To help keep the chances for data loss to a minimum we employ a three part process for our backups.

Step 1:
Since we run cPanel as our control panel, it only makes sense to use the built-in backup system that cPanel provides. The only drawback is it can create a heavy load on the system, especially with larger accounts. If you’re using a host that only uses cPanel backups and your account uses more than 30-50,000 inodes, chances are they aren’t taking backups of your account due to this heavy load. We take a full cPanel backup of every account each week and keep those backups on hard drives on the server.

Step 2:
Every week we also transfer full backups off of each server to a completely separate datacenter. This is done in case something happens to the datacenter, we can still access account data. This is a critical aspect of our business continuation plan, and is something we strongly believe in.

Step 3:
This is the crown jewel of our backup process. Taking advantage of the industry-leading backup technology provided by R1Soft we take full backups of every file on each server 4 times each day. This includes not only all account files, but also server configuration files, operating system files, etc. Their technology allows backups to be taken without causing noticeable load on the servers, helping keep sites running as fast as they should. It also allows users to restore backups of their own files, choosing from several different restore points going back months. R1Soft provides the best system for backups, and we’re proud to be able to offer it free as a part of all of our shared and reseller plans and as an addon for all servers as well.

Step 4:
This is a bonus step, and not really a true backup method, but all of our shared/reseller servers run hot-swappable, hardware RAID-10 drives. This gives not only the best data-protection available, but also offers the best read/write speed and is another component that helps keep servers fast.

Hopefully this gives you a better understanding of how we’re working every day to keep your data as safe as we can.

So what is unlimited hosting? is it really unlimited? is it for me?

As we pointed out in a previous post, unlimited hosting is for the most part a marketing term for the same old hosting plan but with a little twist.

Hosting is not about disk space and bandwidth only it’s more about server resources like CPU, RAM, Disk Space, Network, etc… and like every other host out there that offer unlimited hosting, there’s always a limit hidden somewhere, if it’s not disk space it’ll be inodes (number of files), CPU, Memory, number of processes, number of connection or a combination of them.

How our unlimited hosting is different

What we did is we created the right mix of server resources using the right combination of server hardware, limiting the number of accounts hosted on each server to provide a good performance and not overload the server, the new plan include unlimited disk space and bandwidth, large number of inodes, CPU and RAM enough to run just about any personal website.

Is unlimited hosting right for me?

If you’re running a non critical personal site that doesn’t requires high level of server resources or top of the line server hardware and performance you’ll be fine with unlimited hosting but if you’re running a business critical website that requires an enterprise class hardware, the best performance and uptime possible then you’re better off with a business hosting plan like our GIGA and the newly added GIGA+

Some highlights of this release:

• Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
• Dashboard memory usage is reduced. Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
• The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
• A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
• Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
• Translation of role names fixed.
• wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.
• Upload error messages are now correctly reported.
• Autosave error experienced by some IE users is fixed.
• Styling glitch in the plugin editor fixed.
• SSH2 filesystem requirements updated.
• Switched back to curl as the default transport.
• Updated the translation library to avoid a problem with mbstring.func_overload.
• Stricter inline style sanitization.
• Stricter menu security.
• Disabled code highlighting due to browser incompatibilities.
• RTL layout fixes.

1. Change your admin username.
2. Use a hard to guess password.
3. Install Login LockDown

Changing your admin username

To do this you will need to login to cPanel and go to phpMyAdmin. Select your WordPress database and browse the wp_users table. Edit the first entry which should have the username “admin” and change the value to something else.

Use a hard to guess password

Your password should be at least 8 characters with a mix or upper case letters, lower case letters, numbers and special characters. If you would like a secure password generator you can find one here.

Install Login LockDown

Login LockDown allows you to set a threshold for failed login attempts before a user is blocked. From their WordPress plugin directory description:

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.

Installing Login LockDown is just like any other plugin. Download the .zip file from the plugin directory. Go to your WordPress admin dashboard and navigate to Plugins > New > Upload. Upload the zip file and activate the plugin. You can the setup your rules.

There were also several updates behind the scene, not the least of which is that MiaCMS now requires PHP5. This is good news since there are functions only available in PHP5 that will help the code execute faster, and no host should be running PHP4 anymore.

I didn’t notice any bugs while I was playing around which is always a good sign. I wonder if this will be the last major release before we see joint Aliro/MiaCMS code?

A Little Mambo History

The project started back in 2003 when Miro released an open source version of it’s commercial CMS, also known as Mambo. Many people have theorized they were just looking for coding ideas for their commercial CMS and seeing their actions a couple years ago it really wouldn’t surprise me. For a couple of years after being released Mambo was the most popular CMS available and beat our Firefox for the 2005 LinuxWorld Best Open Source Solution award. That was certainly a major feat.

Some time in 2006 Miro decided that the project had enough exposure that they wanted back in. A highly political (and apparently not very well liked) Mambo Steering Committee and Mambo Foundation was formed. This consisted of core developers, Miro staffers and Mambo community members. It was shortly after this that all core developers decided as a group to leave the project and start Joomla.

Fast forward to 2008 and there is a lot of work being done by the new developer group at Mambo. But the politics must have gotten to this group as well because they left and formed another new project, MiaCMS. Core developer Chad Auld wrote on his blog “We felt that the policies, processes, and priorities of the official Mambo Foundation were having a negative impact on the code and the community. Innovation, creativity, and team spirit have all but been eliminated. Trolling the internal forums has become depressing and de-motivating to say the least. Trying to push new code or even fixes to existing code into the core results in nothing except for long drawn out fights.” MiaCMS now appears to have a good future backed by very strong developers especially with their recently announced merger with Aliro.

Where Does Mambo Appear to be Headed?

There are still 6 people who appear to have write access to the Mambo core project on their file repository, so I guess it’s not officially dead. That being said I doubt we’ll see another Mambo release. I’d like to see it revived, but politics and code rarely mix.

Full Disclosure

In the sake of giving a little context to who I am, I have served as a Mambo core team member on the 3rd Party Standards and Guidelines team. I also started mambo-hosting.com almost 6 years ago and it was the first company in the world dedicated to hosting Mambo sites. I have had components I’ve written in the top 5 most popular downloads at the old MamboServer site. I have a lot of personal history tied into this project and really am saddened to see it come to an end like this. The good news is Joomla and MiaCMS are both going strong and appear to have bright futures.

Here are some ideas we’d like to see:

• Improved ACL. I know they are working on this and it’s the big news of the new release, but it still deserves mentioning.
• Improved search with suggested terms. When you accidentally search for “wbesite” on google you get asked if you meant to search for “website”. I actually wrote a keyword system back in the Mambo 4.5 days that had this feature. It was easier in that system because I was just working with lists of keywords and not all possible words (and languages), but with new technologies and the skills of the developers this could be doable.
• Improved extension installation. WordPress really blows everyone away on this. Their automated installer can’t be beat with anything out there now and it would be nice to see Joomla take a step in that direction.
• Improved upgrading. Again, WordPress has done this one well. Their one-click upgrade is a thing of beauty (other than the reported bug) and to see Joomla with something like this would be amazing. And no more migrating to go to a new version, that should just be common sense.
• Complete code security audit. This would be incredibly expensive, I realize, and probably not in the budget of an open source system like Joomla, but the number of issues Joomla sees compared to other systems is unusual. This is certainly due in part to the fact that Joomla is one of the more widely used systems, but also in part to the coding. Too many Joomla releases are fixing medium or high level security issues.

So that’s what we’d like to see. How about you?

Right now WP Security Scan covers:

-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security

Future releases will also address:

*one-click change file/folder permissions
*test for XSS vulnerabilities
*intrusion detection/prevention
*lock out/log incorrect login attempts
*user enumeration protection
*.htaccess verification
*doc links