Website nightmare week

17 replies [Last post]
PhineasSwann's picture
Offline
Joined:
09/25/2012

Been a bad week for our website. 

I had been trying to update the site, changing the WP site to the Divi theme. Thought I had it just right, took it live, and things went all to hell after that. 

First, several of the photos wouldn't load right on the animation. Then, I realized that some of the content had been changed since 6 months ago when I ported over a copy of the site to start changing it. 

And on top of that, our load speed went from a lousy 6 seconds to a business-killing 11 seconds. (I've since discovered that part of our problem is our hosting platform -- aparently GoDaddy is great for buying a domain, but lousy for hosting them).

Now it's almost midnight and I'm trying for the third time to download and reinstall a backup from four days ago. And my SO and I have been fighting about it all day. She wants to hand it over to our daughter, who does marketing and wants to take it from WP to Squarespace. I don't want to lose WP's flexibility, but Squarespace might be the right way to go since I apparently have made the site too complicated. 

Gonna cool down, get the backup running, and then try and make up with everyone in the morning. 

 

__________________

Darren
Innkeeper & Owner

 

An Old Tavernkeeper's picture
Offline
Joined:
05/04/2014

Wordpress is a hackers dream.  It is probably time to move to a better functioning, easier to use and more secure platform.  

Sucuri reports that 39.3% of wordpress sites hacked were out of date.  That also means that 60.7% of wordpress sites that were hacked are completely up to date.  That is a problem.

Your ssl certificate appears secure but has a key usage error and a basic constraint error.  Not usually a problem but in this case it is because it is not properly validating the sha value.  So it says it is secure, which your site was until it allowed itself to be sitting on a server with the Tomcat DOS vulnerability.  So the moment I accessed your site it looped and tried to backdoor code onto my PC.

So I backed out and used the Apache ping and trace tool.  https://tomcat.apache.org/security-9.html

In pinging your site I found the feeding Apache Server still has the Tomcat vulnerabilty, and that was announced June 20 and should have been fixed within 48 hours.  It looks like only the cisco opendns servers 208.67.222.222 and 208.67.220.220 have a trully safe version of your site. Even the google dns server 8.8.8.8 feeds your site to visitors with the vulnerability.  I have reported it through my work, and I would guess your problem stems with godaddy, but that's a guess.  Bigger is better until they get fat.  (Not your site per se, but the server where the code is sitting right now is not up to date.  Won't hurt you but visitors to your site get immediately pinged from somewhere in the middle east. I am on my work PC and it lit up like a neon sign)  I am hoping I am hitting the old host, not the new one, but idk.

https://www.us-cert.gov/ncas/current-activity/2019/06/20/Apache-Releases...

And just a design thought, the photos are beautiful but I would move the Inn name to the very top, not required but when I do consulting for alphabet we scrape only the first 64 characters (tabs don't count) but if the image is above the text, it will take forever to get indexed properly.

Most importantly you are using the 'super simple'  google analytics imbed, but you don't have an exposed meta data footer, a site search or a site map.  These are alphabets absolute key no-nos..  Without that you are killing your search value.  If you use the SSGA plug in then there is no need to send the bot to reindex your site as often, it will depend on what SSGA reports rather than on reality.  I know it is fun to do your own site and it is expensive when you hire someone with more than simple design skills but.....

Great looking Inn, best of luck, Janet

 

 

 

 

 

 

__________________

Reach out your hand if your cup be empty If your cup is full may it be again

 

dumitru's picture
Offline
Joined:
10/07/2013

Glad to hear that the storm is over. Some notes:

1. Trying to access your website from Germany lands me on the WordFence firewall block list Sad Is that intended?

2. Running tests via Pingdom and GTMetrix shows that your WWW version of the website redirects to the non-WWW, which causes an extra 1.x seconds of waiting time. Make sure that you are consistently linking to your website one way or the other. For example here on the forum your signature link uses the WWW version. 

3. From talking to multiple people about Divi, the number one complain about it is the difficulty to move away from it. So websites created with Divi become a mess once you switch to something else. Maybe something to consider.

4. As for hosting: I've had moderate results with inmotion (which was mentioned here) and some of their backend tools. Switching to SiteGround was a blessing, as I've never gotten better loading times than with them and their native caching plugin. Maybe something to consider too. 

Good luck with the website, hopefully you can share some stats in a few months, tell us if things have considerably improved or not Smiling

__________________

https://www.hermesthemes.com/ - WordPress Themes for Independent Hotels, Inns and B&Bs

 

PhineasSwann's picture
Offline
Joined:
09/25/2012

Great feedback. Some answers:

1) Yes, I've blocked most of the EU, Russia, Asia and parts of South America. I just had too many hackers from Germany trying to crack my site. The risk of having my site hacked vs. the few German guests I get made it necessary, but not a happy decision. 

2) I am trying to resolve the www issue. Everything I've read said it's better to not use www, but in switching to the new hosting I've suddenly had an issue with it. Should have it worked out in a few days. 

3) I heard that complaint too. I had made the decision to accept that negative and move forward, but after my snafu I've moved back to my old theme for now. I've heard customers say they like it, and one or two say it looks a bit dated. Would appreciate others' thoughts on this. 

4) I did activate SiteGrounds native caching plugin and did notice a great improvement. Where before it took more than 3 seconds for the GoDaddy server to even start responding, now SiteGround gets my entire site loaded in that time. 

I'm watching my analytics to see if my traffic increases. One interesting stat from the first few days is that my time on site is down, but page views are consistent. So people are still prowling through the site, it just doesn't take them as long now. 

JimBoone's picture
Offline
Joined:
12/18/2014

PhineasSwann wrote:

3) I heard that complaint too. I had made the decision to accept that negative and move forward, but after my snafu I've moved back to my old theme for now. I've heard customers say they like it, and one or two say it looks a bit dated. Would appreciate others' thoughts on this. 

PhineasSwann, I'm no expert and this is just a general comment from an old guy, not directed specifically at your site, more as to sites in general being "dated".  My original site was DIY in FrontPage, went through another program for a time before EN helped me into a responsive WordPress site.

Guess my point of a comment is that my site still has the layout of my original site, I update pictures and words, but as an old fashioned guy, I go to a site for information, not to be entertained, I've had most guests comment favorable that my site was simple to use. I see many sites that are works of art, yet the basic information is hidden. Again not directed at your site, just a general comment.

__________________

Jim & Maxine

 

PhineasSwann's picture
Offline
Joined:
09/25/2012

Migration complete. It still make take a little while to propagate to all servers, but the improvement in speed is nothing short of phenomenal. Instead of taking 4-6 seconds for the site to even start loading from the GoDaddy severs, in 2.4 seconds it's now fully loaded. 

Wish I'd done this several years ago. Was just afraid of upsetting the applecart. 

Momma Smurf's picture
Offline
Joined:
12/06/2010

It is so much faster, but https content is still mixed and there's a warning: Connection is not Secure  Parts of this page are not secure such as images.

__________________

The Truth and an Open Mind Shall Set You Free

 

PhineasSwann's picture
Offline
Joined:
09/25/2012

We didn't have our SSL set up the first hour. It's up now and you shouldn't see it now. It should show as a full Https site.

Momma Smurf's picture
Offline
Joined:
12/06/2010

yes

PhineasSwann's picture
Offline
Joined:
09/25/2012

I'm in the middle of moving to a new hosting site. Should change in the next 48 hours and hopefully we'll see a significant speed improvement. 

Momma Smurf's picture
Offline
Joined:
12/06/2010

It IS taking super long to load.  Plus you are showing a mixed content unsecure flag.  Double check your code to make sure every image and link is https.  I had this happen to us and it turned out that our background photo was still http. 

Are you using the WP plugin Really  Simple SSL? That may help figuring out what's up.  The site could be circling back with redirects.

Generic's picture
Offline
Joined:
02/24/2011

I remember when I screwed up. Thought it was the end of the world... a few days later, all was good. I'm with inmotion

__________________

Permission to quote in whole or in part, other than usage on this forum, is entirely forbidden.

 

Anon Inn's picture
Offline
Joined:
09/26/2011

Just took a gander at Inmotion.  Have you used Boldgrid for WP?

Generic's picture
Offline
Joined:
02/24/2011

Nope. I use WPBakery, which previously was called Visual Composer, which came with my theme. I've become proficient with it. I don't actually use the Visual part of it, but the underlying "boxes" and I've bought a few add-ons to do some neato stuff for my website.

Didn't even know about BoldGrid.

JimBoone's picture
Offline
Joined:
12/18/2014

I'm no expert, but for whatever it is worth I've been very happy with these folks for hosting https://khimaira.com/ that forum member Empty Nest suggested to me several years back. Have found them reasonable and real people to call and speak with when I had a need.

Anon Inn's picture
Offline
Joined:
09/26/2011

What he said.

Hillbilly's picture
Offline
Joined:
10/22/2011

JimBoone wrote:

I'm no expert, but for whatever it is worth I've been very happy with these folks for hosting https://khimaira.com/ that forum member Empty Nest suggested to me several years back. Have found them reasonable and real people to call and speak with when I had a need.

I completely agree with you! They are great!

__________________

Hillbilly

 

gillumhouse's picture
Offline
Joined:
05/22/2008

Gonna cool down, get the backup running, and then try and make up with everyone in the morning.

That sounds like an excellent (and safer) plan.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.