I have designed and set up a website for a client at https://deabreuandcohen.co.za/. I have Jetpack monitoring activated.
I get daily notifications that the site goes down and comes back up again. The hosting reseller says it is the Wordpress website but I have updated everything, done a malware scan, etc and I can't see any reason why this should be happening.
What are my next steps to troubleshoot this?
In terms of why your website is going down ,
i have done a small inspection on your website in the developer tools
when the website goes down it seems some documents are not loaded to the page .
Have you tried installing a web application firewall to your website , this could be indication of DDOS attacks on your website?
In Terms of security
Install these plugins
WAF Webapplication Firewall https://wordpress.org/plugins/web-application-firewall/
Cloudflare which enables ddos mitigation https://wordpress.org/plugins/cloudflare/
Read more about DDOS Mitigation https://www.cloudflare.com/learning/ddos/ddos-mitigation/
https://sitecheck.sucuri.net/results/https/deabreuandcohen.co.za
Here is a free website scanner by succri and their results
Btw i checked the network tab
There are no traces for ddos but these would help you in terms of security
Possible security fixes
Your TLS Certificate is expired
Your WordPress version could be updated to WordPress 6.0 , but please backup your website first or download your theme and test it in a local development environment
You have no firewall installed ,
Add cloudflare to your website for free to apply ddos mitigation
Related
I'm new with this kind of issues, and i'm pretty sure that maybe it's small issue , please any help
is your website available via http or https? Chrome does mark every http-website as dangerous automatically. You need https.
You need to configure your site to use SSL. For that you need to setup the server properly and get a SSL certificate. There are some services that allows you to create your own certificate for free, but not every hosting provider accepts them. In some cases you need to buy the certificate from your provider.
The most popular free certificate site is Let's Encrypt. You can read more on how to configure it on their site: https://letsencrypt.org.
Start with reading this: https://letsencrypt.org/getting-started/
You can read why google marked this site as Dangerous in this article click here. If you are using WordPress in your registered domain then contact your hoisting provider about this issue. But if you are using free sites then I would recommend using XAMPP (Localhost) or you can use website like Pantheon to install and use WordPress.
If you face problem on how to use this site then follow this YouTube link to learn how this site works. It will start at 5:31.
If I'm using the free version of WordPress to build my blog, would it be worth getting WordPress hosting through HostGator?
https://www.hostgator.com/managed-wordpress-hosting
The blog is very image heavy and it has some JavaScript so I'm worried about speed. I'll also be using a "comment" plug-in (disqus?). It's hard coded so no templates. I'm not sure if that matters.
Also, would it be worth upgrading to the premium version of WordPress for this same concern?
https://wordpress.com/pricing/
So there are effectively two platforms. WordPress.com and WordPress.org.
Upgrading to the 'premium' version of WordPress is on the .com side, which means they would host your site, whereas hostgator is a hosting company that would host the .org part of WordPress. You would have to migrate from .com to .org for the hostgator. But if it's a small project and you're inexperienced I would recommend upgrading on the current set up.
The biggest differences you will see with creating a Wordpress site on a 3rd party host such as Hostgator vs. working within the Wordpress network itself is the catered support and tools you get.
If you already know what you are doing; creating databases, FTP access, resource management, you would be fine uploading an installation of Wordpress on any hosting provider. However, they most likely won't be top tier experts in using Wordpress and their main goal would be to keep the server that you are on running. Software updates and config changes such as php versions and some rules needing to be whitelisted would be the suspected level of support.
At Wordpress, at certain levels they offer cultivated aid (based on the sales page.) They also have hosting that is specifically tailored to work with Wordpress. If you are just starting, or even a super user that has WP specific needs, WP.com would be a good option.
Drake Customer Advocate at HostGator
My client is using GoDaddy server hosting for WordPress website.If i update some changes in pages its will reflected only when dashboard is opened else changes are reflected after 4 to 5 hours.
I also contact with my service provider for cleaning cache, but its don't work.
I am not able to identity where is the problem.
This definitely sounds like a cache problem.
Depending on your website hosting plan, this can affect the changes you/other users see on the site after you've made changes to the backend. If you use a shared hosting plan, you share your website server with other websites which can slow the website and sometimes affect the cache.
Firstly, make sure you've removed cookies from your browser relating to the website in question. This can affect how the website looks until new cookies are saved from the website.
You can download a cache plugin 'W3 Total Cache' on Wordpress and this can be integrated into your website to flush the cash from the dashboard. However on a GoDaddy shared hosting plan, I've found this doesn't always work. Worth a try though!
In the same way that your web browser has a cache of recent web pages, your Internet Service Provider (ISP) may be doing some caching on your behalf.
This could be the problem, so you may have to communicate with your Internet Service Provider to fix this problem.
I would call GoDaddy customer service again beforehand and explain your problem in more detail.
This is not a server issue , this is a cache issue. You need to clear cache from you back end wp-admin. After that please check your changes with hard refresh browser ctrl+shift+R or ctrl+f5. Wordpress changes will be reflect on to front end.
I see that third party Wordpress dashboard tools like ManageWP or InfiniteWP have access to entire Wordpress site by installing theirs plugin on that site.
This way they have admin access to my Wordpress site so they can update plugins, do site backup etc.
How this is possible and is it safe?
As far as my knowledge says, ManageWP has two methods of getting admin access to the wordpress site.
Installing a Worker Plugin
Saving Admin username and password
Once they get the admin access, they view the wordpress dashboard in an iframe inside of the ManageWP panel. The rest of the controls happen via third party plugins installed by the ManageWP.
Coming to your next question about if it is safe, As per this link,
We take security very seriously. We had no security-related incidents in our history (and we’ve been around since 2010).
Their serves run over AWS Infra, so we can be sure that they have a solid server security, but I would still recommend not to host any sensitive data over a website which could control your wordpress site completely via admin panel.
I recently moved my site set up from Linode to Google Cloud Platform.
I deployed Wordpress in the Google Cloud Platform and migrated my site to Google Cloud Platform.
We are running the latest version of Wordpress and our database size is around 70-80mb.
My homepage is not larger than 7mb.
The problem I am facing is an extremely slow response when my browser pings my Google Cloud IP. Our TTL is at godaddy default settings.
Any help on this would be great. My site is: https://ihb.io/
Looking at your DNS records and checking latency I didn't notice anything obvious.
However, when I load your page my browser seems to constantly make GET requests every few seconds. I suggest loading your page with a developer mode turned on so you can see the network usage or use a free tool like this:
http://tools.pingdom.com/fpt/#!/QKUiu/ihb.io
Which shows pretty clearly that while your homepage is 7mb, 231 requests were needed to load it. This causes a large overhead. You should try and reduce the number of requests needed to load your website.