WordPress Ranks Top Blogging Site

We all know WordPress is popular. With its free, open-source nature and easy-to-use tools, it’s no wonder that over 65 million sites are using the platform. But did you know WordPress is actually leading the blogging market now?

According to a recent study by Pingdom, WordPress is now number one when it comes to blogging platforms. Out of the Technorati’s list of The World’s Top 100 Blogs, WordPress came out on top with 52%. This is an improvement from their 48% ranking in last years study.

In the ranks are TypePad, Movable Type, Tumblr, Ceros, Drupal, and Google’s Blogger, but none even come close to threatening WordPress’s victory. The biggest competitor is custom designs, with a 12% ranking, but even this isn’t very close to catching up.

Blogging has changed drastically over the past few years as social media has advanced. People are now turning to sites like Facebook and Twitter to share the information they used to blog about. With the dispersion of material across several social media sites, people are looking for a blogging platform that does more than just blog.

WordPress offers speed, security, and reliability to its customers. Its growing CMS functionality makes it a rounded platform, and versatility and user friendliness are what make it so popular.

Choosing a blogging platform can be difficult, especially with so many options. Even though there are clear popularity winners, establishing which one is right for your personal needs can be challenging. Azym can help. We offer full WordPress support systems to help you create and manage your blog. The world of blogging may be changing, but Azym can help you keep up with the times. Contact us here if you need a helping hand.

DOS Vulnerability in WordPress (Versions 3.5 to 3.9)

Released on August 5th, a DOS vulnerability has been discovered in WordPress (versions 3.5 to 3.9), and Drupal (versions 6 to 7). The vulnerability has since been patched by both WordPress and Drupal.

The vulnerability is considered severe, owing to the small amount of resources required, and the effect it can have on the server.

Users running WordPress <3.7 should update to the latest version now, whereas those running >3.7 should have updated automatically.

The vulnerability, released on Breaksec exploits the xml parser within PHP, using a similar method to a Billion laughs attack whereby an xml document is uploaded to the server, in this instance via xmlrpc. This contains a large (10,000 characters) entity, which is then referenced multiple times. This means that a document of less than 250KB can take up to several GB of memory to process.

Whilst there is a max memory with most PHP installations, (the default is 128MB) this can be overcome by opening multiple connections to the server (default for apache is 151) hence an attack can consume up to 128×151=19328MB on a server with default settings.

There are caveats, an attacker must not overreach and use more memory that is available to the process, which would result in an internal server error. However, the limit can be easily deduced through error based fingerprinting.

A more detailed write up with a POC exploit can be seen here.

Cloud, SaaS and Hosted…What’s the difference?

We are all hearing terms being thrown around lately about Cloud Computing, SaaS (Software as a Service) and Hosting or Hosted computing.  Even professionals often use them interchangeably so it’s no wonder so many people are confused or don’t understand the difference.  And the way providers of these services use the words, there isn’t 100% agreement; but I’ll do my best.  We will use ERP software for our examples, but it applies to almost any software.

 

Hosted

Hosting really got started, in the modern sense, back in the 1990’s.  Hosting essentially means you buy your software solution from a publisher or Value Added Reseller (VAR) such as Clients First Business Solutions.  You would then have the software installed at a data center or ‘hosting center’ where either physical or virtualized servers that you own/lease/finance are setup.  You then would implement the solution very much like it would be implemented ‘on premise’ or at your offices.

Payment stream wise, you would have a large upfront software payment, a price for hourly or project based implementation, possibly an initial provisioning fee from the hosting center, and then a monthly fee for the rental/usage of the hosting center’s equipment, people, and bandwidth.  Your long term ongoing fees would including the monthly hosting fee, an annual software ‘maintenance’ fee which covers bug fixes and new versions, and any hourly billed or annual contracted phone support from your VAR.  You may have a cost every few years to the VAR to upgrade the software to the latest version along with moving any modifications you had done.

Advantages:

  • You ‘own’ the software (actually indefinite license).  You only pay once beyond the maintenance which is usually between 15% and 20% depending on software publisher. If you stop paying maintenance the software will continue to work at the version you are on.
  • Your data is in a very secure data center which may also have/offer multi-site redundancy in case of disaster.  Backups are being made reliably and you can connect from almost anywhere
  • You can still bring your application back in house down the road with little interruption.  Most hosting centers use “Virtual” servers like VMWare or Microsoft Hyper-V.  You can take your ‘server’ and run it on your own physical hardware quickly if you use VMWare or Hyper-V

Disadvantages:

  • The monthly hosting cost may exceed in house costs long term, depending variables such as other non-hosted solutions you have in house, etc
  • If your office Internet connection goes down, you have no access to your system (redundant internet lines to your office can help alleviate this risk)
  • If you want to integrate other solutions to your ERP system, you usually have to have that solution supported and installed at the hosting center as it is difficult for local applications to real time integrate with hosted applications.
  • You need a fair amount of bandwidth.  Especially if your application works with scanned images and photos as the upload and display of those can clog your Internet ‘pipes.’

Cloud Computing

Cloud computing usually refers to deploying software similarly to hosting, but the servers are very virtualized.  The Amazon EC2 cloud platform or Microsoft’s Azure platform fits very well into this definition.  Your application isn’t really running on any one server, but rather is ‘shuttled around’ or even spread over multiple servers in real time as demand requires it.  Most applications need to be modified or written to fully take advantage of the cloud so that they can run across multiple servers.  It’s actually usually sold more to software publishers and developers than end users.  You ‘rent’ servers, communications and messaging capacity, data storage capacity etc.  Usually you are charged based on usage in tiny increments that add up to real dollars but scale well from trial environments up to global solutions.

A solution that can be ‘hosted’ could also be put ‘in the cloud’ and it is that deployment model that is easier to resell to end user customers since it is more scalable and can be duplicated more easily for new customers.

Advantages:

  • Cloud computing allows small developers to provide a software application to customers at a very affordable price.  Many of the mobile apps you run on your iphone, or Android that communicate with other users are hosted ‘in the cloud.’  Facebook uses cloud computing.  Specialty social networks like Socialcast do also.  Even Google can be defined as cloud computing as your search is handled by thousands of different servers at any instant based on worldwide demand.
  • It’s not difficult to make a traditional in house solution work in the cloud.  The rewriting is minimal.
  • You usually don’t have significant upfront hardware setup or acquisition costs as is often the case with hosting.
  • Like Hosting, you get data security (hopefully), redundancy, and unlike hosting, you get almost unlimited scalability.
  • Software can be outright sold, or ‘rented’ in this model

Disadvantages:

  • Over time the transaction costs that are passed through to the customer from a company that uses Cloud architecture can exceed on-premise solutions.
  • Existing applications often need some rework to properly take advantage of the cloud.
  • Its not so easy to take a cloud hosted application and bring it back on premise due to the distributed nature of the architecture.
  • It’s even harder for disparate applications that need to integrate (such as an ERP & CRM) solution to work in the cloud unless both vendors work together to make that happen.  Software vendors can do this, but it’s not easy for end-users.
  • Each application often has it’s own fees so if you run many applications in the cloud, the costs can be steep since you don’t pay per server, but rather per unit of data or CPU power cycles used.

SaaS or Software as a Service

SaaS is a hybrid of both a financial and architectural model.  As most industry pros describe SaaS, it’s usually a situation in which an application was written from the ground up for this model.  Cloud and Hosted applications can either be traditional Windows applications accessed via technology such as Citrix, or Terminal Services, or an application that is HTML browser based.  SaaS is almost always a pure Web/HTML based solution and is almost always sold on a rental model, typically. X dollars per month, per user.  The biggest difference with SaaS applications is that they are usually ‘multi-tenant.’  This means that one database shares multiple end user customers and they are ‘partitioned’ from each other via a security model in the application, not via separate virtual servers.

Advantages:

  • SaaS solutions can be financially attractive.  You typically have no upfront costs to start using and they are usually ‘self provisioning.’  SAP Business By Design or Epicor Express are examples of a true SaaS solution.  With SAP, you can fill out some basic information and be in a test environment in under 30 minutes.
  • Multi-tenant applications tend to cost less to maintain and run and can have a lower monthly cost to customers because of this due to the common database.
  • Often, the services component of implementation and future upgrades is bundled into the monthly fee.  It may be easier to swallow $200/user/month than $150,000 for a new ERP solution.  Even if the $150,000 is actually cheaper over 5-10 years, the savings of cash is very attractive to some companies.
  • Since, to be truly SaaS, it’s likely the applications were recently developed,  his gives many SaaS applications a ‘fresher’ look and feel and more modern technology than older applications that were moved into the cloud or are hosted.
  • The integration between more than one SaaS application (such as ERP & CRM) can be done by the vendors, but is usually difficult for end users.  However, when done properly, it can look and work  seamlessly, almost as if one solution.

Disadvantages:

  • Although cheaper up front, the monthly fees, can add up over time to be substantially more than an ‘on premise’ solution.  There are complex ROI spreadsheets done by parties who have interests in both scenarios.  SaaS vendors will typically over-inflate the cost of in house IT and upgrades, and premise vendors will typically underestimate those costs.  Do your own realistic analysis of the whole picture and look at it over 10 years which seems to be the life of a major ERP system these days.
  • There is nothing to keep a SaaS vendor from jacking up the monthly fees a year or two down the road after you have invested time and money in implementing the system.  With SaaS, if you don’t pay, you lose access to your system, period.  With on-premise, if you stop paying maintenance, your software continues to operate at the current version level.
  • Some SaaS vendors have contracts that don’t even allow you to retrieve you own data until they are paid in full.  This possession of data can be a big sticking point once the lawyers start looking at the contracts.
  • When the interface is HTML/Web only, many solutions are slower for ‘heads down’ data entry or are missing the richness of a traditional windows application such as right mouse click drill downs, etc.  If you bring up a customer list, many systems will show you 20 records at a time and you hit a ‘next’ button to browse the next set whereas a Premise/Windows application can scroll through thousands of records quickly.
  • Since SaaS vendors are popping up quickly and many are only operating due to Venture Capital or other equity money, their long term survival is questionable as the inevitable consolidation occurs.  If your SaaS vendor goes belly up, even if they give you a chance to get your data, it could take months to re-implement a new system.  Can your business survive that interruption?  With premise systems, if the publisher goes out of business, you can move to a new solution at your own pace.

We hope you find this information helpful and welcome your comments below.  If you are interested in more information feel free to contact us

Not Quite Sure? We're Here to Help!