Author: engineertim

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Useful website tools to use for your website.
This is a useful site to check your site for proper ssl settings. You will get a grade once the report is done. An “A” is the best, while a “B” would be acceptable, you should really try and get the “A” grade. I would also recommend when you do your test that you click on the check box that says “Do not show the results on the board”, unless you have a perfect score you want to show off.
This site is useful to check if the email you use for logins has been seen on hacked lists. It is also very useful to check the security of passwords you use for logins. – list your current IP address – Not to be confused with the .com version of the site. Many useful tools from gzip testing, to password generation. Not as useful as it once was since it does not seem to handle https based websites. But the DNS tools and password generator is quite useful. – another tool for checking to ensure your site is using gzip compression. This one works with https based sites.

Speed test – google and – Team focused chat with many useful options.

Moving a site to ssl with installatron one click installer. This assumes you are using cPanel with autossl enabled.

1. Test your site to ensure you have a ssl certificate installed. This can be done by going to https://yourdomain. If you your site loads with no errors you can proceed. Some common issues you may run into, site is not fully secure and ssl mismatch. You may need to resolve these errors before you proceed.

2. Inside of your cPanel account, create a new subdomain using the subdomain tool. You will need to wait for the server to generate and install the free SSL certificate for this subdomain. You can test this just like step 1 above.

3. From inside of installatron, clone the live site to the new subdomain, but make sure to select the https version of the subdomain. This should only take a few minutes depending on the site size. This will create a complete copy of your site and move it to the subdomain you created. You can now test the site and fix any issues you may have by going to the subdomain https site. For example, https://subdomain.yourdomain

4. Once things look good on the subdomain, you can go into installaron and clone the site back to the live site but use https version in the drop down.

5. Once the live site is cloned back to https, test again. Things should have been resolved when you used the subdomain, but there may be some lingering links or code that may need to be changed.

At this point your site should be using a valid SSL certificate. If you are uncomfortable doing these steps you may want to contact your developer or your hosting company to see if they can help you out. I would also recommend that you have a full backup of your site before proceeding with anything that is going to change your site. This would include installing plugins, updating core site files, etc… A backup is a simple way to ensure you have a way to get back to a known working state.

Please understand that you use these instructions at your own risk.  I do not acceptable responsibility for anything you do to your website.

Commonly used web hosting terminology.

Commonly used web hosting terminology.

I discuss some of the more basic web hosting terminology used.  This is the link I used for the glossary of terms.

This episode may be a little basic for some listeners, but I want to make sure that everyone knows the terminology and language that we talk about. My hope is to bring some listeners up to speed that may be confused by some of the terminology used in hosting. Again, this episode may not be fore everyone.

Additional information you should know:
Google will be marking all sites that DO NOT use https, ie http, as not secure starting in July 2018.  This will happen with chrome 68. If you are not using https on your website, you have a limited time to get this going. What this means is users to your site will start to see a “not secure” icon in the title bar.  This has the potential to scare away your users/customers.  If you are currently not using https, your SEO is most certainly being affected, this is another reason you really should be using HTTPS.

Gutenberg is coming to WordPress 5.0 are you ready?  For those of you that may not know, gutenberg is the new editor that is coming out in wordpress 5.0.  There is a current test release you can install through a plugin.  I would not recommend doing this on a live site, it is still quite beta and breaks a lot of things.  It is coming though, so if you have a test site I would recommend installing it there and take it for a spin. More info on WordPress and gutenberg can be found here.

This podcast now has a facebook page.

Marketing Automation with Mautic

Marketing Automation with Mautic

What is Mautic?

Mautic is a marketing automation platform.  There is a paid version at and a open source self hosted community version at
First, lets talk about marketing automation.  If you are familiar with applications like, hootsuite, hubspot and mailchimp, then you likely have already seen or used a marketing automation tools.  The idea or concept is simple, marketing automation is the act of using software to automate marketing actions.  This alleviates the repetitive tasks that are executed during a marketing campaign.  These could include, email, social media, and other actions related to marketing your online presence.
Mautic is either a paid solution or a self hosted open source solution.  I am going to specifically discuss the version or self hosted version.


PHP 5.6.19 php 7.0 supported
Mysql with innodb 5.5.3
Web server: apache 2.x, nginx 1.x , iis


Free with a paid option, active development and updates. Active community. Addons for just about anything you can think of. Works both in desktop browser and mobile friendly.


Not the easiest to install. Must setup cron jobs correctly. Documentation is a little lacking in clarity. Easy to get overly excited about all the options, sidetrack syndrome.

mautic includes 31 integration plugins installed by default (list below).  This can be expanded by installing additional plugins from the mautic marketplace located here.  There are also many ways to integrate common CMS applications into mautic, like wordpress, magento or woocommerce by using CMS plugins.

Mautic plugins available after install.

Amazon s3
Constant Contact
Dynamics CRM
GoTo Suite
Mautic Focus
I personally have been using the twitter plugin and a plugin for wordpress.  The wordpress plugin allows my contact form data to be inserted into mautic.  I use contact form 7 and the associated mautic plugin to do this.  The twitter integration allows me to gather twitter data that is permitted by the twitter API and capture it inside of mautic.
The email portion of mautic allows you to do targeted email marketing using contacts you collect.  The collection process can be any way you choose.  A simple example would be from a contact form on your site, or maybe through a e-commerce platform that would allow you to collect your customers contacts for future campaign targeting.  How you choose to get the contacts is up to you and your platform of choice.

Workflow concepts in mautic:

This is a big subject that I am still learning about.  One of the interesting features of mautic is the ability to create a workflow of actions based on rules and triggers you setup.  For example, I collect information from twitter.  I can then decide to collect those twitter users inside of mautic.  My rules I have setup collect information from hashtags.  I use two distinct hashtags to collect my target.  #wordpress and #webhosting, are my chosen tags to capture, and once a contact is pulled in, I can then define an action.  These actions can be used to trigger other actions.  For example, when I capture a contact through twitter their base points are 1, if they use the hashtag #wordpress they are given 2 more points, another 2 points for using #webhosting, and another 2 points if they mention me on twitter.  If a contact reaches 8 points, I can choose to execute another action, if I have their email address I can send them a personalized email.  Since I am collecting leads through twitter, I have their twitter name, I can now sent the contact a personalized tweet when they reach 8 points.

Forms and PopUp on your site:

With mautic, you can create static assets (Images, pdf), forms, dynamic content, and landing pages.  This allows you to collect contact infomation by offering them a pdf, for example.  You can have pop overs to promote something through the website.  These are done by first creating your component, then adding a small bit of code to your site.  Other ways of doing this is through plugins, wordpress has a supported mautic plugin that is free to use.

Other ideas:

e-commerce (woocommerce), target users from your store that order more than X times, you define what X is.  Example: if you have a customer that orders 3 times, then you could send them a custom coupon code for being a loyal customer.  If they order 5 times, maybe send them a free gift.  You can also organize your customers by location.  Maybe you want users that order 5 times that are located in the United States to get a free gift, while ignoring customers outside the defined area. Capture lead information in exchange for a free PDF download.  This is often used by marketers that want to make something available but not charge for it.  Capturing the lead becomes the actual cost and your contact database can be one of the most valuable assets for any business.  Since mautic also uses the MaxMind GeoLite2 database, you can track IP addresses that come to your site.  This gives a a very fine grain way to track customers point of entry.  This same information can be obtained through normal web analytic software as well, no concern on privacy there.  There are many many different ways you could use mautic through your current site.
Conclusion: Mautic is a excellent platform if you put the time in to setup, learn and use it.  The learning curve can be a little steep for a new user, but the time you spend with it will pay off if you stick with it.  Being a free application, the price is right.  If you are looking for a way to do marketing automation, you really can’t go wrong with mautic.  My only regret is that I do not have a way to try the premium paid version of the software at this time.

Final note.

I attempted to record a part about creating the cron entries for mautic.  It was a train wreck and after hearing it, I decided to remove it from the episode.  I fully plan on creating a youtube video that will cover cron entries.  It was just too confusing to explain things with only audio.
SEO Search Engine Optimization with Megan Ferrell

SEO Search Engine Optimization with Megan Ferrell

SEO, Search Engine Optimization

Listen as I get schooled by Megan Ferrell of about SEO, Search Engine Optimization. Megan gives the listener some great tips and advice on how to improve your SEO ranking. Listeners of the podcast may remember Megan from episode 4 , where we discussed 10 website security tips.

Some of the questions and topics we cover on this episode are.

What is SEO?
Process to start doing SEO on your website?
Getting ranked by google and other search engines?
Some of the tools that are needed to achieve this?

  • google webmaster tools
  • google analytics
  • sitemap file
  • same tools for other search engines like Bing.

Are other search engines important? Bing, DuckDuckGo, etc..?
Is a social media presence important to SEO?
Does site speed play into SEO?
3 things that anyone could do right now to increase their SEO presence?

Some useful links.

Official Google webmasters blog
Google webmaster youtube
Google Analytics
Google Webmaster Search Console

Disaster plan or success planning your website.

Disaster plan or success planning your website.

Do you have a web site disaster plan in order?
I am betting you likely don’t.

Why is a disaster plan important?

The unknown is ever present in the world of technology. With the rise of malware and CPU defects, the chances of your site going down by unseen forces is getting higher every day. You literally could wake up one morning and your site is no longer online, or worse it is being held for ransom. Add into the mix the number of web hosting companies that go out of business or are sold to another company. If you don’t have a worse case disaster plan in place, it is my opinion you are not doing yourself any favors. It is very easy to put together and can be accomplished by anyone. This would be like having an emergency go bag if you live in a earthquake zone.

What are some key things you need to have on your disaster plan?

Login details for your Domain and where it is registered (username, password, phone number and support email address).
It may or may not be registered with the same company that hosts your website. I would make a document that includes your login details, contact phone number and support email address. Put this along with the others we will be covering into a envelope and seal it, then put that in a safe place.

Login details for your hosting account (username, password, phone number and support email address).
This is the location where your website is actually being served from. Put this information in the same envelope as the rest of the ones we are covering. It is also important to have a phone number and support email address along with your login details.

A current backup or archive.
We have discussed this several times on this podcast. You should have a current backup or archive you can work with of at least your website, and possibly of your whole hosting account. If you have been backing up externally or manually copying to a local disk drive, put this information and location of the backup in the envelope with the other information.

Now that you have your login details sorted out, you need to have some basic DNS information. I personally like to have a complete zone listing of all of my DNS entries. These are things like;

  • What are my nameservers and where are they pointing? Nameservers are vital to knowing where your zone record is being kept. If your nameservers vanish, your domain vanishes from the internet.
  • Where does www and point to?
  • What are my MX records?
  • Do I have a custom record that is used for connecting to my mail server? For example, do you use and if so where is it pointing too?
  • Are there any other records I need for my site to be online? Custom records for a cdn, custom txt records that have been added, SPF records? There are many types of records that can be added to DNS. Some of them are for email, some are for proving you own a domain (google validation comes to mind). All records should be tracked and kept with your disaster plan records. You never know when you may need to recreate a zone entry.


Success plan not unlike the disaster plan.

What happens if your site starts getting a large amount of traffic. Good for you, bad for your hosting company if your on shared hosting. I have seen this type of thing happen time and time again. A article you may have written, or a product you are offering gets picked up by national news or celebrity likes your product. This is great news for you, but this can often result in your site going down or even being taken offline by your hosting company. How do you deal with a “scuccess” hit often involves the same things as a disaster plan. You may find yourself needing to move to a new host rather rapidly. Have those contact information and login details at the ready in your disaster plan packet. Lets just call this the “What if” packet.

If you are just experiencing some temporary increased traffic, meaning you don’t think it will last for very long as the hype dies down. There are a few steps you can do to help with the site traffic increase, which will likely help with server load.

  1. Use a caching service like cloudflare. We have discussed this in the past. Basic cloudflare services are free and it only takes a minute to setup. This will act as a buffer between your host and the people trying to access your site.
  2. Make sure you use expires and headers so files are cached. Another topic we have discussed in the first episode.
  3. Make sure you are compressing the site files with mod_deflate. See episode 1 for more details. Or listen to the end of this episode for the quick tip.
  4. Enable a caching plugin in your framework. Something like wp super cache or w3 total cache for wordpress will save you a lot of headaches with a sudden spike in site traffic. This will also lower server load by reducing the mysql queries required to load your site by making some of the site pages almost static in nature. This will in turn keep your host happy. This is not the same as cloudflare caching service.
  5. Serve a static site during the increase in traffic. This one is a little more tricky, but it is definitely possible. By removing the need to have mysql and php render pages, your site will load faster and have almost zero load on the server. This requires planning ahead however and having static pages ready to go.
  6. Work with your hosting provider to see if you can to keep your site online. If they are less than helpful, then reach out to the world and get a recommendation for a new host. A good host will want you to grow and be a part of your growth process. If they just suspend your account because you are successful suddenly, then they are impeding your growth and should be removed from the equation. If the host offers some suggestions to you, no matter if they sound complicated, and want to work with you in providing even a temporary solution to the situation, then you should listen and see if they can help.

Things to NOT do. Do not allow your host to move you to a tiny VPS of your own. This is the number one thing I see and it will kill your site, but save your hosts butt. If your site is already creating a problem on a very large shared servers with possibly many CPU cores and many Gigs of ram, what good is moving you to a 1 core and 1 gig of ram VPS going to do. They just want you off their shared server as fast as they can, they are not offering a solution but passing the buck to you and making a few bucks in the process. You site will never stay online in a small VPS unless you have someone that you can call on to make massive tweaks to the VPS itself, install specific software and configure it, this often requires a system administrator/engineer to do.

Do NOT try and block the inbound traffic that is being generated, this includes changing the URL, blocking IPs in .htaccess or server firewall. You want that traffic to come in, if there are elements on that page that require external resources, like a facebook or twitter feed, remove that code during the spike in traffic. These can potentially slow down your page speed.

The biggest take away I want to share with everyone is to be proactive and not reactive. Whether it is a disaster plan or a success plan, the “what if” scenario should be on the minds of everyone. And if you are not ready for it, it can be devastating to your site, your finances and even your emotional state. Like any other disaster preparedness scenario, regaining control of the situation as fast as possible will allow you to continue on with your life. It will remove stress and worry. If you get an email from your hosting provider saying, “your site has been shutdown because….” you will know how to proceed because of your planning. Take some time out of your busy week and determine the best way to handle your “what if” scenario, it will make your life a lot better. If you have already put together a “what if” packet, then please share your experience and tips you may have with me. I would love to hear about them.

Quick tip today is gzip compression in cPanel, you can also see a video I did on this here.

Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

What is the difference between a Backup and a Archive?

A backup is for short term recovery. This means a backup is likely a more current snapshot in time. Often a backup will be done daily/weekly/monthly. You should be able to restore your site from any of these backups. But what happens if the backup is corrupt, or your site is hacked and has been hacked for a while? This is where a Archive comes in. A archive, to me, is a snapshot in time of your site that you are comfortable and capable of starting from.

Example: You have a site or a blog, you do a weekly and monthly backup. You find out that it has been hacked and has hundreds of files that contain malicious code. You can spend all of your time, and possibly a large amount of money cleaning the site up. Or you could restore from a backup, but what if your backup also contains the hacked code? Maybe your site has been hacked for more than a month. Now those backups will likely not do you much good or save you time and ultimately money. A archive is what you will need to restore from. A snapshot in time, where you know your site is clean and functional and can also be rebuilt from. It is a starting point that you are comfortable with. it may not be a ideal situation to have to do, but at least you know you can do it. The alternative is to possibly spend hundreds of hours and maybe thousands of dollars with a developer or systems administrator cleaning up your now hacked site. It is possible that starting from the archive will be the quickest and safest path. If you do decide to restore from a archive, and it is because of a hack, be sure that you update everything and if possible determine how the hack originated. It would not hurt to change passwords and follow standard procedures for dealing with a hack, see episode 7 Web Hosting Podcast.

Backups in cPanel are created using a .tar.gz file format.

What is a .tar.gz file?
The .tar in the filename stands for Tape Archive. The .gz is a compression method known as GZIP. These can be opened with standard Windows, Mac and Linux applications. The first thing it will do is unzip the file, or decompress it. This will then leave a .tar file. This can then be extracted to get the contents of the full archive.

Generating a full backup through cPanel will generate a .tar.gz file in your chosen destination. To do this, login to cPanel and search for backup. This will show you either, backup or backup wizard. If you want a step by step process, use the wizard. If you want specific files then choose backup. They both will ultimately give you the same thing. If you choose to create your backup file in your home directory, be aware that this could take your account over quota and start breaking things rather quickly. Other options for backup destinations are FTP and SCP. You can also choose to download a current near line backup, which will download to the Downloads folder set by your web browser. If you plan to make a archive, be sure to generate a new full backup of your entire home directory. This will include mysql databases, email and your website directories.

Other things that are good to do at the start or end of a year?

Verify your whois data is current. This should be done regularly and is required by domain owners. Whois data is maintained through the company you registered the domain with.

Determine if there are domains that you no longer wish to keep before they are renewed. I find myself over the year purchasing domains for ideas I may have. Some of these ideas never see the light of day and become abandoned. This is a good time to determine if you wish to proceed with keeping these domains and websites going. This can save you a bit of money if you no longer wish to keep them going.

Do you have specific things you do to bring in the New Year for your website? I would love to hear what they are and discuss them on a future podcast episode. Contact me through the contact form.

In our quick tip, autoresponders for email.

Dealing with a hacked website and Malware types.

Dealing with a hacked website and Malware types.

Dealing with a hacked website and Malware types.

Virus/Malware/Ransomware/etc….Covering the differences and how they might affect you.

Definitions resourced from Comodo


Differences between them all.

  • Malware – Malware is software written specifically to infect the target host system. Subcategories of Malware include.
  • Virus – Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.
  • Adware – Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.
  • Spyware – This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggersmay be installed intentionally in a organization to monitor activities of employees.
  • Worms – This type of malware will replicate itself and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.
  • Trojan – Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be programmed to steal personal and financial information, and later take over the resources of the host computer’s system files. In large systems it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.
  • Ransomware – Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee. Your screen might show a pop up warning that your have been locked out of your computer and that you can access only after paying the cyber criminal. The cyber criminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.


Checking for a virus in your hosting environment.


Cpanel virus scan – uses clamav as the scanner.

Login to your cPanel account and look or search for “Virus Scanner”. Click on the image to open. You should now be presented with a series of radial check boxes.

  • Scan Mail – this is used to scan your email folders only.
  • Scan entire home directory – this is used to scan your cPanel home directory, including web/ftp/email spaces.
  • Scan public web space – this is used to scan only your web site locations on disk in your home directory.
  • Scan public FTP space – this is used to scan your FTP location on disk in your home directory.

I like to use “Scan Entire Home Directory” so it will scan everything. This could take a while to complete initially. Select this option and click on the “Scan Now” button. The Virus scanner will now start scanning your entire home directory for infected files. If it finds an infected file, you will be presented with 3 options for every file listed as infected.

3 options when it finds a virus.

  • quarantine – this will move the files selected in a quarantine folder in your home directory called quarantine_clamavconnector.
  • remove/delete – this permanently deletes the file with no hope of recovery. Be aware that you could possibly break your site if a core file is deleted using this option.
  • ignore – this will ignore the selected file. This allows you to manually remove the file or replace it through another means.

You can scroll to the bottom of the found virus list to use the “Select All” button for each of the above.

Gotchas I ran into during my testing.

Clamav was able to identify viruses on disk effectively, where external scanners could not see them at all. I chose to use sucuri site scan, to try and find these infected files. It was not able to. This leaves me to believe that unless the hacked/virus infected files are coded as part of your site (example in your footer.php), external scans will never see them. It is still a good idea to have external scans, but doing a regular scan at the host level that can see your actual files is still required. I highly recommend Clamav and CXS (Configserver eXploit Scanner) CXS ties into a database of php exploits as well as clamav and can scan your entire cPanel account for exploits that external scanners can not see.  CXS can also tell you what is outdated in your chosen CMS.  This is great for finding forgotten and possibly dead websites in your hosting account.

Dealing with a hacked website.

  1. Do not panic and stay calm.
  2. Take site offline.
  3. Change passwords (cPanel, ftp, email accounts, mysql, all of them).
  4. Diagnose/Scan – Either do this yourself or find/hire someone to do this. Some hosts can scan your hosting account to determine how bad the hack is and possibly how it was done.
  5. Remove hack – File restore, edit/clean files, clean database.
  6. Scan site again to ensure site is clean.
  7. Scan local computers used to maintain and access site to ensure they are not compromised or contain malware.
  8. Update site to be current.
  9. If you are on the google/firefox not safe list, you will need to get site delisted.
  10. If you did a clean restore your site, be sure to change the site password again. Often a restore will revert the password back to what it was previously which could have been compromised.
  11. Update everything!!
  12. Scan for virus and vulnerabilities again.
  13. If all clean, preform a final clean backup and archive it someplace safe.
  14. Get setup on a regular site security scan. This can be something as simple as sucuri or a host provided CXS (Configserver eXploit Scan). Maybe they have something else that they can do for you regularly, I would recommend checking with your own hosting provider to see what options they may have.

New 30 second tip from Megan Ferrell of

If you would like to present your own 30 Second Tip, please use the contact page.

Net Neutrality with David Anderson of Canvas Host

Net Neutrality with David Anderson of Canvas Host

On November 21, 2017, FCC chairman Pai unveiled plans to repeal the net neutrality policy in the United States. A vote will be held on December 14, 2017, with a 3–2 party-line vote expected to approve the repeal.

What is Net Neutrality?

Net neutrality is the principle that Internet service providers must treat all data on the Internet the same, and not discriminate or charge differently by user, content, website, platform, application, type of attached equipment, or method of communication.

A widely cited example of a violation of net neutrality principles was the Internet service provider Comcast’s secret slowing (“throttling”) of uploads from peer-to-peer file sharing (P2P) applications by using forged packets. Comcast did not stop blocking these protocols, like BitTorrent, until the FCC ordered them to stop. In another minor example, The Madison River Communications company was fined US$15,000 by the FCC, in 2004, for restricting their customers’ access to Vonage, which was rivaling their own services. AT&T was also caught limiting access to FaceTime, so only those users who paid for AT&T’s new shared data plans could access the application. In July 2017, Verizon Wireless was accused of throttling after users noticed that videos played on Netflix and Youtube were slower than usual, though Verizon commented that it was conducting “network testing” and that net neutrality rules permit “reasonable network management practices”.

It should be noted that current acting chairman of the FCC Ajit Pai, was a Verizon lawyer!


My Example of how this works.

To put this in a simple example.  Imagine your water line coming into your residence.  You get 50psi of water pressure to do with as you please for almost a set monthly rate, we will say $80/mo.  You can take a shower, use the water dispenser on the fridge, flush the toilet, wash your car, water your garden, do the dishes, do your laundry, fill your pool, and water your yard, among other things.

Now imagine a world where if you wanted to shower it would cost you $2/mo. extra, and if you wanted to flush your toilet $2/mo. extra, wash your car $5/mo. extra, do the dishes $5/mo. extra, use your water dispenser on the fridge $5/mo. extra.  I think you get the picture.  Now lets take this a little further.  If you signup with AT&T Water, you can use the shower and flush your toilet for free, and they will deliver fresh spring water to your fridge water dispenser along with a choice of POP, and one additional flavor.  The price is included in your water bundle of $80/mo., but to use your other water outlets to wash your car or do dishes it is still $5/mo. extra.  If you signup with Verizon Water, you still pay $80/mo. but they will give you spring water in the fridge water dispenser, but all other charges still apply.  If you signup for Comcast Water, you still pay $80/mo. and the water you get delivered to your house may not be drinkable.

Now imagine the same scenario but another added twist.  Imagine if you will that there is a quality of pressure scale that is controlled by your chosen water provider.  -10 to 10, with 0 (zero) being neutral.  -10 would be 5psi of water pressure and 10 would be 100psi of water pressure and 0 is the neutral/default 50psi.  Your chosen water provider has now decided that you need to pay more to get priority water delivery, you decided not to do this but all your neighbors did.  Now when you take a shower all your neighbors get 100psi of water pressure and you get 5psi.  They have prioritized the delivery of the water to those that chose to pay for the premium delivery of high pressure over those that did not choose to.

Not only that, but imagine that the water provider actually has the ability to completely prevent you from showering, watering your garden or flushing your toilet as they see fit.  The only requirement is that they let you know they are going to do it.  Beyond that they are allowed to turn things off/on as they see fit.  Maybe they got mad at a refrigerator manufacture for using too much water in their dispenser, so they decide to shut that service off.

If you think this scenario is a nightmare and not possible, think again.  This is precisely what Net Neutrality is preventing and why it is so very important to make sure it stays in place and is not repealed on December 14th.  Currently ISPs are regulated like a public utility just like your water provider, but if Net Neutrality is repealed the a fore mentioned scenario will become a reality.

It is imperative that everyone call their congress representative immediately and let them know you want Net Neutrality to stay.

Call your Senators and Representatives. Tell them to support net neutrality: 202-224-3121

This is a great link for contact information and banners.

Another link to resources for contact info.

Here is a link search for the image we discussed.  This image has made the rounds on social media and is a glimpse of what possibly could be coming.  Sorry no link directly to the source image.


3 Free WordPress Managed Solutions

3 Free WordPress Managed Solutions

Minimum options needed for hosting and hosting further explained.

  • Space (disk space) Small plans normally start at about 10G of disk space. Roughly 200 hours of music per month.
  • Bandwidth (network connections) Small plans normally accommodate up to 10,000 unique visitors per month.
  • SSL free or paid option.
  • A way to upload, add or modify files to your hosting space such as SFTP.
  • Instructions for getting into your hosting space.
  • Documentation – Online self service documentation that you can follow. Think Knowledgebase.
  • Support – helpful and knowledgeable support that will NOT charge you for simple things. Does not need to be phone based!?
  • One click installer. Click here to listen to a previous episode about one click installers.
  • A way to serve your files.
  • A script processor – php, ruby, python, perl…etc. customer preference.
  • Database and databse connecticity -mysql/postgresql/oracle/mongo.
  • Security mechanism Firewall or other intrusion detection system.
  • Backups at least weekly – although the user should also have their own backups.

Not on the list

  • Email – use google, wibble, outlook for hosted email.
  • DNS services including domain registration.

Goes without saying

  • Way to add domain to your hosting account.
  • Way to add domain aliases; this might be known to some people as parked domains.


WordPress managed soloutions

What is managed WordPress?

A complete service package where all technical aspects of running WordPress is provided by your chosen host. This style of web hosting does and should cost more than web hosting that does not provide these services.

This includes:

  • Security
  • Speed
  • WordPress Updates
  • Daily Backups
  • Premium support – this is handled by WordPress experts with lots of experience.

This is why the typical managed WordPress hosting plan is much more expensive than standard hosting.

Companies that do managed WordPress hosting


What is WordPress hosting?

WordPress specific hosting, not to be confused with managed WordPress hosting, is specialized shared hosting with optimizations specific for WordPress sites. These changes often improve site speed and response.

Why/How is this different than regular hosting?

Managed WordPress hosting, WordPress hosting and shared hosting are all different and very specific to the needs of the customer.  Shared hosting, the lowest level and most basic hosting is setup so there are many accounts on a single server.  These shared servers will be serving many different websites, this makes it hard to optimize for a single application.  WordPress shared hosting, or WordPress Hosting, is a shared server optimized specifically for WordPress web sites.  Managed WordPress is all the benefits of a optimized server experience without having to also worry about updates, security, speed and support.  These are handled for you as part of the hosting package.

How is this relevant?

Do it yourself managed programs you can use on your WordPress site.

All 3 add a plugin for remote management of

  • core updates
  • plugin updates
  • theme updates
  • And more features below.


Infinite WP

Infinite WP (IWP) is a self hosted free or paid product, although version 3 is suppose to provide for a managed install version (SAAS). The free version installs as a plugin that then installs a command interface where you can add your site to be managed, as well as others. It provides a simple backup and updater. The paid version includes a reported $2888 worth of add ons. This is all self hosted and you are responsible for updating and securing your install of infinite WP. The biggest drawback to Infinite WP is the support. For the free version, good luck getting any response. Even their website lists 96 hours for a response for free tier, and for the enterprise tier it can be 12 hours. This is just not acceptable if you are paying for this product.

Ease of Use rating from beginner to advanced? 

This is more advanced than I would like.  You have to not only manage your WordPress install, which is fine, but you also have to manage the install of Infinite WP.  Installing the command interface could be problematic and if you have problems, good luck getting a reply back from support.

WP Remote

WP Remote is operated as part of, which is a full service client management portal.  This is ideal for designers/developers or agencies that want one place to go for everything from invoicing to hosting.  Features of WP Remote include.

  • One click deploy.
  • Simple Hosting (not sure what they mean by “simple”, they also advertise FTP but no SFTP or FTPS 🙁 ).
  • Unlimited WordPress management.
  • Invoices.
  • CRM.
  • Domain Management.
  • Track sales & leads.

Ease of Use rating from beginner to advanced?

This is more simple than Infinite WP, but the interface may be quite confusing.  Only thing to install is the control plugin which is quite simple to do.  More options than a simple WordPress management interface.  If you want to generate invoices, track sales leads and let handle your hosting then this might be for you.

Manage WP

Mange WP is owned by GoDaddy which also owns Sucuri .
This is a cloud based software as a service application and Manage WP handles updates and security for the product. There is nothing the end user needs to install or manage except the control plugin. This is installed into your WordPress website. Manage WP is free for unlimited sites and certain addons are free. Premium addons are very reasonable at $1-$2 /mo. each, and you can purchase group bundles for multiple site activations. This means you can spend as little or as much as you need. I prefer this to having to pay $35/mo. for all of it. By only charging me for what I want/need it becomes very easy to turn on a few things that interest me or my customers.

Ease of Use rating from beginner to advanced?

This is super simple to install.  The only thing to install is the control plugin which is quite simple to do and I think anyone can/could do it.  The interface is very user friendly and easy to understand.  The notices, billing, and alerts are very clear to see and understand.  The only downside to Manage WP is that the basic backups do not allow you to download them or push them to another location.  They maintain the backups for you on their S3 drive.  Paying $2/mo. is the only way to get your backups sent to another location or be able to download them.  Other than that, there are many wonderful and free features that I use everyday.

Free with Manage WP:

  • Backup
  • Sucuri security checks
  • Performance check
  • Client reports
  • Google Analytics
  • Maintenance mode
  • Code snippets
  • 2-factor authentication
  • 1-click login
  • Manage comments
  • Manage plugins and themes
  • Vulnerability updates
  • Collaborate

Many paid options increase the functionality of the free options. For example, $2/mo extra will give you cloud backup destinations with scheduling, or you can use the free basic backup. Or for $1/mo. enable the SEO monitor feature to track the SEO of your site.

Listeners of the Web Hosting Podcast have been given a wonderful bonus, if you want to try Manage WP. You can use the code WHPOD and you will get $10 added to your account to try any of the paid features. This means you can get SEO monitoring for 10 months.


10 website security tips with Megan Ferrell and show feedback.

10 website security tips with Megan Ferrell and show feedback.

10+ Web Site Security Tips
10+ Web Site Security Tips

Feedback on/about the podcast.

  • Who is this podcast for?

The short answer to this question is, me. This podcast came about by me wanting to have something for my children to remember me by. I originally started reading books, recording them and then archiving them. The first book I read was Night Before Christmas. We have a family tradition of reading it Christmas eve. I wanted there to be a recorded version of myself that my children could listen to and share with their kids, long after I was gone. From there, I started reading Encyclopedia Brown books. This series holds fond memories for me and my youngest as it is one of the first books we read together, and then tried to figure out the answer. It was a lot of fun and if you have not read any of the books I highly recommend reading them. Even as an adult, they hold great value. After doing the books for a while, the next logical step was to do a podcast. Something that shared my discipline in Linux/Unix. So the podcast, web hosting podcast, was born.

For those that wonder what the target market would be for this podcast, I am not 100% certain. I like to think it is someone that is new to hosting and wants to get the most out of their shared hosting plan. I really like to share and give out information to anyone that will listen, and anyone that knows me personally, I think would agree. There is a wealth of information jammed into my head about everything from Apache to Xen Virtualization. Most of it is going to be very boring. So, I try to wade through the minutiae and bring the elements of hosting that I think would be not only interesting, but relevant. My hope is that this remains fun, for me, and in the end if someone finds one thing that is useful then that would be a bonus.

If you have questions or comments regarding the podcast or your own web site please feel free to drop me a line. The easiest way to reach me is through the contact form on


10 website security tips + a few more for good measure.

Megan Ferrell from websites 503 joins me via to discuss 10 website security steps. We take time going over the questions after the speed round of her answering them. We then add a few of our own recommendations for good measure. I urge anyone that has a website to look over these 10+5 security steps and see how your web site rates. These steps are very easy to fulfill so you get a 100%.

  1. Is your CMS software up to date?
  2. Are you using trusted third-party plugins and themes?
  3. Have you changed default settings on your CMS?
  4. Do you promptly remove outdated access permissions?
  5. Does your website URL start with HTTPS?
  6. Are you using a WAF (Web Application Firewall)?
  7. Is your server monitored for malware?
  8. Do you use SFTP instead of FTP to upload files to your website?
  9. Do you have daily backups of your website?
  10. Are passwords difficult?

    Bonus round

  11. Have you changed all default passwords sent to you when you signed up?
  12. Does your developer or another person know your passwords?
  13. Have you disabled and removed all unused themes or plugins?
  14. Have you hidden your login page?
  15. Have you enabled or use two factor authentication?

The original 10 steps came from the following link.

Upcoming topics and additonal show ideas.
In the coming episodes, we are going to take a look at SEO, Managed WordPress Options that are FREE, modifying the robots.txt file and touch on some development topics. I am also looking at starting a web hosting round table show in 2018 using google hangouts or youtube. If anyone is interested in participating in the round table, please use the contact form to get in touch. The idea from the round table came from watching the podcasters round table. I would like to have no more than 6 people on at a time, a topic would be determined ahead of time to ensure a proper fit, and then discuss that topic in a round table setting. I think it would be very informative to get many different points of view. For example, my idea of a developer/designer could possibly be different than yours. If this sounds like something that would interest you please let me know.