Sal Aguilar's Bilingual Adventures in IT

computers are easier to deal with than people

El Trabajo Remoto y yo — December 27, 2017

El Trabajo Remoto y yo


Ayer me decidí escribir algo corto que resulto crecer mucho más de lo que pensé. Quería escribir sobre trabajo remoto en Nicaragua pero terminé contando mi historia, mis obstáculos y mi motivación.

Decidí también probar escribir en LinkedIN Pulse para probar el reach del mismo. Fue una bonita experiencia y escribir es algo que ayuda a quitarme estress e ideas locas de la cabeza para poder andar más liviano por la vida.

Lean mi historia aquí: https://www.linkedin.com/pulse/el-trabajo-remoto-y-yo-salvador-aguilar-l-i-o-n-/

También está este video de un conversatorio que hicimos sobre trabajo remoto hace algunos meses:

 

En WPNicaragua estamos buscando como hacer más charlas al respecto, incluso para el WordCamp Managua 2018, es posible que metamos una al respecto. 

¿Qué les parece?

What I’ve learned about people from providing support to WordPress Users — August 16, 2016

What I’ve learned about people from providing support to WordPress Users


WARNING: This is a rant. Read at your own discretion!

For the past 5 years my work has been focusing on WordPress, started a web development agency, then worked for mexican integrator, then moved to the web hosting world and now, at I work at a website security company called Sucuri.net.

It’s been a great ride and have managed to see several aspects from WordPress users, I have seen the n00bs, I have helped developers, I’ve crashed my head against the wall while working with Marketers and I have shouted to my computer while working with website owners who don’t want to do anything, but have everything fixed at the point of a click.

I wanted to write a fun article about the frustrations of providing support to WordPress users and below are some of the things I’ve learned:

People don’t read

WordPress is pretty well documented, any bug, issue can easily be resolved by doing a search on any search engine. But no, WordPress users rather call (wait online on hold music), email (expecting a response within 5 seconds after sending it) or chat (expecting the rep to solve everything with a single click).

In any of my previous jobs, I would get the customer email/ticket/chat, and I would try go gather as much information from the issue before start troubleshooting. Then I would check what the problem is, try to replicate myself, then analyze what might be causing it. If I was not very familiar with the issue a quick search online would be enough to find the issue. I would try to apply the patch/change suggested and if it would work would give the article to the customer for them to read and understand what happened. I would also provide a link with my suggestions on how to avoid the issue from happening. But the customer would come back a few days/weeks/months with the exact same problem, claiming the last person he talked to said it was solved but is still happening. Facepalm.

People sometimes don’t read, even when you ask them to because it would save them time and it would avoid them being hacked. But they do not read and do not want to be told to read. It worries me because I am a self taught IT guy, I love learning and trying stuff; I’m the kind of guy who can learn programming from YouTube or reading a book and hacking his way into things. It is so sad that some website owners can read entire books of marketing, Improve your SEO on Google and Pay Per Click Advertising, but they neglect to read a single page that will help them on protecting their brand, reputation and website.

If you are one of those, please, I beg you, read the links that your web advisor, web developer, security analyst, web hosting provider sent. And if you do not understand ask questions. We are here to help you, but we can’t do everything for you. Please help me so I can help you.

People don’t care about security

You can see that by the amount of websites that get blacklisted on Google each week. People just have websites done, they only care about being flashy, nice and have information there. I have not seen a customer on my web developer experience to ask about having a website secure and protected by hackers. They just don’t. You installed WordPress 4 years ago, and is working but suddenly, you have VIAGRA ads on your website and you see that a new administrator user has been added. You then get a call from a provider saying that they get a warning when they try to access your website. You then panick! You open Chrome and try to visit the website, and you too get the warning. You don’t know what is going on. You try to login to your WordPress using admin and 12345 as password and you see lots of pages and blog posts that you have not added. It is until then when you start thinking about security.

That story happens very often, it even happened to a colleague of mine in Sucuri. And it is until we make the mistake that we realize how easy was to take us down, and how easy would have been to prevent this from happening. You do not have to be a web expert or a security ninja to be able to have security put in place. You can opt for services like Sucuri, that provide a managed security service to protect your website. That way you can focus on your business and we will manage security and let you know of any issue that we see that requires your attention.

Visit Sucuri.net for more info!

People don’t care about what is under the hood

Customers pretty much just needs something that works and does the job. They don’t care if its WordPress or Joomla or Drupal. They don’t. They will trust the web agency or web advisor doing the work. Plus they would probably do a search online. They do not know about security, so it is the responsibility of the person or company doing their website to provide the proper guidance. Most of the cases they would choose WordPress over Drupal merely due to cost. They want the most BANG for the buck. And we can all relate to this.

However after the website is done, the customer must be advised that he needs to do maintenance to his website, which is just like a car, that needs some tune up to keep it working well, having all security updates in place to correct any vulnerability and make sure that his SEO and brand reputation is not harmed.

People blame 3rd parties instead

While working at Site5, I faced many customers that were angry because we didn’t stop the hackers from defacing his website. Which is funny to me and the perfect analogy I gave them, is like complaining to your land lord who rented you that house, when burglars break in and steal your stuff. Web hosting providers are responsible for the security of the servers, not for the security of the applications. They protect their servers from being accessed on their core, not on user accounts. I remember when Site5 started blocking IPs of people trying to access several times with the wrong FTP passwords, we had tidal waves of complains and just 1% of people really appreciated the security measure imposed.

In Sucuri, is a different story, people come with actual problems, websites infected with malware, hacked, or blacklisted and we need to help them. I work with customers and the first thing I need to clean a site is access to the website files, but many people do not know what an FTP account is and we provide them an explanation, and offer them to possibility of reading a tutorial on how to get the FTP account, or to simple give over his web hosting account login details so we can figure out the rest. At least 80% of the times, they would give you their web hosting account details, with the same passwords, and they do not change it after we use it. Which is very dangerous.

Once I am in, I have problem because some scripts are really really old, and they have tons of vulnerabilities, but upgrading them it causes hell, because it breaks plugins and themes, leaving most of the times the websites with the dreaded white screen of death. So I have to be careful about removing the infection. Reinstalling the specific WordPress version to make sure that we have clean core files. And finally checking the plugins and themes to advise which really need an update.

From time to time, cleaning malware breaks the functionality of a plugin or a feature of the website that I honestly overlook, and people come back reporting that, as a precaution we always take backups of everything we modify, so we can always roll back. Although there are very very rate times when the site was so infected and corrupted that the only choice is to update everything and we suggest to work with a developer or rebuilding the site and provide several suggestions on how to avoid this from happening again.

I try to do my best always, but sometimes, that is not enough. People whose website I’ve cleaned, do not read the suggestions, and get reinfected, and I am the one to blame for not doing my job right. Its like going to a physician because you had a cold after jogging under the rain, and after getting cured, go jogging under the rain again and then complain and blame the physician. We helped you, we cleaned the site, we told you how to avoid this from happening again. You didn’t listen or didn’t care and now we are to blame. But not worry, we will AGAIN, clean your site and AGAIN provide the suggestions hoping this time you will follow them.

That’s all folks!

These are a few of the things I’ve learned from working with people who have WordPress website around the world. Some have made me laugh, some have annoyed me at first, but from both I’ve learned and adapted my feedback to them so they can be better protected.

If you want to talk more about this, invite me for a beer and let’s hangout!

How websites get hacked? And WordPress meetup Managua — June 11, 2016

How websites get hacked? And WordPress meetup Managua


On May, I had the opportunity to participate on Desarrolladores WordPress Nicaragua (You can find them facebookmeetup ) monthly meetup.

Both my business partner and co-founder of SenorCoders.com and myself gave talks. While I talked about How Websites get Hacked, Kharron talked about Developing a Mobile App using WordPress as the backend.

My presentation was based out of the work that I do each day as part of the Remediation team in Sucuri. You can find my presentation here:

 

Special thanks to:

  • Daniel Gordon & Steven Hansen from Rain for sponsoring the venue, sodas and pizzas.
  • Tom Sepper @ Site5 for sponsoring the web hosting accounts

 

 

WordPress and admin-ajax.php — May 14, 2015

WordPress and admin-ajax.php


In past articles I have shared with you what I consider the Top 5 WordPress Plugins for Shared Hosting but I must admit that I forgot about this one. It  was only after assisting customers from Site5 that I remembered that I had forgotten to add this important plugin as it causes severe damage sometimes.

What is the admin-ajax.php on WordPress?

It’s called WordPress Heartbeat API and it’s used by WordPress to communicate between the web browser and the server, it’s used for tasks of user session management & auto saving.

In layman’s term is the file that allows WordPress to save automatically while we are writing posts or pages and other related tasks. It helps WordPress to keep track of what is happening on the Dashboard and for this the Wordpress Heartbeat API calls this file every 15 seconds to auto save posts, provide other useful information like what your fellow administrators and authors are working on at that moment.

Unfortunately, sometimes WordPress begins to send excessive requests to admin-ajax.php which can cause a high CPU usage and this is something you need to avoid specially if you are on shared hosting accounts. For instance leaving a web browser with WordPress Dashboard opened this could be a potential issue.

Continue reading

Lost your WordPress Administrator password? — February 3, 2015

Lost your WordPress Administrator password?


This happens a lot on the web hosting world:

  • clients loose their WordPress password
  • clients forget their WordPress Administrator username
  • clients setup an email and they no longer have access to it to do the password reset
  • WordPress of the client can’t send email notifications because its being blocked by the anti spam filters.

Before we start, I want to point out that this tutorial is done with the tools that Site5 provides. So this tutorial assumes that you have all the following:

  • Active Domain, subdomain or Temporary URL (extremely necessary)
  • Active Site5 Web hosting account
  • Backstage access
  • SiteAdmin or cPanel access
  • WordPress previously installed
  1. Find what is the database name of your WordPress installation.
    • Via FTP or File Manager go to your the folder where you installed WordPress, for example to /home/username/public_html/ and look for the file wp-config.php (select the file and then click on the edit button of the File Manager toolbar) and look for these lines:
      /** The name of the database for WordPress */
      define(‘DB_NAME’, ‘example_wp355’);Where example_wp355 is your database name.File Manager
  2. Go to your Backstage >> SiteAdmin >> Databases >> PHPMyAdminphpMyAdmin
  3. Look for the example_wp355 database, and then for table wp_usersphpMyAdmin

Once that you are on the wp_users table, you should see all the username details. On this particular case I only have one user that is admin as you can see on the screenshot below:

admin user

  1. Now to change the password, click on the Edit button for the username that you want to modify.
  2. On the new screen you will be able to edit all the details of that username, but on this particular case we ONLY care to change the password. So go to the user_pass field, click on the dropdown and select MD5 and on the input field next to it, simply type the password that you want to set. Once you are finished, click on the Go button.change_wordpress_password

And that is all, now you should be able to login to your WordPress with the password we recently set for that account. If you need assistance, let me know on my contact me page.

Below are more resources regarding password resets:

FileZilla and cPanel based servers – the issue and solution — January 24, 2015

FileZilla and cPanel based servers – the issue and solution


As I have shared in past blog posts, I currently work for Site5.com and as part of my job I help customers from the over 6 million websites hosted to solve some issues. Recently one of the most used FTP applications, FileZilla, was updated. Unfortunately this new version literally broke the ability to connect to their FTP for many users of cPanel based hosting such as Site5.com. So I am doing this post as a tutorial to try to help all those people who are facing this exact same issue with their providers and FileZilla.

What is the error?

After connecting to the FTP server the connection times out. So you can’t get the directory listing no matter if you are on passive or normal mode.

Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx)
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing

What the hell caused this error?

Hey, Don’t look at me! It’s FileZilla‘s fault. Starting on version 3.10 (read filezilla realease notes), FTP over TLS is now used by default way of connecting. So… what is FTP over TLS you might be asking yourself while scratching your head. Well you are in luck that I’m going to briefly explain it for you. FTP over TLS, or FTP Secure or FTPS, is nothing more than FTP with encryption that uses Transport Layer Security (TLS) to protect the communication between you and the FTP server. This way even if you are in your favorite coffee shop transferring files to your website, the hacker that is there for the past 4 hours scanning & snooping the WiFi network for passwords, will not be able to easily see which username/password you are using, since all the communication between you and the server is encrypted. But for some reason up this moment, unknown for me, the connection times out when trying to setup the communication between both parties. Sorry folks!

How can I solve this?

The solution is ridiculously simple, and it was given on the release notes for that same FileZilla release which states this (literally):

FTP over TLS is now used by default if the server supports it. Use of plain FTP can be enforced for a server in the Site Manager

So this means that you need to:

  1. Go to your FileZilla client
  2. Go to Site Manager
  3. And setup your connection to your FTP following the example below:

FileZilla - SiteManager Where you will replace yourdomain.com with the actual domain or hostname or IP of the server that you are trying to connect to. It is VERY IMPORTANT that you set Encryption to ONLY USE PLAIN FTP (INSECURE), other wise it will not work. The username name should be following that pattern ONLY if its a FTP username created on your cPanel’s FTP Account module. If the username that you have is the cPanel username, then you can only use the username without the @domain.com part. Setting up your FileZilla this way will guarantee that you connect without issues to the server and it will also save the configuration for the next time that you want to connect. It’s easy, go ahead and try it yourself! If you guys need further assistance, feel free to comment below or use my contact page to drop me a note. Have a great FTP UPLOADING experience!

6 months working for WWWH — January 7, 2015

6 months working for WWWH


It seems really fast how this 6 months flied by. Before joining the amazing, 100% remote team of WWWH, I was working for a pretty fast paced web development firm based out from Monterrey, Mexico called Iliux. I made the switch since I have been wanting to work for WWWH for about two years but timing was never there.

WWWH

I had been using their reseller services and shared hosting services of one of their brands, Site5.com, for the past 6 years and I was really in love with their service and their support. Its was thru them that I met cPanel, and learned how to use it and started providing support for other customers when I became I reseller with a venture I started named Top Host LLC.

I can say now after some months I have learned a lot from how cPanel infrastructure work and I have improved my troubleshooting skills for web errors (Apache, PHP, WordPress, etc) and usual errors that Site5.com customers face on a daily basis.

What the future holds ? Well I’m really looking forward to my 6 months performance review to set a road map so I can keep growing within the company while keep providing awesome support to all of WWWH & Site5.com customers.

Site5

The company is so incredibly growing that we are always looking for staff members to join this 100% remote workforce company, so if you’d like to work from home, this is your opportunity be sure to visit our careers page.

So what can you expect of my blog and my posts? Well I will be posting some cPanel information based on my experience with customers, will be creating small tutorials on how to fix things with WordPress, Google Apps, git, ruby, etc.

If you’d like me to post something specific, be sure to drop me a note via my contact me page.

That is all for now folks!

%d bloggers like this: