How to Optimize WordPress with Redis and Docker

Redis with WordPress

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports various data structures and offers extensive customizations. In this article, we’re going to discuss how you can use it to optimize a WordPress website.

WordPress Cache and Redis

WordPress caches internal application objects, like breadcrumbs, menu items, and so on, in the MySQL database. It may be quite taxing since that database also handles queries for page requests. Both combined may increase website load-times.

Redis offers a caching mechanism that substitutes MySQL database. When a user visits a WordPress website, the MySQL queries necessary to generate the page come via Redis, which also caches the results. This helps to reduce loading time.

How Does WordPress and Redis Work Together?

When a user requests a WordPress page for the first time, MySQL queries are performed on the server. Redis caches the result of those queries and stores it. So, when another user requests the same page, Redis provides the information, bypassing the database.

If the query is not cached by Redis, MySQL provides the results and then adds them to Redis cache. When a particular value is updated in the database, the corresponding Redis value becomes invalid. Therefore, you avoid serving bad cache data to the user.

Running Redis with a Docker Container

To simplify the Redis installation, we’re running it in a Docker container. To install one via Plesk, go to Server Management > Docker and search for the image, then click Run (local):

Running Redis with a Docker Container

We’re using the bitnami/redis image, and the following settings (change redispassword to something else, and the IP address to IP of the container):

How to optimize WordPress with Redis - Redis and Docker

Install Redis Object Cache Plugin Via WordPress Toolkit

Now that our Redis server is running properly, we can install WordPress plugin Redis Object Cache to our WordPress instance using Plesk WordPress Toolkit:

Redis Object Cache Plugin Via WordPress Toolkit

Just search the plugin name and install:

How to optimize WordPress with Redis - Redis Object Cache Plugin

Before enabling object-cache in WordPress, you have to add the following lines in your wp-config.php file. You can do that in Plesk via File Manager.

define( 'WP_CACHE_KEY_SALT', 'example.com:' );

define( 'WP_REDIS_PASSWORD', 'redispassword' );

The first one adds a prefix to all cache keys stored in Redis. Thus, allowing you to use object-cache for multiple WordPress instances on the same server. The second protects Redis with a previously specified password.

Redis Object Cache Enabled

Then, you can enable object-cache in the plugin settings page – in WordPress. The final result will look something like the above screenshot.
Let us know if this guide was helpful to you and any feedback you may have on the topic!

Node.js vs Ruby on Rails: Which to Choose

Node.js vs Ruby on Rails: Which to Choose - Plesk

Choosing between Node.js and Ruby on Rails when you select your development platform is a key decision. It will impact the way your project unfolds over time and how much server resources you’ll need. Both languages can support web applications of great complexity, but each has distinct advantages and disadvantages. Knowing these pros and cons will help you pick the optimal solution to fit your intended project.

A Quick Intro to Node.js and Ruby on Rails

What’s the background and purpose of each of these languages? Let’s take a quick look.

Node.js

In short, Node.js is a runtime environment that allows you to execute server-side, what used to be essentially client-side, code. The “js” in Node.js, of course, stands for JavaScript. A scripting language that’s been in use on the client side since the late 90s.

So, Node.js, built on version 8 of the Chrome JavaScript engine, lets you execute JavaScript on a server. It was originally intended to make it easier to create push capability for real-time websites. But Node.js is an expansive platform. And it includes native modules that can manage everything from files to computing resources and security. Both PayPal and Uber use Node.js.

Ruby on Rails

Built on the Ruby programming language, Ruby on Rails ( RoR, or sometimes just “Rails”) is a fully-fledged website framework which includes everything you need to complete a website project including the ability to manage logic, routing and applications, all out of the box. These handy tools also include database integration and controllers which makes it easier to facilitate web development on an end to end basis. Popular applications running on RoR include GitHub and AirBnB.

Node.js vs Ruby on Rails: Where Node.js Wins

node js vs ruby on rails - where node js wins - Plesk

Fast Execution

node js vs ruby on rails - node js fast execution - Plesk

Node.js is best known for its speed. Partly thanks to a combo of programming centered events and programming which is not synchronised. Plus, input output that avoids blockages. All of which maximises the use of a single processor core and computer memory.

Effectively, Node.js can handle more requests at the same time, and by definition, the workload of many web servers. Node.js allows programs to keep working even the input, output demands when a server is high. Keeping app performance up no matter the load.

One Language Only

node js vs ruby on rails - node js one language only - Plesk

It’s obvious what the advantage of this point is. If you code in only one language on both the front-end and server-side, you progress quicker. Node.js came composed out of JavaScript. So, it’s easy to line up with front-end techniques to make effective second-gen web apps with less hassle. Your team can be smaller and more efficient while also delivering faster results.

Node.js is also good for Scalability

The mix of Node workers and clusters can easily create additional Node.js processes, all depending on the workload. This makes Node.js applications easy to grow. The way Node.js is designed means that what you can do is really only limited by the number of server processors you have access to. Making Node.js a good platform if you’re planning on rolling out enterprise apps.

Points to watch out for with Node.js

Points to watch out for with Node.js - Node js vs Ruby on Rails - Plesk

Efficiency when operations are CPU intensive

Node.js is great for applications which involve small, frequent and simultaneous requests. However, it can struggle with applications which create high CPU usage in each thread. Because Node.js is single-threaded. If you’re going to manipulate images and video on your server, you may find that Node.js bogs down. There are workarounds. But it adds to development time and cost.

Quality of modules and documentation

Node is flexible but this can be a problem. Sometimes modules are low-quality and the documentation on offer can be short on specs. As the developer, you have a choice of modules with Node.js. And it’s not always obvious which module is best. Choosing a template engine, for example, can take time.

So Node.js is less of an out-of-the-box solution compared to RoR. Modules can be tricky to integrate too, while also being buggy and introducing unexpected behavior for devs. It’s, therefore, key to have an experienced Node.js developer on your team who can help solve issues.

Ruby on Rails vs Node.js: Where Ruby on Rails Wins

Ruby on Rails vs Node js - Where Ruby on Rails wins - Plesk

Web Development Best Practices

Where Ruby on Rails wins: Web development best practices - Ruby on Rails vs Node js - Plesk

Rails comes with a view to create best practice for web development. The creator intended to make it easy to develop sites according to a set framework which puts convention before configuration. As such, Ruby On Rails ships with every necessary library and module. And they all implement the model, view and controller paradigm. The intention is to make web development as predictable and smooth a process as possible.

Extensive Infrastructure

Ruby on Rails advantage: extensiveinfrastructure - Ruby on Rails vs Node js - Plesk

RoR’s built for quick site development. So, it includes an integrated web server. Plus, it has a database with generators and scripts. These are powerful and hence make it easy to put together a Rails application. You can automatically put all the necessary bits and pieces a functioning Rails site requires in place. It’s absolutely great for rapid development.

Exchange/Use Database Info

You can easily migrate Rails databases. Because the model that supports the Rails database, ActiveRecord, can easily translate the differences amongst the numerous SQL interactions. Instead of writing out SQL code, users of Rails can use the Rails language to describe changes to database tables.

So, in effect, the schema being created is agnostic of the database in use. Which means you can run your Rails application in many different database environments.

Points to watch out for with Ruby on Rails

Points to watch out for with Ruby on Rails - Ruby on Rails vs Node js - Plesk

Flexibility can be an issue

Often, for every advantage, there is a matching drawback. This is the case with RoR too. Due to Rails creator’s development vision, you may feel restricted with RoR if your particular application is too unique. The Rails platform imposes a lot of authority on the developmental process. So there can come a point where adjusting RoR to fit your requirements takes up a huge amount of your time. Whereas simply starting from scratch would have been quicker.

Performance is not always optimized

Again, a positive point that can also be a negative. Because of the large number of modules in the box, RoR can seemingly bog down when running in the real world. The overall framework is heavier than alternatives, including Node.js. So it’s not so efficient at managing a barrage of requests – typical of many website applications. You can add more server instances, but these use up your memory.

Debugging can be tedious

Because of Ruby on Rails’ complexity and multiple layers, it can be difficult to troubleshoot a Ruby application. Finding an error in the mix can be very time-consuming. So if something goes wrong, perhaps compounded by your application’s custom requirements, you can find Ruby on Rails a very tedious platform to develop on.

How to pick between Node.js and Ruby on Rails

how to pick between node js and ruby on rails - Plesk

The only thing that’s clear is that neither Node.js nor Ruby on Rails provides a solution ideal for every development situation. But each environment is suited to a specific kind of task. Let’s look at the types of tasks each environment is most appropriate for.

Where Node.js works better than Ruby on Rails

By now you may have gathered that Node.js is great for applications that are real-time. And which handle a lot of concurrent requests. Under these scenarios, data constantly goes between the client and server. These Real-Time Applications (RTAs) include chat apps, applications for collaborating and video conferencing.

Because Node.js is event-based, it’s great for handling these apps. Running on a single page (known as SPAs or Single Page Applications) involves a lot of processing on the client side. The main function for the back-end under these scenarios is to just provision a REST API. Whenever you’re worried about performance and scalability, you should turn to Node.js first before you consider Ruby on Rails.

Where Ruby on Rails is preferable to Node.js

As I said before, Rails is a better solution where your applications are very CPU intensive. And where development needs to happen quickly. Because Node.js is a single-threaded environment, it cannot cope well with handling data such as images and graphics. A computation on a big dataset in Node.js can simply block all the other requests that are coming in. Hence, rendering the advantage of Node.js void.

Second, Rapid Application Development, or RAD, is an important aspect of rolling out websites too. And here, Ruby on Rails is the clear winner. You can have a prototype in short thrift, with little work, when you use Rails. Whereas just starting out on Node.js involves quite a lot of choices. As much as Node.js provides generator scripts to speed up development, it’s simply never as fast as Rails.

When you pick between the two platforms, the main points you should consider are the development speed you need, and the server performance parameters. Are you running lots of simple, concurrent requests through the application? Or more complex, CPU intensive requests? Go with Node.js for concurrency, and Ruby on Rails for CPU intensive applications.

Plesk Onyx Hosting Platform with Node.js and Ruby on Rails

Plesk Hosting Platform with Node.js and Ruby on Rails - Plesk

Node.js

We think Node.js is a great open-source platform that is great for developing server-side web applications. Even though it has only been around for a few years, it’s already gathered a lot of support. We also like that it uses JavaScript. So the learning curve is relatively shallow. Meanwhile, you can get super-fast apps with Node.js.

Plesk hosting platform helps because of all the following.

  • You activate Node.js applications for your website in just a few quick clicks
  • Manage Node.js Apps easily from the Plesk panel. Including restarting and stopping applications and adding npm packages. You can also run scripts and edit the Node.js configuration files on Plesk.
  • Under Plesk for Linux, you can also install multiple versions of Node.js.

Ruby on Rails

Rails is still very popular, so we make it easy to get going with Ruby on Rails via an extension to Plesk. The extension allows users to very quickly deploy Rails apps on a domain, including the Sinatra framework. Our extension lets you do the following.

  • Enable the support of Ruby on Rails on any virtual host.
  • Pick the Ruby version you want to use on your domain.
  • Get maximum conformity for both UI and CLI calls via the rbenv utility.
  • Install gem dependencies using a UI with the Bundler tool.
  • You can edit configuration files and supply custom environment variables.

Finally, we strongly suggest that, when using Ruby on Rails, you install the tools required for building Ruby gems components. In order to easily and quickly facilitate a Ruby gem installation. These components let you relax and forget about the decency difficulties that users often experience with Ruby. Because our bundled tools automatically resolve dependencies for you.

WordPress User Roles Explained

WordPress User Roles

If you have a website where lots of people need to have access, so they can contribute, make edits and so on, then you can’t escape the need to give each one of them their own role. By “role” we’re not talking about what they do as such, we’re talking about the kinds of permissions that they have. WordPress features 5 pre-defined roles, which at least gives you some templates that mean you don’t have to start from scratch. Hopefully one of them will roughly correspond to the level of permissions that you want your users to have, so they’ll only be able to make the kinds of changes that you have in mind and won’t be allowed to change things that are best left to you.

The List of WordPress User Roles

Here’s a rundown describing each of the WordPress user roles:

So, as we said, you need to know what each of them allows the user to do to your precious site before you go dishing them out.

Administrator

The omnipotent administrator has the run of the site, with the ability to change anything and everything. If you own the site, then you’re given this role as standard. Administrators can delete plugins and install new ones, change themes, and wield the knife with any and all posts and pages.

They can upload new images, video, and so on, add and remove users, alter names and passwords. They can also remove other administrators.

So, it should be obvious that such a powerful role should not just be handed to anyone. Only people you trust absolutely should be given administrator access.

Editor

The editor has total control of content, including posts, pages, media, and comments. The Editor label means that this person can add, edit, publish, and delete their own posts along with other people’s. They can also do the same for comments and images.

So, the editor can do most of what the admin can do, but they can’t fiddle with site settings, plugins, themes and users. For security reasons it’s considered good practice to set your new users as editors, even if you’re the only person publishing any content.

Usually, hackers as well as site visitors can see a username under each and every post on your site. They can then use that knowledge to try what’s called a brute force attack to get access to the site. Clearly, if they gain unauthorized access as an editor then they won’t be able to do anything more than superficial damage, changing and removing content, but not changing settings

Author

The next step down the ladder is the author role. Authors can write, delete, edit, and publish their own posts only. They have no control over other people’s material. They can’t create new categories or tags, but they can assign existing ones. They can also add media files.

They don’t have permission to moderate comments and can’t change settings, plugins, themes, or user profiles, apart from their own.

Contributor

Contributors can add posts and edit them, but they can’t publish or delete them. Equally, they aren’t allowed to create new categories and tags and they don’t get to upload media files. This can be pretty annoying if you use certain contributors on a regular basis, as you’re reliant on editors or authors to add their work to the site on their behalf.

They can assign existing categories and tags to their posts, and while they can look at comments, they don’t get to moderate them.

Contributors aren’t allowed to manage the settings page, so they can’t change, upload, edit, activate or deactivate themes and plugins.

Subscriber

This is the role that each user gets by default if site registrations are enabled. It sits on the bottom rung of the permissions ladder. It only lets users access their own user profile, read content and post comments.

Subscribers can’t create posts, look at comments, manage other users or change any settings.

Special WordPress User Role – Super Admin

This is an additional role unique to site owners on the WordPress Multisite Network. The Super Admin role is like an admin role in all respects, with the addition of the ability to add and remove sites on the network.

Closing Thoughts

You can help your site’s security a lot by getting to grips with the various permissions associated with these default user roles. It helps you to keep your users organized and your sites safe. If you need extra control or want to define your own user roles with bespoke permissions that fit the requirements of your website better, you might want to try the Capability Manager Enhanced plugin. It lets you handle your current WordPress roles, edit all role permissions, add new roles, and more besides.

How Formerly Skeptical IP-Projects Turned Direct Plesk Partner

How IP-Projects Turned Direct Plesk Partner

What makes our customers and partners tick? We asked Michael Schinzel, Managing Director at IP-Projects and long-term Plesk partner about what made them choose us. Seems it was a shift of perception, proper support when in need, and open discussions about prices. 

Who are IP-Projects?

The hosting company IP-Projects focuses on personalized direct customer support and its mantra is to solve the needs of its customers. And these very customers asked specifically for Plesk. Why? Because they prefer a user interface that allows them to create and manage domains within seconds – within a single platform.

Watch Michael Schinzel tell the full story of how the “rather small or medium-sized” IP-Projects powered up with Plesk. 

So, based on a pure cost /benefit analysis, Michael says IP-Projects opened up to Plesk. But it was not an instant decision.

Initial Reservations of Plesk and Change of Perception

The start was not very optimistic, as IP-Projects was rather reserved towards using Plesk. The perception was that it was a rather confusing and complicated management panel, some time back in 2011. Therefore, Michael recalls, “until the time when our former license partner had ceased to cooperate with Plesk, we did not deal with your company intensively.”

Michael Schinzel from IP-Projects

IP-Projects go from fear to finding something special in Plesk.  

“In our experience, there is no other hosting control panel with such a diverse offer.”

size: 24pt;"> 

“Only in 2014 did we become a direct Plesk partner. From that point on, Plesk established itself as a real alternative to the free dashboard we were using.” 

Finding Solutions to Critical Issues

Plesk is an added layer over IP-Projects’ server infrastructure. Their numerous enhancements such as the SEO Tools, WordPress Toolkit and Joomla! Toolkit, are also valuable add-ons for IP-Projects customers. They discovered it to be a great choice due to our management interface. But one of the strongest arguments for using Plesk is the technical support offered free of charge for direct customers.

“[Plesk Support] created several service tickets for a range of issues. And some were not even 100% coming from the Plesk hosting panel. We always received excellent support from the customer care teams. Without any additional costs. This is how we discovered that Plesk has become a reliable partner in the recent years”

Michael Schinzel

Good Value for Money

When it comes to Plesk pricing levels, Michael Schinzel believes that startups should benefit from a pricing tier dedicated to this category.

Good value for money - Plesk Panel

“This way they would be able to offer new providers good conditions to buy Plesk licenses. For example, a special discount for 1-2 years for direct partners.” 

size: 18pt;"> 

With such a settling offer in their pockets, companies on the same range as IP-Projects could build a customer portfolio faster. And once secured, they can scale up by choosing from Plesk’s solutions portfolio. Nonetheless, IP-Projects moved smoothly past this specific initial challenge. And Plesk played a key role in this regard.

How? Plesk is always open to discuss license prices and other possibilities of cooperation with customers. IP-Projects listened to its customers, as does Plesk. They both met halfway. However, being open to price negotiation is not all.

Plesk support for direct partners is the other top differentiator. Faster and leaner operations for direct partners generate happier customers – And this provides great value for money.

Not tried Plesk yet?
See how a free 14-day trial can help your business.

Are you a reseller?
You can sign up for exclusive Plesk Partner Benefits.

The Truth about Managed vs Unmanaged WordPress Hosting

Unmanaged vs managed WordPress Hosting

Quick Quiz: What Type of WordPress Hosting do you need – Managed vs unmanaged hosting?

1. Are you more of a (a) Do-it-yourself (DIY) type or b) Plug-and-play kind of person?
2. Do you usually (a) go with the flow or (b) need a backup plan?
3. When traveling, do you prefer (a) shared accommodation or (b) space for yourself?
4. Looking at your lifestyle, do you (a) go for the basic stuff or (b) comfort and security

Unmanaged vs Managed WordPress Hosting Verdict

Well, based on the above criteria, Plesk can tell you which type of WordPress user you are – the managed vs unmanaged hosting type. If you mostly picked (a), then you are an unmanaged hosting type, whereas mostly (b) choices reveal your managed WordPress hosting preference.

Disclaimer: There is no right or wrong answer and you’re fine either way. However, having a full perspective can help you make the best business decisions later on. Keep reading for more info on your business needs, the core differences and benefits of the two different hosting types.

Managed Hosting: The Plug & Play Type

Your profile tells Plesk you are part of a managed hosting category for your WordPress. You trust and rely on someone else for your hosting solution, while you focus on your core business. Going deeper, you can choose from the following managed hosting types: a) Shared; b) Cloud; c) Virtual Private Hosting (VPS); d) Dedicated. 

Love Shared Hosting?

This hosting plan is typically the cheapest. Your site shares resources with other accounts on the same server. Shared hosting is a good option as long as website traffic and your end-user base don’t outgrow the server’s resources. The downside is that noisy/resource-hogging neighbors will affect your site as all websites have to share space on the same server.

Scale up to Cloud Hosting

Multiple physical servers work together and the network shares virtual resources. If you choose cloud hosting, it means you want flexibility, resilience, and redundancy. Also, you prefer a pay-as-you-go model. However, for cloud hosting, you need good planning abilities and management skills of this environment.

VPS Hosting Fan?

This means you prefer a virtual instance on a physical server with its copy of an operating system (OS). Plus, your own resources such as CPU, RAM or any other data. You can always add more resources on your plate without the need to migrate your website.

Moreover, you get a similar level of flexibility and benefits as with a dedicated server, but with a shared cost of services. This means almost full freedom. Because you have access to everything and can install any software you want and need. No dependency on traffic or audience.

Your Own Dedicated Hosting

Are you playing in the league of big numbers of visitors? Then dedicated hosting is for you. You probably have an online store with lots of rich media that need to max out on RAM. It’s also the most secure option and provides the highest level of system control.

Therefore, you can keep noisy neighbors out of the picture. However, know that dedicated servers usually come with monthly pricing or some kind of long-term commitment. So you need to think carefully in advance regarding how many resources you’re going to need.

Unmanaged Hosting (DIY) – The Good and The Bad

Based on Plesk analysis, you love being in the ‘techy weeds’. As a DIY type, you prefer to build, configure, maintain and secure your server. While also ensuring that your website is up and performing well. As basic needs’ fulfillment is enough for you, a server with only an Operating System (OS) installed will do. You need to install and configure any additional software such as WordPress, Apache, PHP or MySQL.

Why Unmanaged Hosting Can Be Tricky

If this tips you over between managed vs unmanaged hosting, then you’re dedicated to the tricky craft of managing your website(s) and server. You love it and it costs you almost nothing. However, this may take too much time and keep you away from other more important stuff for your business and growth. Also, you may be saving money now, but in the long run, this may not be as beneficial. Consider this: your site has always been a bit slow to load, but imagine it in two years’ time. When your business and website traffic grow.

Backup plans take too much time and energy for you, but if the worst happens you may pay for it in other ways. For example, after a few days off you find your site compromised and filled with spam links to random websites. Or when something goes wrong with your manual WordPress updated and the website goes down. Constantly having to monitor your site and implement performance and security optimizations may drain you. Thus, possibly crippling your business eventually.

Plesk and WordPress Hosting –  Plug, Play and More

You’ll see many options in the WordPress managed hosting candy shop. So it’s hard to choose. But for the ones who prefer a turnkey solution for their websites, Plesk WordPress Edition with WordPress Toolkit is the right combination.

Watch and see how quick you can activate your WordPress hosting solution with Plesk.

Top Plesk WordPress Hosting Benefits

Especially when compared to shared or VPS providers, this WordPress hosting provides better maintenance and data integrity. According to market benchmarks, data hosting providers offering the ability to change the version of PHP used for WordPress score higher.

24/7 customer support 

Managed WordPress Hosting is intuitive and requires a few clicks installation. But the house’ specialty, the sweet cherry on top of the Plesk’s WordPress Hosting is our customer support. From onboarding to finish, all clients get 24/7 attention from our side, including website support and tech support for non-developers.

Automated WordPress Security, Backups and Upgrades

Another advantage you’ll welcome with open arms is the free WordPress vulnerability scanner when you create a new site. Plesk’s WordPress Toolkit security scanner goes beyond the basics and implements the latest security recommendations and best practices from WP Codex and WP security experts.

Performance and Speed 

Get Plesk with your WordPress Hosting and you’ll have this included in WP-CLI. Thus helping clients import a database, create a new user, update themes and plugins in a flash using the WP-CLI. Speaking of plugins, for an enhanced customers’ WordPress experience, any caching plugin will significantly improve your WordPress performance.

Plesk Helps 1&1 IONOS Launch WordPress Offering at WCEU

Plesk at WCEU 2019

Over 2,700 WordPress lovers attending this year’s WordCamp Europe (WCEU) event in Berlin have broken yet another attendance record. And since WordCamps continue to attract more people year after year, we get a great opportunity to contribute to the WordPress community! Here’s what went down this year, alongside our partners 1&1 IONOS.

Plesk Appeared with 1&1 IONOS for WP Pro Launch

WordCamps are the place to be if you’re after the hottest trends. Or direct feedback from WordPress users of all skill levels and profiles. Well, the voice of WordPress users is super important for us and one of the key drivers to further enhance our famous WordPress Toolkit. So we’re always happy to share our insights and help you build the perfect WordPress offering for your customers.

Plesk and 1&1 IONOS at WCEU launching new WordPress offering

Our partners 1&1 IONOS have already done just this. They introduced their brand-new WP Pro offering, powered by Plesk, to the public at our joint booth at WCEU. This new offer complements the 1&1 IONOS WordPress portfolio with a powerful package. Featuring the latest Cloud Server technology, dedicated resources for high-performance sites, Varnish Based Caching, Smart Updates and various Plesk tools. Thus, suiting the needs of professional WordPress users and agencies.

Launching Your Own WP Offering with Plesk

Now you can follow 1&1 IONOS and do the same! Launch your modern WordPress offering for web pros or agencies and build awareness for it within the community by sponsoring a WordCamp with us. Are you interested? Let us know by dropping an email to [email protected] and we’ll work together in order to make it happen!

Plesk’s Virtual Reality Surprise at WCEU

At this year’s WordCamp Europe, our booth had even more first time experiences. WordPress enthusiasts were able to feel the Plesk world at their very fingertips, through an innovative VR experience. By wearing the VR glasses and maneuvering the joysticks, our guests could step into an alternative universe. One where Elvis Plesky safely guides you down the futuristic pathways of server management.

Connecting with the WordPress Community – My First WP Install

Last but not least, we’re delighted to share with you a glimpse from the very heart of the community. Their first ever WordPress install memories. We’ll first take this opportunity to thank Josepha Haden, Marcel Bootsman, Monique Dubbelman, Dianne Wallace, Caspar Hübinger and Bas Brader. Because they graciously accepted our invite to sit down in front of the camera and let their memories flow.

Now, let’s close this review by reminding everyone that next year’s WordCamp will happen  in Portugal, between June 4-6, 2020. So see you (and hopefully even more Plesk partners) there in Porto. We can’t wait!

How AI is disrupting the Web Hosting industry

Web Hosting industry and AI

Artificial Intelligence is transforming industries worldwide – with the web hosting industry following the trend in high spirits. By harnessing the benefits of AI, Plesk is helping hosters to streamline routine tasks, reduce workloads, and consistently improve service quality. Ultimately enhancing these hosting companies’ productivity and profits. Let’s explore, thanks to our latest web hosting industry news, how you too can leverage AI for your business.

More time to increase productivity

more time to increase productivity - How AI is disrupting the web hosting industry - Plesk

The competition in the hosting industry is getting tougher. So, companies need to quickly adopt new technologies and constantly upgrade their skills if they want to survive. However, daily routine tasks leave very little room for that. AI is the perfect solution here because it can:

  1. Independently capture current stats, data and analysis, evaluate it and convert it into comprehensive key reports. Then send it to companies and clients- almost instantly.
  2. Efficiently update software, allocate resources, implement the load balancer and adjust settings to sync with changing requirements. All with little to no human intervention.
  3. Ensure optimum site performance in order to keep clients happy.
  4. Help hosting companies widen their reach by exploring new trends, web hosting industry news and market needs.
  5. Enhance service quality, and thus increase customer loyalty via support, amongst other things.

Failsafe security

Layered Security - CloudLinux Cyber Security strategy 2019 - Plesk

The increasing number of security threats has alarmed businesses of all sizes. They now demand more robust security to tackle the latest hacking tricks that traditional security methods just can’t. AI platforms can effectively identify suspicious patterns, even when smartly hidden in the code or on a remote website.

AI not only detects the most minute of changes, but also learns to handle them by itself. This is quicker and more efficient than simply alerting you – and can minimize costly damage. Moreover, it can evolve over time, constantly boosting its capability of dealing with the latest security threats.

Stable performance during fluctuations

Stable performance during fluctuations

Advanced monitoring and detection equip AI platforms with dependable prediction skills. So they can anticipate upcoming fluctuations – like traffic surges, overloading, and technical issues. This helps maintain maximum uptime, and boost performance and speed – the core factors to enhance user experience.

Improved experience for your customers strengthens their relationship and encourages them to stick to your brand for future needs. Like upgrades and value-added services. Plesk is one of many reputable platforms to offer automation for specific hosting packages, like AI tools for WordPress hosting management.

Better customer experience

Better customer experience - Hosting industry and AI

Customer service plays a key role in this hosting business, but the help section or knowledge base have their limitations. They can fail to resolve the more complicated issues, thus overloading your support staff. AI-powered chatbots can better interact with clients and offer precise solutions to resolve their issues.

Advanced AI can employ technology that quickly recognizes the customers and sifts through their history and records for key info. Overall helping to resolve more queries in less time – enriching customer experiences while helping to increase your productivity.

Moreover, AI helps develop business-friendly infrastructure tools for web hosting providers to enjoy scalability, customizable features and innovative functionalities.

The multiple benefits AI offers the web hosting industry

AI’s advanced technology can streamline the tasks, save time and efforts, enhance security and deliver better client experience. Moreover, there are various open source AI tools available free of cost – offering premium enterprise capabilities. Making them an ideal option for beginners and small hosting companies on limited budget.

Plesk also offers such capabilities at low costs – many a time with free versions available. Get in touch to find out more about how Plesk experts can help you tailor a solution that fits your business.

Our 8 Best Tech Podcasts To Keep You Motivated This Week

Our 8 Best Tech Podcasts To Keep You Motivated This Week - Plesk

Without a doubt, the web is full of podcasts for developers and programmers, but not all have equal value. In fact. many podcasts lack real substance and end up being a waste of your time. The following 8 best tech podcasts, however, are so stimulating that your colleagues would have to pull your earphones out to stop you listening to them.

this week in google podcast - 8 best tech podcasts - Plesk

This Week in Google is a weekly show which broadcasts live on TWiT.tv and is then available for download 24 hours later. Leo Laporte and Jeff Jarvis are the hosts who cover several topics. Including cloud computing, programming and, of course, news from Google.

Joining the hosts are a variety of guests from the industry who discuss current realities and future trends. The show first premiered in 2009 and has now become a major source of in-depth tech news.

best tech podcasts - Joe Casabona - How I built it - Plesk

The ideal podcast for any aspiring creator, How I Built It introduces you to the creators behind some of the tech industries’ biggest successes. Our friend, Joe Casabona, interviews product owners and developers to understand their journey from concept to realization. Entrepreneurs share their experiences of how their idea was transformed into a product or business.

Guests of the show include representatives of Time Doctor, EDD Bookings and our Plesk CTO. Joe releases a new episode of How I Built It weekly, with a running time of approximately 45 minutes.

3.  Hackable

Hackable podcast - 8 best tech podcasts - Plesk

Covering the more sinister side of the tech industry, Hackable sheds light on the reality of cyber criminality. Geoff Siskind is the host of the show and is joined by Bruce Snell, a cybersecurity expert. Together, they alert us of possible threats and provide practical solutions to protect ourselves and our systems.

By understanding the criminal mind, the show’s participants can suggest reliable security tools. Plesk’s security extensions, for example, can protect sites and servers from the threats discussed in Hackable.

4.  Clockwise

Clockwise podcast - 8 best tech podcasts - Plesk

Perfect to listen to on your daily commute, Clockwise is a technology show which is a maximum of 30 minutes long. Dan Moren and Mikah Sargent host each show with two guests who are experts in their respective fields.

The quick discussion and little banter allow you to get the knowledge you seek without wasting any time. Topics you’ll hear about during Clockwise include tech repair, hosting solutions and new device releases.

5.  Epicenter

epicenter podcast - 8 best tech podcasts - Plesk

Blockchain, Bitcoin, and De-centralized Cloud Hosting are more than just buzzwords nowadays. They’re practical technologies being used in a growing number of industries around the world. Epicenter provides you with unparalleled access to entrepreneurs, academics and policymakers whose purpose is growing the use of these technologies.

Join Brian Fabian Crain, Sebastien Couture, Meher Roy, and all their guests put you right in the forefront of this complex transformation.

Accidental Tech podcast - 8 best tech podcasts - Plesk

Some of the greatest inventions of the world happened by accident, just like the Accidental Tech Broadcast. The show was originally intended to be a car show but somehow became a tech show. The podcast’s creators and hosts are Marco Arment, Casey Liss, and John Siracusa and together they bring you a variety of tech news and updates.

Accidental Tech Broadcast is entertaining and lighthearted, while still providing valuable knowledge and reviews of the latest developments. Including hosting solutions and cloud computing. In case you’re wondering, the hosts did eventually start a car show too!

whyd-you-push-that-button podcast - 8 best tech podcasts - Plesk

Ever wondered whether you control technology or whether it controls you? This and other philosophical questions are discussed in a show that is half technology and half sociology. The hosts are The Verge’s own Ashley Carman and Kaitlyn Tiffany. And several guests join them to discover the impact which technology has on society and decision-making.

Now in its third season, the show focuses particularly on how social media affects different generations. And how to become less vulnerable to criticism from your online followers.

8.  Decrypted

decrypted whyd-you-push-that-button podcast - 8 best tech podcasts - Plesk

Decrypted is a technology show which brings you news and analyzes the most important trends in the industry. It is powered by Bloomberg and led by Brad Stone together with a team of experienced reporters. Decrypted is able to gain access where most other podcasts cannot.

Previous shows have included the AI technology used in Facebook Ads and what led to the current Tesla crisis. A new podcast is normally available every Mondays and is around 30 minutes long. Making it an ideal listen to start your week.

What are your best tech podcasts?

The podcasts featured in this list open you up to get expert knowledge and advice about important technology developments. Such as web hosting, cloud computing, and Blockchain technology. This curated list includes a mix of light-hearted and serious reporting so that you can choose the podcast that fits your current mood.

Changing WP Multisite Structure from subdomains to subdirectories and vice versa

WordPress Multisite Structure Change

If you’ve ever installed WordPress Multisite, you know the first thing it asks you to do is “Please, choose if you want the sites of your WordPress network to use subdomains or subdirectories. You will not be able to change this later.” From hereon, you’d need to follow different steps, depending on your choice, with no reversal. But life takes many turns and you may find yourself needing to change the model down the road, which WordPress doesn’t permit natively. What to do?

Here’s the verdict: you can change WordPress multisite from subdomains to subfolders and vice versa. But it requires some delicate actions, therefore we strongly suggest you backup your database, wp-config.php and .htaccess files, in case of any issues. Warning: Never do this in production.

Change WordPress Multisite from subdomains to subfolders

That is, going from http://site1.mydomain.com/ to http://mydomain.com/site1/.

Step 1

In our wp-config.php configuration file,  look for the line:

define( 'SUBDOMAIN_INSTALL', true );

and replace it with the following:

define( 'SUBDOMAIN_INSTALL', false );

Save changes.

Step 2

Go to the .htaccess file and look for the rules that are between #BEGIN WordPress and #END WordPress. You’ll have this:

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin

RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]

RewriteCond %{REQUEST_FILENAME} -d

RewriteRule ^ - [L]

RewriteRule ^(wp-(content|admin|includes).*) $1 [L]

RewriteRule ^(.*\.php)$ $1 [L]

RewriteRule . index.php [L]

# END WordPress

and we will replace it with:

# BEGIN WordPress

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin

RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]

RewriteCond %{REQUEST_FILENAME} -d

RewriteRule ^ - [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]

RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]

RewriteRule . index.php [L]

# END WordPress

Keep the changes.

Step 3

Access the database and look for the table wp_blogs, you’ll find something similar to this:

WordPress Multisite - wp_blogs table

As our intention is to move to subfolders, we must manually set all the sites of our multisite with the main domain in the domain field of the table wp_blogs. And in the path field we’ll put the name of what used to be our subdomain. This table would look like this:

WP Multisite Structure change - wp_blogs table changes
WordPress Multisite - wp_blogs table check

If you have just a few sites, you can easily do this task manually. But if you have hundreds or thousands of sites, you may want to write a small script to automate this task.

Step 4

As you know, WordPress stores all your links and so it’s necessary to have a replacement of all the URLs of all our sites. For this, you’ll need to use WP-CLI or the Search & Replace script. However, never do this manually or by making updates directly to the database, because there’s likely to be serialized information that we may lose.

Fifth step

Check that everything is working correctly.

Change WordPress Multisite from subfolders to subdomains

In case you want to pass a multisite of subfolders to subdomains, the process is exactly the same, but in reverse:

  1. For security copies of the database and the wp-config.php and .htaccess files
  2. Set the >SUBDOMAIN_INSTALL to true in wp-config.php
  3. Change the rules in the htaccess by the subdomains (more info here)
  4. Change the domain column of the wp_blogs table in all sites, establishing the subdomains of each site. Simply leave the pathfield with the bar /
  5. Through the Search & Replace or WP-CLI script, replace all URLs of the type mydomain.com/site1 with site1.mydomain.com
  6. Check that everything is working correctly.

Need a server to manage your WordPress site? Check out Plesk WordPress Edition: The right platform with all the tools you need to run a managed WordPress server – simple and secure.

Did this work for you? Let us know of any issues in the comments.

arrow icon - Plesk

Warning: Fileless attacks are on the rise

Fileless attacks are on the rise!

Ever heard of fileless attacks? This is malicious code gets a foothold on your server. Not through a certain file or a document, but by infiltrating the server RAM. Thus, exploiting various processes and vulnerabilities of the server software. They can do this via vulnerable web applications, specially formed requests, and so on.

The idea behind fileless attack

The harm that a fileless attack inflicts leaves no trace since its malware does not write any files to the hard drive. Instead, it performs all malicious activities directly in RAM. After the system reboots, the malicious code disappears – but the damage has already been done to your server. This type of threat is commonly referred to as an Advanced Volatile Threat (AVT).

Some types of malicious code harm system files, some set up malicious code for other types of attacks, and others open entry points for hackers to use other server’s vulnerabilities. Both users and security solutions, like McAfee Endpoint Security, Virsec Security Platform, and others, are not tuned for Fileless attacks. Thus, making them hard to detect.

Fileless Malware Found On Various Operating Systems

On Windows servers, hackers actively use the pre-installed system Powershell to download and run malicious code. Or they can also use BAT and VBS scripts. These techniques are now widespread since you can execute them in frameworks like Powershell Empire, Powersploit, and Metasploit Framework.

As for Linux, most installed distributions like CentOS, Ubuntu, and Debian, have pre-installed software. This usually has programming languages interpreters: Python, Perl, and С compiler – a bad practice of installing an operating system on servers. Lots of hosting servers also have PHP installed because of its huge popularity. So Fileless attacks use these interpreters.

How Fileless Malware Survives on Linux

On Linux, the easiest way to run malicious code in RAM by way of fileless malware is to use shared memory. Hence, a block of RAM shared and pre-mounted in the file system. By placing an executable file in /dev/shm or/run/shm, it’s possible to run the file directly in RAM. Remember that these directories are nothing but shared memory.

However, the content of these directories can be viewed with the ls command, which works for any other directory. Moreover, these directories are usually mounted with the noexec flag and only root can run programs in them. Therefore, more intricate types of fileless malware use, for example, the memfd_create system call (in case of the C programming language).

Interpreted languages, such as Perl and Python, which are widely used in web hosting, also offer the ability to use syscall(). PHP, which is even more popular, does not have built-in techniques to use syscall. However, there are old tricks that allow using required system calls even in PHP.

Fileless Attacks Are Increasing

Fileless attacks increase

According to research carried out by Ponemon Institute in 2018, we should expect fileless attacks to grow and make up 35% of all cyberattacks worldwide. Consequently, there will also be a decrease of regular file-based attacks.

Fileless vs file-based attacks

Fileless attacks are particularly dangerous in the corporate world since. Because Fileless malware becomes especially effective after installing in the RAM of servers active 24/7, 365 days a year. So Fileless attacks can hit any organization – like the Democratic National Committee in the US in mid-2016 for example. A hacker known as Guccifer 2.0 inserted a piece of Fileless malware into the Committee’s system and then gained access to 19,252 emails and 8,034 attachments. The document of the District Court for the District of Columbia states that Powershell scripts were used to hack the Microsoft Exchange Server of the Committee.

This intrusion resulted in the publication of a series of revelations that ended up hindering Hillary Clinton, Donald Trump’s then rival.

How to protect against Fileless attacks

Cybersecurity experts recommend the following measures to withstand the threat of fileless malware intrusion:

  1. A company that wants to protect its corporate cyber security has to be cyber-resilient and therefore stay informed about new kind of attacks.
  2. Avoid scripting languages like Powershell, because fileless malware actively exploits them. You can either delete Powershell or configure the system so that an attacker can’t exploit it.
  3. Use adapted solutions to detect malicious code – not just on the file system, but also in the RAM.
  4. Beware of Macros – they’re the most common tools on any computer and a possible entry point for fileless malware. As with scripting languages, companies don’t necessarily need to give up on all kinds of Macros. But they do need to be responsible when using them.

Fileless Attack Prevention Advice – From the Experts

Reputable sources of protection against fileless attacks stress that you need to “Keep your software up to date. As inconvenient as they can be, software updates are usually done to patch critical security vulnerabilities.” It’s one of the best practices for fileless malware protection.

As far as Microsoft products are concerned, Comparitech tell us “How to stop fileless malware”: “The main defense against any type of malware is to keep your software up to date. As Microsoft has been very active in taking steps to block the exploitation of PowerShell and WMI, installing any updates from Microsoft should be a priority.”

Ilia Kolochenko, CEO, Founder, High-Tech Bridge, speaks about the vulnerability of not keeping web applications up to date:

“It’s a very colorful, albeit very sad, example how a vulnerability in a web application can lead to disastrous consequences for an entire company, its customer base and beyond. Today, almost any critical data is handled and processed by web applications, but cybersecurity teams still seriously underestimate the risks related to application security.

Most companies don’t even have an up2date application inventory. Without knowing your assets, you won’t be able to protect them. Many global companies still rely on obsolete automated solutions and tools for their application security, while cybercriminals are already using machine-learning in their attacks when targeting and profiling the victims.”

Our cybersecurity experts at Plesk also advocate the importance of timely and regular installation of updates. Whether on your operating system, hosting server software, web applications, or CMS plugins. Right now, it’s the best way to protect against fileless attacks. Have a look at our Change Log for the latest information and released Plesk updates, and their installation procedure.