Tutorials & Guidance of web hosting services. We seriously test all items from top companies then provide a quick manual for users to start with their service easily.

5 Steps to stop wordpress brute force attack

wordpress brute force attack

When I trying to login our company blog site for news update, I get a message showing "WordPress Login Temporarily Disabled" and a support page link for problem fixing. After doing my research, it's because of "brute force attack" for wordpress site, our company blog is one of the victims and our hosting company blocked the login access for any user. After a bit research, we collected following solutions to deal with wordpress brute force attack.

Brief introduction of brute force attack

Brute force attack is the most basic hacking method to gain access to a site: it tries usernames and passwords over and over again until it gets in. Those victim sites using simple user name and password can be compromised easily by this hacking. At the meanwhile, because of the over and over again trying, the server memory/cpu usage goes up dramatically, if there's mass trying on lots of sites, the hosting server can be brought down quickly.

5 efficient steps to stop brute force attack

step1. Use strong username and password

Basic but crucial configuration to maintain a safe site. For wordpress, it's highly recommended to change the default user "admin" to something else you prefered. It can be done through phpmyadmin panel -> open your database -> click on "wp-users" -> click edit button beside the user name -> rename the "admin" to your prefered word -> click save at the buttom to make the change. We can also set a strong user password there directly.

It's crucial step after we have wordpress installed. No matter how the hacker is trying, they can not get in our site even the server is brought down. Our data is still safe.

step2. Hide the login page

It doesn't mean to remove the login link on website home page, it means to change the login URL to something else other than wp-login.php or wp-admin. We highly suggest to have plugin "stealth login page" or "HC Custom WP-Admin URL" installed. We can fully custom the login url as we liked thus hackers can not get it in any way.

step3. Install wordpress security plugins

We have provided a list of 6 leading wordpress security plugins. It's highly recommended to have them installed for high level protection. Free and easy to do, so why not use?

step4. Use CDN service

CDN is great to filter those spam traffic and reduce the hosting server loads. It's not only good for single site health but for entire hosting server. We highly suggest start with free CDN provider "Cloudflare", it's good enough for small to medium size. Pretty easy to configure.

step5. Use a decent hosting provider

A good provider not only prepares good hosting servers but good policies to keep our site alive. Normally, when there's such attack on customer site, many hosters will shut down customer site directly to save their server. But a good hoster like inmotion will try to fixe the problem on server end. For instance, our site is being attacked but they only blocked login access with fix solutions. This is what called customer caring.

Further resources of brute force attack:

  1. wordpress official solution
  2. solution from inmotion hosting
  3. solution on rackaid

Tips in Using BurstNET Server Service

tips in using burst.net server

Burst.net is probably offering the most competitive low cost server hosting plans. Either for VPS or dedicated servers, client have choice over a wide range plans to fulfill their server requirements. Based their large scale business, their server hosting plans are widely recommended and discussed on webmaster forums like Webhostingtalk. However, like any cheap service, you have to learn a bit in order to play well with it. Based our editorial research and user experience, we have concluded following tips and guidance on how to use burst.net server service properly.

Brief introduction of BurstNET

The company burstNET was setup to offer server service in late 1996. As everybody knows, hosting service was quite expensive in early days. Not to mention vps or dedicated server, regular shared hosting service is not affordable to many people. Burst.net started different than their competitors. Since the very beginning, they have been offering cheap and rich feature server plans (as cheap as $5.95/mo). Based all their advantages, there're over 20,000 virtual private servers with over 2.4 million websites served. Since the end of 2013, burst.net has completely revised their official site and server structures, all linux vps are now created on Xen server with solusvm management.

burstnet vps server features

As we see, their people provide great server features with absolute competitive price. For people who would like to get hosting server admin control, it's perfect opportunity. However, from burstNET official reports and various online complaints, lots of servers got shutdown due to problematic running. Here're most popular causes with according solutions for burstNET server service.

Overrated the server capacity

With no doubt, the burstNET vps servers come with great offers on RAM, hard disk and bandwidth. This easily let users to overrate its capacity. There's no problem at all if you just like to host a blog/forum site, but if you would like to configure extra services like VPN then your allocated resources can be used up shortly and most probably other vps instances on same network will be affected. Don't imagine the server is configured with unlimited resources, especially for vps server where all resources are allocated from host server. 1TB can be used up quickly though regular website only takes several GBs per month.

Solution: We must fully understand our needs and choose the proper server plan. If unsure which server is suitable to work with, it's the best to contact burstNET tech support and they can provide professional suggestions.

Server or website hacked

server hacking We just host normal website with almost no change for a long time, but suddenly our server is turned off with no warning. Why is that? From most complaints analysis, it's because their sites got website or server hacking but users are never awared. It might sound rediculous but it's true, many users just do nothing after put website online. Some critial software and server OS hotfixes are not applied in time thus hackers could hack into our servers easily. As the server hacked, hackers can do whatever they want and cause serious issues to the entire network.

Normally, we're fully responsible of the server security since we have full control. Once it's cracked by hacker, most of the time it will be used for illegal purpose. Certainly, it's strictly prohibited by company TOS and they have no choice but to shut down the server. Security is the most important thing for live server, especially when we have a business hosted. So make sure your server security is in hand.

Less Monitoring

server monitoringBy default, the burstNET servers are provided as unmanaged. Means we need to make necessary configuration by ourselves or purchase necessary support service with our needs. This is how they can offer cheap server service all the time. It should be ok when things going properly. However, if problem occurs, we might hard to track it without a good tool. The common problem for most vps users like extremely high bandwidth usage, periodical high cpu/ram usage and fast inodes increasing etc. Most of the time we should have received email notification from support. If no action within some periods and the usage is out of the company tolerance, the server will be permanently determinated.

What should we do? We must ensure our contact details from server account is up to date so we can receive notification in time. Also, if we don't use a control panel solution like cpanel, we must install necessary monitoring tools like Munin to check how things going on server end.

More about BurstNET

Among thousands of server providers, burstNET is one of the few groups who manage their own data centers. Till present, burstNET manages total of 3 world class data centers in Los Angeles, Miami and Scranton to support users from different locations on the planet. In the last year, their people has fully upgraded all server facilities and offer. Previously, burstNET is well known on OpenVZ/veportal platform which is not good from most professional analysis. Now they have completely transferd to Xen/Solusvm platform which is considered the best at the moment. The company provides full range server products including VPS, dedicated and colocation server plans. Except for their cheap server service, they also provide very competitive price for add-on services like static IP, storage and bandwidth etc.

BurstNET is cheap, but we have to use their cheap service properly for problem free. Just follow above to get started.

Why IXWebHosting is NOT Recommended for WordPress Site

why ixwebhosting is not recommended for wordpress

IX had been our top recommended web hosting during 2008-2010 for its rich feature and low cost plans. However, it's not in our recommendation list anymore. Especially when referring to wordpress support, ixwebhosting is far beyond a good hosting provider. This article briefly introduce our wordpress website experience on ixwebhosting server and shows why it's not recommended.

We got into ix hosting service in 2008 by a famous community recommendation. It's not so cheap to host a website at that time but ix managed to provide almost everything unlimited for very good prices. WordPress is our primary choice because we would like to keep things as simple as possible. Thus wordpress is the only service we ran on hosting server. For safe choice, we selected "Unlimited Pro" plan then added all our 4 sites to account. At the very beginning, everything seems to be perfect but as our website grow up and frequent wordpress core updates, things become worse and worse.

Outdated WordPress Installer

For new wordpress setup, auto installer script is always the best option because we don't have to deal with file downloading/uploading and related database configuration. Ixwebhosting installer is still kept on wordpress 2.9 which is years back old. Comparing to the popular installer pack like softaculous and simplescripts, the ix installer is pretty outdate with very limited scripts library

ixwebhosting wordpress installer

That means we have to use manual option like in old days. It would be a big challenge for many wordpress beginners because not everybody can handle the process perfectly. We previously have everything migrated from another web host so there's no installation for our case, but when we decided to setup a new blog and thought their installer could do quick help, it completely disappointed us. Thus if you need wordpress auto installation especially when you need frequent installation, ix is not a good place at all.

Frequent Google webmaster warning

We can accept to setup the wordpress installation manually with no problem, but the next problem is it can't be functional properly. About 3 months after we put all websites online, we received multiple email from partner says googlebots can not access sites and it's loading very slow for some specific periods of the day. I thought it should be temperoral issue so just waited more few days but problem still. We tried to use new server account but the problem did not solve. We monitored those websites personally via third party service for more accurate reports, but surprisely it generated more problems than expectation.

Unclean Dedicated IPs

Ixwebhosting announces to provide multiple free dedicated IPs to show their service advantages. It's indeed true if you would like to have SSL certificate enabled on your domain because each certificate installation requires a dedicated ip address. From the old days, it cost around $4/mo which is pretty expensive. But problem solved by ix service. They can provide up to 15 free dedicated ip address which is beyond our needs! However, that's not what they advertise on website. They say their dedicated IP offer is "awsome for SEO". It might be true 5 years ago but google officially confirmed a dedicatd IP has no advantage comparing to shared. For SEO, content is the most important factor.

ixwebhosting dedicated ip offer

Maybe because of their advertised advantages, lots of webmasters host website farm on ix servers on every single IP and heavily punished by search engine at last. How do we know? Because it's experienced by one of our friends who is doing search engine optimization. All his farm sites got punished by google and all sites under the IP were less ranked after the followed google updates. Unfortunately, those IPs are still offered in IX database. Thus if we're somehow assigned those IPs to account, we can not get a piece of benefit from search engine but actually in risk of being blacklisted.

Less Security

Unlike many other leading hosting providers, ix just handles your website service and nothing else. Our wordpress sites have all popular anti-spam/hacking plugins with good optimization. However, we still have to delete more than 20 spam comments on every site. Although we have disabled new user registration, we still receives new user registration notice every day. However, we never got such strange problem from other providers like arvixe. The ixwebhosting team announces to be wordpress profession by their own but we find nowhere for dedicated help resource on their website. It's absolutely ridiculous!

Best wordpress hosting choice

Other than ixwebhosting, we highly suggest the top 5 wordpress hosting providers. It's fully tested and recommended by other webmaters and our personal experience. They're not only offering rich feature wordpress hosting plans but with powerful server support and security protection. Most wordpress website stuff can be automated in control panel center with those providers. We personally host webhostpark(wordpress based) with arvixe service since 2011 and so far so good. Especially for their great tech support, highly impressed.

Guidance & Practice of Manual/Automatic WordPress Migration

guidance & practice of wordpress migration

Wordpress is the best choice for lots of developers. However, migrating wordpress site from one server place to another involves several "play arounds". Especially when we developped the wordpress site locally, there's change of website URL and sometimes we have to work with hosting support to import database files. We have been doing testing and practicing for different migration techniques. Following are our experience and comments to different solutions.

Generally, there're automatic and manual choice for wordpress website transfer. We'll provide explanation for both solutions.

Manual Migrating a WordPress Site

We have explained the detailed steps from previous wordpress migration guidance. It's perfect choice for small site migration. But if we have a large database to move over, we always need to contact hosting support to import the mysql backup. Here we have a great plugin called WP Migrate DB. Using this plugin we don't have to deal with phpmyadmin and everything can be operated through wordpress dashboard. WP Migrate DB does mysql export/import just like phpmyadmin. The best part of this plugin is it does a find and replace on URLs and file paths then save it to your computer. It is perfect when you need a change on website domain.

wp migrate db screenshot

Automatic Migrating a WordPress Site

Automatic solution relies on different wordpress plugins. Here we introduce two of the best rated – Duplicator and WP Clone. There're over 100,000 downloads for both softwares and highly recommended by wordpress professionals.

Duplicator

The purpose of duplicator is to copy or clone a wordpress site from one location to another. Duplicator provides a step by step guidance on how to copy your site to new server space. From it's official announcement, duplicator promises a three-step process which is Building package from existing website admin -> Upload to new website space via FTP -> Configure on new server space. Here's the official video for quick understanding

Although duplicator is highly rated by lots of users, it requires some technical knowledge in order to use it properly. Basically, it's much the same as manual migration but just automated the mysql database and provides more custom options during the process.

WP Clone by WP Academy

WP Clone is probably the most convenient choice for wordpress migration. This plugin does not require ftp at all, everything is operated through http connections. You just need to have a basic wordpress installed on new server space then import everything from old site. Because it's making use of wordpress internal functions so it's compatible with 100% web hosts in case you run into problem with other solutions. Just two steps to get the migration done.

First, go to wordpress dashboard, navigate to WP Clone then choose "Create Backup" to generate a backup of your existing site. It will have both files/database included. You can also define more parameters from advanced settings such as only database backup. Here we just leave as default.

wp clone for backup

Now we get the http address of backup package. Copy it to notepad for restoration use.

Now, login to new wordpress admin dashboard then go to "WP Clone". Here we choose "Restore from URL" option and paste into the URL we just saved in notepad. Click the agree box then click "restore from URL" button to complete the process. Since it's 100% server end connection so the speed is pretty fast. For our case, the 40MB restoration took less than one minute.

wp clone for restoration

The best option we recommend

Personally, we have dealt with most wordpress migration by hand because that's the way we use for every other kind websites. We have been used to this since 8 years ago. But it doesn't means we don't like the automatic option at all. Actually, most of the time, it will save us time and reduce mistakes. Especially for people who're new to the work, automatic solutions simplify the entire process by few clicks away. We highly recommend WP clone for start users for worry free choice. If you're developer or advanced user, duplicator would be your best choice since you can make lots of customization.

Multiple Websites for Single Hosting Account, Tips & Guidance

multiple domain hosting

Multiple domains under single hosting account is widely supported by many web hosts. With no extra payment submission, we can put multiple websites online. Why we not take such advantage? Well, since every coin has two sides, there're both pros and cons by hosting multiple websites per single hosting account. In this article we compare both advantages and weakness of this feature and provide editorial guidance on how to use it properly.

Multiple websites from single account – Pros

There're indeed lots of advantages by hosting all your websites under the same space. Either for cost consideration or for better maintenance, the feature brings people lots of convenience. Generally we get following unbeatable spotlights.

  • Less cost, definitely the primary advantage for most people. Since we can add several websites from the same control panel center, we don't have to pay extra for each website hosting. Especially for those who got very limited budget, multiple domain support is great feature to help business starts.
  • Professional management, with no doubt an easy to detect advantage. Because all our websites are hosted under the same space, we can handle maintennce, security updates together without dealing from multiple other hosting accounts. Just imagine we have 100 websites on hand and we host them from 100 different web hosting providers, how hard it would be for daily maintenance?
  • Better security, probably the most important feature when we host more than one website per account. Since we just need to security a single hosting account, we can use any good measure as we want and don't have to worry about password loosing etc if we have added extra protection. Under the same hosting account we can also professionally monitor each website security stats from the same dashboard.

Multiple Websites from single account – Cons

Despite all above mentioned advantages, there're actually more weakness by hosting several websites from single account. The most discussed is about performance. Because if we add all websites to same hosting account, it's actually big risk to get all of them down together. No exception in case someone is overloading the hosting server or the server got ddos attacking. When we encounter such events, all our websites will not be browsable. Uptime is crucial for any kind website because it's our business, we can not afford any downtime.

Editorial Tips Of Hosting Multiple websites together

To support multiple websites from single hosting account, the industry had passed long time development. In early days, it's hard to get hosting service for personal users and requires high level programming skills in order to use it properly. You have to be professional in computing and programming in order to put up a website because you have to code everything by hand. Thus, single domain support is enough for most people's requirement.

But look at the internet today, everybody be able to setup a personal page without knowing any programming knowledge because everything can be automated. As of the convenience, people can put up different websites for different purpose. It's no problem doing that but you have to follow the right way as below

  • Evaluate your website requirement carefully. So you need to host multiple websites together, those websites might be for different topics for different industries. Thus it's quite possible your websites will be viewed in different ways. You might require frequent user interaction on one website and just for product show case on another. So check carefully about your website purpose then you will know what kind of websites can be hosted together.
  • Do not host with a budget hosting service. Budget hosting service is everywhere today because of the competition. However, if you would like to receive decent performance and support, you should avoid using such service. The logic is simple, why should they give us guaranteed service for less paying? Not only for multiple websites, even for a single bigger personal website, budget hosting is limited for too many things.
  • Backup regularly. We must have a good backup schedule and ensure we got a copy of the latest data. As explained from above, it's a chanllenge to host all websites under a single account, just the same logic to put all eggs to same basket. Once the server crashs we can always get quick recovery from local copy.
  • Monitor website performance and do necessary changes. The most important part after websites put online. Monitor carefully about the growth then apply necessary optimizition or even hosting upgrade. An extra website on server means more resources to be ultilized. Pay attention to our poor server and don't overuse it.

Best multiple websites hosting recommendation – InMotion

InMotionHosting is the top recommendation for multiple websites hosting purpose. Either for performance or security, inmotion hosting plan provides the best price value. Their shared business hosting service is neither too expensive nor too cheap and keep a perfect balance point between price and quality. InmotionHosting does not support unlimited websites for their shared plans but a limited "multiple" to ensure every clients can get the best performance.

inmotion hosting multiple domain support features

5 Money Saving Tips In Using InMotion Hosting

5 money saving tips in using inmotion hosting

Being the top choice of business hosting provider, inmotion hosting is widely recommended by business owners and professional webmasters. Not only for it's high performance hosting servers but also for its professionality and kindness in handling customer service. However, by following the basic business logic and the term "you get what you pay", inmotion hosting service is relatively more expensive than many web hosting plans on the web. In this article, we introduce how to save money in using their hosting via 5 tips.

Tips 1 – Sign up with our Promotional Link

You don't have to pay full amount. Inmotion Hosting provides us an exclusive promotion link which will result in 50% discount comparing to its original price.

This special price applies to all their shared hosting plans including launch, Power and Pro. Get it today if you're looking for high performance hosting with good price.

inmotion hosting 50% discount

Tips 2 – Choosing the right plan

Inmotion hosting manage multiple hosting plans with different features. You need to evaluate your website requirements carefully then determine the best plan that suit your needs. Here's a quick view of the 3 plans with main features.

Hosting plan Launch Power Pro
Website 2 6 25
Database 2 50 200
Price $5.99 $7.99 $13.99

For example if you just need to host a single website & database, the starter plan is good enough to work with. But if you're doing web development and requires multiple sites support feature, you need Power or Pro plan to work with. One thing you need to remember is all plans are created on the same server, thus you don't have to pay higher plan for better performance. Higher paying only provides us ability to host more applications.

Tips 3 – Sign up more than a year

It's always good choice for multiple years registration when you need to use the website for long time. Inmotion hosting provides $1 discount per month if we sign up yearly. That means $12 bucks less for one year registration and $24 bucks less for 2 years subscription. The longer contract we take, the better deal we get. Because their promotional price is only valid for initial registration!

Tips 4 – Take free domain advantage

free domain offerDon't miss out their free domain opportunity. Although we don't recommend to keep domain and hosting together, inmotion is a very exception based all user experience. Users get full control over the domain no matter if you're going to renew the hosting or not. Normally a domain registration costs us around $10/yr, but inmotion hosting provides it free for every clients. Already got a domain? No worry, the opportunity is always kept for your account, you can always refer to your account management panel to claim the offer.

Tips 5 – Special offer for developers and students

Inmotion hosting provides lots of free opportunities for various users. Their group has sponsored lots of open source events like wordcamp, drupalcon and Joomla etc. Developers be able to claim very good offers like free hosting and priority to customize your account setup etc.

If you're hosting a non profitable group or educational institute, you receive huge discounts with up to 58% at inmotion service. You don't need to contact their people in order to claim this offer, just enter your .edu email address to proceed the sign up. Of course, you can also contact their representative for a coupon code.

More about Inmotion Hosting Service

Inmotion Hosting has been our golden partner since 2011. Unlike any other web hosting service, inmotion hosting focus more on server performance other than profits. Each customer account is setup with isolated server resources for guaranteed loading. Their people configured max speed zone between east and west coast data centers to delivery the best response rate on customer websites. Being a respected brand of business hosting provider, inmotion strictly follows their selling policy to ensure each customer account is served properly.

max speed zone