Sal Aguilar's Bilingual Adventures in IT

computers are easier to deal with than people vs – An Idiot’s Guide — February 6, 2016 vs – An Idiot’s Guide


For you that are starting with WordPress and you are trying this on your own, let me help you on clarifying this:

WordPress is a Content Management System (CMS) that is built on PHP (one of the most popular programming languages, see for more info) and using MySQL as the database to store your user info, settings, posts and other information.

The company that developed WordPress is Automatic, they are the ones that coordinate the development of WordPress. And have made (and acquired) other popular WordPress plugins such as bbPress, BuddyPress, Jetpack, etc.

As many open software companies, they created a community version of WordPress which is open source and whose source code is hosted on GitHub and they made a commercial service that provides a hosted WordPress service that has both FREE and PAID plans. The service

For novice (n00b) users, I strongly suggest that they start experimenting with which already comes with many of the features someone would need to start a blog or website. You would get familiarized with the setting and would probably fall in love with Calypso which is backend GUI. Since the service is free and already comes with SSL, you would not have to worry about hacks, or performance, or security like you would do when you are using the open source version.

Sites like CNN, Time, UPS, Chrysler and NBC run on WordPress VIP, which is a paid version of WordPress that is made to provide the highest quality of service, no wonder why the pricing starts at USD 5,000 a month (Five Thousand US Dollars).

The FREE version of is limited. Well if it’s free it has to have some limits don’t you think? Well, at least I do. So what are the limits:

The limitations of

  • Limited availability of plugins. Only a small list of preapproved plugins.
  • Limited availability of themes.
  • You can’t edit the themes much.
  • You can’t run or place Ads on any site you create here.

The awesomeness of

  • Works straight up. No much setup needed.
  • It comes with FREE SSL (Wildcard SSL *
  • No SysAdmin work needed: security, upgrade, performance, everything is managed by them.
  • Callypso is so much cooler.
  • Built In stats
  • Social Media syndication

What’s the ideal usage for

If you want to run a blog and only want to care about writing contents, with limited features and you do not want to worry about server & software maintenance. Or big companies with lots of cash, who need dedicated and professional hosting and support for their highly visited websites. The software is where the software that is the core of lives. The difference is that is not an integrated platform, but a software that you can install on any server as long as it can interpret PHP nad have a MySQL database.

WordPress is pretty extendable and is sitting on 25% of all websites in the world. People have build business websites, helpdesks, knowledge bases, ecommerce stores and even social networking sites with it. Since it’s FREE, and you have thousands and thousands of both themes and plugins, is pretty popular amongst developers and non-IT folks.

The limitations of

  • It requires a lot of things and concepts to be learned: php, mysql, etc.
  • It does not come with a good security protection from scratch
  • It requires constant upgrading and sometimes this results on broken themes and plugins.
  • Has a lot of XSS Cross site Scripting exploits
  • Common target of hackers and script kiddies

The awesomeness of

  • Since its open source, you can use it however you like & customize it
  • It has thousands and thousands of plugins and themes available
  • Its easier to get assistance on than
  • It can be used to build almost every type of website.

What’s the ideal usage for

A web designer or business owner that wants a tool for his business to use for sales (ecommerce, product catalog, services showdown, etc), marketing or other things like CRM and even social media. Someone looking for incredible flexibility and easy to change.


If you basically want an easy way to publish your stuff online, then go with But if you have a vision and would like way more flexibility, and be able to upload custom plugins, then I definitely suggest you go with

What about you guys ? What is another difference between them?

Happy 2016 & update WordPress! — January 8, 2016

Happy 2016 & update WordPress!

It’s January, it’s 2016. If your site survived the holidays without going down or getting hacked, Congratulations!

If you are not aware WordPress recently released an update, which honestly is just a maintenance and security update to fix 52 bugs from WordPress 4.4 aka Clifford which was released on December 2015.

So if you want to keep your WordPress secure quickly run to your site WordPress Admin and then update it. But wait!!! Do you have a backup ? If not then do it RIGHT NOW before it’s too late.


So what is coming up on this blog? Well I do have a few ideas about articles to post on the future, some of my rough drafts are:

  • vs – an idiots guide!
  • BulletProof Security vs Wordfence
  • W3 Total Cache with CloudFront – an easy guide
  • W3 Total Cache with Memcache – simple steps
  • Debugging on WordPress

I’m also exploring other topics, if you have any suggestion, drop me a note or comment below.

By the way, we are close to officially launch Señ this year and we do have a couple of projects to finish before we do the launch party! So if you need professional WordPress support and implementation, contact me or contact If you refer my blog you would get a special discount from yours truly!

Overcoming the WordPress’ white screen of death — November 18, 2015

Overcoming the WordPress’ white screen of death

Yesterday’s incident with La Prensa Nicaragua reminded me that I wanted to write about this 6 months ago. So I took some time and wrote this up. I really hope this helps someone.

If you have ever played with WordPress, plugins and themes a bit, it is very likely that you have faced the dreadful white screen of death. This can be very frustrating and even irritating if you do not know where to look for clues. So below I’m sharing a few tips for what I normally do on these cases.

Option 1: Enabling WP_DEBUG on wp_config.php

The file named wp-config.php is where all the important settings are for your site are stored. You will find the database hostname, name, username and password for the MySQL instance that your site is using. But it also holds some other very important features, and one of them is the one we need to enable with the following line:

define( 'WP_DEBUG', true );

By default your wp-config.php comes with this setting set to false, just change it to true to enable the debugging feature. Once the debugging mode is enabled, your wordpress instance will now show you on screen all the errors from themes and plugins.

You can alternatively also enable the feature for wordpress to write a log of all the errors and not show them on screen; this is especially handy if you are debugging on a production environment and you do not want the visitors to notice the errors. You do that adding the following code to the file:

// Enable WP_DEBUG mode
define('WP_DEBUG', true);

// Enable logging to the /wp-content/debug.log file
define('WP_DEBUG_LOG', true);

// Disable display of errors and warnings 
define('WP_DEBUG_DISPLAY', false);

Once you have added this to the wp-config.php file, you can check all the error messages of your site on the file located on /wp-content/debug.log. You can now find what is the error that you are getting and start fixing it.

Option 2: Troubleshoot with a plugin

If you search on the WordPress’ Plugin repository you will find that there are several plugins that help you on your troubleshooting tasks. So if you still have access to the WordPress Dashboard, then you use any of the plugins.

To start up with I suggest you try one of these plugins:

If you are running a Multisite instance of WordPress, then I suggest you use a plugin that was done specifically for networks and super admins, and is called Debug This.

I suggest you try them and based on your preferences you pick your favorite and start finding all the errors.

Option 3: Check the Error log on your web hosting Control Panel

This works if you are using whether cPanel or Plesk.

cPanel instructions

On your cPanel go to Logs and then Error Log.

Plesk instructions

Go to Files, then on the left side select the Logs folder, and then scroll down to find the file named error_log.

For other web hosting control panels, you would have to do an online search to find the proper instructions where to find the error log. The same it goes if you are using a Linux instance without any control panel. Please look for your linux distribution to find the error log of the web server (either Apache or NGINX).

Other things you can do

Disable plugins

Sometimes upgrading the plugins can break your site. It sucks but its true. So you can simply disable any of them by renaming the folder of the plugin to something else.

A radical measure its just to rename the entire plugin directory (/wp-content/plugins/)

Disable the themes

Yup, even some themes have caused the White Screen of Death many times. Easiesy way to disable it, just like with plugins is to rename the theme folder (/wp-content/themes/yourtheme).

You can also go to the MySQL database for this wordpress website, and look for the table wp_options, and change the theme to one of the builtin themes like twenty fifthteen, twenty fourteen & twenty thirdteen.

.htaccess issues

This is another of the most common issues, faulty rules on .htaccess. It can be a wrong rewrite, redirect or even a wrong add directive.

The good news is that errors caused by .htaccess are visible on your error_log. You can find that file based on your system configuration (cPanel, Plesk, Linux, Windows, etc).

Be sure to check Apache’s documentation for .htaccess. Or simply grab a clean version of the htaccess from WordPress’ Codex and backup the one you have for security purposes. Using the clean version of .htaccess will most likely solve the errors if you do not have time to troubleshoot and need the site back online asap.

If you want me to lend you a hand, contact me so we can take a look at your issue.

La Prensa is back and it’s new — November 17, 2015

La Prensa is back and it’s new

Yup, the issues from yesterday were due to a change of providers.

DOAP is no longer managing the infrastructure and web services for them. They are now running it themselves.

What happened?

After 12 months of several issues with their provider, a slow website with a lot of issues, poor UI/UX, they decided to change.

  1. They kept WordPress but developed a theme in-house.
  2. They also kept AWS EC2 and are trying to implement CloudFront again.
  3. The developers were pushed/rushed into deploying the version that was scheduled for January due to the long list of issues with the previous provider.
  4. The site was not complete so there are still some bugs which the local Developer Community in Facebook is trying to report so they can fix it asap.


  1. Rushed development and deployment often come with a lot of bugs. But it’s better done than perfect.
  2. Better UI/UX this time and I only hope it gets better and gets to the high standard that El Nuevo Diario has set due to the awesome team of KronosCode.
  3. There are still a lot of bugs that have been inherited from the previous provider. They are still trying to patch things up.
  4. They really really need the caching layer, or they are going to pay a lot of money with a higher amount of EC2 instances.
  5. Some security measures are needed. Disable XMLRPC and protect wp-admin.
  6. Ah by the way their small sister site was also updated.
La Prensa Nicaragua is Down! —

La Prensa Nicaragua is Down!

Yes! Many users have reported constant errors and the horrible horrible WordPress White Screen of Death.

Some background about La Prensa

  • La Prensa is one of the biggest newspaper in the Nicaragua.
  • It runs on Worpdress. Previously to running on WordPress it ran on a custom CMS
  • It runs on AWS with EC2 instances and RDS databases.
  • It uses AWS CloudFront for cache service.

Below we are going to break down more info!

La Prensa’s core: WordPress

Yes, as you can see on the site itself runs on WordPress, we do not know which version as it is hidden for security purposes. What I do know about it is that is running on a WordPress Multisite edition.

We do know it also uses Contact 7 & a Flip book plugin for image Gallery.

A good thing that I noticed is that they have XML-RPC disabled, if you have been reading my blog, on previous articles I have stated that is is an important security fix to disable this feature to avoid bruteforce attacks.


La Prensa runs on Amazon Web Services (AWS)

Yes, let’s see the facts:

Name Servers – Amazon Route 53

Run this command on your terminal:

dig ns

and you will get this (or something similar): 160353 IN NS 160353 IN NS 160353 IN NS 160353 IN NS

Those nameservers are AWS Route 53 Nameservers. See more about AWS Route 53.

www A records

Then the next step is to determine where the is pointed at, so you go to your terminal again and run this command:


And you will get a similar output to the one below: 60 IN A 60 IN A

Now to know who that IP belongs to we can run the following command:


# ARIN WHOIS data and services are subject to the Terms of Use
# available at:
# If you see inaccuracies in the results, please report at
# Query terms are ambiguous.  The query is assumed to be:
#     "n"
# Use "?" to get help.
# The following results may also be obtained via:
NetRange: -
NetName:        AMAZON
NetHandle:      NET-54-144-0-0-1
Parent:         NET54 (NET-54-0-0-0-0)
NetType:        Direct Allocation
Organization:   Amazon Technologies Inc. (AT-88-Z)
RegDate:        2014-10-23
Updated:        2014-11-13
OrgName:        Amazon Technologies Inc.
OrgId:          AT-88-Z
Address:        410 Terry Ave N.
City:           Seattle
StateProv:      WA
PostalCode:     98109
Country:        US
RegDate:        2011-12-08
Updated:        2014-10-20
Comment:        All abuse reports MUST include:
Comment:        * src IP
Comment:        * dest IP (your IP)
Comment:        * dest port
Comment:        * Accurate date/timestamp and timezone of activity
Comment:        * Intensity/frequency (short log extracts)
Comment:        * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
OrgTechHandle: ANO24-ARIN
OrgTechName:   Amazon EC2 Network Operations
OrgTechPhone:  +1-206-266-4064
OrgNOCName:   Amazon AWS Network Operations
OrgNOCPhone:  +1-206-266-2187
OrgAbuseHandle: AEA8-ARIN
OrgAbuseName:   Amazon EC2 Abuse
OrgAbusePhone:  +1-206-266-4064
# ARIN WHOIS data and services are subject to the Terms of Use
# available at:
# If you see inaccuracies in the results, please report at

As you can see based on the all the facts, La Prensa Nicaragua is indeed in AWS.

La Prensa is cached by AWS CloudFront

After doing a quick review of the site’s source I found that it was using CloudFront using the following CNAMEs:


They are all CNAME’s for 

But even with CloudFront enabled we (and I mean Nicaraguans) have seen the site go down several times lately. There is something fishy right there.


  1. Due to the fact that this is a site with a lot of traffic. Which means that it probably takes 2 Million hits a month, I do think that the wp-login.php should either be changed/renamed/moved or that a security plugin should be implemented to limit the login attempts. I tried to login more than 10 times without getting not even a warning. This obviously leaves the door opened for someone to do a script that does a lot of HTTP POSTS to this file to try to authenticate.Some options are:

    – WordPress Limit Attempts by Johanee
    Bullet Proof Protection by AITpro
    Wordfence Security by Wordfence


  2. Improve the UI/UX. Clearly on this El Nuevo Diario is a huge winner by far.

What do you guys think I missed ?

WordPress and admin-ajax.php — May 14, 2015

WordPress and admin-ajax.php

In past articles I have shared with you what I consider the Top 5 WordPress Plugins for Shared Hosting but I must admit that I forgot about this one. It  was only after assisting customers from Site5 that I remembered that I had forgotten to add this important plugin as it causes severe damage sometimes.

What is the admin-ajax.php on WordPress?

It’s called WordPress Heartbeat API and it’s used by WordPress to communicate between the web browser and the server, it’s used for tasks of user session management & auto saving.

In layman’s term is the file that allows WordPress to save automatically while we are writing posts or pages and other related tasks. It helps WordPress to keep track of what is happening on the Dashboard and for this the Wordpress Heartbeat API calls this file every 15 seconds to auto save posts, provide other useful information like what your fellow administrators and authors are working on at that moment.

Unfortunately, sometimes WordPress begins to send excessive requests to admin-ajax.php which can cause a high CPU usage and this is something you need to avoid specially if you are on shared hosting accounts. For instance leaving a web browser with WordPress Dashboard opened this could be a potential issue.

Continue reading

WordPress Plugin Vulnerabilities — May 12, 2015

WordPress Plugin Vulnerabilities

This is for all of you WordPress users. Recently a lot of vulnerabilities were discovered which allow hackers and script kiddies to have access to your website if you are running outdated versions of all the following plugins:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

The above plugins have already been updated by their developers to fix the issue so we strongly recommend logging into your WordPress admin panel and updating these as well any other plugins that are installed.

What can you do?

UPDATE WordPress

Yup! Get your WordPress to the latest latest version available. Go here to know what the latest version of WordPress is the one that was recently released ->

UPDATE Plugins

Go to your WP-ADMIN Dashboard and then to plugins and update all the ones that are outdated. Please note that this will probably cause some features to break, but its better to fix this than to get hacked and get your domain or server blacklisted. Preventive maintenance it’s ten times better than corrective maintenance. At least that is what my mother taught me.

REMOVE Plugins

If any of the plugins listed above is on your WordPress and it does not have a recent update less than 2 weeks ago (please note that today is May 12th 2015), remove it. It’s better be safe than sorry.

Also cut all the fat, and remove all the plugins that you are not using, even if you have them disabled it’s just safer to remove them for good. Bye, CIAO, ADIOS!!!

Say no to cracked or nulled Plugins and Themes

I know the idea of not paying for software might be appealing to you.. However I suggest to not be cheap when it comes to this, as it’s more often that these types of warez have some sort of injected code which will allow other to get access to your account and use it to run commands on your account remotely.

So do not be a part of the next DDoS attack or SPAM source. Pay for your plugins and themes, below are some great places to purchase your WordPress Themes and Plugins:

For Themes

For Plugins -> Code Canyon By Envato

Further reading

For more information about this vulnerability, please visit the following link:

5 MUST HAVE Plugins for WordPress on Shared Hosting plans — April 16, 2015

5 MUST HAVE Plugins for WordPress on Shared Hosting plans

I’m back 🙂

This time I have over 7 months working for I have been able to interact with probably more than 1 thousand customers and helped them on their issues. Most of them have no HTML or Security expertise and are regular folks like you and me trying to get on the digital stairwell of the world wide web.

But when they install WordPress they forget about having to do some maintenance to it. Having a website whether is WordPress, Drupal, Joomla or any other CMS, requires some admin work as well. Having a website is like having a vehicle, it needs tuning, maintenance and gasoline, and off course you CAN NOT OVERLOAD the weight it can carry or you will take it down.

The same thing applies to WordPress, bugs are discovered, there are several Botnets that daily scan across the internet for websites running wordpress and then attempt thousands and thousands of login attempts where via wp-config.php or the gruesome xmlrpc.php. These are called BRUTE FORCE ATTACKS. Sucuri, a leading security provider, published a report on the XMLRPC attacks that you can read here.

So for all of you WordPress users I am writing this article from my perspective as a technical support specialist.

BulletProof Security

BulletProof Security

Just like your computer, your WordPress also needs a firewall service, and BulletProof Security from AIT-pro is just that. It works as a protection to disable unauthorized access and to block those script kiddies trying to brute force their way into your site. It implements security controls like:

  • .htaccess rules generation, to block IPs that have failed to login to wp-admin more than 3 times. Once the plugin detects an IP with several failed attempts, it adds it the .htaccess file so your Apache can block access to this particular offender.
  • It also logs and checks for HTTP errors, that why you might have someone trying crawl thru your website or scan for vulnerabilities; so you can also block them from snooping around.
  • It also creates backup databases and can even email them and schedule the generation and deletion of old backups.

This plugin has both a FREE version and a PRO (paid) version which you can see here.

Similar plugins or services: WordPress FirewallSucuri WordPress Security Plugin & Wordfence Security

Disable XML-RPC

As I stated previously one of the most recent ways to take down WordPress sites are done using the XML-RPC procedure. But you can simply download this plugin to disable that feature, then go to your wordpress admin console >> plugins and then enable the Disable XML-RPC plugin. And you are done!

You can validate that XML-RPC is disabled on the following web tool::

Similar plugins or services: Remove XMLRPC Pingback Ping

W3 Total Cache

Every single time you load a page from a WordPress based site, it does several queries to the database and process the PHP into plain HTML, all of that uses resources. And when you are using a shared hosting account, chances are that you have limited resources and you can get limited whether on CPU, Memory or PHP Process like we do on Site5.

The cache layer is a very important one, because it reduces the usage of CPU, Memory and queries to MySQL. The plugin create a static copy of your site, so instead of having wordpress to perform the same task over and over again, it creates a cache of the files and contents and set a expiration or TTL time on that, which will tell the script to try to fetch a new copy of the site every given time.

Download it here

Similar plugins or services: WP Super Cache & CloudFlare.

WP Cron Control

Let me first start explaining that on the Linux world, a CRON is a scheduled task that runs every certain tab depending on the scheduling setup by a person.

This plugin allows you to take control over the execution of cron jobs. It’s mainly useful for sites that either don’t get enough comments to ensure a frequent execution of wp-cron or for sites where the execution of cron via regular methods can cause race conditions resulting in multiple execution of wp-cron at the same time. It can also help when you run into posts that missed their schedule.

Download it here.

Similar plugins and services: WP Control & Advanced Cron Manager

Google XML Sitemaps

Use this plugin to submit your WordPress site to Google’s Webmaster tools. This plugin will generate a special XML sitemap which will help search engines like Google, Bing, Yahoo and to better index your blog.

With such a sitemap, it’s much easier for the crawlers to see the complete structure of your site and retrieve it more efficiently. The plugin supports all kinds of WordPress generated pages as well as custom URLs. Additionally it notifies all major search engines every time you create a post about the new content.

Download it here.

And there you go folks, this is what I recommend folks to use on their site as basic pillars on which to build your awesome website. Hit me up if you have any comments or need some guidance, I’d be happy to lend you a hand.

Please don’t forget to share this article on your social media and other websites 🙂

Lost your WordPress Administrator password? — February 3, 2015

Lost your WordPress Administrator password?

This happens a lot on the web hosting world:

  • clients loose their WordPress password
  • clients forget their WordPress Administrator username
  • clients setup an email and they no longer have access to it to do the password reset
  • WordPress of the client can’t send email notifications because its being blocked by the anti spam filters.

Before we start, I want to point out that this tutorial is done with the tools that Site5 provides. So this tutorial assumes that you have all the following:

  • Active Domain, subdomain or Temporary URL (extremely necessary)
  • Active Site5 Web hosting account
  • Backstage access
  • SiteAdmin or cPanel access
  • WordPress previously installed
  1. Find what is the database name of your WordPress installation.
    • Via FTP or File Manager go to your the folder where you installed WordPress, for example to /home/username/public_html/ and look for the file wp-config.php (select the file and then click on the edit button of the File Manager toolbar) and look for these lines:
      /** The name of the database for WordPress */
      define(‘DB_NAME’, ‘example_wp355’);Where example_wp355 is your database name.File Manager
  2. Go to your Backstage >> SiteAdmin >> Databases >> PHPMyAdminphpMyAdmin
  3. Look for the example_wp355 database, and then for table wp_usersphpMyAdmin

Once that you are on the wp_users table, you should see all the username details. On this particular case I only have one user that is admin as you can see on the screenshot below:

admin user

  1. Now to change the password, click on the Edit button for the username that you want to modify.
  2. On the new screen you will be able to edit all the details of that username, but on this particular case we ONLY care to change the password. So go to the user_pass field, click on the dropdown and select MD5 and on the input field next to it, simply type the password that you want to set. Once you are finished, click on the Go button.change_wordpress_password

And that is all, now you should be able to login to your WordPress with the password we recently set for that account. If you need assistance, let me know on my contact me page.

Below are more resources regarding password resets:

%d bloggers like this: