Client: Ironsmith, a tree grate manufacturer located in Palm Desert, CA.
Project Background
A customer facing site connected to their portal's server for an easy way to display products, and display projects to show off their portfolio of work to potential customers. Their Wordpress site was started by another agency and was unfinished. We added missing features, fixed bugs, tightened security, and finished the connection between their internal portal and the site.
Challenges Encountered
The website was hosted by WP Engine and had been up for less than a year. Wordpress sites do need supervision and maintenance: plugins need to be updated and Wordpress itself needs to be updated to keep everything secure, and sometimes the host changes things that require action.
First Issue: Virus
Their website did not have the latest updates and had active admin credentials for the previous developers. This led to the inevitable, a virus that in this case injected malicious code into the website and it was triggering visitors' antiviruses. This was treated as an urgent issue.
WP Engine did a virus scan, but did not have forensics to find the source of the vulnerability. So we did the standard procedure to patch any vulnerabilities:
- We ran antivirus scans on the Wordpress site and our developers' computers
- Updated all plugins, remove unused plugins
- Updated Wordpress
- Removed all unused credentials
- Created a stop gap script to intercept when the malicious was being injected to change the remote url to about:blank to stop triggering antiviruses to buy us time to find the source.
After all the scans, cleaning, and patching of possible security holes the malicious script has not come back.
Second Issue: WP Engine Changes
The website started hitting WP Engine's bandwidth limit. They alerted us that the website was using double the allotted bandwidth and they would have to bump their plan to the next tier. Analyzing the data we used a plugin to automate compressing uploaded image files, but that did not work. We had a back and forth with WP Engine's technical team to resolve the issue and it was discovered to be a DNS issue. To our surprise WP Engine switched to newer servers before we inherited the project and we did not get the memo to switch DNS servers. We took the solution and worked with our client's IT team to switch their domain's DNS server, not only successfully reducing their bandwidth usage to well within the wanted price tier, but also sped up their website by correctly caching their site.