll want to configure it to be really effective.

Monitoring

Sometimes prevention is not enough and you may still be hacked. That’s why intrusion detection/monitoring is very important. It will allow you to react faster, find out what happened and recover your site.

Monitoring your logs

If you are on a dedicated or virtual private server, in which you have the luxury of root access, you have the ability easily configure things so that you can see what’s going on. OSSEC easily facilitates this and here is a little write up that might help you out OSSEC for Website Security – Part I.

Monitoring your files for changes

When an attack happens, it always leave traces. Either on the logs or on the file system (new files, modified files, etc). If you are using OSSEC for example, it will monitor your files and alert you when they change.

Monitoring your web server externally

If the attacker tries to deface your site or add malware, you can also detect these changes by using a web-based integrity monitor solution. This comes in many forms today, use your favorite search engine and look for Web Malware Detection and Remediation and you’ll likely get a long list of service providers.

The post Hardening WordPress appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/guides/hardening-wordpress/feed 0
WordPress.com or WordPress.org? Which One’s Right for You?http://www.rfehosting.com/guides/web-hosting-guides/wordpress-com-wordpress-org-ones-right http://www.rfehosting.com/guides/web-hosting-guides/wordpress-com-wordpress-org-ones-right#respond Mon, 02 Jun 2014 16:20:38 +0000 http://www.rfehosting.com/?p=2227 Credit: ProBlogger, Matt Hooper When you first start looking at building your own blog, you are going to be inundated by the different options that are out there. After considering all your options, hopefully you’ll come to your senses and realize that WordPress is your best option. As a reward for all this deliberating you […]

The post WordPress.com or WordPress.org? Which One’s Right for You? appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
Credit: ProBlogger, Matt Hooper

When you first start looking at building your own blog, you are going to be inundated by the different options that are out there. After considering all your options, hopefully you’ll come to your senses and realize that WordPress is your best option.

As a reward for all this deliberating you are now presented with one more decision. Do you choose .org or .com? And we’re not talking about your domain name. You, along with many others, might be surprised to find out that there are actually two different kinds of WordPress.

WordPress.com is a version of WordPress that is hosted by Automattic, the development team behind WordPress. WordPress.org is often referred to the self-hosted version of WordPress. The two are very similar but there are a few differences that you need to be aware of before you finally get down to work on your blog.

WordPress.com

WordPress.com is the safest way to go, as there are a lot of mechanisms in place to make sure that you don’t accidentally break it or prevent it from working the way it was intended to.

This means that it is nearly impossible for a beginner to render their site unusable. It also means that you are unable to really make use of some of the more advanced, and fun, features of WordPress. I’ll get to those below, but let’s take a closer look at what WordPress.com has to offer first.

The biggest selling feature of WordPress.com is the fact that everything is free and easy to use. You can head over there right now, sign up for a free account, and be blogging before you know it. You won’t even need to invest in a domain name if you don’t want to. Without any expense, you are able to have a website of your own at a domain like yourname.wordpress.com.

That’s right: you don’t even have to purchase a domain name to get started. However, going from a yourname.wordpress.com domain to yourname.com in the future is going to hurt your search engine rankings. This is something that you might want to consider before going the totally free route.

In the event that you are even remotely serious about creating a blog, you’re best to start off with your own domain. You can have your own domain name at WordPress.com for an extra $12 per year plus the cost of the domain itself.

On November 29, 2011 WordPress announced WordAds. Only WordPress.com hosted sites with custom domains and “moderate to high traffic and appropriate content” are eligible to apply for the WordAds program. WordAds appears to be a viable monetizing option for WordPress hosted sites that have established audiences. This does not appear to be an option for new WordPress.com sites.

The barrier to entry is extremely low here so it can be very appealing to the less technically inclined. For hobbyists or people interested in just kicking the tires, WordPress.com is a good starting point. However, if you are at all serious about moving forward with your blog, you’re going to quickly run into the limitations of WordPress.com.

WordPress.org

WordPress.org is the version of WordPress that you have to host yourself. This means that if you use wordpress.org, you have to go out and find a web hosting company to host your blog. This may result in you having to paying for services before you even hit Publish on your fist post.

The good thing is that some hosting companies may give you a short grace period to try out their service before you get your first bill. Then, after you get going, you’ll be looking at a cost of anywhere from a $7 to $13 per month for a shared host.

You’ll also have to buy your own domain to use with your blog—you won’t even have the option not to. Again, some hosts will give you one domain for free when you signup. This also means that you can add additional domains for just the cost of the domain, since you already have the host.

After you have decided on a shared host of your choice, you are going to have to install WordPress in your hosting account. Don’t fret: most shared hosts worth using will have a “one-click install” for WordPress, so it’s not too complicated to get WordPress installed. In the event that you do have any problems, most good shared hosts will help you out.

Once this has been completed, you will have free rein to do whatever you wish with your shiny new WordPress installation. This also means that you get access to two of the best features of WordPress that I alluded to above: plugins and custom themes.

Themes are what control the look and feel of your blog, colours, layouts, fonts, etc. Yes, it’s true that you are able to pick a theme while using WordPress.com but there is a limited selection and you are not able to do much customization to the theme itself. If you know your way around CSS, you can pay an additional $30 per year to have the ability to modify the CSS.

Even if you get to the CSS of your WordPress.com site, you still have a limited selection of themes to choose from. At least with WordPress.org, you have the choice of using the same out-of-the-box free themes as on WordPress.com or to pay a bit extra for a premium or custom theme.

But the killer feature of WordPress.org has got to be the ability to add plugins, which are not available with WordPress.com. Plugins are add-ons that expand the core functionality of WordPress. As an example, if you want to be able to scan your entire site to make sure there are no broken links, there is a plugin for that. There are countless other plugins for WordPress that will:

  • compress images
  • enhance SEO
  • create contact forms
  • lightbox images
  • and much, much more!

Initially, having FTP access to your blog might not matter to you, but as you grow into your blog, you might want to have the ability to modify and move files around on your web host’s server. This is something that you get with a self-hosted site running WordPress, that you can’t ever get with a WordPress.com blog.

Probably the most important feature of using WordPress.org is you get to make money with your blog. You’re free to use anything from Adsense to affiliate promotions. You’ll even have the option of creating and selling your own products through your site. And if the need arises, you can turn a WordPress.org site into a full-blown ecommerce solution.

That said, it’s not all roses with a self-hosted blog. There are two major things missing with WordPress.org that you get with WordPress.com: backups and protection from extreme traffic spikes.

There aren’t many safety nets with a self-hosted site, so make sure you back it up often. WordPress.com takes care of this for you. A good web host usually performs regular backups, but most will tell you that they don’t guarantee anything. So whatever you do, make sure that you perform your own WordPress backups frequently.

In the event that your blog does get popular overnight, it could buckle under the added traffic. Don’t worry: the stability of your site can be beefed up through the use of a good caching plugin, like W3 total cache. Also, it isn’t too difficult to upgrade your hosting at some point in the future when your site starts getting massive traffic. This would be a good problem to have!

Wrapping it up

I have to admit that after being so accustomed to the flexibility of WordPress.org, I would have a hard time being happy with a WordPress.com blog. If you have any aspirations of taking your blog past the hobby stage, you should just start out with a self-hosted site.

It is possible to move a WordPress.com hosted site to a self-hosted site later on. However, presuming that you might consider starting with a WordPress.com site and moving to a self-hosted site later on, you’re best to just start out with a self-hosted site.

That said, if you are comfortable living within the limitations of WordPress.com, and you want to never have to deal with the technical details of a blog, then a WordPress.com hosted blog might be all that you need.

WordPress.com is great if you are looking to keep an online journal or for small clubs and the like. Due to the fact that you are reading this site, I expect you’re interested in making a business out of your blog. On that note, at some point in the future you will end up with a WordPress.org website. Save yourself the fuss and the hassle of trying to transition your site later on. You’ll be happy you did.

The initially-free option of WordPress.com could actually result in higher costs down the road. After you start piling on extra fees for a custom domain, ad removal, extra storage space (you only get 3GBs to start), plus the ability to use custom CSS in your blog design, you really aren’t saving much, if any, money on WordPress.com, and you have to deal with its limitations.

Finally, and this is a big “finally”, you don’t own a WordPress.com website. After you’ve spent all that time to build a blog and an audience, do you really want to wake up one morning and find out that WordPress.com didn’t like your site so they deleted it? There isn’t a strong chance of this happening, but you should be aware that it could.

The post WordPress.com or WordPress.org? Which One’s Right for You? appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/guides/web-hosting-guides/wordpress-com-wordpress-org-ones-right/feed 0
What Does….. “Briefly unavailable for scheduled maintenance. Check back in a minute.” Mean?http://www.rfehosting.com/guides/wordpress-guides/briefly-unavailable-scheduled-maintenance-check-back-minute http://www.rfehosting.com/guides/wordpress-guides/briefly-unavailable-scheduled-maintenance-check-back-minute#respond Wed, 19 Mar 2014 20:30:45 +0000 http://www.rfehosting.com/?p=2187 We have been receiving quite a few emails from our clients on what the message “Briefly unavailable for scheduled maintenance. Check back in a minute.” means. When updating WordPress, plugins, or themes, the WordPress system creates a file called .maintenance and places it in your sites root directory. It then displays the following on screen […]

The post What Does….. “Briefly unavailable for scheduled maintenance. Check back in a minute.” Mean? appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
We have been receiving quite a few emails from our clients on what the message “Briefly unavailable for scheduled maintenance. Check back in a minute.” means.
When updating WordPress, plugins, or themes, the WordPress system creates a file called .maintenance and places it in your sites root directory.
WordPress maintenance Mode
It then displays the following on screen to anyone that views your site.
“Briefly unavailable for scheduled maintenance. Check back in a minute.”
WordPress maintenance Mode screenThis file will be automatically removed when the process is completed – if the process fails, the file could get stuck in your on your account, so you have to remove it manually.
To remove it manually you will need to either login to your hosting account via FTP, or by using your cPanel account’s file manager.
The File will be located in your /public_html folder for your hosting account.

If you are an RFE Hosting Client and are having this issue and are unable to remove it yourself, please feel free to contact us and we would be happy to resolve it for you.

The post What Does….. “Briefly unavailable for scheduled maintenance. Check back in a minute.” Mean? appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/guides/wordpress-guides/briefly-unavailable-scheduled-maintenance-check-back-minute/feed 0
Happy Halloween – 10/31/2013http://www.rfehosting.com/annoucements/happy-halloween-10312013 http://www.rfehosting.com/annoucements/happy-halloween-10312013#respond Thu, 31 Oct 2013 20:45:00 +0000 http://www.rfehosting.com/?p=2130 Happy Halloween from RFE Hosting! We hope everyone has a Spooky Day!  

The post Happy Halloween – 10/31/2013 appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
Happy Halloween from RFE Hosting! We hope everyone has a Spooky Day!
treat

click to enlarge

tricklight

click to enlarge

pumpkin

click to enlarge

candy

click to enlarge

 

The post Happy Halloween – 10/31/2013 appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/annoucements/happy-halloween-10312013/feed 0
Shared hosting server system upgradeshttp://www.rfehosting.com/hosting-updates/shared-server-system-upgrades http://www.rfehosting.com/hosting-updates/shared-server-system-upgrades#respond Mon, 07 Oct 2013 06:01:09 +0000 http://www.rfehosting.com/?p=2122 We upgraded our shared hosting servers to use the CloudLinux OS and would like update our clients on how the new OS is better and how it will improve performance for our clients. Standard Shared Hosting Setup In a standard shared hosting environment the resources available on a server are CPU, I/O and RAM. These […]

The post Shared hosting server system upgrades appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
We upgraded our shared hosting servers to use the CloudLinux OS and would like update our clients on how the new OS is better and how it will improve performance for our clients.

Standard Shared Hosting Setup

In a standard shared hosting environment the resources available on a server are CPU, I/O and RAM. These resources are fully accessible to all accounts on that server and there is no hard and limit of usage of these resources. The clients are expected to share these resources equally. However, sometimes rogue scripts/programs on one clients account can take up a larger amount of resources, thus leading to the server getting overloaded and a general lack of performance, thereby resulting in each account on the server having its performance affected.

Enter CloudLinux

So what is CloudLinux?

“CloudLinux is a commercially supported Linux operating system interchangeable with CentOS. It includes kernel level technology called LVE that allows you to control CPU and memory on per tenant bases. It is a bases for application level virtualization. CloudLinux delivers advanced resource management, better security and performance optimizations specifically targeted to multi-tenant hosting environment. This improved performance helps hosting service providers and datacenters provide better support to their customers, reduce churn and save money.”

In english? CloudLinux creates a virtual environment for each individual account on a shared server and allows us to limit the amount of resources any single account can use similar to a VPS environment and therefore no single account can take up all CPU resources on the server. This brings quite a bit of benefits to the table for both our clients and us as your web host.

Our Benefits: We deal with less system level resource issues, there are fewer service interruptions, and most importantly the speed of most users sites go up as the accounts now have resources dedicated to them.

Your Benefits: As our clients, you benefit from the lower server load and fewer interruptions of service. You also get additional information in your cPanel which shows useful stats for your account (more on this later).

More info on CloudLinux

Now that you have got a basic understanding of what Cloud Linux achieves, here is the low down on some of the technology that makes it possible.

LVE – LVE, short for Lightweight Virtual Environment, is the backend technology behind the CloudLinux methodology. LVE, developed exclusively by the folks over at CloudLinux, is a kernel level technology which handles the isolation and resource monitoring that CloudLinux is able to provide. LVE brings together technology provided by Apache modules and the Linux kernel.  More info about all of that is available here: http://cloudlinux.com/docs/workingwithlve.php

In addition to this the cPanel integration has user based reporting which will log a history of CPU usage for an account allowing for quick and efficient tracking of resource usage.

Resource usage Information

You must be obviously wondering how you as the user can check his/her account/site resource usage. Well cPanel display’s this on the left alongside other account related information like HDD/Bandwidth limit etc. The information that is available is CPU use and concurrent connections. Here’s a picture of what they look like:

cPanel Resourse meter

  • The CPU is for your account only and not for the server as a whole. So when it says 100% it means you have reached the max CPU allotment.
  • The virtual memory usage shows the amount of RAM you are using out of your allotment, and not of the whole server.
  • The Entry Processes is the number of concurrent processes that your account can process at the same time. These processes can be cronjobs, PHP processes, Perl processes, etc. A  single user should rarely if ever consume all 20 connections, so this metric is mostly informational.
  • If you are consistently hitting your limits, it is time to look at optimizing your site(s) or upgrading to a VPS as you’ve most likely outgrown shared hosting.

Conclusion

In conclusion we feel that CloudLinux has executed an awesome concept of providing dedicated resources to all users and limiting the ability of a few users who are unfairly using more resources. This will in the end lead to lesser outages and better performance. Feel free to  send us an email or create a ticket with any questions or concerns about this technology, as we love to hear from our users/clients.

The post Shared hosting server system upgrades appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/hosting-updates/shared-server-system-upgrades/feed 0
What are the Top WordPress SEO Plugins?http://www.rfehosting.com/guides/wordpress-guides/plugins-scripts/what-are-the-top-wordpress-seo-plugins http://www.rfehosting.com/guides/wordpress-guides/plugins-scripts/what-are-the-top-wordpress-seo-plugins#comments Tue, 28 May 2013 15:34:36 +0000 http://www.rfehosting.com/?p=2081 Top WordPress SEO Plugins: WordPress is a popular blogging platform utilized by numerous website owners. It boasts of helpful characteristics that make websites user-friendly and pleasant. One more great fact about WordPress is that it has many plugins that you can bring into play for search engine optimization. Plugins are extremely helpful tools for those […]

The post What are the Top WordPress SEO Plugins? appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
Top WordPress SEO Plugins:

WordPress is a popular blogging platform utilized by numerous website owners. It boasts of helpful characteristics that make websites user-friendly and pleasant. One more great fact about WordPress is that it has many plugins that you can bring into play for search engine optimization.

Plugins are extremely helpful tools for those who are not into website development and hardcore programming. There are countless plugins existing for the optimization process but you should pick best one that can be valuable for your website. Listed below are some of the top WordPress SEO plugins:

Yoast WordPress SEO plugin
Yoast is laden with features that can positively help any website holder. Its feature list is comprised of page analysis, webmaster tools authentication, breadcrumbs, snippets, xml website mapping, RSS optimization and social integration. You will discover that its preview window is incredibly valuable as it permits you to have an idea of how your post or page will become visible in the search results. In addition to this, Yoast plugin also analyses the page in which you are capable of checking the length of your posts, you can also check whether your descriptions are written well or not and you can go through several other features. This plugin is free of cost. Some website owners do not consider it essential to set up additional plugins if they have Yoast.

All-In-One SEO Plugin
All-in-one SEO plugin is also known as AIO. It is also one of the well-liked plugins because of the ease-of-use and superb functionality. This is an great plugin for learners who have less knowledge about modifying websites. Moreover, if you are a skilled user, you can customize settings further while using this plugin.

XML SiteMap Creation Plugins:

Google XML Sitemap Plugin
You need to install this plugin only once and afterwards; it carries out its job on its own. It creates xml sitemaps, which permits the search engines to obtain additional “map” on how your site is laid out which allows the search engines to index your site quicker. You can use this plugin for almost all post and page types produced by WordPress.

Conclusion:

There are countless additional plugins accessible for WordPress but Yoast is considered as the best among different plugins. Out of these plugins, some are developed for experienced users who wish to have complicated customizations on their websites.

Now that you know about WordPress SEO Plugins, sign up with RFE Hosting today for 5%-10% off your semi-annual/annual payment:
http://www.rfehosting.com/web-hosting

Please feel free to email us or jump on our live chat if you have any questions about our services and what we can do to help grow your blog and business.

Please follow us for more great guides!

The post What are the Top WordPress SEO Plugins? appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/guides/wordpress-guides/plugins-scripts/what-are-the-top-wordpress-seo-plugins/feed 2
What is WordPress?http://www.rfehosting.com/guides/wordpress-guides/what-is-wordpress http://www.rfehosting.com/guides/wordpress-guides/what-is-wordpress#respond Fri, 24 May 2013 15:00:33 +0000 http://www.rfehosting.com/?p=1407 WordPress is an open source (free) content management system (CMS) that is very dynamic and used more often for publishing blogs. It is used by about 15% of the one million biggest websites. Released 2003, it has been downloaded over 32 million times since its initial release. One reason WordPress is popular because of its […]

The post What is WordPress? appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
WordPress is an open source (free) content management system (CMS) that is very dynamic and used more often for publishing blogs. It is used by about 15% of the one million biggest websites. Released 2003, it has been downloaded over 32 million times since its initial release.

One reason WordPress is popular because of its web template system. Users can re-arrange the templates without bothering to edit the PHP or HTML code. They can switch themes easily and edit the code for more advanced customization. It’s a search engine-friendly, clean permalink (a URL that points to a specific page)  structure that bloggers and website owners alike find very suitable and easily.

WordPress supports tagging of articles and postings, which make it ideal for sites that want to optimize their search engine rankings. It includes habitual filters that do things like converting regular quotes to smart quotes. so that visitors can click those words and travel to another website for related content. It also a greater plug-in architecture that allows you to add features beyond its basic capabilities of WordPress. There are thousands of plug-ins, themes and widgets available that enable users to do nearly anything they wish with their blogs or website.

The designs of WordPress are theme based, made of imagery and webpage layouts to make it easy to customize the feel and look of the site. You can use a pre-existing theme with a new page layout imported from another application. You don’t have to know HTML or any other code and the editing interface is simple to use.

WordPress is very similar in procedure to a word processor. It can be configured to grant access to others on limited or all levels so that people can contribute to your website or blog. This is one reason it is so popular with bloggers, as it allows for recurrent updating and lets people subscribe to the site’s content using RSS. Search engines love fresh content and by allowing others to contribute or comment on your site you optimize your search engine rankings. WordPress also allows you to receive and take action to comments from readers.  In nature, this attribute makes a blog or website very topical and exciting.

WordPress’ interface is web-based so you can generate and edit pages from anywhere as long as you have an internet connection. Professional bloggers on the go, members of the media, politicians and others all use WordPress for this reason. It is accessible to them nearly globally, allowing them to update their sites or blogs instantly instead of waiting to return home or to their office. WordPress plug-ins includes the latest Twitter tools too.

Once you download WordPress and set up your account you can explore all the options and features offered. You can play around with the set up and expression of your site then get started. Blogging and maintaining a website with WordPress is so simple that beginners will love it but thousands of professionals are grateful for its effortlessness and variety of tools and options, too.

Now that you know what WordPress is, sign up with RFE Hosting today for 5%-10% off your semi-annual/annual payment:
http://www.rfehosting.com/web-hosting

Please feel free to email us or jump on our live chat if you have any questions about our services and what we can do to help grow your blog and business.

Please follow us for more great guides!

The post What is WordPress? appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/guides/wordpress-guides/what-is-wordpress/feed 0
What is SEO? – The Basicshttp://www.rfehosting.com/guides/seo-guides/seo-and-its-importance-in-website-ranking http://www.rfehosting.com/guides/seo-guides/seo-and-its-importance-in-website-ranking#respond Mon, 20 May 2013 13:54:10 +0000 http://www.rfehosting.com/?p=1401 What is SEO? SEO is expanded as Search Engine Optimization, which is used to improve a website’s visibility within search engines. Search engines can display your site in search results based on your website’s rankings within that search engine. An internet user types words in the search box. These words are actually keywords or phrases […]

The post What is SEO? – The Basics appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
What is SEO?

SEO is expanded as Search Engine Optimization, which is used to improve a website’s visibility within search engines. Search engines can display your site in search results based on your website’s rankings within that search engine.

An internet user types words in the search box. These words are actually keywords or phrases expressing their desired search. After this, the search engine shows up the websites that seem appropriate to the typed phrase or keyword, the user pays a visit to the recommended websites and is transformed into a regular visitor or a potential client. The top ten websites that turn up in search results normally get maximum traffic. The main aim of almost all the websites is to get highest rankings, that is, to attain a place among these top ten websites or to come on the first webpage.

Search engines rank your website based on your content. If you do not precisely describe your content, you might get irrelevant traffic for your site. Consequently, your conversion rate will decrease and your bounce rate will increase. To influence search engines ranking for your site you must write content based on your sites general keywords or phrases that are significant for your website. You should choose keywords that users utilize while undergoing their desired search and which have less number of competitors.

Once you come across those top rated phrases or keywords, you need to incorporate them in your URL and title.
Search engine optimization takes two things into consideration.
They are:

  • On page optimization
  • Off page optimization

On-page optimization applies to elements, for example, Meta tags, title tags and content. On-page optimization takes account of content and design, which should be SEO friendly, unique and keyword rich.

Link building has vital function in the off page optimization. It is the practice of receiving links from significant and relevant websites, these work as valuable back links. Back links positively assist to get higher websites rankings. A few of the link building methods that would try to pull traffic are articles, directories, press releases, forum posts, blog comments, etc. Social bookmarking is also a good approach but it may not provide everlasting back links. It also helps in boosting high-quality traffic for your website.
There are many ways to improve your site for SEO. The process requires a lot of practice and time to master it.

Now that you know what SEO is, sign up with RFE Hosting today for 5%-10% off your semi-annual/annual payment:
http://www.rfehosting.com/web-hosting

Please feel free to email us or jump on our live chat if you have any questions about our services and what we can do to help grow your blog and business.

Please follow us for more great guides!

The post What is SEO? – The Basics appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/guides/seo-guides/seo-and-its-importance-in-website-ranking/feed 0
New Site & Logohttp://www.rfehosting.com/annoucements/new-site-logo http://www.rfehosting.com/annoucements/new-site-logo#respond Thu, 16 May 2013 05:29:12 +0000 http://www.rfehosting.com/?p=1391 Hello Fellow Readers! So over the past week and a half I have been working hard and updating and creating a new look for RFE Hosting. So as of last night, we launched our new site! The new site is much faster, and will be tons easier to manage, so I am pretty stoked for […]

The post New Site & Logo appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
Hello Fellow Readers!

So over the past week and a half I have been working hard and updating and creating a new look for RFE Hosting.
So as of last night, we launched our new site! The new site is much faster, and will be tons easier to manage, so I am pretty stoked for that.

We have also had a new logo created that is pretty cool.

RFE New

The New Face Of RFE Hosting

Over the next few days/weeks we will be updating all locations that have our logo posted.

Please feel free to look around and let us know what you think of the new look.

Also, we are always looking for reviews about our services from our current clients to post on our site.

So feel free to contact us if you would like to be featured.

Thanks again to all our loyal clients that make RFE Hosting Successful, you all are what keeps us up and running.

The post New Site & Logo appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/annoucements/new-site-logo/feed 0
Important RFE Shared Server Updateshttp://www.rfehosting.com/rfe-updates/important-rfe-shared-server-updates http://www.rfehosting.com/rfe-updates/important-rfe-shared-server-updates#respond Thu, 02 May 2013 03:57:17 +0000 http://www.rfehosting.com/blog/?p=945 This is just a quick update to those clients that do not check their email, but for some reason read our blog or check our Facebook/Twitter pages. Over the last year we have been sending out an email or 2 each month, asking and reminding all clients to check their domains hosted on our shared […]

The post Important RFE Shared Server Updates appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
This is just a quick update to those clients that do not check their email, but for some reason read our blog or check our Facebook/Twitter pages.

Over the last year we have been sending out an email or 2 each month, asking and reminding all clients to check their domains hosted on our shared hosting servers to make sure the nameservers set for those domains are correct based on the server you are hosted on.

It was finally time to pull the plug and retired the old servers, but there are still a few that either ignored us, or didn’t get the emails for some odd reason.

So this is a final reminder before your site stops working.

Please check all your domains hosted on your account with us, and make sure they are using the nameservers below based on the server your account is hosted on.

RFE00:
ns1.rfehost.com
ns2.rfehost.com

RFE02:
ns3.rfehost.com
ns4.rfehost.com

RFE03:
ns7.rfehost.com
ns8.rfehost.com

RFE04:
ns5.rfehost.com
ns6.rfehost.com

RFE05:
ns9.rfehost.com
ns10.rfehost.com

You can test your domain buy using the link below, if it shows either of the nameservers above, then you are fine. If it is our old “rfehosting.com” servers, then please update ASAP:

http://whois.rfehosting.com/

If your site is having issues, please contact us ASAP via live chat, or a support ticket and we will assist you in getting it resolved as fast as possible

As usual thank you for using RFE Hosting.

 

The post Important RFE Shared Server Updates appeared first on Web Hosting Solutions - Shared Hosting - VPS Hosting - RFE Hosting.

]]>
http://www.rfehosting.com/rfe-updates/important-rfe-shared-server-updates/feed 0