Tag: Wordpress

WordPress 5 release date, Social Media experiment and CloudFlare turns 8.

WordPress 5 release date, Social Media experiment and CloudFlare turns 8.

Today on episode 26, Web Hosting Podcast. WordPress 5 gets a tentative release date. I discuss a social media experiment I tried. And cloudflare celebrated its 8th birthday in style by releasing some great new features and services.

 

WordPress 5 has a tentative release date of November 19th, 2018 Release Notes
This date could be pushed back as needed and even moved to 2019. It appears that this may coincide with the coming release of PHP 7.3, which is due December 13th, 2018. If you are currently using the Gutenberg editor plugin in your current version of WordPress, then version WordPress 5 will be familiar to you. You will still have the ability to go back to the classic editor, the one currently in use, by installing a plugin. However, there are likely big code changes that are still going to break a lot of plugins and themes when WordPress 5 comes out. Here are some things you must know before the big WordPress 5 release comes out.

1. Test your plugins and themes as well as any custom code you may be using on your site.

Option 1, for a while, there was a Gutenberg database of listed plugins that you could use to validate your install. This project has since been abandoned and is no longer maintained. The CSV file is still available to download, but it is likely very outdated. Use with caution as it might not be complete or current. Download CSV here.

Option 2, copy your current website to a staging url. Something like test.yoursite.com or dev.yoursite.com. Then activate the Gutenberg plugin. You will then need to manually test every plugin and theme you use. This is a very tedious task and is fraught with perils. You really are going to need to know what you are doing. I would recommend, if you plan to try this, to disable all plugins and set the theme to a default theme after you copy/clone your site to the staging environment. Then one by one, make sure your plugins are updated and then activate them and test. If you find a plugin that does not work, then you may have to start over unless you know how to debug plugins or deactivate plugins using ftp/sftp methods. Once you are completed with the plugins testing, then I would update and activate your theme. You will have to test again and again after each and every change. This sounds like a monumental task, and lets be honest it is, but it is something either you or your developer really needs to do. The last thing you want happen is for your site to be updated and then break.

2. Make sure you have a full and complete backup of your WordPress install and you know how to restore from it. I can’t stress this enough at this point. If you do NOT know how to make a backup or do a restore using the backup, then you or your developer need to get on this. I mention backups in almost every episode and it is very very important that you take this step seriously. If your site automatically updates and things break, there is likely no way to go back to a previous version even if you try the classic editor plugin, your site may still not function as expected or just not render at all. There are dramatic code changes in a major release that my just not work, even in classic mode.

Before hitting that update button on WordPress 5, make sure you have all your options thought out. Backups, any testing needed, a good developer on standby and a restore plan. It is very likely that a large number of installs will break and your web host of choice will very likely have their hands full. They may not even help you at all without charging for it. So be prepared for the worst and work backwards from there.

Social media

Top social media platforms in the U.S.
Facebook – 2 billion active monthly users
YouTube – 1.9 billion active monthly users
Instagram – 1 billion active monthly users

Last month, I did something as a test for myself. I used social media heavily and I mean really heavily. I challenged myself to post regularly on twitter and instagram, preferring to use instagram as my platform of choice for video. My personal challenge was to promote the podcast, but to also have fun and be myself. I posted random cloud photos, pictures of my dog, and information about my podcast. The task was to see if doing this would have any impact on my podcast downloads and website hits. I posted at least once a day, but more as needed or when the desire struck. I primarily used instagram, but by doing this I also allowed instagram to post to facebook and twitter. My primary use for twitter is to post news articles that I find relating to hosting or security. My results shocked me, in the 3 weeks that I tried this I gained almost 600 new podcast downloads and it is still climbing. I went from having 1 or 2 downloads a day to having 20 or 30 a day.

Think about that, in the case of a podcast they are listeners, but in a business that could be customers and potentially big sales opportunities. Now, it should be noted that I am not a social media master or anything like that. I just do what most others do, post, and I use what I have access to. Meaning, posting pictures of clouds or my dog, is my staple and easy for me to do. I don’t post pictures of my family, other than the dog, online unless I have some form of control of the content. So I am left with what I have access too. I also have some skills in video, so making a short video on the do’s and don’ts of hosting was easy for me to do. Those types of videos I posted on instagram as posts, not stories, so everyone could see them. I did not always promote my brand, or podcast. Again, I had fun with it and let people see my human side, not just the business side.

I think what I learned is that anyone can do this type of thing but the biggest thing is to have fun. I don’t worry about the number of followers, and actually I don’t watch my podcast download count either. Neither of those really mean anything to me. What I do keep an eye on is the interactions. If someone comments on a post, I thank them or answer their question. If someone retweets a tweet, then I might follow them. Things that can generate a conversation or communication of some sort is what I go for. That would be my first piece of advice. Don’t fret over numbers, if someone does not hit the “heart” button don’t assume it was not seen. Don’t worry about the total number of followers and likes you get. If you do that, then you are likely going to add stress and not have fun. That would be my second piece of advice, have fun. Social media is social, it is a chance to let your guard down a bit and let people into your life, have fun with it. I would rather see photos/videos of someones dog chasing its tail then another almost informative ad on a product. I am sure most other people would too, but if you post product info every third post, that might work.

Anyone that is listening to this, I challenge you to promote on social media. Get creative with it and have fun. The results you see might surprise you as it did me.

CloudFlare

CloudFlare recently had its 8th birthday and did so with a bang.
If you have not heard of or use CloudFlare, I invite you to listen to Episode 2 here
For the most part, CloudFlare is a software as a service cache that does a whole lot more. Now celebrating their 8th birthday, congratulations by the way, CloudFlare does even more. In addition to adding caching features to your site and helping to keep it secure, CloudFlare offers domain registrations at wholesale prices and adds domain privacy for free. This service is currently in early access and I invite you to head over to their site to check out all of their service offerings, most of which are free. I use CloudFlare on all of my sites and love it, I can’t wait to be able to also register domains through them.

Google pagespeed insights headache.

Google pagespeed insights headache.

Today on Episode 24, Web Hosting Podcast. Are you obsessed with page speed ranking? Speed is always a great thing to have but the realization is, getting that perfect score is almost impossible with a website. Megan joins me to discuss some things that may cause your site to be slow. We also dive into pagespeed insights and discuss some surprising and shocking results we got.

 

What can make your website slow?

  • Slow hosting environment
  • Images too large
  • No caching setup on website, expires
  • long database queries
  • Running old versions of software, PHP, Apache, CMS software (WordPress, Drupal, Joomla, etc..)

If you use google pagespeed insights or pingdom website speed test, you may have got a low score for your website. A low score would be something in the 60-70 range. Anything above a 80 would be considered a pretty good score. I just want to point out that you should not obsess about getting a perfect score.

google pagespeed insights

Pingdom website speed test

Both of the pagespeed tests use a score from A (great) to F (fail). Of course you want to try and get all A in your grade score. But sometimes it is just not possible.

For a base line, I installed a default version of wordpress (4.9.8) on a domain I own. Right after installing, I ran both google pagespeed and pingdom website speed tests. The site is being served over SSL using the default free cPanel SSL certificate.

Google – Mobile = 70
Google – Desktop = 92

Pingdom = Overall 88 (B)

When you first run the test, you will get a list of currently applied optimizations as well as improvement recommendations.
My list of currently applied optimizations on a default install are as follows. NOTE: these may be different depending on your hosting providers setup and environment.

Avoid landing page redirects
Enable compression
Minify HTML
Optimize images
Prioritize visible content

From the list, you can see that I do not have redirects for the landing page, I have gzip compression enabled, my html is minified, my images are optimized, and I have content that is visible that is prioritized. But what does this all mean?

Landing Page Redirects :
This occurs when you redirect the main site the user is going to, to another page. Google provides some great examples.
Here are some examples of redirect patterns:
example.com uses responsive web design, no redirects are needed – fast and optimal!
example.com → m.example.com/home – multi-roundtrip penalty for mobile users.
example.com → www.example.com → m.example.com – very slow mobile experience.

Enable Compression :
We actually discussed this in the very first episode and it is worth noting again. Compression will shrink down elements before sending them to the browser. This saves bandwidth and can improve site speed by sending smaller elements through the internet. You can enable gzip compression in cPanel by going to “optimize website” and click on compress all content.

Minify HTML :
According to google here is what they mean by Minify HTML:
Minification refers to the process of removing unnecessary or redundant data without affecting how the resource is processed by the browser – e.g. code comments and formatting, removing unused code, using shorter variable and function names, and so on.
You should minify your HTML, CSS, and JavaScript resources:
To minify HTML, try HTMLMinifier
To minify CSS, try CSSNano and csso.
To minify JavaScript, try UglifyJS. The Closure Compiler is also very effective. You can create a build process that uses these tools to minify and rename the development files and save them to a production directory.

Optimize Images :
This rule triggers when PageSpeed Insights detects that the images on the page can be optimized to reduce their filesize without significantly impacting their visual quality.
This means that I do not have a image that is to large and scaled to fit the area. Do not scale images in your web framework. Always scale the image before uploading.

My initial run of items that needed improvement.

Reduce server response time
In our test, your server responded in 0.64 seconds.
There is not much to be done here. That is almost 1/2 a second for a response time. It could certainly be better, but this value will shift up and down depending on a lot of factors. If this value is higher than 1 second, then you may have a overloaded server.

Eliminate render-blocking JavaScript and CSS in above-the-fold content
Your page has 1 blocking CSS resources. This causes a delay in rendering your page.
None of the above-the-fold content on your page could be rendered without waiting for the following resources to load. Try to defer or asynchronously load blocking resources, or inline the critical portions of those resources directly in the HTML.

Leverage browser caching
Setting an expiry date or a maximum age in the HTTP headers for static resources instructs the browser to load previously downloaded resources from local disk rather than over the network.
This is simply setting a cache header or expires header. We covered this in Episode 1.

Minify CSS
Compacting CSS code can save many bytes of data and speed up download and parse times.
Like the Minify of HTML above, this is the same only for CSS. Removing objects and comments that are not needed will shrink the file size and allow the file to be served faster.

Minify JavaScript
Compacting JavaScript code can save many bytes of data and speed up downloading, parsing, and execution time.
Like the Minify of HTML above, this is the same only for JavaScript. Removing objects and comments that are not needed will shrink the file size and allow the file to be served faster.

Now here is where things get sketchy with these reports. Remember, my initial scan was Desktop 92, Mobile 70. On my next run, the test was worse and the only thing I changed was the .htaccess to allow for caching (See below). Now with this single change in place, my score is Desktop 90, Mobile 57. What gives here? Dropping 2 points on desktop after applying a fix makes no sense, and even worse is mobile dropping 13 points. To make matters worse, running the test a 3rd time with no changes except caching results in even lower numbers. Desktop 89, and Mobile is back up to 64. So lets make some more changes and see what happens.

Browser caching in .htaccess file
# 3 Months
<FilesMatch “\.(flv|gif|jpg|jpeg|png|ico|swf)$”>
Header set Cache-Control “max-age=7257600”

# 1 Week
<FilesMatch “\.(js|css|pdf|txt)$”>
Header set Cache-Control “max-age=604800”

Deleted two plugins
Hello Dolly and Akismet

Added
w3 total cache.
For this plugin, I enabled and then set the following options to turn them on. The first time I enabled this plugin, I got a 500 error. I had to remove the browser cache line from above, then the site rendered and I was able to adjust the settings for w3 total cache. Once the settings were saved, I was able to add the browser cache from above and things worked fine.

Page Cache enabled and using Disk : Enhanced
Minify enabled and using Disk : Enhanced
Database Cache enabled and using Disk
Object Cache enabled and using Disk
Browser Cache enabled
Fragment Cache set to disk

Click on Save All Settings and purge any cache by going to Performance in the top menu and Purge all caches.

After removing those two plugins, and adding w3 total cache my scores are as follows on the first run.
Desktop 97
Mobile 93
These numbers held after repeated attempts over several hours. It is still a mystery as to why the numbers dipped so bad after just adding caching, which should have helped the numbers not hurt them.

The changes above resulted in only needing two fixes, according to google.
Eliminate render-blocking JavaScript and CSS in above-the-fold content
Leverage browser caching

I am not going to worry about the first one, Eliminate render-blocking JavaScript and CSS. But what gives with the second one, I thought we added browser caching already. Well, we did, but there are some things you may not want to cache, or in this case W3 total cache does not want cached. The file in question is a minified JavaScript file, and it is likely that this file will change over time as you build your website and add plugins. If you cache a file that is known to change, then your users may not get the new file until the cache expires. So be aware when you want to cache files, make a note on which ones might change regularly.

With these settings my pingdom website speed score went from 88 (B), to 96 (A).

As you can see it is pretty simple to get some good scores, if you are worried about that. And you should be worried about some of them. Browser caching, minify files, everything helps improve the user experience. But focusing on getting that 100 is a lofty goal and not practical for a website that has valuable content. Try and keep it real by getting in the 90+ range and resolve the issues you can fix. W3 Total Cache is one of the easiest plugins to setup and use just to get these speed benefits and get your score up. There is no coding it is all done for you.

Beginner steps to launching a new website.

Beginner steps to launching a new website.

Today on episode 20 of Web Hosting Podcast. Beginner steps to launching a website. We will cover all the steps needed to go from concept to launch, for the beginner. It is now easier than it has ever been to get a brand new website online and serving content. Have you wanted to make the jump and have your own website? Follow along and learn how to get your own website online.

0. Brainstorm
Choosing the purpose of the website, whether you are going to sell something or just blog, is an important step. This will likely direct your choice on a domain name to use. After all, you want your domain name to reflect the sole and purpose of the web site you are going to launch. Outline and brainstorm what you are going to do with the site first. This includes things you may do later after launch. For example, if you are just going to blog now, but think you might like to sell some merchandise later on. Take this into account and write it down. Don’t leave any detail out. This process will also help you decide what software to build your website with.

1. Domain name.

Your domain is your site address or URL. For example, webhostingpodcast.com is my domain. A domain should be easy to remember and not very long. After all, you don’t want your visitors to have to remember a long confusing URL. For example, webhostingpodcast.com is long but a memorable and easy to remember name. However, the-greatest-web-hosting-podcast-of-all-time.com would be very hard to remember and contains characters that are diffficult. I normally recommend that you not use odd characters or misspelling in domains, unless you have to. This makes it harder to remember.

Domains have to be registered and purchased. This is more like a lease than a purchase. You have to renew the domain every time it comes up for renewal. This could be every year if you chose to register the domain for 1 year. Ultimately it depends on the length you decide. Domains can vary in price depending on what you choose. Typically they are about $14 per year.

2. Hosting.
Hosting is where your site lives and is served from. A good web host is key here. Do not skimp on choosing a great and dependable web host. Often, you can purchase your domain and hosting at the same time. But be aware of the potential hidden costs of doing this. A lot of times a host will give you a free domain for signing up for web hosting. Looking at what the cost to renew that domain per year is important. You don’t want to be surprised when you get a domain renewal charge. There is nothing wrong with registering your domain with one company, and hosting your website on another. You just have to remember that you will have 2 different bills. You can also use a online website builder like, wix, weebly, squarespace or blogger. If you don’t want to have your own personal domain (URL) then these might be a logical choice for you to put some online content. However, if you want the ability to fully customize and optimize your web site along with email, ftp, and other services, then web hosting will be needed.

Also, keep in mind that the actual website software you choose may affect your choice of host. If you are using wordpress, which most people do, then you will want to find a web host that is well equiped and educated about wordpress.

3. The website itself.
Most people starting out will want to use something simple. I highly recommend that you use Worpdress to do this. It is by far the number one blogging platform, but it does so much more. If you want to sell trinkets online, there is a plugin for that (woocommerce), if you want to do photo blogging there is a plugin for that (NextGen Gallery). If you can think of it, then there is likely a plugin for it. If you want to change the look of the site but are not a coding expert, you can just add a new template (these are the wordpress of themes). There are hundreds and possibly thousands of free templates available to change the look of wordpress, just check those ratings before installing anything you find.

If you have chosen WordPress for your site, then you likely will want to choose a WordPress specific host. These are hosts that have trained staff to help you sort out issue. Their servers are optimized for WordPress sites. They often have a simple way or even a automatic way to install WordPress as well as keep it updated automatically. These are the things that often trip people up and make you want to pull your hair out or shut down your website. You take your car, likely, to a certified mechanic when it has issues. Do yourself a favor and take your WordPress site to a Worpdress specific host. There are a lot of them out there to choose from that are reliable and knowledgeable.

For those that want a no fuss site and want to use the online site builders, here are a few that I have used in the past. Keep in mind that this will not give you the ability to have email on your domain. This means that @thedomain.com email addresses will not be available to you without doing more work and spending more money. You will still need to sort that out by using google or other means.

These are free or paid options that do not require a domain name use them.

wordpress.com
Blogger.com
Squarespace.com
weebly.com
wix.com

 

Is VR, virtual reality, part of your website design strategy?

Is VR, virtual reality, part of your website design strategy?

Today on Episode 19 of Web Hosting Podcast. Is VR, virtual reality, part of your website design strategy? You could be missing out if you are not. With the release of the Oculus Go last month, high end VR experiences have come to the masses. You can take advantage of this by including VR elements easily on your new or current website. Also a very interesting thing happened over the weekend.

A interesting thing happened recently. I was notified by haveibeenpwned.com, that my email address was seen on a hacked site. Listeners may remember that this site was mentioned in Episode 13 as one of the useful tools segment. The site happened to be ticketfly, which was recently hacked and had all of its information released. The interesting part about this the fact that I was notified by haveibeenpwned.com, before news of ticketfly being hacked was released. If you are worried about your online data, and you should be, then I would recommend taking advantage of the free service provided by haveibeenpwned.com.

What is Virtual Reality (VR)?
Virtual reality, as defined by wikipedia is : “a computer-generated scenario that simulates experience through senses and perception.”
I don’t think all experiences have to be “computer generated”, remember those stereographs from the 1800’s? To me those were a form of Virtual Reality. Also, Viewmaster, made a toy that you could put in round slides that presented you with magical worlds. These were not computer generated or had anything to do with computers.

What is the difference between VR and 360?
360 video or pictures are elements wrapped in a sphere. Think of a big bubble that you sit in where the media is projected around you in a sphere, this is 360. Virtual Reality, is stereoscopic depth, interactive elements as well as immersion. The term VR and 360 are used interchangeably, they are decidedly different. Here is a great article on the main differences from Vimeo https://vimeo.com/blog/post/virtual-reality-vs-360-degree-video

Why is VR important for your website?
Remember when everyone thought siri, alexa and google home were just fads and would never take off not to mention the iPod. Now it is reported that 55% of homes have a smart voice device. VR is in its infancy, but it should certainly not be ignore. With the release of the Oculus Go, tether free VR is available to the masses. Lets also not forget that google street view is widely used and constantly adding locations. Google is doing a great job of covering the entire world. If you have a business, you can put your location on street view which will allow your customers to view inside your business. This works on desktop, phones, and VR headsets. I currently use this to view new locations I want to visit. It might be a restaurant, board game store, or a pub.

Types of VR devices.
Google Cardboard – uses a cell phone and lenses. This is like a viewmaster type device.
PlaystationVR – Sony released the Playstation VR headset to be used with a Sony Playstation 4.
HTC Vive and Oculus Rift – These are gaming PC driven tethered headsets. These require powerful gaming PCs and are physically connected to the computer by long cables. These are the top end VR experience.
Oculus Go – This is a simple stand alone headset. It offers a great experience for users and is not tethered to any device. The purchase price is very low at $200.
Other/Windows Mixed Reality – There are a few other devices out there that require a PC that uses windows mixed reality and are tethered to the PC.

History for me of VR.
First use of a streograph as a child. These date back to the 1800’s and used like photos to simulate a 3D (virtual) picture when viewed through a stereograph. Quite a thing to see if you have never used one before.
Then I purchased a viewmaster branded google cardboard device for my iPhone.
Stepped up to HTC Vive in 2016 – still currently in use.
Oculus Go, now used almost daily as a web browser to experience new things and new places.

How I use VR now.
Playing immersive video games on PC.
Browsing the web on oculus go. There are a lot of websites that support VR and have VR elements as well as 360 elements.
Viewing Street View and virtual tours on both VR headset (Oculus Go/HTC Vive) as well as iPhone and Computer.

What devices do I use?
HTC Vive
Oculus Go
Computer Monitor

Website design use cases.
Brick and mortar businesses
Product visualization
Location tours of your establishment

Other use cases for VR workflow.

Handicapped
visually impaired
agoraphobia

Software to help you develop for VR.
Great article on software for VR website developers. Link
Vizor.io – 360 Photo Editor.
Cupix.com – Create beautiful tours in VR from photos.

Sample 360 Photo I took.

Harden and secure wordpress, using managewp.com and GDPR.

Harden and secure wordpress, using managewp.com and GDPR.

Today on episode 18 of Web Hosting Podcast, I continue the discussion of the wordpress hack dissection. I have been asked, since the last episode, about ways to harden and secure a wordpress install and what I recommend to do about managing updates. Also in this episode, GDPR (General Data Protection Regulation), Are you ready for the coming changes on May 25th?

GDPR New rules for EU take affect May 25th, 2018 – Official Link
The most important pieces that change here
WordPress 4.9.6 was released with GDPR specifically in mind. Release Notes

Simple ways to keep your wordpress install safer.

  1. Keep your wordpress install updated. Plain and simple. Have a update schedule and stick to it. Some plugins need the core of wordpress updated before it will be allowed to update the plugin in question. If you are on a old version of wordpress, it is very likely your plugins are outdated as well and possibly contain exploits used to hack your site.
  2. Don’t use plugins that are outdated or no longer maintained. These could easily have old exploits that leave you open for a hack and they will never be updated. The plugin could also be purchased by a hacker group, which has happened, and they add code to exploit your install. If you see a plugin that has not had updates for many years then suddenly has 1 update recently, be wary.
  3. Use strong passwords and don’t use the default username “Admin”
  4. Use a plugin to block failed login attempts.
  5. Move wp-admin url to something else.
  6. Ensure the PHP version you are using is still being maintained. If you are using PHP 5.x series, you really should migrate to PHP 7.x.
  7. Use common sense. Don’t login to your wordpress site, even over HTTPS, in a shared wifi environment. This would be coffee shops, bars, the mall, etc.. Even over HTTPS, information can be intercepted.

 

If you are new to wordpress and managing updates, you can use an external management application that provides additional services.  I personally use managewp.com for this task.  It has many features (listed below) and is 100% free for unlimited domains.  Best of all, well maybe not best, they gave Web Hosting Podcast a coupon code to use after you sign up.  Use WHPOD after you enter in your billing details, this will apply $10 to your account so you can try the paid options for nothing.

Initial questions about managewp that I am often asked by listeners and pretty much anyone that will tolerate me talking about this product.

Q: why would i want to use it?

Q: how difficult is it to signup?

Q: do i need to be a techie to set it up?

Q: how much for basic services?

Q: how much is x feature?

Q: can i get help?

Q: Is it secure?

Current pricing for a site is free for unlimited domains. This free plan includes the following addons.

  • manage updates, plugins and themes
  • Monthly Cloud Backup
  • 1-click login
  • Performance Check
  • Security Check using sucuri
  • Collaboration
  • Analytics with google
  • Manage Comments
  • Code Snippets
  • Maintenance Mode
  • Client Report
  • Vulnerability Updates
  • Templates

The following addons are paid options per month per site. Total price for all Premium addons is $8/mo.

  • Premium Backups $2 +.13 per GB of traffic.
  • Clone (requires Premium Backups)
  • Safe Updates (requires Premium Backups)
  • Templates (requires Premium Backups if creating a template from a current site)
  • White Label $1
  • SEO Ranking $1
  • Uptime Monitor $1
  • Advanced Client Report $1
  • Automated Security Check $1
  • Automated Performance Check $1

Plugins I currently use the paid versions of:

Premium Backup – I schedule a nightly backup to their backup location and a weekly backup to DropBox. I also use “safe updates” which allows me to perform a backup before I run a update, then verify the screen image of before and after the update to determine if I need to roll back.

Security – This allows me to schedule a scan of my site daily. This not only scans my site for issues, it also checks for vulnerabilities in plugins and checks the web of trust to ensure my site is not listed on any “not safe” databases.

Uptime Monitor – This sends me a email and text message if my site goes offline, but not only that it also verifies that a specific keyword is found on my site. This helps let me know if my site has been defaced, which would still mean it is up and online.

SEO Ranking – I paid for this just to see how it works. This allows you to set up to 100 keywords and track them for your site with SEO.

Advanced Client Report – I also paid for this to see how it works. This allows me to get a weekly report for my site. it tells me what has been updated, SEO and Analytics reports as well as security audits. It pulls all the information from the plugins active in my account and sends me a nice little report every week.

Plugins I don’t pay for.
Advanced Performance – I already spend a lot of time using pagespeed tools to get the most performance I can. I am always tweaking things. It is just easier for me to trigger a Performance Check manually since I am always in my managewp dashboard.

My total monthly cost is $6. $2/mo. for Permium Backups, $1/mo. for Uptime Monitor, SEO, Client Reports and Security Check.

 

 

Dissection of a WordPress hack.

Dissection of a WordPress hack.

Today on episode 17 of Web Hosting Podcast, Megan and I, dissect a website hack we have been working on. We discuss the how, the what and ways to prevent future hacks. We also discuss the defacement of webhostingpodcast.com and how I recovered the site so quickly. And remember those quick tips I use to run? They are coming back in a new way!

Podcast phone line 971 249 2359 is manned by me on Thursdays 9AM PST – 12PM PST. Feel free to call in and press (2) to reach me directly during those hours. If you want to just leave me a message anytime, press (1) and it will send you directly to a voicemail box.

Dissection of a WordPress hack we have been dealing with, the topics we cover are.

How we think it happened.
How we cleaned it up.
What could have prevented it.

Info on what we found from sucuri, regarding this specific website hack.

You will find the plugin I used to find that the wordpress core files had been modified. This plugin is since abandoned by automattic (the makers of wordpress, woocommerce and jetpack to name a few) but it can still be used. You need to download the hash file for the version of wordpress you are using. I would just like to point out that other external and filesystem based scans did NOT find this hack. Only by careful examination of the output of the exploit scanner were we able to find the source of this hack. It is no longer enough to just scan with one tool and think the site is clean. I recommend that you scan with multiple sources if you think you have been hacked, or if a hack keeps coming back after being cleaned. I also, and I can not stress this enough, recommend a daily backup of your website. There are many tools out there that will help you obtain a regular backup to a external location, such as dropbox, s3, ftp, or google drive. There is no reason to not have this setup for your site.

This is the plugin link 
And this is the location of the hash file on github.

Commonly used web hosting terminology.

Commonly used web hosting terminology.

I discuss some of the more basic web hosting terminology used.  This is the link I used for the glossary of terms.

This episode may be a little basic for some listeners, but I want to make sure that everyone knows the terminology and language that we talk about. My hope is to bring some listeners up to speed that may be confused by some of the terminology used in hosting. Again, this episode may not be fore everyone.

Additional information you should know:
Google will be marking all sites that DO NOT use https, ie http, as not secure starting in July 2018.  This will happen with chrome 68. If you are not using https on your website, you have a limited time to get this going. What this means is users to your site will start to see a “not secure” icon in the title bar.  This has the potential to scare away your users/customers.  If you are currently not using https, your SEO is most certainly being affected, this is another reason you really should be using HTTPS.

Gutenberg is coming to WordPress 5.0 are you ready?  For those of you that may not know, gutenberg is the new editor that is coming out in wordpress 5.0.  There is a current test release you can install through a plugin.  I would not recommend doing this on a live site, it is still quite beta and breaks a lot of things.  It is coming though, so if you have a test site I would recommend installing it there and take it for a spin. More info on WordPress and gutenberg can be found here.

This podcast now has a facebook page.

3 Free WordPress Managed Solutions

3 Free WordPress Managed Solutions

Minimum options needed for hosting and hosting further explained.

  • Space (disk space) Small plans normally start at about 10G of disk space. Roughly 200 hours of music per month.
  • Bandwidth (network connections) Small plans normally accommodate up to 10,000 unique visitors per month.
  • SSL free or paid option.
  • A way to upload, add or modify files to your hosting space such as SFTP.
  • Instructions for getting into your hosting space.
  • Documentation – Online self service documentation that you can follow. Think Knowledgebase.
  • Support – helpful and knowledgeable support that will NOT charge you for simple things. Does not need to be phone based!?
  • One click installer. Click here to listen to a previous episode about one click installers.
  • A way to serve your files.
  • A script processor – php, ruby, python, perl…etc. customer preference.
  • Database and databse connecticity -mysql/postgresql/oracle/mongo.
  • Security mechanism Firewall or other intrusion detection system.
  • Backups at least weekly – although the user should also have their own backups.

Not on the list

  • Email – use google, wibble, outlook for hosted email.
  • DNS services including domain registration.

Goes without saying

  • Way to add domain to your hosting account.
  • Way to add domain aliases; this might be known to some people as parked domains.

 

WordPress managed soloutions

What is managed WordPress?

A complete service package where all technical aspects of running WordPress is provided by your chosen host. This style of web hosting does and should cost more than web hosting that does not provide these services.

This includes:

  • Security
  • Speed
  • WordPress Updates
  • Daily Backups
  • Premium support – this is handled by WordPress experts with lots of experience.

This is why the typical managed WordPress hosting plan is much more expensive than standard hosting.

Companies that do managed WordPress hosting

 

What is WordPress hosting?

WordPress specific hosting, not to be confused with managed WordPress hosting, is specialized shared hosting with optimizations specific for WordPress sites. These changes often improve site speed and response.

Why/How is this different than regular hosting?

Managed WordPress hosting, WordPress hosting and shared hosting are all different and very specific to the needs of the customer.  Shared hosting, the lowest level and most basic hosting is setup so there are many accounts on a single server.  These shared servers will be serving many different websites, this makes it hard to optimize for a single application.  WordPress shared hosting, or WordPress Hosting, is a shared server optimized specifically for WordPress web sites.  Managed WordPress is all the benefits of a optimized server experience without having to also worry about updates, security, speed and support.  These are handled for you as part of the hosting package.

How is this relevant?

Do it yourself managed programs you can use on your WordPress site.

All 3 add a plugin for remote management of

  • core updates
  • plugin updates
  • theme updates
  • And more features below.

 

Infinite WP

Infinite WP (IWP) is a self hosted free or paid product, although version 3 is suppose to provide for a managed install version (SAAS). The free version installs as a plugin that then installs a command interface where you can add your site to be managed, as well as others. It provides a simple backup and updater. The paid version includes a reported $2888 worth of add ons. This is all self hosted and you are responsible for updating and securing your install of infinite WP. The biggest drawback to Infinite WP is the support. For the free version, good luck getting any response. Even their website lists 96 hours for a response for free tier, and for the enterprise tier it can be 12 hours. This is just not acceptable if you are paying for this product.

Ease of Use rating from beginner to advanced? 

This is more advanced than I would like.  You have to not only manage your WordPress install, which is fine, but you also have to manage the install of Infinite WP.  Installing the command interface could be problematic and if you have problems, good luck getting a reply back from support.

WP Remote

WP Remote is operated as part of maek.it, which is a full service client management portal.  This is ideal for designers/developers or agencies that want one place to go for everything from invoicing to hosting.  Features of WP Remote include.

  • One click deploy.
  • Simple Hosting (not sure what they mean by “simple”, they also advertise FTP but no SFTP or FTPS 🙁 ).
  • Unlimited WordPress management.
  • Invoices.
  • CRM.
  • Domain Management.
  • Track sales & leads.

Ease of Use rating from beginner to advanced?

This is more simple than Infinite WP, but the interface may be quite confusing.  Only thing to install is the control plugin which is quite simple to do.  More options than a simple WordPress management interface.  If you want to generate invoices, track sales leads and let Maek.it handle your hosting then this might be for you.

Manage WP

Mange WP is owned by GoDaddy which also owns Sucuri .
This is a cloud based software as a service application and Manage WP handles updates and security for the product. There is nothing the end user needs to install or manage except the control plugin. This is installed into your WordPress website. Manage WP is free for unlimited sites and certain addons are free. Premium addons are very reasonable at $1-$2 /mo. each, and you can purchase group bundles for multiple site activations. This means you can spend as little or as much as you need. I prefer this to having to pay $35/mo. for all of it. By only charging me for what I want/need it becomes very easy to turn on a few things that interest me or my customers.

Ease of Use rating from beginner to advanced?

This is super simple to install.  The only thing to install is the control plugin which is quite simple to do and I think anyone can/could do it.  The interface is very user friendly and easy to understand.  The notices, billing, and alerts are very clear to see and understand.  The only downside to Manage WP is that the basic backups do not allow you to download them or push them to another location.  They maintain the backups for you on their S3 drive.  Paying $2/mo. is the only way to get your backups sent to another location or be able to download them.  Other than that, there are many wonderful and free features that I use everyday.

Free with Manage WP:

  • Backup
  • Sucuri security checks
  • Performance check
  • Client reports
  • Google Analytics
  • Maintenance mode
  • Code snippets
  • 2-factor authentication
  • 1-click login
  • Manage comments
  • Manage plugins and themes
  • Vulnerability updates
  • Collaborate

Many paid options increase the functionality of the free options. For example, $2/mo extra will give you cloud backup destinations with scheduling, or you can use the free basic backup. Or for $1/mo. enable the SEO monitor feature to track the SEO of your site.

Listeners of the Web Hosting Podcast have been given a wonderful bonus, if you want to try Manage WP. You can use the code WHPOD and you will get $10 added to your account to try any of the paid features. This means you can get SEO monitoring for 10 months.

 

10 website security tips with Megan Ferrell and show feedback.

10 website security tips with Megan Ferrell and show feedback.

10+ Web Site Security Tips
10+ Web Site Security Tips

Feedback on/about the podcast.

  • Who is this podcast for?

The short answer to this question is, me. This podcast came about by me wanting to have something for my children to remember me by. I originally started reading books, recording them and then archiving them. The first book I read was Night Before Christmas. We have a family tradition of reading it Christmas eve. I wanted there to be a recorded version of myself that my children could listen to and share with their kids, long after I was gone. From there, I started reading Encyclopedia Brown books. This series holds fond memories for me and my youngest as it is one of the first books we read together, and then tried to figure out the answer. It was a lot of fun and if you have not read any of the books I highly recommend reading them. Even as an adult, they hold great value. After doing the books for a while, the next logical step was to do a podcast. Something that shared my discipline in Linux/Unix. So the podcast, web hosting podcast, was born.

For those that wonder what the target market would be for this podcast, I am not 100% certain. I like to think it is someone that is new to hosting and wants to get the most out of their shared hosting plan. I really like to share and give out information to anyone that will listen, and anyone that knows me personally, I think would agree. There is a wealth of information jammed into my head about everything from Apache to Xen Virtualization. Most of it is going to be very boring. So, I try to wade through the minutiae and bring the elements of hosting that I think would be not only interesting, but relevant. My hope is that this remains fun, for me, and in the end if someone finds one thing that is useful then that would be a bonus.

If you have questions or comments regarding the podcast or your own web site please feel free to drop me a line. The easiest way to reach me is through the contact form on https://webhostingpodcast.com/contact

 

10 website security tips + a few more for good measure.

Megan Ferrell from websites 503 joins me via zoom.us to discuss 10 website security steps. We take time going over the questions after the speed round of her answering them. We then add a few of our own recommendations for good measure. I urge anyone that has a website to look over these 10+5 security steps and see how your web site rates. These steps are very easy to fulfill so you get a 100%.

  1. Is your CMS software up to date?
  2. Are you using trusted third-party plugins and themes?
  3. Have you changed default settings on your CMS?
  4. Do you promptly remove outdated access permissions?
  5. Does your website URL start with HTTPS?
  6. Are you using a WAF (Web Application Firewall)?
  7. Is your server monitored for malware?
  8. Do you use SFTP instead of FTP to upload files to your website?
  9. Do you have daily backups of your website?
  10. Are passwords difficult?

    Bonus round

  11. Have you changed all default passwords sent to you when you signed up?
  12. Does your developer or another person know your passwords?
  13. Have you disabled and removed all unused themes or plugins?
  14. Have you hidden your login page?
  15. Have you enabled or use two factor authentication?

The original 10 steps came from the following link.

Upcoming topics and additonal show ideas.
In the coming episodes, we are going to take a look at SEO, Managed WordPress Options that are FREE, modifying the robots.txt file and touch on some development topics. I am also looking at starting a web hosting round table show in 2018 using google hangouts or youtube. If anyone is interested in participating in the round table, please use the contact form to get in touch. The idea from the round table came from watching the podcasters round table. I would like to have no more than 6 people on at a time, a topic would be determined ahead of time to ensure a proper fit, and then discuss that topic in a round table setting. I think it would be very informative to get many different points of view. For example, my idea of a developer/designer could possibly be different than yours. If this sounds like something that would interest you please let me know.