WordPress Plugins Bugs

by Hiroshi on 13-03-2009

Plugins are cool. Every WordPress powered blog uses different plugins. They give your blog wings. There are few things you must be aware of before using plugins. What I do, I just test the plugin before I actually use it. All the plugins out there are not trustworthy. Even if any plugin comes by a trusted source, it can have bugs which will make your blogging life a bit complicated. I regularly check plugins, update plugins whenever any update is available and remove the plugin which contain any bug. Here are few popular WPplugins I noticed some bugs in them recently.

{ Continue Reading }

 

Use mod_deflate to Compress Web Content delivered by Apache

by Hiroshi on 16-11-2008

One of the most efficient methods to reduce the usage of bandwidth by the web server and, at the same time, increase the speed of the content delivery is to compress your web pages and, generally, all output that is returned to the clients. This article describes how to use the mod_deflate module to compress Apache’s output on-the-fly.

Create a file named deflate.conf and import it in the main server’s configuration using the Include directive.

(Include /path/to/deflate.conf):
#
# mod_deflate configuration
#
LoadModule deflate_module modules/mod_deflate.so
<IfModule mod_deflate.c>
        AddOutputFilterByType DEFLATE text/plain
        AddOutputFilterByType DEFLATE text/html
        AddOutputFilterByType DEFLATE text/xml
        AddOutputFilterByType DEFLATE text/css
        AddOutputFilterByType DEFLATE application/xml
        AddOutputFilterByType DEFLATE application/xhtml+xml
        AddOutputFilterByType DEFLATE application/rss+xml
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE application/x-javascript
        DeflateCompressionLevel 9
        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
        DeflateFilterNote Input instream
        DeflateFilterNote Output outstream
        DeflateFilterNote Ratio ratio
        LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
</IfModule>

This configuration will be inherited by all virtual hosts.

To disable it just comment out the line that loads the mod_deflate module (#LoadModule deflate_module modules/mod_deflate.so).

To record mod_deflate’s specific variable (instream, outstream, ratio) values for a virtual host, just add a new log file of type deflate:

CustomLog /path/to/vhost/logs/deflate_log deflate

This will give you an idea of how efficient is the use of mod_deflate in that particular host.

Read More About mod_deflate

http://httpd.apache.org/docs/2.0/mod/mod_deflate.html
http://www.howtoforge.com/apache2_mod_deflate
mod_deflate to compress web content by apache

I asked my host support about it. They told me that they already do this technique for every website. wow. Happy Hosting, Happy Customer :)

Do you compress your web content? What method do you prefer?

 

Web Hosting Nightmare

by Hiroshi on 16-09-2008

Web hosting has been always a tricky question for webmasters. Sometimes you get satisfied with current hosting provider but its all a matter of time. I have experienced a loss recently. Mistakes might be mine also but some hosts do not cooperate enough to secure you but they leave you in critical time. I will not name the host. But I will reveal a critical situation I have been in. My Web hosting account was hacked. Web host suspended away my account and recommended me to move host.

Possible Reasons Involved

  • I was busy and away from my web account
  • I was using old versions of WordPress software
  • I was not aware of critical threat about website vulnerabilities
  • Too much reliance on host
  • Uploading of different open source software at my web host for checking purpose
  • Uploading of unsecured forms

Consequences

My hosting provider scanned my website and suspended my account. They informed me that there are some malicious scripts at my website. I checked these and deleted which I could find. Soon enough there were more found and support from host told me to move host.

What I had To Do

They suspended my account. My seven websites Including blogs also went down (These were at same web account). I had just Control Panel and ftp access. I downloaded data and databases. Setup blogs at local host. Exported my posts. Got shifted to new host. Transferred domain names. Uploaded new WordPress software. Imported posts. Took long time.

What Web Host Could Had Done

  • They could told me all vulnerabilities and locations of scripts to me so that I could get rid of those
  • They could advise me to download all data and after cleaning upload it
  • They could themselves remove all vulnerabilities as I gave them permission to do so because they are supposed to be more technical in this

After This What I Could Conclude

  • Web host will suspend your account and can delete it anytime whenever they will feel that you are in trouble and they will tell you to move host, doesn't matter you tell them that you are not quiting and will try to fight back against threats
  • Always upgrade new version of software
  • Get a website scanner and scan website for cross site scripting threat and other vulnerabilities
  • Well manage your .htaccess and robots.txt file
  • Take care about directories and file permissions
  • Do not upload unnecessary open source CMS or scripts for checking unless you know about it fully
  • Get a Unix based web hosting
  • Do not put all websites in one webhosting account (If you have enough budget then I will recommend you to take separate web hosting account for each domain and website)

My Recommendation

Know More About WordPress Vulnerability

Old wordpress version can get your blog banned from google
Wordpress SQL injection vulnerability
Wordpress upgrade importance
Wordpress Vulnerabilities list, Blog watch
Wordpress Exploit Scanner Plugin
How to know that your blog is vulnerable or being hacked

 

What is Server? What Makes a Computer, A Server?

by Hiroshi on 09-07-2007

A server is nothing more than a computer. It has a hard drive, a cpu, memory and all of the things you will generally find in a home computer. Your home computer can be a server if you want it to be. A server by definition is just a computer which serves other computers. A web hosting server is nothing more than a computer which serves web pages to the computers requesting them; i.e., to the person running the internet browser. So while in the generalist sense every computer can be a server; correspondingly what makes a computer a good server?

A web hosting server is a server set up to perform web hosting tasks quickly and efficiently. A web hosting server does not need pretty graphics because typically it runs by itself without input from a person. It is essentially (after you set it up) fully automated. And unless it is necessary, it doesn't have a monitor. (Of course like all things it needs maintenance from a qualified professional from time to time to ensure it is running efficiently).

A good web hosting server does have a few characteristics that make it different from a normal home computer. One of the characteristics is redundancy. Typically, a server has multiple hard drives which store the data. With a multiple hard drive system data is saved on more than one hard drive so in the event of a hard drive failure the redundant drive takes over exactly where the first hard drive failed. This process is known as RAID. Another redundancy you will find is that some servers will also have multiple network access cards (for faster input and output) and two power sources. The name of the game with servers is *reliability*.

Aiming for reliability with a server typically means that the latest and greatest is not necessary the best for a web hosting server. Web hosting servers typically wait until *all* the bugs are out of the hardware and software because they want their clients' websites up at all times. (Of course servers should always have the latest and greatest security patches.) With these characteristics in mind sometimes it shocks the average person that most servers run lower end cpus. At the time of this writing the 3.0 Ghz chips are entering the market but you will find a lot of web sites hosted on Pentium III cpus. And quite frequently Celeron chips are used which range from 1.0 Ghz to 1.7 Ghz. The reason for this is two-fold: these chips generate less heat which is important to keep heat down in a server and web hosting does not generally demand much cpu processing. RAM (the computer's main memory) is actually more important at times than the cpu. Typically a server should have 512 MB to 2 GB of memory, with 1 GB being a sweet spot for processing. But the question always arises-if a Pentium III does a very good job at web processing won't a Xeon cpu or dual AMDs do better? Maybe-it really depends on what is on the server. If you have just web sites and they don't use much scripting programs (PHP or Perl or CGI) or don't have huge shopping sites like Amazon.com on them, a lower end cpu is going to perform pretty good. Of course the dual AMDs and Xeon are going to outperform the Pentium III but not as much as you are going to pay for the premium in pricing for the cpus and the additional requirements brought on by the increased heat (more fans, bigger cases, etc).