Several shared hosting companies apparently allow customers to view the text of other customer’s files by default, and that allows malicious customers to discover the database password of another site (from the “wp-config.php” file) and alter the site.
We’ve got a lot of customers running WordPress, and we definitely recommend running WP Super Cache to improve performance. It can help dramatically!
But recently we’ve seen a number of our customers getting hammered by a ton of requests from FeedBurner. Usually the request is of this form:
We’ve also seen FeedBurner going crazy and making thousands of duplicate requests. One of the sites we host has gotten 45,000 simple status requests (HTTP “HEAD” requests) from FeedBurner today, for no good reason that we can see.
Many Web sites write data to a database. Usually, the data absolutely must be properly saved, so the default way of adding records (using an SQL “INSERT” statement) ensures that the data is permanently stored on the server’s disks. Doing that takes a relatively long time in computer terms — it’s much slower than most things computers do.
In some cases, you might be storing data that’s not quite so important. And if it means your application can run much faster, you might be willing to risk a very small chance of data loss. That’s where MySQL’s “INSERT DELAYED” statement, which works with MyISAM table types (but not InnoDB tables), can be useful. (Tables are created as type MyISAM by default, so most tables are eligible to benefit from this tip.)
If you use the WP Super Cache WordPress plugin (and you should, if you use WordPress), it has a settings page section titled “Expiry Time & Garbage Collection”. It sets the “Cache Timeout” to 3600 seconds by default, and warns that you should set it lower on a busy site.
That advice makes sense if you have a sudden surge of traffic to a single page. However, if your site is generally very busy across all pages (for example, if you have an archive of hundreds or thousands of posts that are constantly being indexed by search engines), we’ve found that you should do the opposite to improve performance: set it much higher. We recommend setting it to 172800 seconds (which is 48 hours). This can cut your CPU usage in half, which will speed up your site.
If you use WordPress blog software on your site, be sure to upgrade to WordPress 2.8.6. The upgrade contains important security fixes. Upgrading is usually easy with the built-in WordPress “update now” feature.
Although all WordPress users should upgrade, we’ve added security rules to our servers to protect our Web hosting customers who haven’t yet upgraded. Other people may find the rules useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
If you use WordPress blog software on your site, be sure to upgrade to WordPress 2.8.4 as soon as possible. The upgrade contains important security fixes.
Although all WordPress users should upgrade right away, we’ve added security rules to our servers to protect our Web hosting customers who haven’t yet upgraded. Other people may find the rules useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
We are pleased to announce that we now support the AutoDiscover feature of Outlook 2007 to provide easy configuration of e-mail accounts. (We are the only e-mail provider that we know of who supports this feature!) When you need to configure an e-mail account within Outlook 2007, now you only need to enter your full name, e-mail address, and e-mail password. Outlook 2007 will then talk with our servers to get the rest of the settings needed to configure the e-mail account.
We have a support page available which walks you through setup using AutoDiscover.
If you use the WordPress 2.5 blog software on your site, be sure to upgrade to WordPress 2.5.1 as soon as possible. The upgrade contains an important security fix. (We’ve updated our own blog, and it was painless.)
Although all WordPress users should upgrade right away, we’ve also added a security rule to our servers to try and protect our customers who haven’t yet upgraded. Other people may also find the security rule useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
One of the features of our new(ish) Webmail system is “thread view”. This groups similar messages together based on their “Subject” and other headers, which can occasionally be useful if you’re trying to see all the replies to a particular message and you want them grouped together.
However, thread view has a potential downside: it you have several active threads going with several messages each, new messages can sometimes appear on the second page of the incoming mail screens, instead of the first page.
That’s not a problem if you’re expecting it. However, since we introduced the new Webmail system, we’ve had several complaints from customers who accidentally clicked “Switch to Thread View” without realizing what it does, then thought some of their incoming mail was missing because they aren’t used to looking for new mail on other pages. Since thread view is “remembered” even after you logout and login again, this caused some people a great deal of heartache.
From our logs, we’ve found that very few people actually use thread view. Because it seems to cause frequent problems and few people use it, we’ve made it an optional feature instead of being always enabled.
If (like most people) you don’t use thread view, you don’t need to do anything. If do you want to use thread view, it’s still available: just click “Preferences”, then click “Display Preferences”, then change “Show ‘Thread View’ Link” to “Yes”.
In an effort to keep up with the cool kids, I blew this year’s gadget budget on one o’ those fancy iPhones. It’s pretty darn nifty, and now that I’ve had a few weeks practice, I can almost completely prevent myself from collapsing to the floor, sobbing “I spent $600 on a phone! My God, what have I done?!”
Anyway, it turns out that Apple convinced some of you to take leave of your financial senses, too, and you’ve been asking us how to set up your iPhone to read your e-mail. So we’ve spent many hours voiding the warranty on our phone, getting it to the point where we could extract detailed screen shots showing exactly how to set up iPhone mail. If you have an iPhone, give it a try! Our servers handle iPhone e-mail connections just fine — and the connections are fully encrypted by default, making sure your e-mail and passwords stay secure as you roam the world on strangers’ WiFi networks.
- 4th of July 2022 holiday hours
- Memorial Day 2022 holiday hours
- PHP versions 7.4.29 and 8.0.18
- PHP version 8.0.17
- Our servers are not vulnerable to the March 2022 “Dirty Pipe” security bug
- PHP versions 7.4.28 and 8.0.16
- President’s Day 2022 holiday hours
- Martin Luther King, Jr. Day 2022 holiday hours
- New Year’s 2021/2022 Holiday Hours
- PHP versions 7.4.27 and 8.0.14