I'm not a complainer, developer or WordPress code contributor. As editor of Wireless and Mobile News, I am however, responsible for the quality content and a great user experience. Recently, web traffic was down significantly and we did not know why until we looked a page load times. A vulnerability in a very popular plug-in not only affected our bottom line but also our sanity.
Our web developer is very bright, he writes core code for WordPress, but the recent SNAFU baffled him for a while. The signs were there in the past, but we didn't see them. Page load times in a Google analytics over 20 seconds a page, in fact on some days it went over a minute. I was busy with a personal tragedy, by the time we started testing the website, my nerves were frazzled.
On Sunday, while other people were happily making chips and dips to watch the Super Bowl, I spent three hours combing over data and trying to figure out what to do. In a last-ditch effort I decided to call Fred over at MaxCDN/NetDNA because I figured the company should be aware of any issues with W3 Total Cache and or the CDN. Fred was an absolute dear and told me he would look into the matter. I also spent several hours on the phone with LiquidWeb, trying to figure out what the problem was.
At one point the kind tech at LiquidWeb, Taylor skirted around W3 Total Cache, on a completely new deployed server. He suggested another caching program, however I was devoted to W3 Total Cache because I thought I needed it to work with MaxCDN.
In total, I personally probably spent over 20 hours to figure out the problem, which I personally could not afford, but had no choice. On Sunday, I noticed that there had been vulnerabilities noted on W3 Total Cache as of January 24.
Page load times began slowing in the middle of January, now that I went back and looked at Google Analytics.
There were also curious connections to China. What we cover in Wireless and Mobile News, has nothing to do with China.
I know I should feel honored because the Wall Street Journal and the New York Times were hacked, but the way Wireless and Mobile News was hit was like with a Vampire creature that drained resources and prevented honest readers from getting the information they desired.
Over the past several days, we continually ran webpagetest.org test and received failing grades for the time for the first bite.
When Wireless and Mobile News, first deployed the very fast SSD Storm on Demand server the time to first byte was a 333 ms using webpagetest.org. Over the weekend, the time to first byte was over two and half seconds.
On Monday, I saw pink notices in W3 Total Cache, after the notices there was update. I wasn't sure what it was. My developer, Justin Givens, deactivated W3 Total Cache, and activated again the first bite time and running NetDNA went back up to grade of "A". It appeared to fix something.
This afternoon, however, I had spent even more time because of what I learned.
This afternoon around two o'clock, I received an e-mail from Fred at NetDNA informing me that there is a vulnerability in W3 Total Cache and Frederick Towne is aware of it.
I usually don't write about the web or WordPress, it's not my expertise. My expertise is as an editor however, webmasters and developers should check their page load speed to see if there is a problem.
Nowadays, most developers have fast Internet connections and a glitch in code to the human watching the page load will seem like less than nothing. However, the great Google god, keeps track of every slow page and comes back to haunt you by not sending you traffic
I hold nothing against Frederick Towne, he wrote a wonderful plug-in that everybody uses which is part of the problem. Because the hackers know so many websites run W3 Total Cache, it makes them want to hack it.
So here I go back down the trail trying to figure out what to do in the meantime and still maintain a fast website.
Current page load tests are decent but not as good as they were when we first deployed the SSD server.
I am behind on my normal coverage of Wireless and Mobile News because of the is matter. I am writing this in the hopes that others will not experience the same problems and will constantly monitor such problems.
I would also like to thank Justin Givens, LiquidWeb and MaxCDN for investigating the problems.
I think it would also be nice if plug-in developers when they find a vulnerability somehow send out a message that an update is pending with advice on how to deal with the problem.
In the past, dealing with WordPress in many instances plug-ins were no longer supported, blew up over time or just plain stopped working. It we are going to have an open community of WordPress developers, the most important thing is for everyone to communicate, problems as well as triumphs.
I don't want to admit to the amount of sleep I lost over this problem. I can tell you what I learned. It pays to have a great developer, excellent CDN like MaxCDN, and great webhost.
I also really like the telephone support at MaxCDN, Amir is a great salesperson and Fred is very kind and helpful.
It takes a village to maintain a WordPress site.