• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

My Monkey Do

A Log of Coding Solutions

  • Home
  • Web Hosts
  • Tools
  • About

Server Stuff

PCI Compliance

February 13, 2015 by Webhead

Fill out the SAQ-EP if you are a normal self hosted ecommerce site that outsources their payment to a 3rd party.  Self Assessment Questionnaire (SAQ).

http://www.pci-initiative.org/content/saq-ep-partially-outsourced-e-commerce-merchants

SAQ A vs. A-EP: What E-Commerce Merchants, Service Providers Need to Know Now

Worth noting that others may interpret this differently:

http://stackoverflow.com/questions/21484714/is-pci-saq-a-sufficient-for-an-ecommerce-website-with-a-custom-payment-page

https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/Why-is-SAQ-A-EP-used-for-Direct-Post-while-SAQ-A-is-used-for-iFrame-or-URL-redirect

Just fyi (shameless affiliate link coming up), WPEngine host is PCI Compliant “as long as no payment card data is stored, hosted, or otherwise processed by WP Engine…”

Filed Under: Server Stuff Tagged With: eCommerce

htaccess Examples

April 23, 2014 by Webhead

Common .htaccess redirects are available on github:

https://gist.github.com/ScottPhillips/1721489

How nice.  I need this.

Filed Under: Server Stuff Tagged With: htaccess

WPEngine for WordPress Hosting Worth It?

January 9, 2014 by Webhead

This is not so much of a review, but more of how I came to a decision on WPEngine. 

At $29/ month for the Personal plan I would not have even looked at WPEngine a year ago.  Why pay that much for hosting when you can find $5/month hosting around every corner?  Updates?  I can do that.  Caching? Backups?  check and check.  What does WPEngine have to offer?

While in the proposal stage of acquiring a new client, this client got hacked.  Luckily to fix the hack WordPress just need to be upgraded.  But instead of redesigning the site, the top priority became finding a new host that offers better security.  This client was on a reputable host, so $5/month hosting like HostGator or GoDaddy would not satisfy the client’s peace of mind.

Finding WPEngine

My favorite WordPress focused company, WooThemes, had a recommended hosts page.  Among the hosts were Pressable (previously known as ZippyKid ) and WPEngine.  Pressable was the cheaper of the two offering SSL and CDN on their cheapest plan.  As ZippyKid they also touted having great security as a selling point.  However, as Pressable, they had no info whatsoever about their security.  Not even their “malware scanning”!  So wait, how can we justify to the client that Pressable is any better than their previous host?  Crap!  (I know no host is hack-proof, but we gotta have a reason for choosing a specific host).

Enter research into WPEngine.  The first thing I did on their website was search for “security” in their blog.  What surprised me was the amount of posts on their blog about security.  Do a search on security on their site and you’ll see what I mean.  Not only do they talk about recent security issues, but how the community is dealing with security issues and details on how their security system and processes are protecting their clients.  That in itself gave me peace of mind that these guys prioritize security.  The icing on the cake was reading “WordPress Hacked? We’ll fix it free!“.

Grass is Always Greener on the Other Side

I usually have buyers remorse especially when I could have gotten something cheaper and don’t really utilize all the features I have purchased.  But last year, before I tried WPEngine, I had a client that didn’t have a website yet, needed SSL and was OK with spending some money on quality hosting.  So I went with Pressable with this previous client (especially since the Personal plan at WPEngine doesn’t support SSL).  I have since migrated this client to WPEngine.  Below are some comparisons between Pressable and WPEngine (as of this posting).

Pressable vs WPEngine

  • Backups
    • WPEngine – At the click of a button, free.  Also automatically scheduled daily for  you.
    • Pressable – Inactive by default.  Need to back up to Amazon or Rackspace.  (in other words, not exactly free).
  • Domain settings
    • WPEngine – Doesn’t handle email or any of your domain settings
    • Pressable – If you want, you can direct your nameservers to Pressable and they can adjust your domain settings (like where to point your email) for you.
  • Git Support
    • WPEngine – Deploy your website using git ( i haven’t tried this yet)
    • Pressable – None.
  • Error Logs
    • WPEngine – View your php error logs from the User Portal
    • Pressable – None.
  • Stats
    • WPEngine – Visits and Bandwidth stats for you to monitor and download.
    • Pressable – None.
  • Speed
    • WPEngine – I have tested about a dozen different websites so far and all have a load time of less than 1 second from within the US.
    • Pressable – I have tested one website on here and the load time is above 2.5 seconds.

Both Pressable and WPEngine are great, but dollar for dollar WPEngine seems much more worth it.  If you have multiple clients, the Professional Plan makes it hands down worth it since you can install SSL and use a CDN for free.  Each install breaks down to $10/month.  You may be thinking you can do caching, and backups on your own, but what if something goes wrong with those plugins?  How many times have you actually restored a backup from that plugin?  How many times have you fixed a hack or prevented one?  How much is a peaceful mind worth?  WPEngine can handle all this for you.

Pre-pay for WP ENGINE HOSTING for 1 year and GET 2 MONTHS FREE!

Happily Ever After

As you know, I didn’t go to WPEngine because of the speed, but I was curious to see what differences it could make by simply moving a site over.  I was pleasantly surprised to see the site loaded almost 40% faster.  And believe me, it’s noticeable for this particular site.

To get a more accurate reading of the speed changes you should sign up for a free account at Pingdom and monitor your website for a week or so.  Then sign up to WPEngine (60 day free trial) and again try it at pingdom.  If you’re not happy with the results you can always back out of WPEngine.

Original Site
Moved to WPEngine
Moved to WPEngine

 

Update: More on Security

After using WPEngine for about 6 months I am fully satisfied with the security on WPEngine for WordPress websites.  WPEngine stays on top of plugin vulnerabilities and they scan your installation daily.   here are some examples:

  • TimThumb script:  If you install a theme or plugin with the TimThumb script (a popular PHP script used to resize images known for having some huge vulnerabilities in the past) WPEngine will detect what version it is, and if it’s not the newest version, they will automatically update it.
  • JetPack plugin:  Jetpack recently had a vulnerability in their email sharing feature.  WPEngine was on top of it notified their customers of it while disabling that feature for them.

Also, WPEngine hosting is secure enough to be PCI compliant “as long as no payment card data is stored, hosted, or otherwise processed by WP Engine…”.   See more at WPEngine and PCI Compliance

Update:  Speed

WPEngine now offers a tool to test the speed of your website.

 

Disclaimer:  I have become a WPEngine affiliate because I do believe in their product.  Links to WPEngine on this site are probably affiliate links.

Filed Under: Off the Shelf, Random Thoughts, Server Stuff Tagged With: hosting, optimize, wordpress, wpengine

Free Web Hosting

November 20, 2013 by Webhead

Today I realized I needed a reliable web host that I can use for development purposes.  Either for demoing to clients or testing things out, it needed to be online, free (because I wouldn’t use it for production), and not go out of business.

Doing some research these are the companies I came across:

Byethost

On a WordPress forum thread one of the comments suggested Byethost.  It’s free, seems to offer a ton of power and space.

http://byethost.com/index.php/free-hosting

Zymic

I don’t know too much about these guys, sorry.

http://www.zymic.com/free-web-hosting/

Koding

This is probably the Facebook for coders.  My first impression of Koding is that it seems to accomplish what GitHub is trying to do.  basically make a social network for coders.  At Koding you get a free VM with full root access.  It’s way more than just a free webhost.  The only drawback (for my current needs) is that the VM shuts down 20 minutes after you log off.  I’ll probably sign up for this later, but for what I need this isn’t it.

000WebHost

These guys are probably the most well known free web hosting company.   They’ve been in the business for a long time and they are well known.  However, be warned, they delete your site with no warning whatsoever.  I created two sites to test them out installing WordPress and some plugins.  A few weeks later I was ready to point my domain there but I couldn’t log in.  The forget password portion simply said the account with my email doesn’t exist.  I assume my account was deleted for inactivity, but I have no idea.

http://www.000webhost.com/features

Filed Under: Server Stuff Tagged With: hosting, php

WordPress htaccess Explained

August 14, 2013 by Webhead

A great post explaining each line of WordPress’ htaccess file.

 

http://randomtype.ca/blog/the-wordpress-htaccess-file-explained/

Filed Under: Server Stuff Tagged With: htaccess, wordpress

WordPress Cron

December 20, 2012 by Webhead

A great way to take more control of your wp-cron and also slightly speed up wordpress is to disable cron and scheduled a cron job on your server to run wp-cron.php.  You just need a server that supports cron jobs.

In wp-config.php add:

define(‘DISABLE_WP_CRON’, true);

Be careful though, sometimes this has a negative effect on your website.  For example if you have subscriptions from woocommerce, each user’s subscription is checked on every 12 hours.  If you have a ton of users, each of these users has a cron job waiting to run throughout the hour.  These jobs will slow down your server if you run wp-cron too far apart.

Setting up your cron command can look similar to:

*/30 * * * * wget http://example.com/wp-cron.php?doing_wp_cron > /dev/null 2>&1

 

source:  http://bitswapping.com/2010/10/using-cron-to-trigger-wp-cron-php/

Filed Under: Coding, Server Stuff Tagged With: linux, optimize, php, wordpress

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Go to Next Page »

Primary Sidebar

Topics

502 apache apple bluehost bootstrap buddypress chrome cloudways cms css debug drupal eCommerce firebug firefox git goDaddy google google analytics google maps hacked hosting htaccess html html 5 icons IE crap image iPad iPhone javascript jquery linux localization mac os x ms sql mysql open source optimize php tinymce wordpress wpengine yii youtube




Categories

  • Coding
  • Off the Shelf
  • Plugins
  • Random Thoughts
  • Server Stuff
  • Tools