Sal Aguilar's Bilingual Adventures in IT

computers are easier to deal with than people

WordPress Administrado vs Alojamiento Compartido #WCSJO2018 — July 23, 2018

WordPress Administrado vs Alojamiento Compartido #WCSJO2018

El día de ayer, Domingo 22 de Julio del 2018, me uní a más de 700 personas para ser parte del tercer WordCamp de Costa Rica.  El evento estuvo super concurrido y con asistentes de Argentina, España, Estados Unidos, Guatemala, El Salvador y siempre miembros de la Comunidad WordPress de Nicaragua.

En esta última edición me tocó hablar sobre las diferencias entre el WordPress Administrado y el Alojamiento Compartido, abajo les dejo mi presentación

WordPress and admin-ajax.php — May 14, 2015

WordPress and admin-ajax.php

In past articles I have shared with you what I consider the Top 5 WordPress Plugins for Shared Hosting but I must admit that I forgot about this one. It  was only after assisting customers from Site5 that I remembered that I had forgotten to add this important plugin as it causes severe damage sometimes.

What is the admin-ajax.php on WordPress?

It’s called WordPress Heartbeat API and it’s used by WordPress to communicate between the web browser and the server, it’s used for tasks of user session management & auto saving.

In layman’s term is the file that allows WordPress to save automatically while we are writing posts or pages and other related tasks. It helps WordPress to keep track of what is happening on the Dashboard and for this the Wordpress Heartbeat API calls this file every 15 seconds to auto save posts, provide other useful information like what your fellow administrators and authors are working on at that moment.

Unfortunately, sometimes WordPress begins to send excessive requests to admin-ajax.php which can cause a high CPU usage and this is something you need to avoid specially if you are on shared hosting accounts. For instance leaving a web browser with WordPress Dashboard opened this could be a potential issue.

Continue reading

5 MUST HAVE Plugins for WordPress on Shared Hosting plans — April 16, 2015

5 MUST HAVE Plugins for WordPress on Shared Hosting plans

I’m back 🙂

This time I have over 7 months working for I have been able to interact with probably more than 1 thousand customers and helped them on their issues. Most of them have no HTML or Security expertise and are regular folks like you and me trying to get on the digital stairwell of the world wide web.

But when they install WordPress they forget about having to do some maintenance to it. Having a website whether is WordPress, Drupal, Joomla or any other CMS, requires some admin work as well. Having a website is like having a vehicle, it needs tuning, maintenance and gasoline, and off course you CAN NOT OVERLOAD the weight it can carry or you will take it down.

The same thing applies to WordPress, bugs are discovered, there are several Botnets that daily scan across the internet for websites running wordpress and then attempt thousands and thousands of login attempts where via wp-config.php or the gruesome xmlrpc.php. These are called BRUTE FORCE ATTACKS. Sucuri, a leading security provider, published a report on the XMLRPC attacks that you can read here.

So for all of you WordPress users I am writing this article from my perspective as a technical support specialist.

BulletProof Security

BulletProof Security

Just like your computer, your WordPress also needs a firewall service, and BulletProof Security from AIT-pro is just that. It works as a protection to disable unauthorized access and to block those script kiddies trying to brute force their way into your site. It implements security controls like:

  • .htaccess rules generation, to block IPs that have failed to login to wp-admin more than 3 times. Once the plugin detects an IP with several failed attempts, it adds it the .htaccess file so your Apache can block access to this particular offender.
  • It also logs and checks for HTTP errors, that why you might have someone trying crawl thru your website or scan for vulnerabilities; so you can also block them from snooping around.
  • It also creates backup databases and can even email them and schedule the generation and deletion of old backups.

This plugin has both a FREE version and a PRO (paid) version which you can see here.

Similar plugins or services: WordPress FirewallSucuri WordPress Security Plugin & Wordfence Security

Disable XML-RPC

As I stated previously one of the most recent ways to take down WordPress sites are done using the XML-RPC procedure. But you can simply download this plugin to disable that feature, then go to your wordpress admin console >> plugins and then enable the Disable XML-RPC plugin. And you are done!

You can validate that XML-RPC is disabled on the following web tool::

Similar plugins or services: Remove XMLRPC Pingback Ping

W3 Total Cache

Every single time you load a page from a WordPress based site, it does several queries to the database and process the PHP into plain HTML, all of that uses resources. And when you are using a shared hosting account, chances are that you have limited resources and you can get limited whether on CPU, Memory or PHP Process like we do on Site5.

The cache layer is a very important one, because it reduces the usage of CPU, Memory and queries to MySQL. The plugin create a static copy of your site, so instead of having wordpress to perform the same task over and over again, it creates a cache of the files and contents and set a expiration or TTL time on that, which will tell the script to try to fetch a new copy of the site every given time.

Download it here

Similar plugins or services: WP Super Cache & CloudFlare.

WP Cron Control

Let me first start explaining that on the Linux world, a CRON is a scheduled task that runs every certain tab depending on the scheduling setup by a person.

This plugin allows you to take control over the execution of cron jobs. It’s mainly useful for sites that either don’t get enough comments to ensure a frequent execution of wp-cron or for sites where the execution of cron via regular methods can cause race conditions resulting in multiple execution of wp-cron at the same time. It can also help when you run into posts that missed their schedule.

Download it here.

Similar plugins and services: WP Control & Advanced Cron Manager

Google XML Sitemaps

Use this plugin to submit your WordPress site to Google’s Webmaster tools. This plugin will generate a special XML sitemap which will help search engines like Google, Bing, Yahoo and to better index your blog.

With such a sitemap, it’s much easier for the crawlers to see the complete structure of your site and retrieve it more efficiently. The plugin supports all kinds of WordPress generated pages as well as custom URLs. Additionally it notifies all major search engines every time you create a post about the new content.

Download it here.

And there you go folks, this is what I recommend folks to use on their site as basic pillars on which to build your awesome website. Hit me up if you have any comments or need some guidance, I’d be happy to lend you a hand.

Please don’t forget to share this article on your social media and other websites 🙂

%d bloggers like this: