Gone are the days when Geocities and a domain name would cut it. Now, we’re living in a world where cyber security, speed, and reliability are main priorities. The process of creating and securing an online presence doesn’t stop when your website ‘goes live’.
Today we’re giving you a few helpful tips about what to look for in a managed hosting provider, and why you might want to reconsider that budget ‘£2 a month’ deal that’s looking pretty tasty right now.
Regularly updating your WordPress software is an absolute must. Even if you don’t want fancy new features, because WordPress is open-source it’s constantly being patched and hotfixed with solutions to bugs and potential security weaknesses. You should be updating your WordPress core, themes, and plugins at least once a week.
The downside is that sometimes plugins and themes aren’t updated as quickly as they should be, leading to incompatible plugins with the theme, with the core software, or with each other. Even if you’re examining the documentation to ensure it’s all going to work just fine, sometimes updates are released before they’re truly ready, and can break your site. To fix that, you’ll need comprehensive backups…
Every time you update a plugin or theme, there’s a risk of incompatibility issues. Every time you edit something, there’s a risk of it not being saved correctly due to a bad internet connection or an accidental page reload. Every moment your site is online, there is a chance, however minimal, and however robust your security measures might be, that it could get hacked and have malware nestled in some innocent-looking file you never knew existed.
And then sometimes we just screw up, and make changes to a page we didn’t intend (although WordPress does its best to provide revisions and trash bins from which we can retrieve missing data from), or something else goes awry. And when it does, you’ll need a backup.
Backups can be stored on your hosting server, where they’re prone to hogging massive amounts of space over time or being accidentally deleted. The safest place to back up your website is, well, somewhere else. Many web hosts provide backups of your site’s files, but often don’t include the database – which, as it just so happens, contains ALL the text content and settings for your site and is much harder to replace than the theme and plugin files.
You’ll want a solution that includes both your website’s files (WordPress core, plugins, themes, images, etc), and your website settings and content. You’ll also want it stored somewhere secure where malicious hackers can’t get hold of it to corrupt or destroy it.
No matter how fast your hosting is, you may simply find that compared to the location of your customers, the hosting servers are thousands of miles away from them. Even the wonders of the internet are subject to physical limitations. If you have only customers local to one area (the UK, for example), you could simply use a UK hosting company whose servers are based somewhat locally. But if you have a global market, or would like to cultivate one, then you can use a CDN (Content Delivery Network) like Cloudflare. It can take a little time to set up and tweak, depending on your website’s settings, but once that’s done they can speed up your site for faraway visitors by loading your website from a server much closer to them.
As much as a good CDN can help your content reach your visitors worldwide in record time, you’ll also want to ensure your files are small and can be downloaded quickly. There are a number of ways to achieve this, including caching (saving code snapshots of your pages so that they don’t have to be calculated each time), combining styles and scripts into single, minimised files, and reducing image sizes by scaling them down and compressing them.
This might seem like a lot of technical work, and it can be when first getting started, but ensuring that your new pages and content are optimised for quick load times will keep visitors (and search engines) very happy. New images and pages will also need to be regularly optimised.
The best way to deal with hackers is not to let them in at all. Even if you have regular backups, there’s always the risk (particularly with an eCommerce site) that damage could already be done even if they don’t actually break your website. Namely, your customers have trusted you with their personal details, which are stored on your website, and if those details aren’t protected, you could be facing some hefty legal action.
There are two things absolutely vital to a secure website: Firewalls and SSL.
Firewalls work similarly to the software on your computer, keeping out unscrupulous visitors. In particular, they’ll help defend against brute-force attacks (repeated login attempts with intelligently generated username and password combinations) and DDOS (Distributed Denial of Service) attempts (large amounts of ‘fake’ traffic sent to your website in attempt to overload the server). A good firewall will also keep an eye on the files of your website, just in case something gets mysteriously changed by a malicious plugin or via FTP.
SSL means Secure Socket Layers, and it’s the reason you should always look for a little padlock icon in your browser bar before you type in any personal or financial details. SSL encrypts the data sent between the browser and the server, so that only the browser and the server can read the data. This means that if a visitor’s firewall isn’t quite up to speed or they’re using a public domain (such as coffee-shop WiFi), no one else can ‘snoop’ on the data that they’re submitting – it will simply be undecipherable to a third party.
To look and feel professional, you’ll want to have a custom email domain to match your website, like email@example.com. The problem is that almost all budget hosting packages are on shared servers. Each server has its own IP address… and if one website (not necessarily yours) gets hacked and used to send out spam emails, that IP address will be listed somewhere like SpamHaus and your outgoing emails will be likely be blocked until the threat has passed and its been delisted. Unfortunately, even superhero support teams who solve the problem in minutes can only request that the IP address is delisted… and it can take a few hours, sometimes even days, to delist the shared IP address from the block list. This means that if someone else on your shared hosting gets hacked, your outgoing emails won’t work for a while – and that could be really bad for business. Trust me, I’ve had this happen more than once across multiple hosts.
Ideally, you’ll not want to host your emails on the same server as your website unless it’s a private server that isn’t shared with other, perhaps less security-savvy, websites. Instead, I always recommend a third party service like GSuite, to help ensure safe and reliable email services so you’re always able to contact whomever you need to, whenever you need to.
Hosting Settings & Control Panels
Your hosting control panel is where you can log in to and view, upload, delete, move and manage all of your site’s data. It’s the place where all the good stuff happens, but everyone forgets about it until they’re hunting for an option that they just can’t find.
And that brings me to a big warning… many budget hosting companies won’t allow you to change settings that, over time, need to be changed for your website to work properly. This might include a software version, an upload limit, a memory allocation, or a security setting.
By restricting access to these options, a budget host can force you to upgrade to a more expensive package, when all you want to do is keep your website alive and well. As WordPress themes and plugins get smarter and safer, they also get more resource-hungry – just like with all tech.
In particular, you’ll want a host that will allow you to make changes to PHP settings, incuding its version, memory limit, upload limit, and timeout (the length of time an action can run before it’s considered to have taken just too damn long – and a common reason for backup or migration plugins to fail if not given enough time).
Budget web hosts can seem like a great idea at first, until you realise that all of these settings can’t be changed within reasonable limits. If you’re going it alone into the market, don’t be afraid to ask these questions to keep your website future-proof from the needy whims of WordPress plugin developers and their ‘improvements’!
When you can’t quite figure out why something is going wrong, or you need advice on how to implement a new feature, you’re going to want expert advice to save you hours of potentially unfruitful googling. A strong technical support team who can make significant changes, help you debug issues, or even answer silly questions that make you slap your own forehead and apologise (goodness knows I’ve asked plenty of those questions myself), and who will help in a patient and non-judgemental manner, is vital. They should be easy to contact, quick to respond, and if they don’t have access to directly fix the problem for you, they should be able to give straightforward, step by step advice on how to do so.
Tying all of the above together can be hard work. Between updates and maintenance, backups, security, optimising your site for various devices in various locations, and other miscellaneous tasks that keep you from doing what you do best, there are many facets to consider. If you’re not tech savvy, or you lack the time to learn how to carefully manage the above, it’s highly recommended that you find a hosting plan that includes management services who can help you make the most of your online presence and who can be on hand to fix any hiccups along the way.
If you’re feeling overwhelmed by all of this, you’re not alone. There are many companies who can help with all of this and more, depending on your budget. One thing’s for sure… it’s not something to be neglected or left as an afterthought.
At StudioWEISS, we offer several tiers of managed hosting plans to keep your worries at bay and ensure that everything runs smoothly after the initial build is complete. We even include basic managed hosting and a discount on our Plus and Pro packages for the first year if your site was designed by us.
Questions? Comments? Feel free to leave them below, or get in touch at firstname.lastname@example.org