- Acquia Drupal 220.127.116.1130
- BlogEngine.NET 3.3
- DotNetNuke (DNN) 18.104.22.168 Platform
- Gallery Server Pro 4.0.1
- Joomla 3.6.2
- mediaWiki 1.27.1
- Moodle 3.1.2
- nopCommerce 3.80
- Orchard 1.10.1
- osCommerce 2.3.4 NEW
- phpMyAdmin 4.6.4
- SilverStripe CMS 3.4.1
- WordPress 4.6.1
Well, yes I am. If you aren’t using it.
WordPress is the world’s most popular blog, CMS, framework, magic trick – however you classify it, it’s behind almost 20% of the world’s self-hosted websites, and that’s a lot of sites. More than 75 million, they say. So odds are you’ve installed WordPress at least once, if not half a dozen times, over the years.
But where, oh where are those WordPress installations?
We find a lot of them in /test directories, or in abandoned /blog directories. We find them there because they get compromised, and we’re called in to clean up the resulting mess. And that mess can go very deep, and spread out well beyond the WordPress directory.
Since WordPress is so popular, it’s also the target of more compromises than any other third-party application that you can install. So what often happens is someone installs WordPress to try it or test it, and then they forget about it. But they don’t delete it. So there that old installation sits.
And the longer it sits without being updated, the more vulnerable it is to compromise by the bad guys. If you think they’ll never find it because you cleverly installed it in a random directory that you don’t link to from anywhere, think again. The bad guys have bots – lots and lots of bots – and spiders, and all they do, all day every day, is look for wp-admin pages to exploit.
If you are actively using WordPress, that’s great, all you have to do is keep it up to date and your chances of being compromised are vastly reduced (they don’t go away, but they’re reduced). If you use WordPress but you’re not someone who logs in to the WordPress admin back end every day, you might consider setting up automatic updates.
Another thing you can do is delete the “admin” user that’s created when you first install WordPress. Give your everyday user admin permissions and delete that admin user. I know, it’s scary, but do it! That will make it harder for the bad guys to exploit you using a brute force attack on your admin password.
Active WordPress installations aside, the best thing you can do is look around for old, unused WordPress installations and get rid of them. And while you’re in there digging around, you might want to delete any other applications that you aren’t using. Look at it like a kind of year-round spring cleaning. It will make your domain more secure and potentially save you from a real headache down the road.
Microsoft introduced WebMatrix as a free and lightweight IDE for web developers back in 2011. During the 2011 //BUILD conference, Microsoft introduced WebMatrix v2 beta. I remember that, because I was there too – on stage to announce our free WebMatrix v2 beta hosting sandbox.
I personally thought WebMatrix was a useful tool (when you didn’t have Visual Studio or didn’t want to install Visual Studio). Whenever I was on a computer or laptop that didn’t have Visual Studio and I needed to do some website work or show someone something on their laptop, I usually ended up installing WebMatrix.
But all good things must come to an end.
In early August, in the Microsoft IIS.NET WebMatrix forum, it was announced that there will be no more future development work on WebMatrix. So the last version is 3.0 and there will be no more updates and no more bug fixes. Since Microsoft introduced Visual Studio Code – a new free cross-platform IDE, they are pushing developers to transition to that tool now.
At DiscountASP.NET and Everleap, we support WebDeploy and will continue to host sites developed with WebMatrix, but for developers who rely on WebMatrix, you will need to make the transition to a new tool in the near future.
The third .NET Conf UY is taking place September 29th through October 1st in Montevideo, Uruguay.
Get the very latest on Microsoft technologies, including HoloLens, .NET Core, DevOps, Docker, Universal Apps, Windows 10, Internet of Things, Xamarin, Sharepoint, Office 365, SQL Server and Visual Studio. Hob-nob with top experts, and enjoy a unique opportunity to learn, share and network. Workshops, conferences and fun are all guaranteed, in an informal, friendly environment.
Sound good? You’ve always wanted to see Uruguay, haven’t you? What better time. Montevideo is a beautiful, modern city, and if you buy your ticket before August 31st, you’ll enjoy access to the entire conference for only $10!
HTTP Error 502.5 – Process Failure
Don’t worry. Nothing on our server or your site is broken. You just need to modify the web.config file a bit or create one in the appropriate directory because the AspNetCoreModule is the default handler for processing files.
I’ll show you how in this guide where I have an ASP.NET Core 1.0 application in the root and WordPress in a sub-directory. Since I don’t want to memorize web.config markup language, I’ll let IIS Manager do most of the work for me.
Log into your site using IIS Manager and highlight the folder WordPress was installed to, so that the web.config file in that directory will get modified or created if there isn’t one.
Double click on the Handler Mappings module.
On your right, select View ordered List…
Using the Move Up/Move Down Actions, move PHP##_via_FastCGI to the top where ## represents the PHP version number that you are using. This will create the necessary markup in the web.config file in the WordPress directory without affecting your other web.config files.
Now click on View Unordered List…
Highlight aspNetCore and click on Remove. Don’t worry, this doesn’t delete the AspNetCoreModule. It just removes the handler mapping (i.e. entry in the web.config file), and voila, your PHP application should be working again.
Now that we have launched ASP.NET Core 1.0 on DiscountASP.NET, here is a sample tutorial on how to successfully publish an application. First, make sure you have installed the pre-requisites on your computer to support an ASP.NET Core 1.0 application within Visual Studio. In this guide, I am using Visual Studio 2015 Community Edition.
Preparing a Sample Application
- Launch Visual Studio.
- Select File -> New -> Project (CTRL-SHIFT-N)
- Select ASP.NET Core Web Application (.NET Core), name your application and click on OK.
- For the ASP.NET Core Template, select Web Application and click on OK. Immediately, in the Solution Explorer window on the right hand side, a yellow pop-up window will open saying “Restoring Packages.” Wait until that finishes as the references for your application are being downloaded and added to your solution.
Publishing the Application via Web Deploy
- Log into your DiscountASP.NET Control Panel.
- Click on the Account Info/Edit link under the Account Management section in the menu to your left.
- Scroll all the way to the bottom and click on the Download Web Deploy Publish Settings.
- Download this PowerShell script from GitHub and place it in C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\Extensions\Microsoft\Web Tools\Publish\Scripts\1.1.0\publish-module.psm1 or wherever you installed Visual Studio to (e.g. if you changed the drive letter to E:)
- Now in Visual Studio, go to Build -> Publish appname. In the Publish window that opens, select Import.
- Find the publish profile you downloaded earlier from our Control Panel and click on OK.
- In the Connection section, you’ll notice the fields are already pre-populated for you. You’ll need to make a slight modification to the Server field by appending this query string:
Replacing domain-name.com with the domain name associated with your hosting account. The full line should look something like this:
- Click on the Validate Connection button to make sure you get a green check mark. If you don’t, you can open a support ticket to have one of our staff members recycle the Web Management Service for you. Sometimes the Web Deploy service on the server gets “stuck” and recycling usually fixes the problem. At this point, you can go ahead and click Publish if you want. Clicking on Next will allow you to further refine some configuration settings before deploying.
Tips/A Few Things to Note
- Publishing to a sub-directory does not work at this time. That should be fixed in an upcoming update.
- If you’re having trouble publishing, double check that your antivirus/firewall is not blocking port 8172.
- ASP.NET Core 1.0 is only supported on our newer Windows 2012 R2 servers. If your hosting account is not on this platform, please open a support ticket to have it migrated. The migration process takes about 30 minutes unless you have a large number of files.
- If you’re having trouble getting your ASP.NET Core 1.0 application to work and don’t know where to begin to debug, make sure you enable error logging in the web.config file. Change the stdoutLogEnabled to “true” and create the directories that will store the log (e.g. “.\logs\stdout”). It is not enabled by default.
If all goes smoothly, your site will look something like this:
It’s installed and available right now on all of the IIS8 servers. If you want to use Core but your site is on an IIS7 server, we can migrate you to IIS8. Just let us know.
The only known issue at the moment is deployment only works into your root directory. We’ve let Microsoft know that there’s an issue deploying to a subdirectory, and we expect that they’ll fix that in a future release.
We’ll be publishing some posts soon on developing with ASP.NET Core 1.0. Stay tuned.
With the launch of SQL Server 2016, one of the new features you might be interested in is Stretch Databases. It’s basically a data archiving feature which will move your data from your current SQL database to an Azure SQL database for storage, while still allowing the archived data to be queried.
It’s a great idea if you have a very large and growing database and need to keep a history of that data for use later. A perfect example would be a customer orders table. I won’t go in to detail on how to set it up as there is already a great guide on Microsoft for getting started, but I just wanted to highlight some of the pros and cons (in my opinion) of utilizing it:
- Great for very large and growing databases as it frees up space on your current SQL server database to record new data.
- Azure automatically backs up databases on its platform by taking snapshots every 8 hours and retains them for 7 days providing you with a range of restore points.
- Azure databases are geo-redundant and replicated several times to reduce the risk of data loss.
- Stretch databases utilize staging tables when moving data to Azure, providing an additional point of redundancy.
- Limitations on data that can be stretch-enabled.
- Costs incurred for storing data. (This could potentially be a pro if you are currently paying a high price for data storage.)
- Backups made on stretch enabled databases are shallow backups (i.e. they do not contain the migrated data), and in order to retrieve the data, your database will have to be large enough to accommodate the reverse transfer which also incurs a transfer cost.
In summary, it’s a great idea for a business sites which conduct a lot of business, but maybe not so great for your personal website or blog.