Posted at November 23, 2015 at 9:17 pm by Michael Lavrik
InterServer is proud to have sponsored WordCamp NYC 2015. The WordCamp conferences are unique in that they are all locally organized and cover a wide range of WordPress related topics. This local forum allows experts the ability to provide invaluable information and networking opportunities to designers, developers, business owners, and bloggers. The team at interServer was elated to have the opportunity support the WordPress community through our sponsorship of the event.
The conference took place from October 30th to November 1st, 2015 at the New York Marriott located at the Brooklyn Bridge which was widely recognized as a huge success.
The Halloween themed event was a great gathering for the community it was educational and informative while creating a fun and festive environment for everyone in attendance. We were especially impressed with this year’s lineup of presenters, all of whom we found to be enlightening. Whether newer users or seasoned WordPress experts, everyone benefited from this event
Some Fun Facts:
Several attendees asked us what compelled us to partake in WordCamp NYC and the answer was pretty simple our customers! At InterServer we help thousands of users set up their WordPress sites and keep them up and running smoothly 24 hours a day. We always take cues from our customers and when we received feedback that we should look into this sponsorship based upon our offering of fully managed WordPress hosting, we agreed and began our quest to join in on the fun.
Finally, from the entire team here at InterServer we would like to thank WordCamp NYC 2015 for the opportunity to sponsor such an exciting event. We would also like to thank all the speakers and presenters who shared their learnings and findings with all in attendance. We’re looking forward to next year’s conference and will continue to seek more sponsorships that will support the community.
Next up WordCamp U.S.A. in Philadelphia on 12/4/15 thru 12/6/15 see you there!
Posted at November 18, 2015 at 1:59 pm by admin
Most responsible website owners would never dream of creating phishing pages. Google actively searches the web for potential phishing and flags sites thought to host malicious pages. Some site owners wake up to a message in search that their site is flagged as a phishing portal. Honest site owners don’t know what’s considered phishing, so they panic and immediately try to have the site reviewed. Having your site flagged isn’t the end of the world, but you do need to clean up pages before you can have a successful review. A successful review removes the warning from Google search results, so it’s in imperative that you act fast. Here are the why, how, and what you can do to fix a phishing flag placed on your site.
Understand What Constitutes Phishing
You might not even know that your pages are considered phishing portals. The first thing to ask yourself is what pages could be considered phishing. The first red flag is a site that doesn’t use SSL or TLS on their web server but retrieves personal data. SSL (and now the newer TLS) are certificates you install on your web server. The certificates allow you to provide encryption between your site and client’s browser. SSL certificates provide your site with the ability to use HTTPS as the protocol, which protects against eavesdroppers.
Go through your pages and identify if any of them ask for personal information. If a user lands on your page using HTTP, he should be redirected to the HTTPS version of the page before entering private information.
Another possibility is how you process data. When you submit data from a web page form, it sends data either in a form POST or GET action. The GET action sends data in the browser’s querystring values. You’ve probably seen web pages with a question mark and variables appended at the end of the page name. Querystring values look like the following:
The querystring is everything after the question mark. In this example, a user’s first and last name is passed to a processing page. What if the querystring contained a social security or bank account number? This is considered insecure. When hackers use phishing methods, they are generally sloppy in how they set up pages. For this reason, poorly secured or programmed sites are considered suspicious and flagged.
Another common and much more difficult problem to identify is a hacked site. Hackers who gain access to your site place phishing pages on the domain without your knowledge. This makes it much more difficult to track and identify the phishing page.
You can use a crawler that looks specifically for hacked content. For instance, AWSnap (aw-snap.info/file-viewer/) is one site that crawls specific pages, identifies any suspicious code and gives you suggestions. Another tool is Securi.net. This tool also lets you subscribe for a fee and use it to automatically crawl your site at a specific rate. If any suspicious files are found, Securi sends you a notification.
If you can’t find the hacked pages, you’ll need to hire a professional. Google won’t remove the warning until any phishing content is removed from your domain.
In rare occasions, your site might be incorrectly flagged. If this is the case, you can request a review and explain. Google also provides this URL for reporting incorrectly flagged sites:
You should also know that Google has different levels for warnings. The most common form of a phishing notification is “Deceptive site ahead.” The message is displayed in the Chrome and Firefox browsers. If Google believes you host malware, the warning indicates that a site could harm a computer or contains malware.
What Can You Do to Fix the Site?
What you do to fix your site depends on what caused the phishing notice in the first place. If you take personal information with no encryption, you need to purchases an SSL/TLS certificate. Contact your host first. Most hosts offer a security certificate for their customers. It could be a free or paid upgrade depending on your hosting plan.
Once you install the certificate, you need to redirect your pages to the HTTPS version. You use a 301 redirect for moving from the HTTP to the HTTPS version. If you use WordPress, there are plenty of plugins that help you redirect. If you have custom applications, check with your developer. You don’t need to use HTTPS on all pages, but it’s recommended. Google announced that it uses encryption as a minor ranking factor.
If you’re using a GET form action, this is more difficult to fix if you aren’t a coder. You need to change the form submission process, which takes some coding from your end. If the forms you use are from a plugin, you can either contact the plugin coder or use a different plugin. If you hired a coder to implement forms, he needs to change the submission code. The processing page can remain mostly the same.
Finally, if the site is hacked, it’s also difficult to troubleshoot. However, with hacked sites you can usually disable the plugin causing the security breach and delete the malicious pages. To avoid the situation, always upgrade your WordPress version and any plugins. Don’t download plugins where the owner does not manage and support updates. Most plugins must be updated after a few WordPress updates, and WordPress disables incompatible plugins.
Request a Review
After you’re confident that the phishing pages were removed and any hacks were deleted, you can now request a review. The review process happens through Google Search Console (formerly Webmaster Tools). If you haven’t already signed up, take some time to sign up and register your site in Search Console.
In the Malware section of Search Console, click the “Request a Review” button. Explain what you did to fix the site in the text boxes. Google employees review the site and the review requests, so be as detailed as possible with what you did to remove the content.
Google is very fast with malware reviews (as opposed to their reconsideration requests that can take weeks). The alert should be removed within 24 hours, but it usually happens in only a few hours.
What You Can Do to Protect Your Site?
If your site was hacked, you must take precautions from it happening again. Change your site’s passwords, and update any WordPress plugins. If the hackers were able to access your site’s files, check your local computer for any security holes.
Chrome extensions are one way a hacker can gain access to your passwords. Malicious extensions can perform numerous logging events to get your information.
Finally, always rotate passwords for important applications such as FTP used to connect to your host. Keep antivirus running on your machine, and always update definition files to avoid being victim to new viruses.
Once you have a hacked site, you never want to go through the trouble again. It’s a good lesson for webmasters who aren’t serious about security. There are numerous scripts that can be downloaded on the Internet, so penetrating WordPress sites doesn’t even require advanced capabilities. Always upgrade your plugins and WordPress version to avoid falling victim to these scripts.
Thankfully, Google is quick to remove the warning provided you cleaned up the phishing pages. Your customer’s data and privacy should always be a top concern, so always follow best practices for your websites.
Did you know that dead-serious websites like The Wall Street Journal, Forbes and BBC America, the zombie apocalypse gritty drama show, The Walking Dead,bootyliciousBeyonce and drool-worthy Channing Tatum has something in common? Their websites are powered by WordPress.
WordPress is an undisputed luminary of the blogosphere. One of the easiest and simplest content management systems, WordPress is perfect for running a blog or a website or a combination of the two. The best part about WordPress is it a doddle to create a website. WordPress hosts almost over 70 million websites and it is absolutely free so you don’t have to be a celebrity or a hot-shot to own a website.
Once you have got the WordPress website, you might be wondering what else can be done with it apart from publishing your content. Although WordPress offers a lot of flexibility in terms of themes, features and functionality, there are still a lot of functionality that the core software doesn’t provide. But does that mean that you will have to make do with whatever features that WordPress provides? You can fill in the missing pieces by getting plugins. In layman’s terms plugins, could be compared with the apps you download on your smartphone. Plugins offer a whole heap of features and functionality which could just be installed and used. However, there are over 40000 plugins available and it can be little overwhelming to sort the best ones you would need for your website. Check out the list of plugins below that can help make your website awesome.
One of the most annoying thing for any website is spam. Nefarious hackers and spammers tend to post links in comment section which can inject virus and ruin your website and affect the SEO ranking. The plugin Akisme is a cutting-edge hosted anti-spam service which helps you thwart the spam.
Yoast SEO plugin
Having a website and not showing on the first few pages of search engines is as good as not having a website. Yoast SEO is one of the best WordPress SEO plugin, integratingsnippet preview and page analysis functionalityfacilitatingto optimize your pages content, images titles, Meta descriptions, XML sitemaps, and loads of other stuff.
W3 total cache
W3 Total Cache helps in improving user experience of your website. It increases server performance, reduces the download times and provides transparent content delivery network (CDN) integration.
Increase your subscription and keep the communication channel open between you and your audience by creating newsletters, automated emails, post notifications and autoresponders with MailPoet newsletters. The signup widget of this plugin helps you convert your visitors into subscribers. Add your posts, images, social icons, change fonts and add colours in your newsletter without any difficulty.
EWWW image optimizer
This WordPress image optimizer plugin helps you optimize your images as you upload them to your website or blog. It helps optimize the already loaded images, converting your images to the best file format with smallest image sizes and apply lossy reductions for PNG and JPEG images for best user experience.
As the name suggests, BackUpWordPressplugin helps you back up your entire site including all files and database so that you don’t lose your precious data. For this plugin, no set up is required and it works even in low memory “shared host” environments.
All in One WP Security & Firewall
Although WordPress is quite secure as it is, it is always good to have extra security and firewall and that’s what All in One WP security and firewall plugin provides. Enforcing good security practices, this plugin is easy to understand and employ. It helps to reduce vulnerability risks and implements the latest recommended WordPress security techniques. It also uses an excellent security points grading system to help you measure how well your website is protected.
Social media feather
Social media feature is a lightweight simple, performance oriented social media sharing and follow button, which can be easily added to all posts and pages with minimum load time without adding unnecessary burden time on your website.
Although search engines are littered with best WordPress posts, these plugins help you solve real problems and in a way that it is not damaging to your website. Even though, these plugins will help you run your website efficiently, one of the most critical element of website performance is Web Hosting. If you are on a lookout for a web hosting service, InterServer is a great option. Established as a premier web hosting provider located in Secaucus, New Jersey, InterServer provide unparalleled webhosting services at an affordable cost. Known for quality, reliability, with safe and secure facility, and 24/7 superior support, InterServerprovides a 30 day money back guarantee on shared hosting, along with 99.5% uptime and a 100% power guarantee. To know more about our WordPress hosting, please visit http://www.interserver.net/0click/wordpress-hosting.html
Posted at October 30, 2015 at 1:45 pm by admin
Website migrations are succeeded by DNS changes. A well planned change minimizes downtime and DNS propagation delays that follows every migration. You don’t want to create a panic among your customers when their emails are lost during the switch or if their websites are inaccessible from their location.
It is always a best practice to maintain the copy of all migrated accounts at the old host for a few more days so that the websites remain online for customers whose web/mail requests are still served by the old server. Their ISP’s caching DNS servers/resolvers still serve cached DNS information to clients even after you have pointed the domain to a location.
The problem with DNS caching is that it is the primary cause for delay in propagation of the DNS changes (Address records, mail exchange records etc.) you made after the migration. This is due to the fact that most of the DNS traffic is eased with DNS caching where your resolver/caching DNS caches DNS information for a predefined time. The entity that determines this time is TTL( Time to live). By default the TTL values for most resource records are 86400 seconds (24 hours). Any resolver that queries for the A record of your domain will cache that info for 24 hours.
To solve this problem to an extent, you can lower the TTL values of the resource records (MX, A) before you change the IP address. We assume that you have root/sudo access to the authoritative nameserver.
Login to the DNS server and all you have to do is edit the zone file in the authoritative nameserver of the domain (You may use DNS zone editor in cPanel if the service is running on a cPanel server)
Lets open xyz.info’s zone file using vi editor
These are the first few lines of the zone file, you can see the first line $TTL that defines the default TTL for all existing records to 86400 seconds.
xyz.info. IN SOA ns1.example.info. admin.xyz.com. (
2012080907 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
300 ; Negative Response TTL
We’ll change this to 300 seconds (5 minutes)
We’ll increment the serial number from 2012080907 to 2012080908 so that the DNS server can verify the contents of the zone file.
Now reload the DNS service
Reloading named: [ OK ]
After this we will wait for the last TTL amount of time (24 hours) to make sure that the caching nameservers all around the world that has previously queried and cached this domain’s DNS information has purged the information. Once that time has passed we’ll switch the A record to the new server’s IP. I wouldn’t say this is 100% foolproof as there are caching nameservers which enforces their own TTL values and web browsers too cache DNS info for a default amount of time.
Note:- Make sure you revert the TTL value change later , a low TTL value will lead to an increase in DNS traffic.
Promises are made to be broken…This may sound depressing but it is often true when it comes to dubious web hosting providers. If you are frustrated with the restrictions and limitation of your current hosting environment, you are not alone. If your customers are often greeted with the ‘Error: The page cannot be displayed’, and you are re-learning the laws of gravity of what goes up comes down with your website, you might be thinking about a switch. So should you keep shelling dough for your incompetent web hosting or should you make a switch? Although, the answer might be a resounding ‘yes’, the complexity which comes with the migration may keep you from switching your provider. Fret not, cPanel to cPanel migrations are actually not that difficult and in fact most of the migrations goes wrong because of poor planning and not taking into account factors like disk space availability, data transfer speed, domain/account conflicts during restoration etc.
With a proper plan, any one with basic cPanel and system administration skills can do transfers like a pro! Read on to know how you can migrate from one cPanel to another.
1. Make a list of accounts that needs to be transferred (Sometimes you intend to transfer all accounts)
2. Package those accounts in a cPanel compatible form (with or without home directory – this depends on the disk space available)
3. Transfer the packages from source to destination
4. Restore packages at destination. (resolve conflicts if accounts/domain already exist at destination)
5. If you have skipped home directory at the source server while packaging accounts, sync them to the destination’s home directory.
6. Verify the success of the transfer
7. After verification, lower the TTL values of all the domains & switch till the previously set TTL reaches expiration.
Note:- We will be using the term ‘source’ to denote the server which contains the accounts that needs to be transferred and ‘destination’ to denote our target system.
1. Make a list of accounts.
If you already have a list of accounts , copy them in a file (eg:- account-list)
Scenario -1 :- You want a list of accounts owned by a reseller.
A quick and easy way to find the usernames and store them in a file.
grepresellername /etc/trueuserowners | cut -d : -f 1 >userlist
(/etc/trueuserowner have 2 fields – account and its owner, if an account doesn’t belong to any reseller, the owner will be ‘root’ by default)
Scenario -2 :- You want a list of every account hosted in this server.
cat /etc/trueuserowners | cut -d: -f1 | grep -v userowners >userlist
cat /etc/trueuserdomains | cut -d: -f2 | >userlist
2. Package accounts
/scripts/pkgacct is a script that packages a cpanel account
/scripts/pkgacct [arguments] username destination (destination and arguments are optional, by default the package will be stored in the home directory)
Scenario 1:- You have enough disk space available at the source. You have only a few accounts to transfer. You have plenty of time.
fori in `cat userlist` ; do /scripts/pkgacct $i /backups
This for loop will run the pkgacct script repeatedly for every account in the userlist. The packages will be stored in /backups directory
Scenario 2:- You have very limited disk space to store all the packages. You have a long list of accounts. You don’t have a lot of time.
Home directory is the largest consumer of disk space in a cPanel account. You can skip it while packaging and transfer just the remaining components.
fori in `cat userlist` ; do /scripts/pkgacct –skiphomedir $i /backups
3. Transfer accounts
Generating SSH keypairs for passwordless authentication can avoid frequent password prompts
To generate key pair (The public key is usually stored at /home/localuser/.ssh/id_rsa.pub )
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Now, we’ll copy the rsa public key to the destination. You will be prompted for the password
ssh-copy-id -i ~/.ssh/id_rsa.pub
rsync is the preferred tool used to transfer data because of its ability to resume data transfer in case of any network connectivity issues.
rsync -avzP -e ssh /backups email@example.com:/root/
If a non standard SSH port (eg:- 2011) is used you can wrap double quotes around ssh -p 2011
rsync -avzP -e “ssh -p 2011” /backups firstname.lastname@example.org:/root/
This will copy the directory /backups using rsync over ssh to the destination.
4. Restore Accounts
fori in *.gz ; do /scripts/restorepkg $i ; done
This will use a for loop iteration for restoring packages with file extension .gz, you may use the /scripts/restorepkg –force option if you have any account conflicts. Only use it if you intend to replace the existing account with the package you transferred.
5. Sync home directories
This step is for those who skipped home directory during the account packaging.
Now, I would prefer running this in the background, considering the volume of data that needs to be transferred, it may take a lot of time to sync and transfer data. There is a wonderful utility called ‘screen’ which
To start a new screen session, run screen with the following command:
$ screen -S session_name
Then run the rsync command
rsync -avzP -e ssh /home/ email@example.com:/home/
(Please note the trailing slash given after /home/ , this copies all files/dirs under /home to the destination directory. If you omit ‘/’ , you will be copying /home recursively to the destination and you end up having a home directory inside a home directory — /home/home which is not what we intend to do)
Safely exit the screen session by using the key combination CTRL + a + d
You will see a message like this:-[detached from 27724.session_name]
Now, you can log out from your current shell session and the rsync process will be still running in the background without any interruption. You can check the progress from any location. Just login to the server via SSH again.
To list the screens running,
There is a screen on:
27724.session_name (10/19/2015 11:54:47 AM) (Detached)
1 Socket in /var/run/screen/S-username.
To reattach the screen
screen -r session_name (or screen -r 27724.session_name)
Check the progress, once you have confirmed that the copy process is completed, you can exit the screen session using the key combination CTRL +d[screen is terminating]
6. Verify the integrity of the data and check the disk usage of accounts at both servers to make sure we didn’t leave anything.
7. Lowering the TTL value to beat DNS propagation delay.
Migrations are followed by DNS changes. If you have access to the authoritative nameservers of your hosted domains, you will be pointing the transferred domains to a new location. This involves changing the Address (A) record and the mail exchanger(MX) records. Lowering the TTL value and waiting for the old TTL period to make the switch minimizes the problems of DNS propagation delays to a great extent. We have described this in detail in another article
(Tweaking the TTL to reduce downtime after a website migration)
If you are on a lookout for a reliable web hosting service,InterServer is a great option. Established as a premier web hosting provider located in Secaucus, New Jersey, InterServer provide unparalleled webhosting services at an affordable cost. Known for quality, reliability, with safe and secure facility, and 24/7 superior support, InterServer provides a 30 day money back guarantee on shared hosting, along with 99.5% uptime and a 100% power guarantee.
Still think migration is complex and tiresome? Please feel free to contact our support team. We offer free migration. Click here to know more about how you get migration absolutely free