Looks like bozos found a ginormous hole in Elementor. We’ve updated the plugin on all sites with it.

More details here: https://blog.sucuri.net/2022/04/critical-rce-vulnerability-in-elementor-wordpress-plugin.html

-TS Jay

Hi Everyone!

Since it appears that every company is sending an update on how they’re handling the COVID-19 crisis, now seems a good time for us to do one too.

Don’t expect this update to be nearly as serious as some of the others you’ve read. (Anyone who has hosted with us for a while should already know this.)

But first a quick note on upcoming maintenance…

One of our Phoenix ISPs will be doing maintenance on their network from 2-4AM Arizona time tonight.
Traffic should fail over to our other Phoenix network provider, but there could be a blip. They’re estimating the link will be offline for 40 minutes.

Summary: when it comes to keeping your site up and running during all this, we’re ready.

We correctly assumed that we’d see an overall spike in traffic as options for other entertainment were canceled. So, last weekend we deployed a few additional servers to ensure we had plenty of headroom to handle traffic spikes.

The last two days have been our highest traffic days ever. Seems you all are doing amazing work and creating interesting content. Great job everyone!

With respect to our teams’ health and safety, we’re having all our techs work from home. This is a change from having all our techs work from home. Wait…

*Comic pause*

Actually the only policy change request came from a tech who asked if he would be required to wear pants when working from home. (I’m not kidding, though I suspect he might have been.)

Relatedly, I’ve decided against holding web meetings with the team for a while. Not that we actually do those either. We spend the day messaging in Slack or doing voice chat.

Getting slightly serious for a moment, we’re here for you!

If your circumstances change and you need us to be flexible on payments, need a laugh, or whatever, please reach out. We’re here.

Because, we’re all in this together.

-J


While I love hosting your sites and appreciate your trust, there is one phrase above all which makes the head shaped dent in my desk deeper:
My Site is Slow

It’s often accompanied by recommendations by “experts” or ad companies to make hosting faster. Which might help with other hosts. But, on our hosting, those suggestions far too often make sites slower and less reliable.

Besides having good backups, our other obsession is eliminating every possible millisecond of hosting related page load times. Remember, our business is based on the philosophy that the better you do, the better we do. So your site being fast is best for both of us.

Which is why we’re quick to embrace performance enhancing technologies like HTTP/2 and TLS 1.3 as soon as they’re stable and have browser support.


So, when a very lovely client, “Elle” opened a ticket about site slowness, I took a different tack than my usual lamenting about plugins and ads, and then walking her through a single GTMetrix test.

Instead, she graciously allowed me to do live testing of her site with ads off and unneeded plugins deactivated. Oh boy… This will be fun!



Elle’s site has 38 plugins, which is not too bad for a high-traffic site with a WooCommerce store. It’s a bunch, but most seemed needed.

To measure performance changes, we tuned up her site, then ran a GTMetrix test before starting, and retested it after we made only the specific changes we mention below. The results speak for themselves.

It’s picture time!

The before picture… Ads & plugins are on.

The before Picture
Yick! Yick! Yick! Yick. Yick. And more yick!

Okay, we have our baseline test…


Let’s get ready for load times to tumble.

Ads off
Picture 2 – Ads are off, all original plugins are still on. No other changes.

Boom!

Do I have your attention?

Yeah, ads make that much of a difference. Page load times dropped from 35.7 to 6.1 seconds. Google PageSpeed scores jumped from 9% to 89%.

Even in the above case, a few lingering ad-related bits were still loaded, but we wanted a quick test, so didn’t bother tracking those down. Moving on.

Off with one plugin
SumoMe has been made sumo gone. No other changes.

Elle had the SumoMe plugin active, but wasn’t using it. But, it was running, and was requiring site visitors to load some elements from their servers. Deactivating that one unused plugin knocked off 3+ seconds of load time.

Plugin Minimalism For The Win

One Point Eight Seconds.

I repeat… One Point Eight Seconds to load her home page. And a Google PageSpeed score of 91%

Not just that, but the page size is a quarter of what it was, and a reduction of all the things needed to load the page from 1529 to 65.

WOW!


But alas, we had to return to reality. Ads need to be displayed. But at least we could leave off the unnecessary plugin.

The next image shows the “Ads On / Sumo Off test”. Remember, with ads on, overall page load times will vary, as different ads will load different elements. So while we saved load time from turning off the plugin, that savings gets lost here because ads drive 95% of total page load times.

Ads without Sumo

And finally the summary – with my (not-so) skilled addition of markers to show which test maps to which scores.

summary graphs
The red text or lines show which test is which. I threw out the “worse test”
result, as an ad server failed to respond, and that ran up the times.

This concludes the graphical part of my Ted Jay Talk.

Now, these results are specific to Elle’s site. But they reflect what we see almost every time we’re asked about site speed.

For our clients, site slowness generally comes down to ads, plugins, and things being loaded from servers not managed by us.

Not all the time, but almost all the time. And when we encounter things in our world, we take it as a personal challenge to find the cause and crush it.

Notes:

  1. For simplicity, we deliberately didn’t track “Onload” times. Onload times vs PageSpeed scores is a valid discussion, but it is not this one.
  2. GTMetrix testing was done from their default Vancouver Canada location. We could have selected a geographically closer site (like Dallas) to juice the results in our favor by another 100ms.
  3. We’re happy to do additional tuneups of any hosted sites. Depending on the site’s hosting plan, this may be billable time.


If you find this post interesting, have questions, or just want to drop a note, I’d love to hear your thoughts in the comment section below.

Unless of course, the question is “why is my site slow?” 🙂

-TS


One parting graph – the one for our very own, and very ugly, website.

<400ms might be possible when we can move it to PHP 7.3

Hi All,

We’ve had a bunch of questions regarding WordPress 5 and especially the new Gutenberg editor.

For those clients on our hosting plans where we do your updates, we’re going to hold off on those updates until January, maybe February, depending on what we see with respect to plugin and other issues with the new release. We’ll still be doing your other plugin updates, but would rather give all the developers a bit more time to track down any bugs – and there will be bugs.

WordPress’s built-in updates doing the won’t update to this new major version. It does minor updates within the same major version. In other words, if your site is running 4.9.4, WP will update to 4.9.5, but it won’t update to 5.0.

If you’re doing your own updates, maybe also hold off on those for a bit. If you want to give it a whirl, feel free to do so – but maybe open a (low priority) support ticket to have us take an extra backup of your site beforehand.

Thanks for hosting with us.

-TS

 

Hey All,

The Bozos have a new trick for making money and causing grief for WordPress sites – buying a plugin and then inserting ads or malware in it. Yay for their ongoing creativity. It’s a shame they can’t put this energy toward doing something useful.

Today’s affected plugin is one of our favorites – Fast Secure Contact Form. Which is a bummer since it has been fantastic for years. (As an aside, if you like a plugin, please kick a few $ towards the developers, so they keep working on it, and aren’t as tempted to sell them to less honorable folk.)

In short, the original developer sold the plugin, the new owner attempted to put malicious code in several of his newly acquired WordPress plugins which would connect to a server he owned and inject spam ads in the site’s posts.

Read more here: http://www.fastsecurecontactform.com

This is exactly what happened with the Display Widgets plugin a while back.

For all sites using Fast Secure Contact Form installed (including ours), we’re going to make sure everyone is updated to the last known good version. Same for Secure reCAPTCHA (which we don’t use).


In TS news, we’ve been doing lots of HTTPS site conversions for sites wanting to comply with Google’s newest recommendations. (This will be the subject of our next post.)

Our new CDN servers are in place and serving static content for high traffic sites. So far this month, they’ve handled about 40TB of traffic – including one post which went extremely viral & has had over 11 MILLION views in a little over a week.  We’ll be adding more sites to it, and more CDN servers in more locations as we go.

And, best of all, the TS family has grown. Please extend a warm welcome to our new tech Shawn. Yay!

Thanks for reading, and for recommending us for hosting as often as you do. We very much appreciate it, and wouldn’t be here without you.

-J

 

How to Earn Your Clients’ Trust – Even When Things Go Wrong

Uncategorized

Last week one of the ad companies a bunch of our clients use had a really hard time. However, instead of denying the problem, and putting the blame on something else, Mediavine owned it, and are doing everything in their power to make things right. This is too rare in their industry, and we have […]

Read the full article →

Mediavine choking sites…

Uncategorized

The Mediavine control panel has been crushing sites running it. We’re happy to say that it didn’t bring any of our hosted sites down, or slow servers down significantly. 🙂 But it did create a major mess for us, and sites running it. Version 1.4.x has a terrible bug that continually adds cron (scheduled) jobs […]

Read the full article →

Social Warfare is causing occasional 50x Errors & should be disabled

Uncategorized

Hi all, If you use some of the most popular themes and plugins, it’s been a rough couple weeks in WordPress land. First the Genesis theme had a bad update – 2.5.1. Next a new major version of WordPress was released – 4.8. That’s not a bad thing in itself, but it takes a bit […]

Read the full article →

The Pause That Refreshes

Uncategorized

Hi all, After a crazy last 7 months which saw us move hundreds of sites behind the scenes to our new Phoenix facility, while simultaneously growing faster than ever (thank you!), we’ve fallen behind on some important projects. Plus, we’ve worked so many late hours, ‘Walkers’ have been telling us how terrible we look. The […]

Read the full article →

Server Maintenance – March 9th & 10th from 11PM – 4AM Arizona time (UTC-7)

Uncategorized

Summary: The TechSurgeons web & email server will be moved to our new facility March 9th, starting at 11PM Arizona time. Client sites will not be impacted by this move – just *.techsurgeons.com sites and services. Estimated downtime is 4 hours. Status will be updated as we can at www2.techsurgeons.com and on Facebook. If the […]

Read the full article →