Jump to content


Photo
- - - - -

UK Wordpress and Pagelines hosting


  • Please log in to reply
7 replies to this topic

#1 nfp1900

nfp1900

    Advocate

  • Members

  • 293 posts
  • LocationLondon (the original one)
  • Framework Version:The Latest
  • Country: Country Flag

Posted 18 April 2013 - 10:28 AM

Do anyone have an opinion about who could be a fast, reliable host for Wordpress in the UK? I have been using 1&1 for 10 years but the shared hosting is becoming a joke for server response speeds.

 

Thanks



#2 Danny

Danny

    Is Awesome!

  • Moderators
  • 17124 posts
  • LocationManchester, UK
  • Country: Country Flag

Posted 18 April 2013 - 10:37 AM

Hi,

 

I have recently switched to Linode and have to say, I'm very impressed.

 

http://cl.ly/image/1b3S2A0B1r0O

 

The above is just a test site and has no plugins installed or active apart from PageLines sections. The performance is actually quite insane.



#3 nfp1900

nfp1900

    Advocate

  • Members

  • 293 posts
  • LocationLondon (the original one)
  • Framework Version:The Latest
  • Country: Country Flag

Posted 18 April 2013 - 12:56 PM

Funnily enough some of their sql server/wordpress sites are currently down (including mine) due to the brute force issue.



#4 Rob

Rob

    One Smart Egg

  • Members
  • 13575 posts
  • LocationEast Coast, USA
  • Framework Version:The Latest, of course
  • Country: Country Flag

Posted 20 April 2013 - 03:30 PM

Hi,

 

These brute force attacks are crashing servers all over for WP sites. They are trying to find the passwords for the admin user.  One way to kill this problem is to never use the names Admin or admin for your WP installations. Another may well be renaming the wp-login or wp-admin folders.  There appear to be ways of doing this, or masking it via .htaccess. You can also password protect the wp-admin folder (ironic, I know) with information found here:  http://ctrlq.org/cod...wordpress-admin

 

When the bots try to find wp-admin or wp-login, they're then redirected to a page that does them no service, and a login attempt is impossible, effectively killing the bot's efforts to flood the site with login attempts using thousands of passwords.

 

That, by the way, is apparently how the attacks take place.  It's not a flood attempt of content, but of passwords.

 

Hope this helps!



#5 nfp1900

nfp1900

    Advocate

  • Members

  • 293 posts
  • LocationLondon (the original one)
  • Framework Version:The Latest
  • Country: Country Flag

Posted 20 April 2013 - 03:48 PM

Thanks for the info. I installed the Better WP Security plugin to all the sites I'm running. Most have been unaffected but one install has been terrible for the past five days making updates near impossible.  24hrs after I installed the plugin I had an email about repeated login attempts from an IP in the Russian Federation. There isn't a lot of publicity about this until things go wrong and if everyone secured their site they might leave WP users alone - at least for the time being.

 

The plugin does a great job of backing up, changing all admin usernames and known issues and appears to work perfectly with Pagelines - however, i didn't implement all the security features as it warns against theme incompatibility in some cases.



#6 Rob

Rob

    One Smart Egg

  • Members
  • 13575 posts
  • LocationEast Coast, USA
  • Framework Version:The Latest, of course
  • Country: Country Flag

Posted 20 April 2013 - 03:59 PM

Thank you for letting us know about that plugin.

 

Despite the IP advisories, these attacks are being routed through innocent computers globally. So an attack originating in one country will appear to come from another.  That makes it almost impossible to block them.  On my own site I've blocked more than half-dozen countries, and they still made their way through sufficiently to crash the server a few times.

 

I ultimately hardened the server, and brought in an online security specialist.



#7 nfp1900

nfp1900

    Advocate

  • Members

  • 293 posts
  • LocationLondon (the original one)
  • Framework Version:The Latest
  • Country: Country Flag

Posted 29 April 2013 - 04:22 PM

Just to continue this topic...I was hoping someone could understand this response from 1&1 support. The one site listed below  is still very slow - at times 10 seconds to load the dashboard, update pages then for a short period it's fine. They say there is no issue with the server  and it was never a problem until about 10 days ago when they had the brute force attacks. I'm not sure what to try next, it's totally random as far as updating pages goes:

 

 

*********************

I have checked into the webserver problems you are indicating.  At this time I see no problems on the webserver in regards to load or other users causing  unnecessary problems.

 

 

The domain cited within the notes is nicholaspealldesign.com.  When I pull this via wget it works just fine but resolves an error as there is no index detected it seems?

wget nicholaspealldesign.com
--14:56:34--  http://nicholaspealldesign.com/
          => `index.html.74'
Resolving nicholaspealldesign.com... 82.165.22.210, 2001:8d8:1000:d42b:b075:f215:9162:4010
Connecting to nicholaspealldesign.com|82.165.22.210|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
14:56:34 ERROR 403: Forbidden.

Is there a specific domain/link which is resolving slowly?



#8 catrina

catrina

    Advocate

  • Members
  • 12345 posts
  • LocationCalifornia
  • Country: Country Flag

Posted 29 April 2013 - 04:57 PM

It either means the server is slow, PHP memory is low, or there are a lot of memory-intensive plugins (from what I've searched about sites that are slow to resolve).