Update to WordPress 3.5.2 in Progress

For those hosting with Florence Road we’ve updated most of the sites to WordPress 3. 5.2 over the weekend.  As part of our managed WordPress hosting service this is executed as part of your hosting package.

The official line from WordPress is that this update fixes a number of important security loopholes.  See below.

This is the second maintenance release of 3.5, fixing 12 bugsThis is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.

The security fixes included:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.)
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  • Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  • Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.

We appreciated responsible disclosure of these issues directly to our security team. For more information on the changes, see the release notes or consult the list of changes.

Learn WordPress – Training Melbourne

We’ve had numerous requests in recent weeks to extend our online WordPress training, to live WordPress training sessions in Melbourne.   Read more

Announcing Amazon S3 back up on all hosting accounts

Florence Road is pleased to announce that Amazon S3 back up will added to all hosted accounts that are on WP Engine’s infrastructure.  This additional layer of security and back up will have no additional cost to our customers.   Read more

WordPress websites – Just like building a house

I have love grand designs, and I often relate the building of our wordpress websites back to building a house.  So let’s put on the project management hat for a minute and think about how your wordpress website is actually a home. Read more

Does blogging help search? It’s simple with a wordpress website.

Google loves new relevant content, as such we always recommend to clients that they write a few blog posts to help them improve their search ranking.  But does blogging actually help search and is it difficult to blog with a wordpress website?  Read more

WordPress Website Security – Minimise Potential Hacks

Wordpress website SecurityWith malware up 140% in the past 2 years, and in recent months a number of our clients wordpress websites hacked, we took time to explore why wordpress websites are hacked, and what measures we can employ to maximise wordpress security.  Read more

Top tips for the best cafe website

If you’re thinking about a new website for your cafe or restaurant, or perhaps you are researching to create your very first, we’ve got some ideas to help you create a successful website that will provide a great impression. Read more

All Time Top 5 WordPress Plugins

One of the best things about wordpress websites are the ability to add plugins to your website, which essentially is just like adding apps to your phone.  We thought we’d compile our top 5 wordpress plugins that we rely on for nearly every single wordpress website that we build. Read more

Adding a thumbnail pic to your WordPress Website

Many of you might notice with WordPress websites, that you have an opportunity to display a picture of yourself as a little thumbnail.  This is typically displayed in the comments and about sections (after a post) and in wordpress terms is called an gravatar or avatar.  This post explains how you can upload one. Read more

Client wordpress sites hacked – our perspective

Hi all.  We awoke this morning to the shocking news that another 2 websites hosted with Crazy Domains had been hacked.  It’s obviously a serious concern now as we have close to 2 sites going down on a weekly basis.

We wanted to stress the importance of moving your website to WP Engine immediately, as well as explain the situation with Crazy Domains.

Can’t help but feel guilty

Most of our clients come to us as technology newbies and seek our advice for what they need to do to host and run a website.  Our typically customer is a small business, maybe 1-5 people, and a limited budget for website development.   As such our recommendations in the past had focused on the best value offerings.

Unfortunately that has meant we made recommendations that today we are not proud of.   We made these recommendations, based on our experiences, which at the time was correct.  But technology changes, and it changes bloody quickly.  So we feel guilty, but you must understand our situation in making these recommendations, and also understand what we are doing to fix the issues.

The lay of the land

Originally in the early days of our business we asked you all to host your websites externally with Crazy Domains (or your own suppliers).  The issue for us was that we were spending hours upon hours configuring all the technical back end hosting and email for our clients without us seeing a red cent.  And when the hosting went down everyone turned to us, and said ‘where is my website?’.   In effect we were acting like a customer service channel for Crazy Domains.  If we were to grow our business, we couldn’t keep this model, otherwise we’d have to charge you significant dollars which we wanted to avoid.

A reseller hosting provider with added security

So we decided maybe it’s better if we became a reseller of Crazy Domains and make a small mark up for the work we do.  We implemented our own security measures which included:

  • Weekly back up all wordpress databases
  • Weekly theme back ups of all websites to local machines and Google Cloud
  • Security plugins
  • WordPress and plugin upgrades as they are required.

Again this was taken a serious amount of our time, and the fact remained we were making about $20 on each hosting account, whilst providing a service that others were charging hundreds for.

Then the servers started crashing and the hackers moved in

Once the servers started crashing we started thinking that we needed to seriously do something about finding a new host.  And  then the  sites started getting hacked and it was the final straw.  Enough was enough.  Having had a baby, I was spending my Saturday morning fixing websites instead of enjoying time with my family.   So we decided we need to find a managed wordpress hosting supplier that can alleviate the issues we had.  This global search landed on WP Engine.

This global search landed on WP Engine

We had read about WP Engine numerous times and thought long and hard about moving our Florence Road website over to them. The reviews were unanimous that these guys were the kings of WordPress hosting.

They provided:

  • Full security and daily backups (if it gets hacked they’ll fix it!)
  • WordPress updates and plugin updates
  • Fully optimised speedy delivery of sites

But the cost? Is it worth it?  

The only thing that stopped us from jumping at WP Engine with both feet, was the cost.  The minimal charge per year was $360 which compared to Crazy Domains, is $304 more expensive.  We aren’t talking a small increase here we are talking a monster one.

But what’s the cost of downtime? 

So when we started to add the hours we were spending on maintenance, backups, and hosting issues, and we thought you know what we have to do this.   So we moved just our Florence Road website over and we didn’t have an issue for 6 months (still haven’t).  And then we moved a few of our premium clients who’m we knew $360 per year wouldn’t be an issue for the speed, reliability  and security that WP Engine brings.  Everything was running like a well oiled machine, and still is!

The more we worked with WP Engine the more we were convinced.  They’re customer service is the benchmark by which all technology companies should be measured against.

But what about our smaller clients?  They’re the core of Florence Road

Florence Road has always had musicians, actors, artists, and small businesses as the core of it’s business.  And if we were experiencing a revolution in hosting, then we would have to find a way for the majority to enjoy that as well.   So we worked with WP Engine to devise an offering that was a happy compromise between the full services of WP Engine but at a fraction of that cost.

WP Engine Networked Sites

So we worked out that we could host a number of websites together in one shared account which meant we can pass on big savings.   The actual content of your website, the stuff you upload, is completely separate and is not shared.  What you probably don’t realise is with Crazy Domains, and most hosting companies for that matter, you are on a shared hosting server anyway!  This is why when one site gets hacked, we see a number of them get infected.

So what are we doing?

We’ve sent numerous emails to our clients and we will be reaching out to them individually to encourage them to move their websites over to WP Engine.   WP Engine charges $300 per website move, however we are doing this for our clients at a fraction of this cost because of the recommendations made above.

We can never gaurantee 100% that a website won’t get hacked, but we are doing absolutely everything we can to minimise it.