Rivercity Labs is a vibrant co-working space in Brisbane. Following the celebration of its 1 year birthday, the website was updated and built on a new platform called Cloudmanager powered by Amazon Web Services.
We thought we would take the site for a spin and see how it performs and how secure it is.
Mick Real a local web designer discusses what the new site does and provides some feedback on the results of the tests.
Q. Mick what is the site built-in:
The site was built in WordPress using the Roots theme as a base to build out the new design.
Q. What were you trying to achieve with the new site?
A cleaner, better organised and less corporate looking site. Something that fits with the startup feel and also makes it easier for people looking to join to access the information they’re after and apply online.
Q. What has the feedback been like?
From what I was hearing about the existing site while working on the new site, it was time for a change. The feedback received since launching the new site has been positive and the new look and feel is much prefered.
Q. How did you find using Cloudmanager?
It was quite simple and easy to get things set up. There were a couple of things along the way that needed some tweaking, but the Cloudsafe365 team were there to help and we got everything running nicely in the end.
We got Adam Martin a Cloud Consult to do some performance & security tests on the site and here are the results.
Q Adam, what security tests did you do?
I checked for the most frequent security threats from the infrastructure to the application level firstly testing the old site.
The outcome was disappointing but typical of a shared hosting environment. The websites speed was continuously underperforming related to another tenant on the same server, leading to bad google ranking, and loss of visitors. The test revealed that the host had no firewall or protection of any kind installed. Allowing bots is an easy way to crack admin passwords. A simple port scan revealed that the FTP access was open all the time inviting bots and spammers to the site.
Mike tried to manage these flaws, implementing WordPress hardening but every time he hit a wall. He had come to realize that the restrictions on shared hosting make security hardening impossible. Malware and application-level tests showed that lack of a WAF(web application firewall) allows automated bots and hackers to modify and compromise WordPress data and possibly the whole server.
Q What did you recommend?
I suggested Michael to give Cloudmanger from cloudsafe365, a secure hosting environment/manager a try.
After the migration from the shared hosting company to cloudsafe365 was completed we performed the same tests again.
The WordPress site was running on his own security-hardened server; no other tenants, no bandwidth limitation. The network promises a 10Gps integrated DDOS protection which will withstand most of the DDOS attacks and a constantly running WAF and firewall will keep the site secure from XSS and remote executions.
The management portal allows port management and schedule. No more unused ports open, making hackers life hard. The rivercitylabs site is using a hardened database as well, blocking any remote requests. It hides the WordPress version number and makes plugin guessing difficult.
To eliminate brute force attacks I turned on the 2-factor authentication login method provided by Cloudsafe365. With this function a token is generated on your android or iPhone and is required to log in to your admin panel; no way for bots or hackers to guess or hack your credentials. They even store the secret key for you in case the device gets lost.
Multiple tests showed the lowest score of risk rating after the migration.
I personally like the backup and one-click restore function provided.
Q DDoS (Distributed Denial of Service) has been in the news recently – did you test for this?
The site performed very well against Denial of Service attacks after the migration. The site and its database were stable and accessible even under high stress. It was a pleasant surprise that cloudsafe365 already fixed the vulnerability related to the pingback function in WordPress.
Q What was the performance of the new site like?
The site was performing very poor in the past because its resources were hijacked by other tenants on the shared hosting environment. You can’t control your tenants on shared hosting; it is like living in a home where you can’t pick your housemates. The website got google slapped multiple times, making SEO optimization difficult.
cloud managers one-click CDN(content delivery network) deployment allowed us to store a copy of the blog at 40 different geo-locations, serving each and every visitor from the closest and fastest server. PageSpeed insight ranking instantly increased from 76 to 95 out of 100.
Summary of the Website
- Built-in WordPress
- Cloud Management by Cloudmanager from cloudsafe365
- Powered by Amazon Web Services