All Things WordPress Discussions

2456730

Comments

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @deepak_leb said:
    Someone shed some light on Ghost CMS Platform ( like this Thread ).

    Too bored to use WP. If anyone guides to optimise the Ghost blog, it will be much helpful.

    @vyas @AnthonySmith @seriesn @Ympker @Smarty @MikePT etc.

    All I can tell you is I tested it when considering what to use for https://lowendspirit.com and decided on Grav

    Thanked by (1)deepak_leb

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • bikegremlinbikegremlin ModeratorOG

    My experience with WP caching (TL/DR LiteSpeed is way better than everything I've tried - except the paid only WP Rocket, which is close):

    https://io.bikegremlin.com/7303/wordpress-caching/

    Thanked by (2)Ympker icry

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • What plugins do you guys use to sync sites between local dev and production environment? I've been looking for a solid plugin for a long time... but it seems all the free ones are lacking in one way or another.

  • @Unixfy said:
    What plugins do you guys use to sync sites between local dev and production environment? I've been looking for a solid plugin for a long time... but it seems all the free ones are lacking in one way or another.

    Although not a plug-in, Softaculous offers push to live from a dev environment. Used it multiple times and worked flawlessly.

  • @Smarty said:
    Some clarifications are to be made:
    Any caching wordpress plug-in, works inside wordpress, so in terms of performance php was already called and your answer will be late no matter how well the plug-in is marketed.
    I suggest a straight-forward obvious thing: bypass wordpress when your content are static. Even dynamic pages can be cached on an interval basis - to serve cached copy for 5 minutes.
    1) wget sitemap.xmls with all urls with timestamps.
    2) wget fresh posts and pages into local cache folder.
    3) zopfli and brotli them to the maximum extent.
    4) Tell your webserver to bypass cache for developers' ips, dynamic pages, etc and use internal redirects to cache for everyone else.
    5) Repeat when new content is ready.
    That way almost all your posts and pages will be served as usual prepacked static htmls within 1-2 milliseconds with a modern HTTP2 webserver.

    P.M. me if you need a custom setup. It works only on vpses and dedis though, where you can configure any software as you like.

    Really appreciate you writing all this out, but there was some confusion.. I thought you said you use a reverse proxy cache? So my original question was more what plugin you would use to push to the cache server.

    Sorry for derailing this thread @vyas

  • Wp simple cache and nginx fastcgi cache.. but sometimes it did not make any difference compared only with using nginx fastcgi cache..

    A simple uptime dashboard using UptimeRobot API https://upy.duo.ovh
    Currently using VPS from BuyVM, GreenCloudVPS, Gullo's, Hetzner, HostHatch, InceptionHosting, LetBox, MaxKVM, MrVM, VirMach.

  • edited July 2020

    Really appreciate you writing all this out, but there was some confusion.. I thought you said you use a reverse proxy cache? So my original question was more what plugin you would use to push to the cache server.

    So the question is: How to refresh cache from the wordpress?
    I tried wordpress hooks but on a different setups I have with many wordpress versions and plugins installed that was not working well. So I ended up with xml sitemap parsing approach. Sitemaps are generated with free or premium yoast seo plugin. They can be generated with other plug-ins as well. Once someone have posted something - it's url and timestamp hits the sitemap. So from time to time my parser checks what we have new and updates the cache.

    webserver on the edge node checks if this post or page is present in a cache folder and serve it instantly if cache hit occur. If it's not there - the request is proxied to the current main wordpress setup, which well maybe on another vps and special pre-connected keep-alive https tunnels are used to grab the answer as fast as possible.

  • It looks quite likely I will be deep diving into wordpress performance optimization this week.

    Any free load-testing services still? (multi location simulator, different latency clients)
    Loadimpact seems to require signup now. I guess I don't mind. It used to be my quick goto

  • edited July 2020

    loader.io?
    https://tools.keycdn.com/performance bunch of tools

    Thanked by (1)vimalware
  • Can also try Redline13. They use your own AWS account in the backend so it's free if you have some AWS credits.

  • vyasvyas OGRetired
    edited July 2020

    WordPress and Security

    This can be a whole new thread in itself!

    At a minimum, do use a WP security plugin like Wordfence, free version. Atleast for test sites, for production, consider a paid plan.

    Example from this morning.
    I got a series of alerts from WordFence for one of our (WP) sites. Wordfence locked the user out. (login via 'admin' was disabled)
    tor96.xxx.com

    Atleast the alerts informed what was happening, and blocked some of the low level attacks.

    Note: the admin account can also be removed altogether, or disable in configuration.


    Interestingly,

    The xxx.com is
    a company that provides "penetration testing, internal network auditing and social engineering services." I wrote to the email mentioned in whois for that ip, lets see what happens.

  • bikegremlinbikegremlin ModeratorOG

    @vyas said:
    WordPress and Security

    This can be a whole new thread in itself!

    At a minimum, do use a WP security plugin like Wordfence, free version. Atleast for test sites, for production, consider a paid plan.

    Example from this morning.
    I got a series of alerts from WordFence for one of our (WP) sites. Wordfence locked the user out. (login via 'admin' was disabled)
    tor96.xxx.com

    Atleast the alerts informed what was happening, and blocked some of the low level attacks.

    Note: the admin account can also be removed altogether, or disable in configuration.


    Interestingly,

    The xxx.com is
    a company that provides "penetration testing, internal network auditing and social engineering services." I wrote to the email mentioned in whois for that ip, lets see what happens.

    My 2c on: securing a WordPress site, and WordFence configuration/setup (and the performance hampering it does).

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • vyasvyas OGRetired

    We use security ninja for some sites. It is a more aggressive version than WF I thought. But not noticed major performance Difference from WF.

    Interesting read!

    My 2c on: securing a WordPress site, and WordFence configuration/setup (and the performance hampering it does).

    Thanked by (1)bikegremlin
  • It's a good idea to restrict wp-login.php access to your ips/networks so cpu is not wasted by bots trying passwords...

  • MikePTMikePT Hosting ProviderOGServices Provider

    @deepak_leb said:
    Someone shed some light on Ghost CMS Platform ( like this Thread ).

    Too bored to use WP. If anyone guides to optimise the Ghost blog, it will be much helpful.

    @vyas @AnthonySmith @seriesn @Ympker @Smarty @MikePT etc.

    Tried Ghost once, it was fine, pretty fast, but the flexibility you get with WP is just amazing.

    Thanked by (1)deepak_leb
  • MikePTMikePT Hosting ProviderOGServices Provider

    @bikegremlin said:
    My experience with WP caching (TL/DR LiteSpeed is way better than everything I've tried - except the paid only WP Rocket, which is close):

    https://io.bikegremlin.com/7303/wordpress-caching/

    The LiteSpeed plugin is AMAZING.

    And the Prestashop one is terrific as well!

    Thanked by (1)Ympker
  • edited July 2020

    @Smarty said:
    It's a good idea to restrict wp-login.php access to your ips/networks so cpu is not wasted by bots trying passwords...

    To that end doing an extremely simple .htaccess level user and password cuts down on a huge amount of brute attacks for wp-admin. Cpanel and direct admin I believe even have a simple page for it.

    Additionally make sure to remove the "author" listing for posts/pages so it doesn't show up at all. That's how most of that bots get the username assuming you rightfully aren't using something like admin.

    Your simple lock out plugin can then do instant blocks on anyone trying to use admin.

    Simple stuff but really helps block out a lot of the stuff out there

  • MichaelCeeMichaelCee Hosting ProviderOGServices Provider
    edited July 2020

    @vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.

    I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @SmallWeb said:

    @vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.

    I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.

    It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites? ;)

  • MichaelCeeMichaelCee Hosting ProviderOGServices Provider

    @Ympker said:

    @SmallWeb said:

    @vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.

    I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.

    It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites? ;)

    Hmm? Neither. Free plugin afaik? :)

  • YmpkerYmpker OGContent Writer

    @SmallWeb said:

    @Ympker said:

    @SmallWeb said:

    @vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.

    I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.

    It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites? ;)

    Hmm? Neither. Free plugin afaik? :)

    Ah, but only for websites up to 512mb in size, right?

  • MichaelCeeMichaelCee Hosting ProviderOGServices Provider

    @Ympker said:

    @SmallWeb said:

    @Ympker said:

    @SmallWeb said:

    @vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.

    I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.

    It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites? ;)

    Hmm? Neither. Free plugin afaik? :)

    Ah, but only for websites up to 512mb in size, right?

    Couldn't find anything mentioned.. Mine have likely been smaller either way.

    Thanked by (1)Ympker
  • vyasvyas OGRetired
    edited July 2020

    @SmallWeb said:

    @Ympker said:

    @SmallWeb said:

    @Ympker said:

    @SmallWeb said:

    @vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.

    I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.

    It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites? ;)

    Hmm? Neither. Free plugin afaik? :)

    Ah, but only for websites up to 512mb in size, right?

    Couldn't find anything mentioned.. Mine have likely been smaller either way.

    Will give it a try. AIO worked well till it didn’t

    Thanked by (1)Ympker
  • The Duplicator plugin works well if you are looking to just move a WP site from A to B. Can be used to move from one domain to another as well if needed. I’ve used it a couple of times.

  • One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached. Implementing search result caching with WP alone might be difficult; it's easier to set up with a reverse proxy instance in front of WP and then set up per-regex or per-url-structure cache rules.

    Thanked by (1)vimalware

    Easy Website Backup Script: easybackup Extremely affordable FTP backup storage: 1Fichier
    One-click CDN installation on your VPS: OneClickCDN

  • YmpkerYmpker OGContent Writer
    edited July 2020

    @SmallWeb said:

    @Ympker said:

    @SmallWeb said:

    @Ympker said:

    @SmallWeb said:

    @vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.

    I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.

    It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites? ;)

    Hmm? Neither. Free plugin afaik? :)

    Ah, but only for websites up to 512mb in size, right?

    Couldn't find anything mentioned.. Mine have likely been smaller either way.

    @vyas AIO works smooth, indeed.

    Well, they so have the unlimited extension which removes the 512mb import limit. So odds are you can backup more than 512mb but not restore without premium version: https://servmask.com/products/unlimited-extension

    I still have some very old backup version of the plugin where you could edit the mentioned limit in some config file. It still works, I guess.

  • Intelpentium0Intelpentium0 Hosting Provider

    @dedipromo said:
    One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached. Implementing search result caching with WP alone might be difficult; it's easier to set up with a reverse proxy instance in front of WP and then set up per-regex or per-url-structure cache rules.

    Yes. True. Sites also get impacted by related posts and tags too. If you click on a tag and if it has to search from thousands of posts, the limits will get easily touched. Last night, Hostmants suspended my client account for hitting limits regularly. It was a 3gb ram reseler. But even without utilising the ram, site hits the resource limits and they obviously suspended. I had to run to another cPanel server overnight with the backup they provided.
    Googl Analytics shows less than 5000 page views yesterday. It had 9000 views 2-3 days ago. Looking for a generous reseler provider who can accommodate.

    Thanked by (1)dedipromo

    ✓✓Only shared hosting-both DA and cPanel Still in 2006

  • @dedipromo said:
    One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached.

    Yikes. I haven't used WordPress personally in a decade.

    I didn't even know they bolted on a search engine.

    Thanked by (1)dedipromo
  • bikegremlinbikegremlin ModeratorOG

    @Intelpentium0 said:

    @dedipromo said:
    One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached. Implementing search result caching with WP alone might be difficult; it's easier to set up with a reverse proxy instance in front of WP and then set up per-regex or per-url-structure cache rules.

    Yes. True. Sites also get impacted by related posts and tags too. If you click on a tag and if it has to search from thousands of posts, the limits will get easily touched. Last night, Hostmants suspended my client account for hitting limits regularly. It was a 3gb ram reseler. But even without utilising the ram, site hits the resource limits and they obviously suspended. I had to run to another cPanel server overnight with the backup they provided.
    Googl Analytics shows less than 5000 page views yesterday. It had 9000 views 2-3 days ago. Looking for a generous reseler provider who can accommodate.

    What kind of caching do you use on that website?

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • YmpkerYmpker OGContent Writer

    XCloner is really stepping their game up. New website looks good and still, totally free backup&clone website: https://www.xcloner.com/category/features/

Sign In or Register to comment.