Written by Sean Valant
Monday, April 29th, 2013
WordPress has been under fire lately, though it is important to note that although WordPress has been the target that there is truly nothing the platform has done to cause these recent circumstances to occur. You may have heard about the recent distributed brute force attack, which is presently on-going still and targets the “admin” user name.
A subsequent, and slightly lower-level attack has since been launched against popular WordPress plugins, like WPSuperCache and W3TotalCache. While we did identify this circumstance very early on and take pre-emptive measure to effective mitigate this attack on our server farm, it simply reiterates a point we often try to make: please make sure your scripts and plugins are always up-to-date.
Metaphorically speaking, having out of date scripts or plugins installed is akin to having a very nice house, with a very nice door with a very nice deadbolt on it that you simply choose to not engage, effectively leaving your door wide open to anyone what wants to walk in and do as they see fit with your property.
As a web host, we provide the house, the door and the lock. We also hand you the key to the lock on the door, but we cannot force you to engage that lock, we can only highly encourage you to do so.
One thing to note in regards to keeping your script installs themselves up to date is that HostGator’s proprietary script install tool, QuickInstall, does allow you to opt in to automatic updates for WordPress and other popular scripts. We highly encourage you to utilize QuickInstall and it’s automatic update functionality.
Please take a moment to log into the dashboards of all of your CMS-backend websites and take a moment to ensure everything is up-to-date. Otherwise, you are choosing not to engage that deadbolt on your front door and ultimately welcoming in all manner of individuals who may not have your best interests in mind.
Written by Sean Valant
Thursday, April 11th, 2013
As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence. This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.
At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).
You have now changed your WordPress password, correct? Good.
The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning. No one knows when it will end. The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in. In some instances your site could even intermittently go down for short periods.
We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done. The servers most likely to experience service interruptions will be VPS and Dedicated servers hosting high numbers of WordPress installations, due to the incredibly high load this attack has been seen to cause.
If you are hosted on a VPS or Dedicated server and you would like for us to take a more severe, heavy-handed approach to mitigate this attack, we can do this via means such as password-protecting (via .htaccess) all wp-login.php files on the server. If you would like our assistance with this, please contact us via normal support channels.
Again, this is a global issue affecting all web hosts. Any further information we could provide at this moment would be purely speculation. Our hope is that this attack ends soon, but it is a reminder that we must all take account security very seriously.
We will update this blog post when we have further information.
If you have just a few WordPress sites, you can add the additional layer of security mentioned above, as well as block this attack, by following the instructions outlined in this article from our KnowledgeBase: http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack
Written by Josh Loe
Thursday, May 13th, 2010
In 2006 HostGator.com moved from Boca Raton, FL. to Houston, TX. We made the move because we could not find enough employees in Florida, also we ran out of space in the tiny office we occupied at the time. We are proud to announce that we once again are faced with this problem and are expanding even more! We have chosen Austin, Tx as our newest location.
We closed on a 102,000 SQFT office building on the East side of Austin and have already started working on getting the office setup. We have been working diligently this past week closing on the office and getting everything in line, just as we did here in Houston back in 06.
When we moved to Houston a lot of our employees stayed in the office for the first few months. We are going to be doing the same in Austin as long as zoning permits it. We are already looking to add a special area called ‘tent city’ for employees to sleep until they get situated in Austin. If you have never bunked with 10+ System Administrators you are missing out! Brent himself will be staying in the office if zoning permits. …
Written by Brent Oxley
Thursday, September 10th, 2009
HostGator recently reached 200,000 active customers and we are on pace to break 300,000 within a year.
I remember when I’d be out celebrating if HostGator managed to get two signups in a week. Now, we’re seeing thousands of signups a week. Back in the day, my celebrating consisted of nothing more than dropping the Ramen noodles or the tuna can I had in my hands and grabbing some sushi for an hour before scrambling back to work. At the time, I was a poor college student who invested every penny I had back into the business I was building.
The HostGator.com domain was registered on October 10, 2002 and here are some statistics about how many active customers we’ve had at a few points since then.
- 2/1/2003: 112 active customers
- 2/1/2004: 1,031 active customers
- 2/1/2005: 6,892 active customers
- 2/1/2006: 21,434 active customers
- 2/1/2007: 50,213 active customers
- 2/1/2008: 92,752 active customers
- 2/1/2009: 157,432 active customers
- Today: 200,000+
How HostGator Came To Be:
I’ve been an entrepreneur since I was a kid. In sixth grade, I sold candy at school and had all the kids in my neighborhood working for me. When I was 14, my cousins and I had a business where we sold watermelons from a truck on the side of a road. The deal we offered was simple, but effective: “2 for $5.”
It wasn’t until I was a sophomore in high school that I got hooked on trying to make money on the Internet. What sucked me in was the paid to surf programs such as AllAdvantage, Bepaid.com, Cashfiesta, and the like. These companies claimed they would pay you to surf the Internet while looking at ads. I created my first website on a service much like GeoCities and was able to generate over 50,000 referrals between all the programs I was enrolled in. One by one, I learned that all of the programs were a scam. I made $65 when I was entitled to over a million. …