Keeping WordPress secure

RimuWordpressAccording to Wikipedia, "WordPress is the most popular blogging system in use on the Web, at more than 60 million websites."  It's also the most commonly installed blogging system on our customers' servers, and we use it to run the blog you're reading right now.

One factor that has contributed to WordPress 's popularity is its ease of installation.  And because it is so popular many themes, extensions and other add-ons are available, documentation and help resources abound, and an ecosystem of support companies has grown up around it.  These provide a positive feedback loop, helping to reinforce its popularity.

But as well as being easy to install and popular, it is also the most commonly exploited system we host.  That's because its popularity has led to increased interest from hackers, and also because the install defaults are not as secure as they could be.  If a hacker can leverage these weaknesses to crack a password for your site, they will often use it to send spam or distribute exploits designed to hack into other computers.  Even without cracking a password, many wordpress sites can be used to attack other sites.  If your WordPress system gets exploited you'll have the unenviable task of cleaning that up, made a bit easier thanks to Liz's restore wordpress script.

Secure WordPress in 5 easy steps

Continue reading

Posted in HOWTO, Rimuhosting, Security | Tagged , , , , | Leave a comment

Debian Squeeze (6) ends support – time to upgrade

openlogo-nd-100February 29th, 2016 marks the end of LTS Support for Debian Squeeze, which is still used by many of our customers.  This means that updates for known security issues will no longer be produced and over time, a server running this version will become vulnerable to being exploited.

Squeeze was released in 2011 and was our recommended distribution at the time, however if you're still running it now is the time to upgrade to a new version.  Wheezy (Debian 7), and Jessie (Debian 8) have been released since then.  Debian is known for having a relatively easy in-place upgrade system, compared to other distributions.  However, there are still potential problems with any upgrade, so be prepared to fix up configuration problems that might prevent your server from operating properly after the upgrade.

Continue reading

Posted in HOWTO, Rimuhosting, Security | Tagged , , | Leave a comment

VM hosting now available at NextDC in Sydney

Screen Shot 2016-01-13 at 2.45.32 PMWe are happy to announce we are now offering VM hosting out of the NextDC facility in Sydney!   Some highlights:

  • Uptime Institute Tier III certification.
  • N+1 power and cooling.
  • Hot and cold aisles for peak cooling power efficiency.
  • Cardboard- (and dust-) free data halls.
  • Locked cabinets.
  • Inert gas fire suppressant.
  • Financially stable, publicly listed data center company.
  • Fenced, secure bio-metric entry, 24x7 staffed and CCTV.
  • Host servers are all latest generation dual processor Intel E5 servers with 128GB of DDR4 memory and blazing fast SSD storage.
  • Reliable, fast and affordable data transfer (from 0.07AUD/GB)

Pricing from around AUD 35/m.  Order (or price up) a Sydney VM here.

Continue reading

Posted in Rimuhosting | Tagged , , | Leave a comment

Don’t let the OOM killer stop MySQL

MySQLMany of our customers are successfully using MySQL (or MariaDB) databases on their servers, and they usually run fine as installed and do not need any special attention. However, occasionally problems can occur with MySQL, and this may indicate that some manual tuning is required. One scenario is when the system is short of memory, sometimes MySQL will be killed by the system since MySQL can be a big memory user. Continue reading

Posted in HOWTO, Rimuhosting | Tagged , , | 1 Comment

Using Vagrant to Manage Rimu VPS systems

Vagrant is high level wrapper around virtualization and configuration management
software. It simplifies the creation and management of easily reproduceable
environments. It is particularly suited for development and test enviroments
where servers are brought up and down frequently. It can also be used to bootstrap
production systems.

It can be used with configuration management software such as salt, puppet, chef
and others to easily provision systems.

Many software projects now ship a Vagrantfile which allows their users to quickly
setup and test the software using Vagrant.

Continue reading

Posted in HOWTO, Rimuhosting | Tagged , , , , | Leave a comment

WordPress + nginx quick setup

wordpress-logo-notext-rgbWordPress is a very popular blogging platform. We have a number of posts on how to set it up and keep it up to date on here already. In general those methods focus on deploying under the Apache web server.

Recently we were pointed to a scripted method developed by they guys at rtcamp.com. They have a bunch of python scripts that have developed into a pretty neat tool-set for fast easy WordPress setup under Nginx.

You can use an existing mysql database service or let the tool install the latest version of the high performance mariadb database.

EasyEngine also configures email so you can get all those useful notices from your new wordpress install. And sets up basic security to help you get started with confidence.

It includes change control using git, which should be very handy for developers. And implements a built in backup function (ee site backup) and the ability to update wordpress from the command line.

Continue reading

Posted in HOWTO | Tagged , , , | Leave a comment

Credit card processor change

4442855985_235331b281_oFYI our original credit card processor (WorldPay) has pulled out of the New Zealand market.  We are now using a different credit card processor (BNZ).

You may find that the transaction description that appears on your CC statement is slightly different.  It should still clearly identify the payment as being to RimuHosting (including for customers of our other services, like LaunchtimeVPS Zonomi DNS Hosting, Bakop, Pingability and 25 Mail St

The new processor provides more detailed 'declined' error messages.  Which should make resolving any payment issues a little easier.

We continue to be able to charge in USD, AUD, EUR, GBP and NZD.  Some credit card issuers are adding on fees for USD transactions on USD accounts if the credit card processor is overseas.  If you see any extra fees please do let know the details.  It would be good to know which card issuers are guilty of this practice and what they are charging.

Image credit: gdsdigital

Posted in Rimuhosting | Leave a comment

Running Vagrant in your VPS

vagrantVagrant is often used to set up development environments in a standardized way, so that your software project deployed via vagrant has a standard environment with all the operating system components and set-up it needs to work properly. It creates a virtual machine to provide this environment, so that different developers can work on it without needing to reconfigure their workstations to the requirements of the application.

If you want to use vagrant on a rimu server, you'll have no problems with a rimuhosting dedicated server. However, if the project budget doesn't stretch that far yet, what other options do you have? Normally you can't create virtual machines on your ri.mu VPS, because it's a virtual machine itself, and currently virtual machines can't be nested inside other virtual machines. However, you can use Vagrant's docker provider, which uses linux containers to provide the virtual machine. This works because linux containers, unlike virtual machines, will run inside the XEN virtual machines that are used for ri.mu VPSs.

In this post, I show how to set up a Debian docker container with systemd and an ssh server, so we can ssh into it and it behaves like a regular VM. (This is not the "Docker way" of doing things, but it works well with Vagrant.) Continue reading

Posted in HOWTO, Rimuhosting | Tagged , , , | Leave a comment

Getting help

sandrThe following conversation plays out in our inbox and Live Chat a good few times a week.

In fact, you may have received a link to this post from one of those places.

If so, then the dialog below could be an easy way for you to better understand your situation and to get the quickest resolution to your problem...

"Is there a problem in $datacentername?"

There might be.  There are lots of servers and switches in each of the data centers we use.

A better opener might be something like "When I go to $someurl it says $something and instead it should be loading $suchandsuchapage".

Let us know:

  • what you are doing (URL you are on, command you are running, ...),
  • what you are seeing, and
  • what you expect to see.

Continue reading

Posted in Rimuhosting | Tagged | Leave a comment

Restoring an Exploited WordPress files

wordpress-hackedI previously had a 10 step process to replace all the files in a wordpress, this got rid of most file based exploits.

Since then i have written a shell script that pretty much incorperates that

wget http://blog.rimuhosting.com/files/restorewordpress.sh
chmod +x restorewordpress.sh
./restorewordpress.sh /full/path/to/documentroot

Note: This does not do custom themes or plugins (only ones from wordpress.com), and its a good idea to double check the wp-config.php is clean, either before, or immediately after doing this.

Please let me know if you have any issues at all with this script, or modifications needing to be made.

Posted in Featured, HOWTO | Tagged , , , , | Leave a comment