wordpress

How to choose a host for your shiny new wordpress website.

15th November 2013 By Jax Blunt 10 Comments

So, you’ve listened to the talks on self hosting your website, you’ve read around on the issues that using wordpress.com or blogger or other free systems might imply and you’ve decided to take the leap.

You know you need a domain name, and a host. But what are those things, where do you get them, and what do they mean?

Domain names

The domain name is the bit that you type at the top of your browser, the person friendly word based address for your website. (A more technical explanation of all of this can be found here.) You buy it from a registrar, and I tend to recommend that you use a registrar separate to your host, because if it all goes pear shaped you don’t want to be trying to transfer domain names as well as all your files. Personally I use lowcostnames – they are reasonably priced, and don’t sting you on renewal.

Then it’s time to look for a host.

Hosting

When you’re just starting out, you don’t need a dedicated server (the machine that all the actual files sit on), shared hosting will be fine. This just means that you are using a server that lots of other people use too, and that you are sharing the IP – there’s some funky software that keeps all the sites separate both in terms of people viewing it, and in terms of you managing it at the back end.

You won’t need a huge amount of storage space to begin with – because you are optimising your pictures for the web before you upload them, aren’t you? And you won’t need a massive amount of bandwidth (this is how the traffic to and from your site is measured) until you’re seeing a reasonable number of visitors.

Personally, I look for CPanel as the hosting interface – it’s well structured and has everything you can need. It also (usually)provides a one click installation for wordpress, meaning that your life stays simple and you don’t have to start installing via ftp (which is not that difficult, but just adds to the stress levels when you’re starting out). Do check that the host you are looking at does provide this though, it has been known for people to turn it off.

Some recommendations (which include affiliate links – please see my affiliate linking policy if you’ve any queries about this):

TSOhost – I haven’t used them personally, but I know a lot of people who have and seem very happy. Use code blogfest to get 10% off (not sure whether that applies to their lowest priced package).

EUKhost – we’ve been recommending these people for around 10 years, and not heard any complaints.

ezpzhosting – we have a server here, and they are excellent.

You can also check out a variety of webhosting review sites – be aware that many of the links on those will be affiliate links as well.

Once you’ve got the domain name and hosting sorted out, and pushed your one click button, the next step will be making your site look pretty – coming soon.

WordPress under attack – how to protect your site from the admin account hack.

14th April 2013 By Jax Blunt 8 Comments

There’s an Ars Technica article flying around right now about a massive attack on wordpress sites around the internet attempting to build a super botnet. The attack is working by targeting a particular user account that the vast majority of sites have, including this one.

According to CloudFlare’s Prince, the distributed attacks are attempting to brute force the administrative portals of WordPress servers, employing the username “admin” and 1,000 or so common passwords.

User access to wordpress relies on knowing three things. A user id, a password, and a login location. This attack is assuming that there will be an administrator account with the user id admin, and is then firing a brute force attack trying to decode the password. Advice to change your password is not necessarily going to help – it might be that your password of choice is one of the 1000 common ones being used as mentioned above. If you go for a long password with a mixture of letters, number and characters you’re going to be much safer. But if you get rid of the account called admin, you’re going to be immune to this particular attack at least.

First thing to do, check if you’ve got an admin account. Go into your dashboard, select users> all users. You should see something a bit like this. (As ever, click to see it larger.)

As you can see, I do indeed have an admin account. It will have a strong password – we have a rule that passwords must be at least 8 characters with a mix of numbers, letters and characters. But I’ve decided we’re going to get rid of it anyway.

Step one – create a new administrator level account. If you’ve only got one email address to play with, you’re going to have to take it out of the existing admin account before you can create the new one. Make sure you give the new account a strong password that you can remember.

Step two – log in with the new account. Delete the existing admin account. You might be worrying about what will happen to posts associated with that account – don’t. You’ll get this dialog up with the choice of who to attribute them to. Pass them to your new user.

And there you go. You now have a wordpress installation without the admin account currently under attack across the internet.

Of course, that’s nowhere near the only thing you can do to protect your beloved blog/website, but it’s an excellent starting point. If you want to go into more detail, you might want to explore a security plugin like this one which will, among other things, allow you to rename the admin account without going through the process I’ve detailed here. And the other thing that’s important to do is keep your theme and plugins updated. Like I’m just about to.

If you’ve found this article helpful, please feel free to share it, and subscribe to my blog. Thanks for dropping by.