Affiliate Disclosure: We earn a commission if you purchase through one of our links at no additional cost to you.

If you’re wondering why my site was offline for nearly a week, it’s because WP Engine web hosting shut down my site to keep it up. With help like this, who needs attackers on my web site?

Denial of Service

I’ve been in Cuba for a week without access to the Internet. When I left on March 19th, everything was great. That apparently ended on March 20th. It seems that someone initiated a Denial of Service attack on the hosting pod that contains all of my web sites.  When it goes down, every site I own goes down. More on that a bit later.

The first attack came on the 19th, but WP Engine web hosting didn’t notify me at that time. No matter, I was flying to Cuba in the morning. The attack happened again on March 20th, so WP Engine web hosting decided to take a drastic action.

They changed the IP address of my server.

Mind you, this only works if I take action to change my DNS server to point my domains to the new IP address. All of my sites were effectively down once they made that change. I’m told the Denial of Service attack lasted about four hours and access to my sites were intermittent. The permanent outage came from the change of the IP address.

WP Engine web hosting sent me an e-mail about it, but I never saw it while I was without Internet access. Ultimately, my own web host caused far more damage to me than any Denial of Service attack.

WP Engine Web Hosting’s Support Drives Me Crazy

I’ll be honest and say that I think WP Engine web hosting support sucks. They want to drive everything through a web interface or e-mail and they seem to actively ignore the phone. If you cal their main number and choose the option for technical support. expect to wait on hold until you get a voice mail. Don’t expect anyone to return your call if you leave a message. It’s a dead end, despite the fact that a phone conversation can really speed up the resolution to a problem.

I’ve been in the IT industry since 1981. Their reaction to this attack absolutely astonishes me. That’s because you never, ever make a configuration change that will put a customer out of service until you’ve notified the customer and received confirmation in advance.

You can’t plan for an attack. They happen when they happen and it’s a sad reality of the Internet. Some asshole wants to have his kicks by making life miserable for people who have a server. However, these things never last. As I said, they told me it only lasted four hours. Yet their change put my sites out of service for six days.

Here’s what happens when my web sites are down.

  • I lose faith and credibility from anyone who tries to visit my site
  • Search engines lower my ranking on result pages because they determined my site is offline or unreliable. Those links I had on the front page of Google are gone now.
  • I lose revenue from my online store, from affiliate sales and advertising on some of my web sites

Being offline for a week is a severe kick in the pants to any web site owner. It causes irreparable damage to reputation and revenue. I owe all of that to an astonishingly stupid decision by WP Engine web hosting.

The Resolution

I landed in Miami at 2:00pm on Wednesday. When I turned on my phone, the first notification I had was a text message from a friend sent a few days prior saying my sites were down. Another friend notified me on Google+ a few days earlier that my sites were down. Then I waded through hundreds of unread e-mail messages to find the note from WP Engine web hosting telling me the attack happened on March 20th. Six days of downtime!

I sent several messages to the support team at WP Engine web hosting. I tried calling multiple times. I sent more messages telling them I wanted a call back.  Finally, I got a call at 10:00pm that night – eight hours after I learned of the issue. Speedy support is something WP Engine web hosting doesn’t provide.

A supervisor called me and explained the details. When I told him how I disagreed with the practice of changing my IP address, his reply was that I would have been down anyway.

For a while, yes. While the attack was going on, yes. Four hours of downtime.  That’s not my estimate, but his report that the attack lasted only four hours. Had they not made the change, my web sites would have come back online with only a blip and very little damage to my reputation or revenue.  All of the damage came from the web host that is supposed to protect me.

Needless to say, we didn’t see eye to eye on their actions and they’ll do the same thing in the future if such an attack reoccurs. It sounds like amateur hour to me.

As recompense, I get two months credit of web hosting. That’s something and I accepted, but the loss from their actions was far more expensive.

With that, I truly apologize to anyone who tried to reach my site while I was away. I expected better from my web host and it’s my fault that I chose a service with such horrible business practices.

I moved my sites from HostGator to WP Engine web hosting with great excitement and anticipation. When the service is working, it’s remarkably fast. There are features behind the scenes that I’ve not found anywhere else. Yet support is slow to respond and I’ve had more outages in a few months with WP Engine web hosting than I ever did with years of service with HostGator. They may be faster, but they are unreliable.

A managed WordPress hosting site is a good idea, but only if it keeps your site online.  If you’re looking for a new host for your WordPress web site, I strongly recommend you avoid WP Engine web hosting. They’ve lost my faith and trust.

William Beem is a portrait photographer with decades of experience. He teaches Visual Storytelling and created training courses for popular photography applications. William's work has been published in magazines and online and has photos hanging in the US Capitol.

William is a former Director of Information Technology and Certified Information Systems Security Professional (CISSP) with experience working for PwC, Lockheed Martin, and Bell Labs.

Similar Posts

6 Comments

  1. Dear William,

    very sorry to learn about your struggles but not unfamiliar.

    When looking for a managed WP hosting, I chose GoDaddy. Not the smartest move: very unreliable performance with near stand stills during peak hours, service’s main interest was to get you off the phone by selling you additional packages.

    In the end, I set up my own with a smaller German provider and have been happy ever since. It’s 2014 and finding a reliable hosting service – an assumed commodity – is still a gamble.

    Cheers,
    Daniel

    1. Thanks, Daniel.

      It just blows my mind. Nothing is 100%, but I’ve found WP Engine has far more outages than any web host I’ve experienced in 12 years of blogging. The fact that they deliberately took an action that was guaranteed to prevent traffic to my site until I could take action – without any confirmation from me – is absolutely irresponsible.

  2. Hi William,

    I’m really sorry to hear about your bad experience 🙁 Unfortunately the “normal” reaction of hosting companies to DoS attacks is to null route your IP address or shut down the whole server…
    That’s unacceptable. I went through all of these experiences myself too and when I had enough after 12 different hosting companies (and yes, I have an account with WP Engine too) I decided to create something better for myself, then a few clients then it a lot of clients because it turns out there’s a huge demand for a reliable and client friendly WP hosting company. That’s how Kinsta was born.

    If you’re thinking about moving to a new host, we’d be happy to have you. Right now, based on a Pingdom test your sites loads in more than 2 seconds… I think you can’t call a site speedy until it loads under 1 sec! I’d love to show you what our infrastructure is capable of (premium dns, load balancing, ssd, redis caching and nginx web server — I’d be happy to elaborate on each, or just show you the raw power of these 🙂 ).

    Thanks,
    @MarkGavalda

    1. Thanks, I’ll keep Kinsta in mind. My performance from Pingdom tends to depend upon the source, and what’s cached. I just ran it from the NY server and got 804ms as my measurement, so WP Engine can deliver a speedy result. Part of that performance also depends on what the user loads on his or her site. I shed a lot of crappy things from my site that were reaching out to other servers to help improve performance.

      I’m going to spend some time looking around this weekend.

  3. William, I had noticed that your sites were down earlier this week. I knew you’d had issues in the past, but I also knew you seem to take your online presence very seriously and have put too much work into it to think that you’d be down forever, so I just waited. I can understand how others who might have less experience with you wouldn’t make those connections, however.

    Good to see you’re back up and running …

    1. Scott,

      You’re right, I take my presence online rather seriously and personally. When something like this happens, the impact and reflection is on me – not the web host. That makes their actions all the more infuriating to me. They bear no consequences for their actions.

Comments are closed.