WordPress Resources at SiteGround

WordPress is an award-winning web software, used by millions of webmasters worldwide for building their website or blog. SiteGround is proud to host this particular WordPress installation and provide users with multiple resources to facilitate the management of their WP websites:

Expert WordPress Hosting

SiteGround provides superior WordPress hosting focused on speed, security and customer service. We take care of WordPress sites security with unique server-level customizations, WP auto-updates, and daily backups. We make them faster by regularly upgrading our hardware, offering free CDN with Railgun and developing our SuperCacher that speeds sites up to 100 times! And last but not least, we provide real WordPress help 24/7! Learn more about SiteGround WordPress hosting

WordPress tutorial and knowledgebase articles

WordPress is considered an easy to work with software. Yet, if you are a beginner you might need some help, or you might be looking for tweaks that do not come naturally even to more advanced users. SiteGround WordPress tutorial includes installation and theme change instructions, management of WordPress plugins, manual upgrade and backup creation, and more. If you are looking for a more rare setup or modification, you may visit SiteGround Knowledgebase.

Free WordPress themes

SiteGround experts not only develop various solutions for WordPress sites, but also create unique designs that you could download for free. SiteGround WordPress themes are easy to customize for the particular use of the webmaster.

Advertisements

WordPress Basics for Small Businesses: Hosting Your Website

computer desktop wordpress

Having an effective website is critical for a small business’s success, and we believe that WordPress is the best option when choosing a platform for a new site. Recently, we wrote about choosing and purchasing the right domain name, and in this post we will review and recommend hosting options.

What is web hosting?

If you’re new to managing a website, it’s easy to get confused between the platform (we recommend WordPress) and the host of your website. You build the content of your site (such as web pages and blog posts) through the platform. At that point, your content has been created. But, that doesn’t mean your content is available on the internet for other people to view.

To be viewable by other people online, you need to have your website hosted by a company that will provide the necessary technologies. The web hosting service you choose will store (host) your content on servers, which are special computers intended for this purpose, and then serve it up for consumption by site visitors. Once the website is hosted, then people can simply type in your domain name (a domain name for this site, for example, is allbusiness.com) and then your site will appear.

Choosing the right hosting service is important, so here are four recommendations. Each of these companies provides quality customer service, are affordable, and allow for easy WordPress installation.

WPEngine.com

Our preferred service is WPEngine.com. It’s the service we use for DAGMAR Marketing (our company) and what we recommend to our clients. We like how WPEngine solely hosts WordPress-driven websites, which means its team’s expertise is laser-focused on the WordPress platform. It harnesses the power of open source technology to fast-track innovation, and it partners with Google and other top technology companies.

You are provided access to a development platform. This means you can edit your site behind the scenes, rather than having to mess around with the live site that prospects and customers are viewing. Your site is backed up daily, so if you have problems with your site, you can revert to an older version, which keeps it running smoothly. You can’t sell if your site isn’t live and easily accessible by customers.

Bluehost.com

No one hosting service works for every business. If you don’t think WPEngine.com is right for you, consider Bluehost.com. This service also supports open source projects to help create the best possible hosting solutions. Its goal is to provide both novice and pro users with comprehensive tools to get on the web. Bluehost offers packages as well as a la carte tools.

DreamHost.com

DreamHost.com is another option to consider. Although it hosts multiple platforms, WordPress is a key focus, with four different WordPress hosting packages to choose from. The starter package provides shared hosting, which means that multiple websites share a single web server. This is a less expensive option, but isn’t practical for sites with high levels of traffic.

The Basic package provides you with a fast cloud server (not shared) and is for sites that have up to 10,000 monthly visitors, the Plus package is for sites that have up to 30,000 monthly visitors, and the Advanced package is intended for companies that have multiple sites with up to 60,000 monthly visitors.

Other Articles From AllBusiness.com:

HostGator.com

Here is one more hosting recommendation to consider: HostGator.com, which offers multiple WordPress hosting plans. The Starter Plan hosts one site with up to 100,000 monthly visitors and 1GB of backups; the Standard Plan hosts up to two sites with up to 200,000 monthly visitors and 2GB of backups; and the Business Plan hosts up to three sites, up to 500,000 monthly visitors, and 3GB backups. The company offers free migration services if you currently have a WordPress site and want to switch your hosting to HostGator.

Before you launch your website

Think about times you’ve searched on Google. In your search results, you’ve likely encountered warnings stating a site is not secure, and you’ve probably avoided clicking on those sites. Better safe than sorry, right? Well, it’s important that your site NOT have any warnings associated with it. To explain how to avoid this, let’s visit your web browser.

Once your browser is open, type Google.com. You’ll see that even though you typed in Google.com, what shows up is https://www.google.com—URLs begin with either http:// or https://. If you want to prevent the “not secure” warning from appearing in conjunction with your site, your site will need to be HTTPS, rather than HTTP. The acronym HTTP stands for hypertext transfer protocol and refers to how your computer interacts with websites you view. Sites that have a security certificate called an SSL are HTTPS.

If you’re creating a new website, it makes sense to get this SSL certificate. There is a cost associated with it, but it’s fairly inexpensive, especially when you balance it against the cost of losing potential customers who won’t click on sites that show the “not secure” warning.

If you already have a website and you want to migrate from HTTP to HTTPS, there are additional issues to consider. Google will see this as a site move because the URLs will be new and different, so you may experience drops in traffic and rankings because Google needs to crawl and reindex your pages.

This also means that any internal links on your site will need to be addressed, and you’ll need to use 301 redirects from your old (HTTP) pages to the corresponding new (HTTPS) pages. Here is more information about migrating to HTTPS, including issues related to Google Search Console. And, finally, here is more information about choosing WordPress for your small business website.

Don’t miss Part 1 of this series: WordPress Basics for Small Businesses: Choosing a Domain Name

Spambot Targets WordPress with Spray and Pray

Researchers at Imperva published their discovery of a new comment spam campaign that is leveraging the popularity of the World Cup to trick people into clicking on links that take them to shady betting sites.

The campaign, which mainly targets WordPress sites, is launched by a botnet and implemented in the form of comment spam. Despite its being one of the oldest tricks in the hacker’s book, comment spam is still pretty popular.

The comments appear to be little more than meaningless, generic text generated from a template and posted in the comment sections of blogs and news articles. When researchers sifted through the comments, they discovered a pattern: The linked sites offered betting services on 2018 FIFA World Cup matches.

Using the spray-and-pray technique, the spambot attempts to post a comment to the same URI across multiple sites, even those sites that might be vulnerable or don’t have a comments section. Researchers found that the top 10 links advertised by the botnet lead to World Cup betting sites, with eight of those top advertised sites containing links to the same betting site.

“In the weeks before the World Cup, the botnet had emphasized other, non-spam attacks, including unsuccessful attempts to invoke remote code execution (RCE) via PHP and to abuse unrestricted file upload to WordPress sites,” the researchers wrote.

Commenting on the discovery, Johnathan Azaria, security researcher at Imperva, said, “Our research once again highlights that attackers follow public trends and essentially go where the money is.”

“In this campaign, attackers are taking advantage of the popularity of the World Cup. Anyone who visits the betting sites could easily be duped into handing over sensitive information to attackers,” Azaria said.

Researchers suspect that this is a botnet for hire, orchestrated by the betting sites in an attempt to increase their SEO and “reflects how malicious or unsolicited campaigns tend to intensify during events that draw large audiences who keep track of developments online, are enticed to purchase products online from sponsoring organizations or both,” said Chris Olson, CEO of The Media Trust.

Why is WordPress the Best CMS for web Development?

Introduction

We know that all businesses need to have an online presence in order to survive in this competitive world. A professionally made website can help a business to increase its chances of becoming successful. There are a lot of website builders who are available in the market in order to make your own website for any business. WordPress is the best for this purpose.

Most of us have head about WordPress which is an open source CMS or content management system. Numerous people are working on this system to make it friendlier to the users. As a result of this, open source CMS is now quite easy to use. You can create your own website within a short period of time. Even if you don’t have any experience and any technical expertise, you can find a lot of tutorials which are available on the web when it comes to web development on WordPress. Also, WordPress is consistently bringing many more updates which pushes it in the direction of being the best CMS available at present.

It doesn’t matter what particular kind of website you wish to create. You can easily develop any website with WordPress or hire a WordPress development company. With the use of the right WordPress plugins for website building, you can create any website that you desire. There are no limitations in this aspect. You can easily develop any website for your business for a variety of purposes.

There are a plethora of reasons why WordPress is considered to be the best CMS for web development. Some of them are mentioned below:

1. Wide range of User base

In case you don’t know, WordPress isn’t only for the bloggers. It is meant for everyone. For small businesses to bigger one, anyone can use this for online website building. You may get confused WordPress with http://www.wordpress.com. WordPress is an open source CMS which you can easily download from http://www.wordpress.org. While http://www.wordpress.com is essentially a service which provides you the means to create personal websites. The major different is the source of hosting. In case of WordPress software, you can easily get to host any website of your own. In case you are hosting your own website, you can easily control everything. You are in total control and ultimate decision maker. You can easily create as well as manage your content. You can easily design your website in any way you want. There aren’t any restrictions of any type when it comes to the range of things you can do with this software. It means that you can easily choose WordPress as it saves a lot of time and more. It is costlier to develop a website from scratch. WordPress helps in bringing the cost down. Each person has a different taste and choice. One doesn’t have to select from any pre-existing theme. One can simple create own theme according to his requirement. However, WordPress provides multiple themes for the beginners too. A lot of people from different domains and industries are now using WordPress as CMS for their small businesses. WordPress is a powerful software which fulfils the needs of every type of users.

2. Multiple Themes and Plugins

The most salient feature of WordPress is that it offers thousands of pre-designed themes to its user. The user can easily select the theme which suits his business requirement and create a website. There are themes available for all types of businesses. Along with these themes, there are a plethora of plugins which are available. These plugins help in controlling the content, designing the website, uploading images and videos, analytics and optimisation of the website. A business can hire WordPress expert in order to build a website with these themes and plugins. He can also design themes according to the requirements of your business. WordPress also has thousands of various responsive themes. It is quite useful as most of the users are using mobile phones. A website should respond according to demand of the users when they are using the website. A responsive website is more SEO friendly and ranks higher on the search engines. It is because the website becomes more accessible for the mobile users as well as search engines to display them.

WordPress development

3. SEO Friendliness

SEO is quite important for the success of any website but most of the people don’t understand its important. But in order to survive as well as get to the target audience, the business need SEO. There is no point of having a website if no one is visiting it. WordPress is great when it comes to addition of content. It means that the content can easily be made interesting as well as SEO friendly. One use to have the most relevant keywords in the content as well as URL in order to make the website more SEO friendly. The coding behind the theme can easily be more SEO friendly. If you hire WordPress expert, he will use his knowledge for a clean as well as SEO infused coding.

4. Security

WordPress is quite a safe and secure platform for any business to invest in. WordPress has its own dedicated team of people who are responsible for making the website safe from different types of malicious attacks, hacking and viruses. WordPress development company takes special care in developing websites which are both safe to use and secure from data breaches.

5. Free of Cost

WordPress is available for free. One doesn’t have to pay anything in order to install this software. It also provides freedom to the users. The user has complete freedom regarding the usage of the software. He can easily modify the website accordingly. You can easily build upon this particular software and use it in any particular that you wish. However, there are some features for which you need to pay for instance CSS modification. In case of other powerful features, you may have to spend a small amount of money.

Conclusion

WordPress is quite easy to use, and one doesn’t need to have technical expertise and experience. There are thousands of pre-designed themes for you to work with and you can start without hiring any web developer. In case you require additional support you hire WordPress expert. WordPress is without a doubt the best CMS when it comes to web development.

Is WordPress becoming the SAP of CMS’s?

The last time I wrote about our WordPress experience in any depth was December 2015 when I said:

As I said earlier, we are sticking with WordPress but we are re-engineering it, pretty much from the base core up. We are dumping as many plugins as possible and turning required functionality into the core. This will allow us to ensure that every major piece of functionality is battle tested against a common code line. It means we will have control over the code in ways that are otherwise not easy to parse, even in the open source world.

Things have moved on and we got a lot done but…

If you are one of the 30%+ of the CMS market that uses WordPress then I wonder if you’re starting to view WordPress as the SAP of CMSs. I mean that both in a positive and negative way. Let’s examine what this means.

WordPress and SAP – similar?

Owning an outsized chunk of a market is usually a sign of success and here, both SAP and WordPress can rightly claim leadership in their domains across multiple measures.

SAP started life as a system that was designed to run your business processes – or rather your backend administration processes. It has since grown to be something on which you could (at a stretch) run most of your digital business. WordPress started life as a blogging platform that morphed into a sort-of CMS. With the right plugins and extensions, WordPress could be the hub of your digital business in some well-defined scenarios. Anything media related for example is an excellent candidate.

Both systems are highly configurable and customizable. In SAP’s case, this has proven to be something customers love but which is starting to come under question as customers seek simpler solutions to common problems. The same is happening – at least for me – with WordPress. On the one hand, I love that our dev team can do pretty much whatever we want functionally but now, both getting there and keeping the whole thing afloat is starting to become problematic for some, but not all of the reasons that you might apply to SAP systems.

Once customers understood what SAP can do, many of those same customers spent, and continue to spend, significant amounts of IT dollars building and refining their SAP landscapes. WordPress is a bit different. If you’re starting small then you can get away with pretty much everything off the shelf (OTS), either free or commercial (FOTS or COTS.) But the moment you scale, things take a quantum leap in complexity.

In our landscape, for example, we have some ‘must have’ functionality that was originally a piece of FOTS which our developers hacked about to a limited degree. We’ve gradually added or replaced some functionality for sound commercial reasons but the end result is we now have something that is taking more and more resources to maintain rather than innovate. Sound familiar?

It turns out that the code we’re using has not reached end of life but it sure as heck needs refactoring before it sinks us performance wise.

Gentle giant or angry monster?

It would be easy for me to point the finger at WordPress (and its merry band of open source devotees) to say that open source may be great but in this case, it’s more like the Wild West. There’s all sorts of crappy code that our devs have to push through an increasingly laborious testing process before releasing it to production. Even when it’s COTS functionality run off a remote server that’s not on our services infrastructure.

But then we have seen some really poor practices from some well-known plugin outfits that are hitting our servers at a rate that’s not unlike a DDoS attack. From an email I got to today from our point person at DevriX, our preferred WP support, build and test partner:

  • Blacklisting some malicious DDoS calls to our AJAX engine, i.e. blocking some known hacky attempts hitting non-cached pages
  • Blocking the next set of user agents. SEMrush and Moz seem to be extremely annoying, they hit the site hundreds of times per hour, and crawl random pages, i.e. some are old and not in the recent cache pool (thus triggering non-cached requests).
  • Trying to clean up some of the 3rd party calls in the dashboard to Contextly, CoSchedule, and others that show up in the Add Post screen in New Relic. They happen too often and too many times, I opened the dashboard yesterday and saw 18 calls from CoSchedule and Contextly on a single screen in “Add Post” on a page load which was WTF?

Not nice is it?

And that’s only a half of it. There’s much more.

We can solve some of these problems by simply killing off the functionality that causes problems but then what? In our case we have some answers but it begs the question – has that wonderful toolkit of parts aka WordPress become too unwieldy for the time, effort and money our dev team is spending when we could be innovating against our next-gen business model?

For its part, WordPress is due to release a fundamentally new version of its CMS under the codename GutenbergS which, it thinks, will make life much better for those who want to see WordPress become a modern CMS. The jury is well and truly out on that one. In SAP land we see similar conversations with many customers divided over whether a move to S/4HANA is the route to the future which should be adopted now.

My take

My comparison between SAP and WordPress is incomplete and, some will argue, inappropriate because they fulfill different purposes. I push back saying – as do SAP customers – that WordPress is embedded and, I’d say central to the delivery of our business model.

To that extent, I understand the torn and angst driven nature of the decisions colleagues in the enterprise space take when they look at their SAP landscapes.

And – one of the claimed benefits of S4/HANA is reduced database size which translates to better performance. You can do the same with WordPress but it is a bold step because it means dumping old content. Hmm…

Image credit – Featured image: © pablographix – Fotolia.com

Disclosure – SAP is a premier partner at the time of writing.

WordPress Sites Targeted in World Cup-Themed Spam Scam

Spammers using a ‘spray & pray’ approach to post comments on WordPress powered blogs, forums, says Imperva.

WordPress-powered websites are being targeted in a comment spam campaign designed to get users to click on links to sites offering betting services on the 2018 FIFA World Cup games.

Security vendor Imperva recently observed a botnet spewing out meaningless text messages generated from a template to comments sections in blogs, news articles, and other sites that allow people to comment.

The spambot has been attempting to post comments to the same Uniform Resource Identifier (URI) across different WordPress sites indiscriminately and without regard for whether the site is vulnerable or even has a comments section.

The template that is being used to generate the messages has been around since at least 2013 and essentially gives spammers an automated way to craft slightly different versions of the same message. For example, one version of a message generated via the template might begin with ‘I have been surfing online more than 2 hours today, yet I never found an interesting article like yours’. Another version might say, ‘I have been browsing online more than three hours today, yet I never found an interesting article like yours.’

“Our analysis found that the top 10 links advertised by the botnet lead to World Cup betting sites,” Imperva said in its report on the campaign. “Interestingly, eight of the top advertised sites contained links to the same betting site, hinting that they might be connected in a way.”

The botnet itself is comprised of some 1,200 unique IPs, which by today’s measures is not especially large. In many cases that Imperva analyzed, the botnet has been using URL-shortening, URL redirection, and other techniques to try and hide the destination of advertised links in its spam messages.

In the weeks leading up to the World Cup, the botnet was being used in remote code execution attacks and other attacks on WordPress sites. But once the games started, the botnet’s main activity shifted to comment spam. This suggests that the botnet is available for hire and that the betting site being advertised via the current spam campaign are the ones paying for it, says Jonathan Azaria, security researcher at Imperva.

“Either the owners, or someone that benefits directly from the increased traffic via an affiliate program, for example,” looks to be behind the campaign he says.

Comment spam — like other forms of spam — has been around for a long time, but continues to be popular among threat actors because of how effective they are in delivering marketing messages or links to websites via comments on online forums.

WordPress itself has called comment spam a “fact of life” for anyone with a blog and has offered numerous tips and links on how to mitigate the issue.

The most common approaches have been to blacklist IPs sending spams messages and also the URLs that they advertise. Plug-ins are readily available for vetting comment submissions and ensuring comments and posts are not being generated by a spambot.

“Numerous solutions exist for comment spam,” Azaria says. “In some cases, a simple plugin will suffice. In others, a more complex solution is required such as a WAF, Captcha, [or a] bot detection and classification [tool],” he says.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

More Insights