Posts Tagged 'Users'

January 15, 2014

Keep Spending Most Our Lives Livin' in a Gamer's Paradise

With apologies to Coolio, I couldn't resist adapting a line from the chorus of "Gangsta's Paradise" to be the title of this blog post. While I could come up with a full, cringe-worthy cloud computing version of the song (and perform it), I'll save myself the embarrassment and instead focus on why "Gamer's Paradise" came to mind in the first place. We announced some amazing stats about two gaming customers that use SoftLayer's cloud infrastructure to power popular online games, and I thought I'd share an interesting observation about that news.

More than 130 million gamers rely on SoftLayer infrastructure. SoftLayer is virtually invisible to those gamers. And that's why gaming companies love us.

When would a gamer care where a game is hosted? Simple: When gameplay is unavailable, lagging, or otherwise underperforming. Because we deliver peak cloud performance consistently for our gaming customers, we'll continue to live in the shadows of gamers' collective consciousness (while taking center stage in the minds of game producers and developers).

It's easy to get caught up in discussing the technical merits of our cloud hosting platform. Speeds and feeds provide great metrics for explaining our infrastructure, but every now and then, it's worthwhile to step back and look at the forest for the trees. Instead of talking about how bare metal resources consistently outperform their virtual server equivalents, let's take a look at why our gaming customers need as much server horsepower as we can provide:

As you can see, the games we're hosting for our customers are a little more resource-intensive than Tic-tac-toe and Pong. By leveraging SoftLayer bare metal infrastructure, gaming companies such as KUULUU and Multiplay can seamlessly support high definition gameplay in massive online environments for gamers around the world. When KUULUU launched their wildly popular LP Recharge Facebook game, they trusted our platform all the way from beta testing through launch, daily play, and updates. When Multiplay needed to support 25,000 new users in Battlefield 4, they spun up dedicated SoftLayer resources in less than four hours. If gamers expect a flawless user experience, you can imagine how attentive to infrastructure needs gaming companies are.

As more and more users sign on to play games online with Multiplay, KUULUU, and other gaming customers on our platform, we'll celebrate crossing even bigger (and more astounding) milestones like the 130 million mark we're sharing today. In the meantime, I'm going to go "check on our customers' servers" with a few hours of gameplay ... You know, for the good of our customers.

-@khazard

More Info: Multiplay and KUULUU Launch Games with SoftLayer, an IBM Company - Gaming companies flock to SoftLayer’s cloud, adding to 130 million players worldwide

Categories: 
March 27, 2012

Tips and Tricks - How to Secure WordPress

As a hobby, I dabble in WordPress, so I thought I'd share a few security features I use to secure my WordPress blogs as soon as they're installed. Nothing in this blog will be earth-shattering, but because security is such a priority, I have no doubt that it will be useful to many of our customers. Often, the answer to the question, "How much security do I need on my site?" is simply, "More," so even if you have a solid foundation of security, you might learn a new trick or two that you can incorporate into your next (or current) WordPress site.

Move wp-config.php

The first thing I do is change the location of my wp-config.php. By default, it's installed in the WordPress parent directory. If the config file is in the parent directory, it can be viewed and accessed by Apache, so I move it out of web/root. Because you're changing the default location of a pretty significant file, you need to tell WordPress how to find it in wp-load.php. Let's say my WordPress runs out of /webroot on my host ... I'd need to make a change around Line 26:

if ( file_exists( ABSPATH . 'wp-config.php') ) {
 
        /** The config file resides in ABSPATH */
        require_once( ABSPATH . 'wp-config.php' );
 
} elseif ( file_exists( dirname(ABSPATH) . '/wp-config.php' ) && ! file_exists( dirname(ABSPATH) . '/wp-settings.php' ) ) {
 
        /** The config file resides one level above ABSPATH but is not part of another install*/
        require_once( dirname(ABSPATH) . '/wp-config.php' );

The code above is the default setup, and the code below is the version with my subtle update incorporated.

if ( file_exists( ABSPATH . 'wp-config.php') ) {
 
        /** The config file resides in ABSPATH */
        require_once( ABSPATH . '../wp-config.php' );
 
} elseif ( file_exists( dirname(ABSPATH) . '..//wp-config.php' ) && ! file_exists( dirname(ABSPATH) . '/wp-settings.php' ) ) {
 
        /** The config file resides one level above ABSPATH but is not part of another install*/
        require_once( dirname(ABSPATH) . '../wp-config.php' );

All we're doing is telling the application that the wp-config.php file is one directory higher. By making this simple change, you ensure that only the application can see your wp-config.php script.

Turn Down Access to /wp-admin

After I make that change, I want to turn down access to /wp-admin. I allow users to contribute on some of my blogs, but I don't want them to do so from /wp-admin; only users with admin rights should be able to access that panel. To limit access to /wp-admin, I recommend the plugin uCan Post. This plugin creates a page that allows users to write posts and submit them within your theme.

But won't a user just be able to navigate to http://site.com/wp-admin? Yes ... Until we add a simple function to our theme's functions.php file to limit that access. At the bottom of your functions.php file, add this:

############ Disable admin access for users ############

add_action('admin_init', 'no_more_dashboard');
function no_more_dashboard() {
  if (!current_user_can('manage_options') && $_SERVER['DOING_AJAX'] != '/wp-admin/admin-ajax.php') {
  wp_redirect(site_url()); exit;
  }
}
 
###########################################################

Log in as a non-admin user, and you'll get redirected to the blog's home page if you try to access the admin panel. Voila!

Start Securing the WordPress Database

Before you go any further, you need to look at WordPress database security. This is the most important piece in my opinion, and it's not just because I'm a DBA. WordPress never needs all permissions. The only permissions WordPress needs to function are ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT and UPDATE.

If you run WordPress and MySQL on the same server the permissions grant would look something like:

GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON <DATABASE>.* TO <USER>@'localhost' IDENTIFIED BY '<PASSWORD>';

If you have a separate database server, make sure the host of the webserver is allowed to connect to the database server:

GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON <DATABASE>.* TO <USER>@'<ip of web server' IDENTIFIED BY '<PASSWORD>';

The password you use should be random, and you should not need to change this. DO NOT USE THE SAME PASSWORD AS YOUR ADMIN ACCOUNT.

By taking those quick steps, we're able to go a long way to securing a default WordPress installation. There are other plugins out there that are great tools to enhance your blog's security, and once you've got the fundamental security updates in place, you might want to check some of them out. Login LockDown is designed to stop brute force login attempts, and Secure WordPress has some great additional features.

What else do you do to secure your WordPress sites?

-Lee

September 21, 2011

UserVoice: Tech Partner Spotlight

This is a guest blog from UserVoice CEO Richard White. UserVoice offers a complete customer engagement solution that gives businesses a simple process for managing customer feedback and support functions all from a single, easy-to-use environment.

What NOT to Do in Support

The fact that you're reading this blog post means you probably understand social media. You probably also understand why providing great customer service is important, so I'll spare you that as well. What you may not know is that there are much better tools to provide outstanding customer service than the ones you're already using. Here are four big tips for you as you're planning your support channels:

1. Don't build a custom contact form.
Building a custom contact form on your website takes valuable time and resources away from your core business. Instead, sign up and get a widget from UserVoice (or one of our competitors) and in less than 30 seconds you'll have a contact form that supports any number of custom fields you want to add, allows you to append your own customer-specific metadata, supports attachments and, most importantly, will auto-suggest relevant FAQ articles even before the customer submits the form.

2. Don't use shared email for customer support.
It's true that you can take managing customer support via a shared email inbox pretty far. You won't really feel the pain until a couple of issues slip through the digital crack because it wasn't clear who on your team was responsible for following up with the customer. But why go through that? These days you can choose from a number of inexpensive, purpose-built tools, like UserVoice, targeted at companies that want to provide better customer service. Starting at $5/mo you can have a complete support solution that will grow with your business when you are finally ready to add that 2nd or 3rd support rep to your team.

3. Don't waste time gathering feedback on message boards.
Scanning message boards to gather user feedback sounds like a good idea, but it's really painful. Forums are both noisy and insular. Someone posts "I want you to add X" then a few people reply "+1" but then someone else says "I think X is good but only if you do Y to it." Very quickly you don't know what anyone really wants. And you especially don't have an easy way to follow-up with people directly. Worst of all, you're only hearing from a vocal minority. Casual users won't go into your forums and won't wade through 10 pages of +1's to add their voice, they'll just give up.

UserVoice Feedback gives you a better way to harness customer feedback and turn it into something useful. It starts with a simple prompt: How can we make ___insert_your_company___ better? Customers give their feedback and vote up the best ideas. It's easier for customers to get involved and give you feedback, and it's much easier for you to follow-up and keep these important customers in the loop.

4. Don't hide from your customers.
This really should be the first recommendation. The sad fact is, people still don't expect great customer service, and they certainly don't expect you to be ready and willing to listen to their feedback, especially with that small gray "contact" link buried in your footer. Show customers that their experience and their feedback is important, nay, vital to your business. Put a big link at the top of the page, or a widget on the side of it. Something that tells people you're not "business as usual." Show them you really care.

I started UserVoice because I wanted to make doing all of these things simple so that companies could focus on what really matters: building their products and communicating with their customers, not setting up all this stuff. I hope you'll find it as useful as our thousands of existing customers have in getting you back to work. :)

-Richard White, UserVoice

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
July 27, 2011

ClickTale: Tech Partner Spotlight

This is a guest blog from Shmuli Goldberg of ClickTale, an industry leader in customer experience analytics, providing businesses with revolutionary insights into their customers' online behavior.

Understanding the User Experience with In-Page Analytics

Since ClickTale's start back in 2006, we understood that engaging visitors on a website is the first step to increase conversions. Although traditional web analytics are great for delivering general statistics such as number of visitors or pages per visit, they leave a big black hole when it comes to understanding what happens inside the pages themselves.

ClickTale's In-Page Analytics feature set enables you to identify, observe, aggregate and analyze visitors' actual interaction inside your site, so you know exactly what page elements work, what to optimize and how to increase visitor engagement.

Our wide range of web optimization tools include Mouse Tracking, Heatmap Suite and Conversion Analytics solutions, but was our Visitor Recordings feature that started it all. Giving you a front row seat to your visitors' browsing sessions and delivering a thorough, in-depth view into what your visitors are focusing on and interacting with inside the pages themselves. All you need to do is grab the popcorn.

Our Heat maps are aggregated reports that visually display what parts of a webpage are looked at, clicked on, focused on and interacted with by your online visitors. See exactly what images, text and call to action buttons your visitors' think are hot and what's not!

Both these features allow you to instantly see how to go about optimizing your website instantly so you don't have to guess.

As a fully hosted subscription service, ClickTale is quick and easy to set up. We believe our wide range of heatmaps, behavioral analytics and full video playback make ClickTale the perfect way to round out your traditional web analytics suite. For more information, please visit www.clicktale.com.

- Shmuli Goldberg, ClickTale

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
Subscribe to users