BRC — The Website Troubles

About a month ago, the BRC website was hacked. I first noticed it because my Amazon Web Services “instance” (the hosting arrangement) kept cutting out for excess CPU usage. At the time, I knew nothing about it and hadn’t put any analytics on the site.

To fix this, I had to dig into AWS, close down the instance, and restart the instance. When the hack was in play, load times on my site were measured in weeks. Still, I had great traffic for most of the day.

The AWS solution was to buy more CPU capacity, but something didn’t look right. I wiggled into the analytics and found out it was happening between 1-4 AM and that the CPU usage was rocketing right up. Still, AWS said, “Uhh, buy more CPU and it will handle the problem.”

I hired a guru through UpWork to look at it and he said, “Every night between 1-4 AM, bad actors are snatching your website and using it to host nefarious things.”

We made some changes and it got better by pieces. Still, AWS said, “Buy some more CPU, you rusty bucket of bolts.”

It took about three weeks and the consultant re-worked a bunch of things — server side things. Then, he noted that my site was SLOW.

I used GTMetrix to monitor my site and agreed. If you know GTMetrix, you will gag when I tell you that my PageSpeed Score was F- and my YSlow Score was also F-. My site was taking about 16 seconds to load.

So, I dug around a bit more, learned enough to scare the crap out of myself, and found an outfit called WPSpeedGuru.com. It is run by a man named Alexei Kutsko who operates out of  Thailand (twelve hour time difference). Alexei is a speed merchant. For a modest payment (you would be tickled to learn how modest), he will get you in the fast lane and explain to you how he did it. This only works for WordPress sites.

I have no relationship with WPSpeedGuru or Alexei other than as reported herein.

He promulgates a white paper on the subject which can be found here.

Killer-WordPress-Speed-Guide-2.0

It will give you a road map, but the price he charges to do it is so reasonable, I had him do it. he also sells some videos and his site loads fast.

Plus — to be perfectly candid — I was on the edge of my personal knowledge. I can load, activate, deactivate plug-ins with the best of them, but where my knowledge begins to fray is the settings to make the Content Delivery Network work with the Security Plug-in. I can optimize the size of my pictures using ShortPixel Image Optimizer on a bulk basis, but I had to learn how to do that. I know enough to clear my cache whenever I post a new blog post.

The bottom line is that I ended up with a load time that is in the one second range and my PageSpeed Score is in the high 90s and my YSlow Score is almost 90. That is a huge improvement. As you can see, the site loaded in less than a second. These scores are not constant; they will vary. I have had load times that are three times this number, but I am not taking 16 seconds to load.

Most of this work is done by plug-ins. The secret sauce is knowing which ones — most of them are free — and knowing how to configure the settings.

This is why I used Alexei to lay out the settings. He ended the job with an email that told me everything we had done. For the initial price, I get a year of support.

I have a couple of remaining issues including that I have killed off my JetPack support so my email function, whereby you get the Musings of the Big Red Car, has to be replaced. I am at work on that.

This is one of the challenges with plug-ins. Some of them are not compatible with others and some of them have singular features that cannot be found elsewhere.

To those who have noted that they are not getting their emails, I am on it.

This has been a real adventure.

Last learning I had. When I had made the second wave of reworks, I was surprised to see all the nefarious crawling bots out there from places like Russia, China, Laos that were trying to log onto my site. I put something in that makes it difficult for them to do this, but I am amazed. I had more than a thousand in a two day period. Wow!

One other thing, I moved my site hosting from AWS to a site that specializes in WordPress sites and has six CPUs operating in tandem. It has been an excellent move. When I founded the Musings, there were no such web hosting sites out there, ones that specialized in WordPress.

So, dear reader, there you have it. If you have any suggestions, please fire away. If there is anything I should consider adding, please let me know.

But, hey, what the Hell do I really know anyway? I’m just a Big Red Car, but I am a faster Big Red Car. Be good, y’all.