DigitalCube launched Shifter at WordCamp US today, the first serverless hosting product for WordPress. The Japanese development company specializes in WordPress and AWS integrations. Shifter was built by the same team behind the company’s Amimoto cloud hosting platform.
Shifter converts WordPress sites into a series of static HTML files and serves them up via a global CDN (AWS) for high performance hosting, eliminating the burden of software maintenance and server updates. The product targets websites that have a low frequency of updates, such as business or portfolio sites, as well as maintenance and support providers.
Shifter allows site owners to turn WordPress on or off in its administration center. The service is a hybrid of a WordPress static site generator and a hosting solution. Shifter hosts the static files it creates and allows users to connect their domains. It leaves the standard WordPress management and administration workflow intact and compiles a new version of the static files anytime users update content inside WordPress. The service starts at $30/month and offers support for unlimited sites.
As the first commercial product to provide serverless WordPress hosting, Shifter offers a unique way to tackle the security concerns that plague WordPress and its plugins and themes. Because the software is used by more than 27% of all websites, it has become a big target for hackers and spammers alike. Shifter’s creators see WordPress as a prime candidate for serverless architecture.
DigitalCube team members met the Philadelphia-based J2 Design company at last year’s WordCamp US and partnered with them to improve their branding, copy writing, and approach.
“At that time, we were having problems in design, branding, and communication,” product liaison Shinichi Nishikawa said. “The name ‘Amimoto’ was originally a Japanese word and was difficult for people to pronounce or remember. We saw their work and asked them if we could form a partnership.”
Together the Amimoto and J2 Design teams took the project from concept to launch in about three months. They built Shifter with AWS, Docker, and the Serverless Framework. The development team behind the project also supports and manages sites such as The Japan Times, AOL Japan, and Mazda. They frequently contribute to open source projects, including WordPress, Serverless Framework, and WP-CLI.
Shifter has exited beta and the company has launched a Kickstarter campaign with a $10,000 goal to fund future development on the project’s roadmap, including domain mapping, a way to visualize usage of bandwidth and storage, multi-factor authentication, advanced scheduling, and WP-CLI support.
In the WordPress world, when we look back an 2016 I think we’ll remember it as the year that we awoke to the importance of marketing. WordPress has always grown organically through word of mouth and its passionate community, but the hundreds of millions being spent advertising against WP has started to have an impact, especially for folks only lightly familiar with us.
I’ve started to hear about a number of folks across many WordPress companies and industries working on this from different angles, some approaching it from an enterprise point of view and some from a consumer point of view. There’s an opportunity for learning from each other, almost like a mastermind group. As the survey says:
Never have there been more threats to the open web and WordPress. Over three hundred million dollars has been spent in 2016 advertising proprietary systems, and even more is happening in investment. No one company in the WP world is large enough to fight this, nor should anyone need to do it on their own. We’d like to bring together organizations that would like to contribute to growing WordPress. It will be a small group, and if you or your organization are interested in being a part please fill out the survey below.
By working together we can amplify our efforts to bring open source to a wider audience, and fulfill WordPress’ mission to truly democratize publishing.
If this sounds interesting to you, apply using this survey.
Last week, WordPress 4.6 beta two was made available for testing.
The release update won’t be available till August 16th. Until then, you’ll be able to a take a look at a website, by downloading the beta to a test site and begin fooling around.
The team is also searching for everyone’s feedback before the release, therefore check that you browse and take a look at everything. For those that don’t wish to download the beta, there’s plenty to be excited concerning the next release.
Here are some of our favourite options in 4.6.
Shiny Updates are unbelievably exciting as they allow for much simpler updating and downloading. Once you wish to update, merely hit the button and you’re done. It eliminates the page redirect and pop-ups and makes everything easier and very straight-forward.
Native Fonts In Admin
In 3.8, the native font was modified to Open Sans. This wasn’t everyone’s favorite choice for several reasons together with that it had to be loaded from Google Fonts. 4.6 removes this issue by utilising it’s own fonts.
Improvements To Editor
The editor itself got a refresh with a much improved disaster recovery mode. Currently, the save method seldom detects once a save has been unsuccessful, resulting in the loss of your info. The update now shows a “There could be a newer autosave” message therefore you’re positive you’re writing the right post.
4.6 also will also acknowledge when URL’s are broken as you’re writing them.
Don’t worry there also are plenty of updates for the Devs.
There is currently a brand new library availble for PHP markup language requests. It will support parallel requests where you can only create one at a time.
This patch can save you a lot of time.
Pre-instantiated Widgets Registration
As of 2.8, the method for widgets wasn’t straightforward. in line with the announcement, “Since WP_Widget was introduced in 2.8 the register_widget() and unregister_widget() functions needed the class name (string) of a WP_Widget subclass to be provided.”
That method is modified in 4.6. because the announcement says:
Widgets will currently be instantiated and registered with constructor dependency injection.
New widget varieties can now be added dynamically, like adding a Recent Posts widget for every post type, per #35990.
Customizer arthropod genus
One of the most recent additions is Customizer apis that are for setting validation and notifications. in line with the announcement.
All changed settings are valid up-front before any of them are saved.
If any setting is invalid, the Customizer save request is rejected: a save therefore becomes transactional with all the settings left dirty to try saving once more. (The Customizer transactions proposal is closely associated with setting validation here.)
Validation error messages are shown to the user, prompting them to repair their mistake and try once more.
A new WordPress update is often exciting. Take a look at out the beta and send some feedback to create it the most efficient release one yet.
Make sure you check that you update on August 16th.
Note: Some of these security options require FTP access.
1.) User 1 – When you install WordPress your 1st Administrator account is User 1.
When you 1st login to your new wordpress install immediatley create a second Administrator Account, this will become your main Admin.
Then logout of your site and log back in with your new 2nd Administrator Account. Go to Users and delete the User 1.
This removes the risk of a potential hacker being able to obtain the user name of user 1.
2.) Remove Installer – Login to your FTP, First make sure you have removed the “wp-config-sample.php” file and the “Read Me” file then
go to wp_admin folder and delete the two files, “Install.php” and “Install-helper.php”.
This removes the ability to restart the install process.
3.) htaccess file – Add the following code snippets to your htaccess file above “# BEGIN WordPress”
## This denies all web access to your wp-config file, error_logs, php.ini, and htaccess/htpasswds files and folders.
Deny from all
## This closes the xmlrpc Issue which a hacker can use.
deny from all
## PREVENT HOTLINKING – Hotlinking is stealing your websites images by just using the image URL.
SetEnvIfNoCase Referer “^http://YOUR-Domain.com/” good
SetEnvIfNoCase Referer “^$” good
Deny from all
Allow from env=good
ErrorDocument 403 http://www.google.com/intl/en_ALL/images/logo.gif
ErrorDocument 403 /images/you_bad_hotlinker.gif
## cache images and flash content for one month
Header set Cache-Control “max-age=2592000”
Header set Cache-Control “max-age=604800”
## cache html and htm files for one day
Header set Cache-Control “max-age=43200”
4.) wp-config file – First if in your FTP access you have access above the Public Folder move the wp-config.php to here.
If you do not have access then section 3 has already put in protection. Then add the following code snippets to your wp-config.php
You can copy and paste these as they are
/** The Database Memory Limit for the Site */
define( ‘WP_MEMORY_LIMIT’, ’64M’ );
/** Stop plugin and theme editor in admin */
/** Stop producing more than 5 revisions of any page or post */
define( ‘WP_POST_REVISIONS’, 5);
Then create new SALT Keys and Paste as shown in the image below.
New SALT Keys are available here – https://api.wordpress.org/secret-key/1.1/salt/
5.) Lock folders – All your folder permissions should be set as secure as possible.
All directories should be 755 or 750.
All files should be 644 or 640. Exception: wp-config.php should be 440 or 400 to prevent other users on the server from reading it.
No directories should ever be given 777, even upload directories.
Since the php process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.
Mode Str Perms Explanation
0477 -r–rwxrwx owner has read only (4), other and group has rwx (7)
0677 -rw-rwxrwx owner has rw only(6), other and group has rwx (7)
0444 -r–r–r– all have read only (4)
0666 -rw-rw-rw- all have rw only (6)
0400 -r——– owner has read only(4), group and others have no permission(0)
0600 -rw——- owner has rw only, group and others have no permission
0470 -r–rwx— owner has read only, group has rwx, others have no permission
0407 -r—–rwx owner has read only, other has rwx, group has no permission
0670 -rw-rwx— owner has rw only, group has rwx, others have no permission
0607 -rw—-rwx owner has rw only, group has no permission and others have rwx
If for any Reason you cannot find your .htaccess file – http://www.wpbeginner.com/beginners-guide/why-you-cant-find-htaccess-file-on-your-wordpress-site/