As you may know, my site was down from just after midnight Sunday, through this morning. I’ve been pleased with Register.com for the most part – I have purchased nearly a dozen domains from them, host my email through them, and have been hosting my website there for several years. In fact, after the most recent down time last month, I renewed my hosting through 2018. Alas, I shouldn’t have.
WordPress is a fabulous blogging platform, but there are holes that some hackers try to exploit. Keep your passwords secure, don’t use the admin login name, keep WordPress updated, don’t allow users to register & upload files etc etc. Lots of things you can do. Unfortunately, what happened to me (I think – since Register.com is essentially incommunicado and can’t tell me much) is a huge burst in traffic from people trying to exploit my site. Register.com has my site on the same server as other sites (though my husband pointed out that they should have been on separate virtual machines, but that’s neither here nor there) therefore they automatically disabled/suspended my website. One would think that such an automated process would have some sort of output to explain what triggered the process, but apparently they do not.
I called, and after holding & being transferred, received an extremely condescending woman who kept stressing the “free” part of open source WordPress, that it *will* be hacked and this *will* happen again – she also over and over again made comments about WordPress being so easy “a 12 year old could do it” but that hacking WordPress was also “so easy a 12 old could do it” and to “Google it.” I was so stressed and frustrated that I nearly snapped her head off. Side note, as sexist as it sounds, my husband’s friend said if you get a woman on tech support, just hang up. So far, I have found this to be true. It’s not that they don’t know what they’re talking about, they can just be incredibly rude. I suspect it may be a defense mechanism since women in tech jobs are often assumed to know nothing (been there, done that myself.) Again, not being sexist, just a generalization made by someone with lots of experience, that proved true for me!
I explained that yes, I knew WP could be exploited but that I always “dotted my is and crossed my ts” to make sure I was as secure as possible. She told me that no, that wasn’t true because I was running PHP version 4. She then went into a whole rambling that I didn’t understand (being married to a security engineer I am used to saying “I have no idea what you’re talking about.) I’m not stupid, I have taken MCSA, NET+ and A+ training and have done perfectly fine with basic edits & coding – but I have to know what you’re talking about and where to find the file. She again tells me it’s so easy a 12 year old could do it and to Google it. Well I spent more than an hour Googling it a million ways, searching through every folder in my cPanel, and never found the php.ini file she said I should have. Finally, I found a drop down menu with options “4, 5 or system default.” I changed it from system default to 5.
All was fine and dandy for maybe an hour, then my site was suspended again, and yet again, I couldn’t even get into my cPanel (and of course, no word from Register.com letting me know.) The female rep made a big point of telling me that per the service agreement, if this happened a third time, they would delete my site. Essentially as though it was something I had done wrong, but she couldn’t tell me what it was or how to fix it. (I explained that I would gladly fix or change whatever needed to be done, if they could tell me what it was, and that I would be happy to pay them to fix it instead.) Another phone call & a 20 minute wait (even though their system said an estimated wait time of 1 minute) and still no answers. This time my husband talked to the rep (a man this time) and he said they still had no idea why it happened since it was an automated process and that it could be 48 hours before they could even tell us why.
All yesterday I checked to see if I could get into my cPanel and finally last night I got in, so I could start downloading my database etc. Note that throughout this process, not once did they call or email me to let me know what was going on at all.
Anyhoo, what’s going on right now is buh-bye register.com. I will lose the money I just paid for 5 years of hosting, but it is worth it. I have no idea why they make it a point of advertising WordPress installs when clearly they have no idea how to handle WordPress, and from the female rep’s attitude, if you run WordPress, they don’t want you as a customer – maybe if you have a developer at your beck & call, but the beauty of WordPress is that anyone can do it.
So what am I doing? Moving to WP Engine (that’s an affiliate link but I haven’t been compensated for this post in any way – I am paying for my service.) Why WP Engine? Because they know WordPress! They have the security features and expertise that other hosts simply do not; they do automatic daily backups, one-click restore points, automatic caching, malware scanning (if your site gets hacked, they’ll fix it – free…really) and much more. No, it’s not cheap. However, it’s worth it. WP Engine is considered “managed hosting;” you don’t have to worry about waiting to update your WordPress install for fear of something breaking. No worries about what plugins will & won’t work, they do it all.
Now I can spend my time on my content, not fretting over my hosting and dealing with days of down time.