We’re pleased to announce that, just like every month, we smashed our 99.9% uptime guarantee in October achieving an awesome 99.97% – 100% next month?!
We’ve recently been plagued with a number of hacking and spamming events caused by WordPress installations. Or, more accurately, out-of-date WordPress installations.
As great a piece of software as WordPress is, if it’s not kept up-to-date with the latest releases and security patches then it becomes a magnet for even the most amateur hacker. Scripts such as xmlrpc.php can be easily manipulated to send out large amounts of spam. You may not think this is an issue for you personally but if just one of those spam messages hits a spam trap, then the server’s IP address is blacklisted and other users will find they’re unable to send mail.
We’re not having a go at WordPress here. It’s a great piece of software and there’s a reason it’s the world’s most popular blogging platform, however you cannot simply install it and forget about it. It MUST be kept up-to-date. This issue is not restricted to WordPress of course – it affects any PHP software running on your server – WordPress is just more of a target due to the volume of installations out there.
There are many tools freely available that can ‘lock-down’ your WordPress installation – one we’ve played with ourselves is:
It’s a WordPress plugin that’s available free, very easy to install and provides a run-down of the things you should do once you’ve installed WordPress (such as disabling the dreaded xmlrpc.php!)
There are server wide settings we can employ that will help stop some of these attacks however they also restrict genuine functionality which then causes more issues.
Our monitoring systems have detected problems with a PDU (Power Distribution Unit) that supplies critical load to the network access switch which in turn provides connectivity to server12.simplewebserver.co.uk.
Although load is currently being sustained, the intelligent management of this unit is impaired and it is likely that in the near future this may become service affecting.
Due to this, we are scheduling maintenance to replace this unit. During this maintenance it will be necessary to power down the network switch for duration of the replacement process.
2015-03-31 23:00 (BST / GMT+1)
2014-03-31 00:00 (BST / GMT+1)
Complete connectivity outage for affected server of up to 10 minutes during the above window.
Our apologies for the inconvenience caused by this work, however please be assured it is necessary to complete.
WordPress is the most popular blogging software available powering more than 60 million websites. This of course means it’s open to the most abuse.
We’re finding more and more attacks on our servers are caused by exploits in the WordPress software – not through any fault of WordPress itself but the fault of end users who are not applying the numerous patches and security releases that WordPress distribute each year.
It’s essential that if you have WordPress installed on your hosting account that you keep it up-to-date constantly; the software can even do it itself if you configure it that way! Let me say that again. You must always keep up to date with the latest version of WordPress.
There are also a variety of security plugins available to help ‘harden’ your WordPress installation and we’d recommend these too.
Just to prove we’re still working hard to make sure your website is available to your customers, our uptime figures for November are in and we’ve scored an awesome 99.96% across our network.
Whilst we’re never happy when this doesn’t reach 100% we’re pretty confident we’ll be able to do that in December.