SEO Search Engine Optimization with Megan Ferrell

SEO Search Engine Optimization with Megan Ferrell

SEO, Search Engine Optimization

Listen as I get schooled by Megan Ferrell of websites503.com about SEO, Search Engine Optimization. Megan gives the listener some great tips and advice on how to improve your SEO ranking. Listeners of the podcast may remember Megan from episode 4 , where we discussed 10 website security tips.

Some of the questions and topics we cover on this episode are.

What is SEO?
Process to start doing SEO on your website?
Getting ranked by google and other search engines?
Some of the tools that are needed to achieve this?

  • google webmaster tools
  • google analytics
  • sitemap file
  • same tools for other search engines like Bing.

Are other search engines important? Bing, DuckDuckGo, etc..?
Is a social media presence important to SEO?
Does site speed play into SEO?
3 things that anyone could do right now to increase their SEO presence?

Some useful links.

Official Google webmasters blog
Google webmaster youtube
Google Analytics
Google Webmaster Search Console

Disaster plan or success planning your website.

Disaster plan or success planning your website.

Do you have a web site disaster plan in order?
I am betting you likely don’t.

Why is a disaster plan important?

The unknown is ever present in the world of technology. With the rise of malware and CPU defects, the chances of your site going down by unseen forces is getting higher every day. You literally could wake up one morning and your site is no longer online, or worse it is being held for ransom. Add into the mix the number of web hosting companies that go out of business or are sold to another company. If you don’t have a worse case disaster plan in place, it is my opinion you are not doing yourself any favors. It is very easy to put together and can be accomplished by anyone. This would be like having an emergency go bag if you live in a earthquake zone.

What are some key things you need to have on your disaster plan?

Login details for your Domain and where it is registered (username, password, phone number and support email address).
It may or may not be registered with the same company that hosts your website. I would make a document that includes your login details, contact phone number and support email address. Put this along with the others we will be covering into a envelope and seal it, then put that in a safe place.

Login details for your hosting account (username, password, phone number and support email address).
This is the location where your website is actually being served from. Put this information in the same envelope as the rest of the ones we are covering. It is also important to have a phone number and support email address along with your login details.

A current backup or archive.
We have discussed this several times on this podcast. You should have a current backup or archive you can work with of at least your website, and possibly of your whole hosting account. If you have been backing up externally or manually copying to a local disk drive, put this information and location of the backup in the envelope with the other information.

Now that you have your login details sorted out, you need to have some basic DNS information. I personally like to have a complete zone listing of all of my DNS entries. These are things like;

  • What are my nameservers and where are they pointing? Nameservers are vital to knowing where your zone record is being kept. If your nameservers vanish, your domain vanishes from the internet.
  • Where does www and yourdomain.com point to?
  • What are my MX records?
  • Do I have a custom record that is used for connecting to my mail server? For example, do you use mail.yourdomain.com and if so where is it pointing too?
  • Are there any other records I need for my site to be online? Custom records for a cdn, custom txt records that have been added, SPF records? There are many types of records that can be added to DNS. Some of them are for email, some are for proving you own a domain (google validation comes to mind). All records should be tracked and kept with your disaster plan records. You never know when you may need to recreate a zone entry.

 

Success plan not unlike the disaster plan.

What happens if your site starts getting a large amount of traffic. Good for you, bad for your hosting company if your on shared hosting. I have seen this type of thing happen time and time again. A article you may have written, or a product you are offering gets picked up by national news or celebrity likes your product. This is great news for you, but this can often result in your site going down or even being taken offline by your hosting company. How do you deal with a “scuccess” hit often involves the same things as a disaster plan. You may find yourself needing to move to a new host rather rapidly. Have those contact information and login details at the ready in your disaster plan packet. Lets just call this the “What if” packet.

If you are just experiencing some temporary increased traffic, meaning you don’t think it will last for very long as the hype dies down. There are a few steps you can do to help with the site traffic increase, which will likely help with server load.

  1. Use a caching service like cloudflare. We have discussed this in the past. Basic cloudflare services are free and it only takes a minute to setup. This will act as a buffer between your host and the people trying to access your site.
  2. Make sure you use expires and headers so files are cached. Another topic we have discussed in the first episode.
  3. Make sure you are compressing the site files with mod_deflate. See episode 1 for more details. Or listen to the end of this episode for the quick tip.
  4. Enable a caching plugin in your framework. Something like wp super cache or w3 total cache for wordpress will save you a lot of headaches with a sudden spike in site traffic. This will also lower server load by reducing the mysql queries required to load your site by making some of the site pages almost static in nature. This will in turn keep your host happy. This is not the same as cloudflare caching service.
  5. Serve a static site during the increase in traffic. This one is a little more tricky, but it is definitely possible. By removing the need to have mysql and php render pages, your site will load faster and have almost zero load on the server. This requires planning ahead however and having static pages ready to go.
  6. Work with your hosting provider to see if you can to keep your site online. If they are less than helpful, then reach out to the world and get a recommendation for a new host. A good host will want you to grow and be a part of your growth process. If they just suspend your account because you are successful suddenly, then they are impeding your growth and should be removed from the equation. If the host offers some suggestions to you, no matter if they sound complicated, and want to work with you in providing even a temporary solution to the situation, then you should listen and see if they can help.

Things to NOT do. Do not allow your host to move you to a tiny VPS of your own. This is the number one thing I see and it will kill your site, but save your hosts butt. If your site is already creating a problem on a very large shared servers with possibly many CPU cores and many Gigs of ram, what good is moving you to a 1 core and 1 gig of ram VPS going to do. They just want you off their shared server as fast as they can, they are not offering a solution but passing the buck to you and making a few bucks in the process. You site will never stay online in a small VPS unless you have someone that you can call on to make massive tweaks to the VPS itself, install specific software and configure it, this often requires a system administrator/engineer to do.

Do NOT try and block the inbound traffic that is being generated, this includes changing the URL, blocking IPs in .htaccess or server firewall. You want that traffic to come in, if there are elements on that page that require external resources, like a facebook or twitter feed, remove that code during the spike in traffic. These can potentially slow down your page speed.

The biggest take away I want to share with everyone is to be proactive and not reactive. Whether it is a disaster plan or a success plan, the “what if” scenario should be on the minds of everyone. And if you are not ready for it, it can be devastating to your site, your finances and even your emotional state. Like any other disaster preparedness scenario, regaining control of the situation as fast as possible will allow you to continue on with your life. It will remove stress and worry. If you get an email from your hosting provider saying, “your site has been shutdown because….” you will know how to proceed because of your planning. Take some time out of your busy week and determine the best way to handle your “what if” scenario, it will make your life a lot better. If you have already put together a “what if” packet, then please share your experience and tips you may have with me. I would love to hear about them.

Quick tip today is gzip compression in cPanel, you can also see a video I did on this here.

Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

What is the difference between a Backup and a Archive?

A backup is for short term recovery. This means a backup is likely a more current snapshot in time. Often a backup will be done daily/weekly/monthly. You should be able to restore your site from any of these backups. But what happens if the backup is corrupt, or your site is hacked and has been hacked for a while? This is where a Archive comes in. A archive, to me, is a snapshot in time of your site that you are comfortable and capable of starting from.

Example: You have a site or a blog, you do a weekly and monthly backup. You find out that it has been hacked and has hundreds of files that contain malicious code. You can spend all of your time, and possibly a large amount of money cleaning the site up. Or you could restore from a backup, but what if your backup also contains the hacked code? Maybe your site has been hacked for more than a month. Now those backups will likely not do you much good or save you time and ultimately money. A archive is what you will need to restore from. A snapshot in time, where you know your site is clean and functional and can also be rebuilt from. It is a starting point that you are comfortable with. it may not be a ideal situation to have to do, but at least you know you can do it. The alternative is to possibly spend hundreds of hours and maybe thousands of dollars with a developer or systems administrator cleaning up your now hacked site. It is possible that starting from the archive will be the quickest and safest path. If you do decide to restore from a archive, and it is because of a hack, be sure that you update everything and if possible determine how the hack originated. It would not hurt to change passwords and follow standard procedures for dealing with a hack, see episode 7 Web Hosting Podcast.

Backups in cPanel are created using a .tar.gz file format.

What is a .tar.gz file?
The .tar in the filename stands for Tape Archive. The .gz is a compression method known as GZIP. These can be opened with standard Windows, Mac and Linux applications. The first thing it will do is unzip the file, or decompress it. This will then leave a .tar file. This can then be extracted to get the contents of the full archive.

Generating a full backup through cPanel will generate a .tar.gz file in your chosen destination. To do this, login to cPanel and search for backup. This will show you either, backup or backup wizard. If you want a step by step process, use the wizard. If you want specific files then choose backup. They both will ultimately give you the same thing. If you choose to create your backup file in your home directory, be aware that this could take your account over quota and start breaking things rather quickly. Other options for backup destinations are FTP and SCP. You can also choose to download a current near line backup, which will download to the Downloads folder set by your web browser. If you plan to make a archive, be sure to generate a new full backup of your entire home directory. This will include mysql databases, email and your website directories.

Other things that are good to do at the start or end of a year?

Verify your whois data is current. This should be done regularly and is required by domain owners. Whois data is maintained through the company you registered the domain with.

Determine if there are domains that you no longer wish to keep before they are renewed. I find myself over the year purchasing domains for ideas I may have. Some of these ideas never see the light of day and become abandoned. This is a good time to determine if you wish to proceed with keeping these domains and websites going. This can save you a bit of money if you no longer wish to keep them going.

Do you have specific things you do to bring in the New Year for your website? I would love to hear what they are and discuss them on a future podcast episode. Contact me through the contact form.

In our quick tip, autoresponders for email.

Dealing with a hacked website and Malware types.

Dealing with a hacked website and Malware types.

Dealing with a hacked website and Malware types.

Virus/Malware/Ransomware/etc….Covering the differences and how they might affect you.

Definitions resourced from Comodo

 

Differences between them all.

  • Malware – Malware is software written specifically to infect the target host system. Subcategories of Malware include.
  • Virus – Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.
  • Adware – Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.
  • Spyware – This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggersmay be installed intentionally in a organization to monitor activities of employees.
  • Worms – This type of malware will replicate itself and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.
  • Trojan – Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be programmed to steal personal and financial information, and later take over the resources of the host computer’s system files. In large systems it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.
  • Ransomware – Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee. Your screen might show a pop up warning that your have been locked out of your computer and that you can access only after paying the cyber criminal. The cyber criminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.

 

Checking for a virus in your hosting environment.

 

Cpanel virus scan – uses clamav as the scanner.

Login to your cPanel account and look or search for “Virus Scanner”. Click on the image to open. You should now be presented with a series of radial check boxes.

  • Scan Mail – this is used to scan your email folders only.
  • Scan entire home directory – this is used to scan your cPanel home directory, including web/ftp/email spaces.
  • Scan public web space – this is used to scan only your web site locations on disk in your home directory.
  • Scan public FTP space – this is used to scan your FTP location on disk in your home directory.

I like to use “Scan Entire Home Directory” so it will scan everything. This could take a while to complete initially. Select this option and click on the “Scan Now” button. The Virus scanner will now start scanning your entire home directory for infected files. If it finds an infected file, you will be presented with 3 options for every file listed as infected.

3 options when it finds a virus.

  • quarantine – this will move the files selected in a quarantine folder in your home directory called quarantine_clamavconnector.
  • remove/delete – this permanently deletes the file with no hope of recovery. Be aware that you could possibly break your site if a core file is deleted using this option.
  • ignore – this will ignore the selected file. This allows you to manually remove the file or replace it through another means.

You can scroll to the bottom of the found virus list to use the “Select All” button for each of the above.

Gotchas I ran into during my testing.

Clamav was able to identify viruses on disk effectively, where external scanners could not see them at all. I chose to use sucuri site scan, to try and find these infected files. It was not able to. This leaves me to believe that unless the hacked/virus infected files are coded as part of your site (example in your footer.php), external scans will never see them. It is still a good idea to have external scans, but doing a regular scan at the host level that can see your actual files is still required. I highly recommend Clamav and CXS (Configserver eXploit Scanner) CXS ties into a database of php exploits as well as clamav and can scan your entire cPanel account for exploits that external scanners can not see.  CXS can also tell you what is outdated in your chosen CMS.  This is great for finding forgotten and possibly dead websites in your hosting account.

Dealing with a hacked website.

  1. Do not panic and stay calm.
  2. Take site offline.
  3. Change passwords (cPanel, ftp, email accounts, mysql, all of them).
  4. Diagnose/Scan – Either do this yourself or find/hire someone to do this. Some hosts can scan your hosting account to determine how bad the hack is and possibly how it was done.
  5. Remove hack – File restore, edit/clean files, clean database.
  6. Scan site again to ensure site is clean.
  7. Scan local computers used to maintain and access site to ensure they are not compromised or contain malware.
  8. Update site to be current.
  9. If you are on the google/firefox not safe list, you will need to get site delisted.
  10. If you did a clean restore your site, be sure to change the site password again. Often a restore will revert the password back to what it was previously which could have been compromised.
  11. Update everything!!
  12. Scan for virus and vulnerabilities again.
  13. If all clean, preform a final clean backup and archive it someplace safe.
  14. Get setup on a regular site security scan. This can be something as simple as sucuri or a host provided CXS (Configserver eXploit Scan). Maybe they have something else that they can do for you regularly, I would recommend checking with your own hosting provider to see what options they may have.

New 30 second tip from Megan Ferrell of websites503.com

If you would like to present your own 30 Second Tip, please use the contact page.

Net Neutrality with David Anderson of Canvas Host

Net Neutrality with David Anderson of Canvas Host

On November 21, 2017, FCC chairman Pai unveiled plans to repeal the net neutrality policy in the United States. A vote will be held on December 14, 2017, with a 3–2 party-line vote expected to approve the repeal.

What is Net Neutrality?

Net neutrality is the principle that Internet service providers must treat all data on the Internet the same, and not discriminate or charge differently by user, content, website, platform, application, type of attached equipment, or method of communication.

A widely cited example of a violation of net neutrality principles was the Internet service provider Comcast’s secret slowing (“throttling”) of uploads from peer-to-peer file sharing (P2P) applications by using forged packets. Comcast did not stop blocking these protocols, like BitTorrent, until the FCC ordered them to stop. In another minor example, The Madison River Communications company was fined US$15,000 by the FCC, in 2004, for restricting their customers’ access to Vonage, which was rivaling their own services. AT&T was also caught limiting access to FaceTime, so only those users who paid for AT&T’s new shared data plans could access the application. In July 2017, Verizon Wireless was accused of throttling after users noticed that videos played on Netflix and Youtube were slower than usual, though Verizon commented that it was conducting “network testing” and that net neutrality rules permit “reasonable network management practices”.

It should be noted that current acting chairman of the FCC Ajit Pai, was a Verizon lawyer!

Source

My Example of how this works.

To put this in a simple example.  Imagine your water line coming into your residence.  You get 50psi of water pressure to do with as you please for almost a set monthly rate, we will say $80/mo.  You can take a shower, use the water dispenser on the fridge, flush the toilet, wash your car, water your garden, do the dishes, do your laundry, fill your pool, and water your yard, among other things.

Now imagine a world where if you wanted to shower it would cost you $2/mo. extra, and if you wanted to flush your toilet $2/mo. extra, wash your car $5/mo. extra, do the dishes $5/mo. extra, use your water dispenser on the fridge $5/mo. extra.  I think you get the picture.  Now lets take this a little further.  If you signup with AT&T Water, you can use the shower and flush your toilet for free, and they will deliver fresh spring water to your fridge water dispenser along with a choice of POP, and one additional flavor.  The price is included in your water bundle of $80/mo., but to use your other water outlets to wash your car or do dishes it is still $5/mo. extra.  If you signup with Verizon Water, you still pay $80/mo. but they will give you spring water in the fridge water dispenser, but all other charges still apply.  If you signup for Comcast Water, you still pay $80/mo. and the water you get delivered to your house may not be drinkable.

Now imagine the same scenario but another added twist.  Imagine if you will that there is a quality of pressure scale that is controlled by your chosen water provider.  -10 to 10, with 0 (zero) being neutral.  -10 would be 5psi of water pressure and 10 would be 100psi of water pressure and 0 is the neutral/default 50psi.  Your chosen water provider has now decided that you need to pay more to get priority water delivery, you decided not to do this but all your neighbors did.  Now when you take a shower all your neighbors get 100psi of water pressure and you get 5psi.  They have prioritized the delivery of the water to those that chose to pay for the premium delivery of high pressure over those that did not choose to.

Not only that, but imagine that the water provider actually has the ability to completely prevent you from showering, watering your garden or flushing your toilet as they see fit.  The only requirement is that they let you know they are going to do it.  Beyond that they are allowed to turn things off/on as they see fit.  Maybe they got mad at a refrigerator manufacture for using too much water in their dispenser, so they decide to shut that service off.

If you think this scenario is a nightmare and not possible, think again.  This is precisely what Net Neutrality is preventing and why it is so very important to make sure it stays in place and is not repealed on December 14th.  Currently ISPs are regulated like a public utility just like your water provider, but if Net Neutrality is repealed the a fore mentioned scenario will become a reality.

It is imperative that everyone call their congress representative immediately and let them know you want Net Neutrality to stay.

Call your Senators and Representatives. Tell them to support net neutrality: 202-224-3121

This is a great link for contact information and banners.
https://www.battleforthenet.com/

Another link to resources for contact info.
https://www.elitedaily.com/p/how-to-contact-congress-about-net-neutrality-because-its-so-important-6745499

Here is a link search for the image we discussed.  This image has made the rounds on social media and is a glimpse of what possibly could be coming.  Sorry no link directly to the source image.

 

3 Free WordPress Managed Solutions

3 Free WordPress Managed Solutions

Minimum options needed for hosting and hosting further explained.

  • Space (disk space) Small plans normally start at about 10G of disk space. Roughly 200 hours of music per month.
  • Bandwidth (network connections) Small plans normally accommodate up to 10,000 unique visitors per month.
  • SSL free or paid option.
  • A way to upload, add or modify files to your hosting space such as SFTP.
  • Instructions for getting into your hosting space.
  • Documentation – Online self service documentation that you can follow. Think Knowledgebase.
  • Support – helpful and knowledgeable support that will NOT charge you for simple things. Does not need to be phone based!?
  • One click installer. Click here to listen to a previous episode about one click installers.
  • A way to serve your files.
  • A script processor – php, ruby, python, perl…etc. customer preference.
  • Database and databse connecticity -mysql/postgresql/oracle/mongo.
  • Security mechanism Firewall or other intrusion detection system.
  • Backups at least weekly – although the user should also have their own backups.

Not on the list

  • Email – use google, wibble, outlook for hosted email.
  • DNS services including domain registration.

Goes without saying

  • Way to add domain to your hosting account.
  • Way to add domain aliases; this might be known to some people as parked domains.

 

WordPress managed soloutions

What is managed WordPress?

A complete service package where all technical aspects of running WordPress is provided by your chosen host. This style of web hosting does and should cost more than web hosting that does not provide these services.

This includes:

  • Security
  • Speed
  • WordPress Updates
  • Daily Backups
  • Premium support – this is handled by WordPress experts with lots of experience.

This is why the typical managed WordPress hosting plan is much more expensive than standard hosting.

Companies that do managed WordPress hosting

 

What is WordPress hosting?

WordPress specific hosting, not to be confused with managed WordPress hosting, is specialized shared hosting with optimizations specific for WordPress sites. These changes often improve site speed and response.

Why/How is this different than regular hosting?

Managed WordPress hosting, WordPress hosting and shared hosting are all different and very specific to the needs of the customer.  Shared hosting, the lowest level and most basic hosting is setup so there are many accounts on a single server.  These shared servers will be serving many different websites, this makes it hard to optimize for a single application.  WordPress shared hosting, or WordPress Hosting, is a shared server optimized specifically for WordPress web sites.  Managed WordPress is all the benefits of a optimized server experience without having to also worry about updates, security, speed and support.  These are handled for you as part of the hosting package.

How is this relevant?

Do it yourself managed programs you can use on your WordPress site.

All 3 add a plugin for remote management of

  • core updates
  • plugin updates
  • theme updates
  • And more features below.

 

Infinite WP

Infinite WP (IWP) is a self hosted free or paid product, although version 3 is suppose to provide for a managed install version (SAAS). The free version installs as a plugin that then installs a command interface where you can add your site to be managed, as well as others. It provides a simple backup and updater. The paid version includes a reported $2888 worth of add ons. This is all self hosted and you are responsible for updating and securing your install of infinite WP. The biggest drawback to Infinite WP is the support. For the free version, good luck getting any response. Even their website lists 96 hours for a response for free tier, and for the enterprise tier it can be 12 hours. This is just not acceptable if you are paying for this product.

Ease of Use rating from beginner to advanced? 

This is more advanced than I would like.  You have to not only manage your WordPress install, which is fine, but you also have to manage the install of Infinite WP.  Installing the command interface could be problematic and if you have problems, good luck getting a reply back from support.

WP Remote

WP Remote is operated as part of maek.it, which is a full service client management portal.  This is ideal for designers/developers or agencies that want one place to go for everything from invoicing to hosting.  Features of WP Remote include.

  • One click deploy.
  • Simple Hosting (not sure what they mean by “simple”, they also advertise FTP but no SFTP or FTPS 🙁 ).
  • Unlimited WordPress management.
  • Invoices.
  • CRM.
  • Domain Management.
  • Track sales & leads.

Ease of Use rating from beginner to advanced?

This is more simple than Infinite WP, but the interface may be quite confusing.  Only thing to install is the control plugin which is quite simple to do.  More options than a simple WordPress management interface.  If you want to generate invoices, track sales leads and let Maek.it handle your hosting then this might be for you.

Manage WP

Mange WP is owned by GoDaddy which also owns Sucuri .
This is a cloud based software as a service application and Manage WP handles updates and security for the product. There is nothing the end user needs to install or manage except the control plugin. This is installed into your WordPress website. Manage WP is free for unlimited sites and certain addons are free. Premium addons are very reasonable at $1-$2 /mo. each, and you can purchase group bundles for multiple site activations. This means you can spend as little or as much as you need. I prefer this to having to pay $35/mo. for all of it. By only charging me for what I want/need it becomes very easy to turn on a few things that interest me or my customers.

Ease of Use rating from beginner to advanced?

This is super simple to install.  The only thing to install is the control plugin which is quite simple to do and I think anyone can/could do it.  The interface is very user friendly and easy to understand.  The notices, billing, and alerts are very clear to see and understand.  The only downside to Manage WP is that the basic backups do not allow you to download them or push them to another location.  They maintain the backups for you on their S3 drive.  Paying $2/mo. is the only way to get your backups sent to another location or be able to download them.  Other than that, there are many wonderful and free features that I use everyday.

Free with Manage WP:

  • Backup
  • Sucuri security checks
  • Performance check
  • Client reports
  • Google Analytics
  • Maintenance mode
  • Code snippets
  • 2-factor authentication
  • 1-click login
  • Manage comments
  • Manage plugins and themes
  • Vulnerability updates
  • Collaborate

Many paid options increase the functionality of the free options. For example, $2/mo extra will give you cloud backup destinations with scheduling, or you can use the free basic backup. Or for $1/mo. enable the SEO monitor feature to track the SEO of your site.

Listeners of the Web Hosting Podcast have been given a wonderful bonus, if you want to try Manage WP. You can use the code WHPOD and you will get $10 added to your account to try any of the paid features. This means you can get SEO monitoring for 10 months.

 

10 website security tips with Megan Ferrell and show feedback.

10 website security tips with Megan Ferrell and show feedback.

10+ Web Site Security Tips
10+ Web Site Security Tips

Feedback on/about the podcast.

  • Who is this podcast for?

The short answer to this question is, me. This podcast came about by me wanting to have something for my children to remember me by. I originally started reading books, recording them and then archiving them. The first book I read was Night Before Christmas. We have a family tradition of reading it Christmas eve. I wanted there to be a recorded version of myself that my children could listen to and share with their kids, long after I was gone. From there, I started reading Encyclopedia Brown books. This series holds fond memories for me and my youngest as it is one of the first books we read together, and then tried to figure out the answer. It was a lot of fun and if you have not read any of the books I highly recommend reading them. Even as an adult, they hold great value. After doing the books for a while, the next logical step was to do a podcast. Something that shared my discipline in Linux/Unix. So the podcast, web hosting podcast, was born.

For those that wonder what the target market would be for this podcast, I am not 100% certain. I like to think it is someone that is new to hosting and wants to get the most out of their shared hosting plan. I really like to share and give out information to anyone that will listen, and anyone that knows me personally, I think would agree. There is a wealth of information jammed into my head about everything from Apache to Xen Virtualization. Most of it is going to be very boring. So, I try to wade through the minutiae and bring the elements of hosting that I think would be not only interesting, but relevant. My hope is that this remains fun, for me, and in the end if someone finds one thing that is useful then that would be a bonus.

If you have questions or comments regarding the podcast or your own web site please feel free to drop me a line. The easiest way to reach me is through the contact form on https://webhostingpodcast.com/contact

 

10 website security tips + a few more for good measure.

Megan Ferrell from websites 503 joins me via zoom.us to discuss 10 website security steps. We take time going over the questions after the speed round of her answering them. We then add a few of our own recommendations for good measure. I urge anyone that has a website to look over these 10+5 security steps and see how your web site rates. These steps are very easy to fulfill so you get a 100%.

  1. Is your CMS software up to date?
  2. Are you using trusted third-party plugins and themes?
  3. Have you changed default settings on your CMS?
  4. Do you promptly remove outdated access permissions?
  5. Does your website URL start with HTTPS?
  6. Are you using a WAF (Web Application Firewall)?
  7. Is your server monitored for malware?
  8. Do you use SFTP instead of FTP to upload files to your website?
  9. Do you have daily backups of your website?
  10. Are passwords difficult?

    Bonus round

  11. Have you changed all default passwords sent to you when you signed up?
  12. Does your developer or another person know your passwords?
  13. Have you disabled and removed all unused themes or plugins?
  14. Have you hidden your login page?
  15. Have you enabled or use two factor authentication?

The original 10 steps came from the following link.

Upcoming topics and additonal show ideas.
In the coming episodes, we are going to take a look at SEO, Managed WordPress Options that are FREE, modifying the robots.txt file and touch on some development topics. I am also looking at starting a web hosting round table show in 2018 using google hangouts or youtube. If anyone is interested in participating in the round table, please use the contact form to get in touch. The idea from the round table came from watching the podcasters round table. I would like to have no more than 6 people on at a time, a topic would be determined ahead of time to ensure a proper fit, and then discuss that topic in a round table setting. I think it would be very informative to get many different points of view. For example, my idea of a developer/designer could possibly be different than yours. If this sounds like something that would interest you please let me know.

Web hosting one click installers, David Anderson of Canvas Host talks domains

Web hosting one click installers, David Anderson of Canvas Host talks domains

Web Hosting Podcast episode 3


News / security

WordPress plugin with 200,000 installs has a backdoor – Display Widgets version 2.6.1 and 2.6.3
https://www.bleepingcomputer.com/news/security/backdoor-found-in-wordpress-plugin-with-more-than-200-000-installations/

ransom-ware outbreak

Company agrees to pay $1 million in bitcoin to unlock 157 web servers.
https://www.bleepingcomputer.com/news/security/south-korean-web-hosting-provider-pays-1-million-in-ransomware-demand/

CloudFlare now includes apps June 27th – https://blog.cloudflare.com/cloudflare-apps-2/
Some of the great apps on cloudflare I have found.
– social icons – add social icons automatically to your site
– tweet this – highlight and tweet text
– Facebook comments – Facebook Comments app lets people comment on content on your site using their Facebook account.
– Facebook Like – Add a Facebook Like button to your site to build your social media presence.
– Pinterest – Let your visitors share your content and increase your social presence with Pinterest buttons!
– google maps – quickly add a map to your page.
– spotify, soundcloud, trebble – add music playlists to your site.
– ecommerce apps for paypal
– fun stuff – particles and browser blast.
– check out all the apps here.

One click installers

What are one click installers?
One click installers allow you to “install” a range of popular software from a library of applications for use. These can include wordpress, joomla, drupal and many others depending on your host and possibly the hosting plan you select at signup.

The 3 major one click installers used for hosting.
fantastico -https://netenberg.com/
softaculous – https://www.softaculous.com/
installatron – http://installatron.com/

All have panel integration (cpanel, plesk, etc..)

All allow you to install the most current version of popular software including.
wordpress
drupal
joomla
magento

Why I like installatron over the others.

– Ease of use, hands down installatron is easiest to use.
– clone a site and move a site to another location – very easy to do.
– remote backup including dropbox integration.
– automatic install of security plugins (wordpress specific in this case) during the one click install.
– automatic update with backup and rollback ; this is huge. Installatron will automatically backup, then attempt to update each piece that needs a update. If a update fails it will roll back to the backup file. It sends emails out regarding the status of the updates and if they were successful or not.
– schedule of backups and retention. This only backs up the installed application and not your entire cPanel or control panel account. This allows your site to be portable and easy to restore in the event something happens to your site.
– Easily login to your wordpress site from inside of cPanel.
– Easily reset your wordpress login credentials, this includes the password.
– Install two factor authentication on creation of wordpress site, or later on. This can be enabled by default.
– Limit failed login attempts, by default.
– You can import current installs into installatron so that it can manage it for you. This is very handy to help manage automated updates and backups.

Follow this blog post to see how to import your current install of wordpress into installatron. Keeping your WordPress Website Updated | Enrolling in an Automatic Updater

 

Domain registration with David Anderson of Canvas Host

Topics covered with David from Canvas Host.
– What is a domain registrar.
– Buying a new domain.
– Price change after one year – this is very common to see a $1.99 or lower, intro price and then have a much higher price renewal after the first year. Could be much much higher.
– Domain transfer to new registrar – unlock domain, generate epp code, send epp code to new registrar. Watch the transfer fee, will renew for 1 year.
– Grace periods – 0 – 45 days after it expires. Just the cost to renew.
– Redemption – after 45 days. This costs a lot more money + renewal. Fee varies on registrar.
– Pending deletion after 80 days, which then anyone can register after released. This is cheaper than paying redemption fees, but could cost you your domain.
– Loosing a domain by lapsing and entering delete state.
– Contact information must be current on domain registration so that you can be reached. DO NOT USE bogus/false info!!
– Private registration – $7.50 per year, can vary by registrar, some TLDs are free for private registration. For exmaple, *.uk. Some domains can’t have private registration, .us for example.
– Warning about domain registry of america letter and the scam. Domain slamming. https://en.m.wikipedia.org/wiki/Domain_name_scams

If you have show topic suggestions, recommendations or want to be on the show follow this link

Free SSL/TLS for your web site, Caching options for your web site

Free SSL/TLS for your web site, Caching options for your web site

SSL/tls

What is ssl and tls. – https://en.wikipedia.org/wiki/Transport_Layer_Security
Auto ssl in cpanel – https://blog.cpanel.com/autossl/
Other free SSL sites – Lets encrypt https://letsencrypt.org/
Google will penalize page rankings if SSL is not used as well as mark pages without HTTPS as non-secure.

Caching

In episode one we discussed gzip compression and using cache control headers (expires and headers) to improve website speed.
Now we are going to take it a little farther and discuss more caching options for your site.

A web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. A web cache system stores copies of documents passing through it; subsequent requests may be satisfied from the cache if certain conditions are met.[1] A web cache system can refer either to an appliance, or to a computer program.

Source wikipedia -https://en.wikipedia.org/wiki/Web_cache

2 WordPress specific caching plugins that I have used.

w3 total cache – https://wordpress.org/plugins/w3-total-cache/
wp super cache – https://wordpress.org/plugins/wp-super-cache/

Common features of both.

– PHP caching.
– Compress pages.
– Don’t cache pages for known users.
– Cache rebuild.
– CDN support.
– Extra homepage checks.

Cloud flare -https://www.cloudflare.com/

Cloud Flare is software as a service cache.

Free plan has many options and features that you will want to use.

– Auto Minify
– Page Rules – custom define patterns for your site. for exmaple lock down wp-admin with custom rules.
– apps – add your google analytics code to every page automatically, even error pages. – https://www.cloudflare.com/apps/
– force ssl and version of ssl, even if you don’t have a ssl cert a free one can be provided
– spdy or http2 integration.
– allow for ipv6 to be used
– access rules, define rules based on IP or Country to use a captcha to see your site.
– AMP (accelerated mobile pages) automatically
– scrape shield – email obfuscation, hotlink protection.
– Always online – if your service provider has a issue, a static version of your site will still be online for pages that have been visited and are sitting in cache.

If your web hosting provider is a cloud flare partner, then you may have immediate access right now to cloud flare inside of cPanel. It is quick and easy to get setup.

If you have show topic suggestions, recommendations or want to be on the show follow this link

Picking a web host, gzip compression, expires and headers

Picking a web host, gzip compression, expires and headers

Web Hosting Podcast: Episode 1

What is it you are going to be hosting?  A Blog, eCommerce website, funny cat pictures or something that is mission critical and requires 100% uptime?  Depending on the answer there could be millions of different options….. Current google search for “Web Hosting” results in 115 Million results.  How do you sort out the good options from the bad options?

  • Top eight (8) things to watch for when choosing a web host
      1. Know your hosting needs.
      2. Investigate on host reliability and uptime guarantees.
      3. Study web host upgrading options.
      4. Check all hosting features (such as number of addon domains allowed) based on your needs.
      5. Check prices on both sign up and renewal.
      6. Check hosting control panel.
      7. Read hosting company’s ToS to find out more about account suspension and server usage policy.
      8. Other supporting features (ie. site backup, environmental friendliness, etc)
  • Gotchas to avoid – don’t fall for the “buffet” or “unlimited” plans.
  • Check their knowledge base or documentation
  • Do they have shared values with you or your business i.e. B corporation

Final tips and info:
Price – do not go for the cheapest option.  You get what you pay for!!
Do they provide one click installers for popular programs?
Do they provide a site builder application free of charge? If you use their site builder can you move your site to another host?
Do they offer the services you need for future proofing?
Links:
http://www.webhostingsecretrevealed.net/choose-the-right-web-hosting/

https://www.aawebmasters.com/choose-web-host/

Expires and Headers:

Setting headers on images and other file types to prevent re download.

  • Speeds site up. Typically users leave a site if it is slow to load after 2 seconds.
  • Will save bandwidth and save you $$, just like gzip compression.
  • Will increase your page ranking by having a faster site load time.
  • The Longer you set the expire time the longer the file will stay in the browsers cache.
  • Issue: may change your workflow. Elements need to have new names if replacing the same element.

Add the following lines to your .htaccess file to enable Header Cache-Control.  Add your own file types in the FilesMatch area.

[cc]
# 3 Months

Header set Cache-Control “max-age=7257600”

# 1 Week

Header set Cache-Control “max-age=604800”

[/cc]

Links:

http://www.inmotionhosting.com/support/website/htaccess/apache-module-mod-expires
http://magentoexpertforum.com/showthread.php/10324-Speed-up-your-site-with-htaccess-caching-mod_expires-and-mod_headers

Gzip compression:

What is it!?
Gzip is a method of compressing files (making them smaller) for faster network transfers. It is also a file format. Compression allows your web server to provide smaller file sizes which load faster for your website users. Enabling gzip compression is a standard practice.

Why would you want to enable it?

  • Saves your bandwidth.
  • Can make your site load quicker.

How to enable it in cPanel, the great missing menu.

  • Optimize Website inside of your cPanel account.

Verify it is working a the following links.
https://checkgzipcompression.com
http://www.gziptest.com

Mime Types:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types

If you have show topic suggestions, recommendations or want to be on the show follow this link