WordPress hosting done right. done fast. done secure

GET STARTED
Menu

Why is my WordPress shared web hosting breaking, my hosting company is asking me to upgrade

error 502

WordPress hosting is a complicated subject.

A lot of people are wooed with low monthly prices for shared web hosting.

These accounts are not usually optimized for hosting WordPress web sites.

The hosting company doesn’t tell you , but the resources available to running your website are limited. When these resources run out, your site will suffer an outage. When this occurs, they’ll try to upgrade you to a plan with more resources.

What is using up all your resources in the first place :

  • WordPress is fairly resource heavy in the first place
  • older versions of php use more CPU resources. Each generation older uses about 3x more resources than you need. On shared web hosting you generally can’t upgrade your WordPress
  • you might have a resource heavy theme
  • you might have resource heavy plugins. the ‘p3 profiler’ plugin can help you review this.
  • the most likely resource hog is a DDoS attack. These happen to ALL WordPress installs. If your host doesn’t take steps to mitigate DDoS hits, then the DDoS hits will absorb all your resources. It ends up like an inbuilt upgrade trigger for them.

What is a DDoS attack ? and how do I know if it’s going on, and why my site?

DDoS stands for Distributed Denial of Service attack.

There are unscrupulous computers across the globe trying to break into WordPress sites all over the globe. Why ? why are they breaking into my site ? I don’t even sell anything ? Well they are mostly trying to add your site to their network of attacking servers. It’s not personal, its automated.

The DDoS attack is usually 1 of a few things:

  • xmlrpc.php website hits. These can be a number of things, including password guessing, attempts to put in comments, attempts to find old insecure code.
  • wp-login.php login attempts. They are guessing passwords.
  • attacks on plugins to find old insecure code

How do you know if it’s going on ? The main way is to look into your access.log files. Sometimes you can view these through your web hosting control panel. They won’t appear on google analytics as they aren’t real users.

The main way people stop these attacks include:

  • the hosting company should be using something like fail2ban. If they aren’t it will be hard to convince them they should.
  • delete xmlrpc.php. This will help short term if its an xmlrpc attack
  • block xmlrpc.php in .htaccess
  • if you have a VPS – using cxs and lfd – this can all be automated for you
  • install ‘WordFence’ plugin. And use its options to block repeated attacks and password guessing.
  • use ‘wp super cache’ or ‘wp-rocket’ – both save a lot of resource usage (but dont help much if it is a DDoS attack)

Upgrading your plan with the hosting company is poor because:

  • why did they sell it to you in the first place ?
  • how do you know there will be enough resources on the next plan
  • if they don’t fix the DDoS problem then no matter what plan you use it won’t have enough resources
  • if the new plan still has old versions of php, you’ll still use too many resources.

By on October 20th, 2016

Email or call, and we can arrange a time to chat call 0412927156 or CONTACT US TODAY!