How to keep your WordPress Installation secure

WordPress SecureSecuring your WordPress installation should be one of your very first priorities. Even if you think your website could not possibly be of interest to hackers, the sad reality is that many of them will count it as a success just breaking into a website, any website. Legions of bots crawl around the Internet checking for vulnerable installations. If they find one and hackers manage to break in, the amount of damage inflicted can vary from a harmless front page hacking announcement, to embedding your pages with malicious scripts that infect your visitors’ computers or redirect them to illegal sites.

The first line of defense starts at your very own computer. If hackers have made it into your computer and are collecting passwords and other information, they will keep breaking into your website using your own credentials. You must make sure the computers you use are not infected with spyware, malware, and/or virus. No amount of security in your WordPress installation or on your web server will make any difference if there is a keylogger installed on your computer that keeps sending out your usernames and passwords to hackers.

You must always keep your computer’s operating system and the software that runs on it up to date to be protected as much as possible from the latest security vulnerabilities. This is specially important with your web browser Always try to avoid visiting untrusted sites, but if you need to visit any, a good security measure would be to turn off JavaScript, Flash and Java in your browser.

All of the above are preventive measures that you should implement by yourself, as they require working on your own computers. If you feel overwhelmed by the technical aspects involved seek the help of a more knowledgeable person who you trust completely, don’t leave that important part of security in the hands of untrusted contractors.

Second to check for are vulnerabilities within your WordPress installation. Since WordPress became widely known it has attracted a lot of attention from hackers. WordPress today is the most popular Open Source CMS, currently powering about 25% of all websites on the Internet, and is often under the radar from hackers trying to harness its reach for malicious purposes.

The core files of WordPress are updated regularly to address performance and security issues, as well as to implement new features. Those updates are applied to your installation automatically in the background since WordPress 3.7 (October 24, 2013), but you still need to keep your plugins and Themes up to date manually. Failure to do so could lead to your site being hacked by any of the numerous exploits freely available in the wild.

However if your WordPress site is hosted at RackNine you’ll have the possibility of having all your WordPress plugins and Themes automatically backed up and updated as new versions become available. That way you never need to worry about your site being vulnerable to the latest attacks. However, automatic updates of plugins and Themes might not be advisable for large websites that use a large number of plugins, specially commercial ones. Most commercial plugins need to be updated by downloading them first from the developers’ site using a licence, meaning they cannot be updated automatically, and in some cases they could cause incompatibilities with the rest of the installation.

And speaking of plugins, if you want to add yet another layer of security to your WordPress installation, there are several of them that constitute great additions. Below we list some of the most effective:

WordFence is a very popular security plugin that will monitor your WordPress website for common vulnerabilities and send you alerts if there are security issues that need to be addressed. Wordfence also implements several additional security measures, such as a WordPress Firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.

BulletProof Security:
BulletProof Security adds firewall security, database security, login security and more. Its interface is a bit complex to navigate and configure, but is worth the effort This plugin keeps itself automatically updated against new exploits and vulnerabilities. It has a pro version which offers some advanced features to improve the security of your website even further, although the free version should be good enough to make your website fairly secure.

Sucuri Security:
This plugin comes from Sucuri, the well known security and auditing company. It offers security activity auditing, file integrity monitoring, malware scanning, blacklist monitoring, and website firewall. It incorporates various blacklist engines including Google Safe Browsing, Sucuri Labs, Norton, McAfee Site Advisor, and more to check your website. If there is anything wrong, it will notify you via email.

iThemes Security (formerly Better WP Security)
iThemes Security claims to offer 30+ ways to secure and protect your WordPress website. It scans the entire website and tries to find if there are any potential vulnerabilities in your website. It also prevents bruteforce attacks and automatically bans their IP addresses, while requiring legit users to use secure passwords.

All In One WP Security & Firewall
Another popular WordPress security plugin that is easy to use and reduces the security risks by adding recommended security practices. It protects against bruteforce login attacks and sends you an email notification if somebody gets locked out due to failed login attempts. It also monitors the account activity of all users and keeps track of username, IP and login date time.

There are other potential issues to watch out for, such as those related to your web hosting server and network, but they are server-related and unless you are a professional and know what you’re doing, you should not tamper with server settings. Always make sure you are using a trusted host that takes care of all these things for you. Additionally RackNine can manage the setup, backups and security of your WordPress sites, so you can focus on creating awesome content, please visit for more information.

We hope this Post helps to clarify the issues concerning WordPress security and helps you build an effective defence against hackers, please do not hesitate to contact us if you have any further questions or concerns.

RackNine helps Edmonton woman recover data after Microsoft scam

An Edmonton woman was conned into letting a computer hacker gain access to her personal computer. Next thing she knew she was being blackmailed and lost access to all the data in her computer. Fortunately RackNine’s CEO Matt Meier was able to recover all of her data, which included her husband’s business files, banking information, family pictures, etc.

Watch the full CTV video at the following link:


Microsoft Support scammers have been increasingly active during the past few months. They operate by placing calls to unsuspecting computer users and identifying themselves as Technical Support Staff from Microsoft. They go on to explain that the reason for contacting you is because they discovered that your computer is infected with some kind of virus and they offer their help to clean it up.

Additionally they need to trick their victims into allowing them to remotely access their computers, and the moment they’re granted access they effectively take complete control of the machine, locking their victims out.

Next they will demand payment for the services offered and ask for a credit card number. The computer is now genuinely infected with spyware from the scammers, and if they ever return control to the victim after payment is with the only purpose of trying to steal as much additional personal information, passwords, etc. as possible, to try breaking into their bank accounts or fake their identities.

Matt Meier recommends that if you suspect your computer has been compromised take immediate action by unplugging and disconnecting it from the Internet and taking the machine to someone you trust. In most cases data can be recovered without need of wiping out the whole drive, a step that some big-box stores don’t bother to do. And of course, always back-up your data, so if you find you’ve been hacked, or affected by any other unfortunate event, you can still recover your files.

Server Upgrades

We are pleased to announce that RackNine has completed the following server upgrades:

4x Quad Core XeonMigrated from 2x Quad Core to 4x Quad Core Xeon 3.0Ghz on each of our servers

The benefits of this upgrade are very significant because the new Quad Core processors include two separate dual-core dies, as opposed to our former dual-core where a CPU only included two cores per physical processor in one CPU package. In our new setup cores 1 and 2 would share a memory cache, as would cores 3 and 4. If core 1 or 2 needs to communicate with 3 or 4, it will be done via the frontside bus.

64GB RAMUpgraded to 64GB RAM per server

In our computing environment, server memory is one of the most critical server components, and with this latest upgrade our servers achieve their optimal performance. This upgrade will have a very significant impact especially when running multiple memory-intensive applications at the same time. By upgrading the amount of memory inside our units, we have unleashed their full potential to accomplish the challenges our business faces every day, while making sure that compatibility, longevity, and reliability are preserved.

15K SASUpgraded drives to new 15K SAS for extra read/write speed

Besides the recording technology, drive rotation speed is the most important factor for a drive’s throughput. Faster rotation speed means higher data transfer rates. Combining high rotation speeds with top-notch recording technologies has allowed us to significantly increase the read/write speed in our servers.

Other performance factors will benefit from high rotation speeds, such as seek time. It is important to differentiate between seek time and access time, because only the latter is really relevant for our everyday applications. Access time is the combined latency of the seek time and rotational latency, which applies when the heads have been positioned above the required track, while the required sectors still have to pass by the heads. Therefore, faster spindle speeds have allowed us to achieve decreased rotational latency, with an end result of decreased average access time.

Apache PHP MySQL logosUpgraded Apache to optimize PHP execution
We have achieved better performance and better resource utilization by upgrading and tuning up the software that runs on our Web servers.

We have given a special attention to the optimization of PHP applications and MySQL databases running under our Apache HTTP Servers, in order to boost the performance of popular Content Management Systems such as WordPress, Joomla or Drupal. Customer Relationship Management software, eCommerce applications, and many other packages that make an extensive use of PHP/MySQL will also benefit from these upgrades.

All these upgrades represent a major improvement for all the packages our clients have hosted on our servers. If you have any questions or need more information please email us at:

How to Contribute to Open-Source Projects

Contributing to Open-Source Projects (via slashdot)

So you’ve got a bit of programming experience and some spare time available, and the thought of gaining more practical knowledge, reputation and maybe even a paid job (hey, it worked for Linus Torvalds!) has tempted you to explore Open Source. But…

Continue Reading How to Contribute to Open-Source Projects

Mining Bitcoin with next-generation Data Center technology

Hot Bitcoin Market Demands Next-Gen Cooling Tech for Datacenters (via slashdot)

Will Bitcoin’s value plunge from its current $1,000-plus valuation, or will future traders wish they’d bought into the crypto-currency at such a low price-point? As Bitcoin’s value continues to spike, that’s rapidly becoming a multimillion-dollar…

Continue Reading Mining Bitcoin with next-generation Data Center technology