My company is considering installing wordpress as intranet blogging platform - nothing really complex, just clean installation without any plugins and layouts (we have a small team of web developers who will be handling layout customization). Wordpress will be installed on one of our servers that will not be exposed to the internet.
You can read a lot about vulnerabilities of the Wordpress platform, but do they really matter if the platform itself is available only within company's intranet? What would be the potential dangers?
Risk is limited quite a bit (as you won't be subject to the random drive-by attacks from bots scanning the entire public internet that anyone with a public server sees many times daily), but not non-existent.
A malicious employee, or a piece of malware designed to attack WordPress would still be possible.
You wouldn't want to neglect patching the WordPress install and its plugins/themes.
If the hacker is also in the intranet yes. But I think in general no. For a good or a Bad just install workfence.
Related
I have a WordPress install with godaddy. Often times I see that the site has high memory usage and i/o usage.
I am not an expert when it comes to web servers but I do get by with some level of knowledge.
I have not installed any new plugins that might have caused this.
I have the following questions:
Is there a way I can monitor what is consuming memory and i/o with cpanel?
I do have google authenticator plugin installed that will block more than three failed password attempts. Is the plugin sufficient in preventing brute force attacks?
I am sure that not good for you.This good tips for you. Cloudflarethat's good for your (free or premium), That will be reduce your problems (Free SSL, Improve speed, Security, manage DNS, Caching (will reduce your problem), Blacklist/ Whitelist IP, etc) .
and other tips is:
Excessive load times can harm your website in more ways than one. There are quite a few ways to improve your site’s speed but caching has the greatest impact.
With the above in mind, going to evaluate the performance of the top five caching solutions for WordPress to help you determine which one is truly the best (not just the fastest).
Here’s the lineup: WP Rocket, W3 Total Cache, WP Super Cache, WP Fastest Cache, and ZenCache.
The last solutions: Upgrade your hosting
I hope this help full
What setup would you recommend for Wordpress website with average daily traffic ~250,000 sessions per day (~130K unique users). In peak hours we can get ~25K users in hour, and non peak ~10-17k per hour.
Monthly bandwidth is ~14TB.
I'll be happy to hear suggestions on what is the best setup:
Note: it should be cpanel server (apache)
Server - cloud or dedicated (all except google cloud and amazon)
CPU/Memory/etc ?
CDN ?
Apache/MySQL specific setup?
High availability?
Any other suggestion
Very appreciated for any advice
It depends what type of traffic do you have?
Is this just one page traffic (bringing referrals from sources like social media, forums, blogs, etc..). Why i'm asking this?
Yes! it really matters.....
Traffic::
Usually traffic brought from sources, browse a landing page there's wouldn't be any unique counts, so in that case your cache plugins can't spend more effort in terms of performance. If users are giving you nice no of pageviews in that case your cache plugin will manage the performance and will give you the best result.
Hosting:
Definitely that you cannot run your website through any shared hosting OR WORDPRESS HOSTING if you are going to have this much of volume. Don't consider having a VPS/Dedicated through any hosting company, it doesn't matter how big that hosting company is. Third party hosting companies will never give you prompt support and will never even guarantee you that if you bring that much of traffic, it will remain as stable as in fully working condition. so consider having VPS/Dedicated hosted in Data Center not through any third party vendors. Try if you could get Cloud VPS OR cloud solution as a service part.
CDN:
If you have good budget then consider using Amazon, Avg. budget use Cloudflare OR MaxCDN.
Hardware: 16GB Ram, 8 Core CPU, 60GB (If you are not planning much updates on your website), 20Gbps Network, 25TB Bandwidth. VPS would do your job and can manage the traffic you considering. I don't think so you should go for dedicated.
Setup & Configuration:
Install Debian 8, Virtualmin (Free) + Nginx and optimize it to use for high traffic. Do not install WHM, don't do this mistake, if you do then you might need premium support to fix issues every single day. Virtualmin is light panel and wordpress is it's specialty. Nginx has ability to deliver high traffic website, mysql optimization, cache management and it can deliver what you looking at.
Themes & Plugins:
Try to go with light wordpress theme, install minimal plugins. Must have plugins are Nginx Helper & W3C Total cache.
There's lot of things on this to talk about, but i think these are important once and should be helpful. Hope my explanation helps you to understand! If you have any doubt feel free to ask...
Attached is the proof of what i explained. This server has configuration of 4GB Ram, 4 Core CPU & Cloud VPS
I am giving to upload functionality, i want that files must be scaned on Server side, Before they uploaded and then they are are saved on that server.
Is there any free available antivirus engines to scan the attachment on the server?
Thanks
You can't exactly "scan" the file on the client. However, some manipulation is possible, determined by the client security settings.
I believe it is quite difficult as browsers implement such functionality differently (Internet Explorer could use ActiveX scripting for example).
You could try to look into that perhaps.
Regarding free antivirus, I believe Google has the answer ;)
But seriously, Avast and AVG are both providing home users with free versions of their antivirus. Since you haven't said anything about your purpose of the server, I don't know whether using the free versions is legal.
If you're willing to pay a bit for a AV solution, I can recomend NOD32. That said, I should mention that I have no experience with the server version. I use the workstation version, which is very light weight.
Sure, depending on what virus-checking software you're going to use for the scan -- for example, the commercial product metascan offers an API to integrate your programs with many different commercial anti-virus products.
Before uploading is hard; you could rather check it after upload but before making it available for download. To do so you can use online antivirus services - but it's a very timeconsuming solution, and you should certainly use a separate thread or service - or scan it yourself, using one of the many available antivirus engines (a few of them are free, but the others usually cost very few, less than $10 per year).
EDIT: the most famous (for me, at least) open source antivirus tool is ClamWin, which is released under GPL. For free (as in free beer) engines, I can only suggest to search "free antivirus engine" or the like, not because I'm lazy but because I've never used one and don't feel comfortable suggesting things I don't know.
I'm dropping Godaddy, and moving my drupal websites to a new host. The word seems to be that bluehost and VNhosting architecture is best suited for MySQL intense Drupal. I've heard a lot of people on the drupal forums say that VNhosting is faster than Bluehost, almost unanimously.
After some investigating, I learned that VNhosting doesn't allow PHP to access more than 32MB of RAM? How can this be? I've had sites with almost no traffic, and a medium amount of modules (30-40) crash with a PHP memory error.
Can anyone share their experience with ANhosting.com hosting Drupal sites?
Thanks,
cinqotimo
32mb is a pretty standard level for a shared account type account. If i were you i would look into getting a VPS or dedicated box that way you are in control. Linode for example is great and pretty cheap - although i suppose cheap is a relative term. I expect to pay ~$240+ anually for a hosted server to run 1-2 sites on. This will get me a VPS box at Linode, a GS box at MediaTemple, or a Shared Business or VPS 100 from ServerGrove. Aside from my a dev box at Dreamhost i use primarily for offsite subversion hosting these are the only hosts i ever use.
Of course i only have 1 or 2 Drupal deployments in the wild - most of my stuff is custom work in Symfony or Zend Framework.
I'm talking about some web thing like http://uservoice.com/
Can you suggest any other similar service, web-site or may be (even better) a ready engine for deployment on own server?
Actually, the question more about systems, which can be installed on your own server.
UseResponse, commercial (full sourcecode available on purchase), launching December 2011, with live demo available on USWebStyle website. Fully customizable (design, functionality).
Types of feedback (idea, problem, question, thanks), vote types (positive and/or negative) are adjustable.
Installable on any PHP 5.2/5.3 hosting environment.
TenderApp seems to have a lot of the same features, but it's also SaaS.
KBPublisher can be installed on your server.
By the way, most of these SaaS systems like UserVoice will let you forward your own domain/subdomain to their service and apply custom branding, so the experience to your end user is very similar to being on your actual site.