Hi All,

We’ve had a bunch of questions regarding WordPress 5 and especially the new Gutenberg editor.

For those clients on our hosting plans where we do your updates, we’re going to hold off on those updates until January, maybe February, depending on what we see with respect to plugin and other issues with the new release. We’ll still be doing your other plugin updates, but would rather give all the developers a bit more time to track down any bugs – and there will be bugs.

WordPress’s built-in updates doing the won’t update to this new major version. It does minor updates within the same major version. In other words, if your site is running 4.9.4, WP will update to 4.9.5, but it won’t update to 5.0.

If you’re doing your own updates, maybe also hold off on those for a bit. If you want to give it a whirl, feel free to do so – but maybe open a (low priority) support ticket to have us take an extra backup of your site beforehand.

Thanks for hosting with us.

-TS

 

{ 0 comments }

Hey All,

The Bozos have a new trick for making money and causing grief for WordPress sites – buying a plugin and then inserting ads or malware in it. Yay for their ongoing creativity. It’s a shame they can’t put this energy toward doing something useful.

Today’s affected plugin is one of our favorites – Fast Secure Contact Form. Which is a bummer since it has been fantastic for years. (As an aside, if you like a plugin, please kick a few $ towards the developers, so they keep working on it, and aren’t as tempted to sell them to less honorable folk.)

In short, the original developer sold the plugin, the new owner attempted to put malicious code in several of his newly acquired WordPress plugins which would connect to a server he owned and inject spam ads in the site’s posts.

Read more here: http://www.fastsecurecontactform.com

This is exactly what happened with the Display Widgets plugin a while back.

For all sites using Fast Secure Contact Form installed (including ours), we’re going to make sure everyone is updated to the last known good version. Same for Secure reCAPTCHA (which we don’t use).


In TS news, we’ve been doing lots of HTTPS site conversions for sites wanting to comply with Google’s newest recommendations. (This will be the subject of our next post.)

Our new CDN servers are in place and serving static content for high traffic sites. So far this month, they’ve handled about 40TB of traffic – including one post which went extremely viral & has had over 11 MILLION views in a little over a week.  We’ll be adding more sites to it, and more CDN servers in more locations as we go.

And, best of all, the TS family has grown. Please extend a warm welcome to our new tech Shawn. Yay!

Thanks for reading, and for recommending us for hosting as often as you do. We very much appreciate it, and wouldn’t be here without you.

-J

 

Last week one of the ad companies a bunch of our clients use had a really hard time. However, instead of denying the problem, and putting the blame on something else, Mediavine owned it, and are doing everything in their power to make things right.

This is too rare in their industry, and we have been so impressed by how they handled the situation, that it’s worthy of a post. (Especially since we grumped about the problem when we were dealing with it.)

For many of our clients, their site is how they earn their living. Some earn revenue through their stores, but most use advertising to earn revenue. Unfortunately, placing ads on a site introduces a lot of complexity to allow for tracking, changing out ads, and preventing fraud. And with greater complexity comes a greater chance of failure. (This complexity can often manifest as slow page load times, but that’s a topic for a different day.)

In this case the issue was their plugin. One of the things it does is to schedule daily and weekly tasks. However there was a bug where with every hit to the site, it added new daily and weekly tasks for clients’ sites to do.

Uh oh. You can imagine what happened with very busy sites. Yup, they were very busy scheduling new tasks, and then trying to run all the scheduled tasks. One site had over 900,000 tasks scheduled. The hamsters powering the servers were very busy – we noticed higher database & server loads than normal, had just figured out the culprit, and were executing a fix when a client forwarded the most amazing message with the subject…

“IMPORTANT – ACTION REQUIRED IF YOU ARE RUNNING MCP PLUGIN!”

Whoa! An email from Mediavine sent to their clients admitting the problem, giving a quick explanation of what happened, providing instructions on how to fix it, offering help if necessary, and promising to make things right.

Wow! That’s awesome if true! Yeah, I admit it, I’m a bit cynical at times. Those times being days which end in “y”.

The instructions matched up with what we had been doing – turn off the plugin and clean up all the scheduled tasks. Score one for them in properly analyzing the problem and providing useful info to fix.

They continued to communicate well regarding what pitfalls folk might encounter trying to fix the problem, what each subsequent iteration of the plugin did, and ideas for how to resolve them. Score another point for them.

We were pretty worn out from cleaning things up, so I wasn’t tallying the points they were scoring, and I somewhat sarcastically (You, sarcastic?) tweeted if they’d at least send us pizza & emailed a crankyish note to see if the “make things right” included us, as we really didn’t want to bill clients for spending so much time cleaning up something not in their control.

Amber at Mediavine responded pretty quickly in the affirmative. She wasn’t defensive and didn’t try to put any spin on what happened. So different from others we’ve dealt with!

Okay, now I’m starting to feel more confident about them. They’re doing the same things we try to do in the event of an emergency: “Be transparent about issues, get fixes out, keep communicating, and figure out how to not have the same problem again.”

Too many companies don’t realize how important this is.

People don’t really expect perfection. We all gripe and grumble when things aren’t working right. But so long as we’re treated with respect and know that the people dealing with the problem are doing their best to get it solved, are communicating the issues and possibilities, and then making an effort to address consequences afterward, it’s easier to accept those (hopefully few) imperfect times.

Mediavine has done all we could want, and more.

Troubleshooting live server / software events is a bit like dealing with a high-speed tire blowout while driving a school bus full of kids – but thankfully, without the physical risk.

  • First you need to get the bus safely stopped on the side of the road.
  • Then you need to figure out how to change the tire – maybe enlist some passengers to help.
  • Simultaneously, you need to reassure everyone that they’re safe & will be back on the road soon.
  • Then, before going full speed, you test that the new tire can handle freeway speeds
  • And then afterwards, get everyone cleaned up, and figure out if there are better tires that won’t blow out.

As a result of how Mediavine handled the plugin ‘blowout’, we’re now comfortable recommending them to clients looking for an ad service. They earned our trust. And we’re looking forward to working with them on ways we can better care for our mutual clients.

-TS Jay

P.S. Yes, we’re getting pizza. 🙂

The Mediavine control panel has been crushing sites running it.

We’re happy to say that it didn’t bring any of our hosted sites down, or slow servers down significantly. 🙂 But it did create a major mess for us, and sites running it.

Version 1.4.x has a terrible bug that continually adds cron (scheduled) jobs to a site’s list of things to run. Ultimately, it chokes the site’s and servers database, plus causes the server to run the daily & weekly jobs multiple times a second.

They sent out an emergency alert to their clients about it. The alert says to deactivate the plugin, delete it, reinstall the newest version  (1.5.1), and then activate it.

We’ve followed the process for our clients, and have at least installed (but not activated) version 1.5.1.

Since the plugin added so many lines to the cron part of a site’s database, not all plugin re-activations have been successful. If your site is one of them, please let us know, and we can try to manually clean out the database to see if that fixes it.

-TS

P.S. Send chocolate.

Hi all,

If you use some of the most popular themes and plugins, it’s been a rough couple weeks in WordPress land.

First the Genesis theme had a bad update – 2.5.1. Next a new major version of WordPress was released – 4.8. That’s not a bad thing in itself, but it takes a bit for plugin authors to catch up with changes in WordPress. Automattic released a new major version of Jetpack. And finally the Social Warfare plugin broke hard.

If you want to read about the Social Warfare bug, here’s a link to the report – http://bit.ly/2soiNL9. We recommend disabling the plugin until the next update. (For those keeping track, this is the second time the plugin has broken in a bad way.)

We’re not convinced Social Warfare is the only source of the 50x errors (Server Unavailable or Internal Server errors), so will continue to seek out the gremlins.

Thanks for hosting with us,
-TS

The Pause That Refreshes

Uncategorized

Hi all, After a crazy last 7 months which saw us move hundreds of sites behind the scenes to our new Phoenix facility, while simultaneously growing faster than ever (thank you!), we’ve fallen behind on some important projects. Plus, we’ve worked so many late hours, ‘Walkers’ have been telling us how terrible we look. The […]

Read the full article →

Server Maintenance – March 9th & 10th from 11PM – 4AM Arizona time (UTC-7)

Uncategorized

Summary: The TechSurgeons web & email server will be moved to our new facility March 9th, starting at 11PM Arizona time. Client sites will not be impacted by this move – just *.techsurgeons.com sites and services. Estimated downtime is 4 hours. Status will be updated as we can at www2.techsurgeons.com and on Facebook. If the […]

Read the full article →

Emergency Update: Security flaw in NextGen Gallery Plugin – all sites updated

Uncategorized

Hi all, We’ve updated all hosted sites with the NextGen Gallery plugin installed to the latest version. There was a significant security hole in older versions, which would have allowed an attacker to retrieve info from the site’s database. More here: https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html -TS    

Read the full article →

Problem with latest Yoast SEO plugin (wordpress-seo)

Uncategorized

Howdy all, The latest update to Yoast SEO will break sites running on PHP 7.0 – our default version. We’ve (hopefully) disabled updates for that plugin by changing permissions on the folder to “read-only”.  As soon as we hear of a fix, we’ll change its permissions back, so it can be updated. -TS    

Read the full article →

How your computer can find a website by its name. – DeGreekifying Technology #1

Uncategorized

This is the first in a series of posts designed to help explain how computers and the Internet work in plain English. This series was inspired by our friend Mercedes M. Yardley. Have you ever wondered how your web browser can find a website like Google automatically? You can’t just key a name into your […]

Read the full article →