Protecting Your WordPress Servers

Protecting Your Server Environment if You Use WordPress

Popularity and accessibility often go hand in hand and, unfortunately, are often a double-edged sword when it comes to security. On the flip side, the belief is that if something is more obscure, it is by definition more secure. There is some truth to all of these beliefs, however, some of it is overblown. For example, people often point to Windows as being particularly vulnerable to viruses and exploits. Yes, most people use Windows, therefore most malicious software is written to target it. But, with the right security practices, you can avoid any kind of serious breaches. All it takes is having the sufficient knowledge and taking the right precautions to avoid situations that would leave you vulnerable. The same can be said when it comes to your website.

 

Every business owner has security on their mind at all times. That’s because we live in a world where the costliest crimes don’t happen because some robber in a mask sticks up a store. Instead, it’s someone with the right technical know-how attacking your system from halfway around the world. Even more alarming, you’re not even always necessarily the specified target. You just get caught in a widespread attack seeking to get its hooks in anywhere it can. That’s why you need to be mindful of doing what you can to protect your VPS or dedicated server.

 

Using WordPress

 

All of this is to say, you need to take the right steps to secure your site no matter what software you use. But, this is especially true when dealing with very popular (and exploitable) content management systems like WordPress. WordPress is far and away the most widely used content management system in the world and it’s estimated to be powering nearly a quarter of all the websites on the internet. It’s popular for good reason. It’s a very easy to use bit of software that makes creating and updating a site relatively pain-free and is perfect for people who aren’t necessarily tech inclined. You certainly don’t need to be a developer to make changes to your site as far as adding more content.

 

That popularity does come at a price, though, as WordPress is often troubled by security issues. That is not to say you shouldn’t use WordPress. Many of the security problems people face when using WordPress often come down to the user. If you engage in best practices, you won’t be so open to malicious attacks. It just takes work staying on top of things. Many times, attackers try to crack a WordPress install in order to gain server level access and essentially turn it into a zombie, using the server to automate spam emails.

 

Whatever the goal of the attack is, you obviously want to thwart it. The best defense is prevention, so there are a number of things you’ll want to do to ensure that your WordPress installation is secure. Remember, a lot of the responsibility of securing a site falls on the user. While many hosting companies will provide some complementary protection for things like DDOS attacks, many of the standard fare brute force entries or file injections occur because of things like outdated software or a lack of following best practices. The following list will contain some obvious things you’ll want to do because they are the most effective at enhancing security. Hopefully, you’ll see some outside of the box things to try that you didn’t think to try before. With the right precautions, you can rest easy knowing that your site isn’t as vulnerable as you might think. While there are no guarantees, you have the ability to greatly reduce security incidences.

 

Update the Core Software

 

Honestly, if everyone stayed on top of updating the core WordPress software, many security issues would simply go away. It’s not a cure all, to be sure, but it comes as close as you can get. WordPress is open source, so anyone can see the code. This is both good and bad. When a new exploit is found, the software gets patched and those loopholes get closed. Rinse and repeat for every new release. If you’re still on an old version of the software with a well-known exploit, you’re setting yourself up for a potential attack. By keeping your WordPress installation up to date, you’ll be going a long way towards keeping your site secure.

 

Be Careful with Plugins

 

A similar approach should be taken with plugins (and themes for that matter), but you need to go a little further here. Your plugins need to be kept up to date for sure. Just like with the core software, out of date plugins and themes can be exploited to act as an entry point for malicious activity. However, as a general rule of thumb, you should try to limit going plugin crazy when building your site. Each plugin brings a vulnerability. While you of course need these plugins for essential functionality, limit them and only install them from reputable sources. Plugins you’ve never heard of that have no reviews and are hosted in suspicious repositories should be avoided.

 

Closing Loopholes

 

You’re getting into development work now, but as you probably know the backbone of WordPress is PHP. You may want to disable PHP error reporting. For troubleshooting purposes, an error report is great. However, the downside is your PHP error report also includes your entire server path in it. If that error report falls into the wrong hands, that’s full access to the whole endeavor. Site, server, all of it is in plain view. You’ll have to add some code to wp-config.php to disable it.

 

Leverage .htaccess

 

The .htaccess file has a tremendous amount of power over your site. It has a large amount of influence over nearly every aspect of your site, including the security. Therefore you want to use the .htaccess file to your advantage. For example, you can use it to hide the wp-config.php file which itself is critical to your security. You can even restrict admin access down to only certain IP addresses.

 

Obscure the Login

 

The default WordPress set up for logging in is much too easy to brute force. Everyone knows the URL and everyone knows the default username is “admin.” The first step that needs to be taken is changing these things. Change the login URL and choose a different username. Also, put a limit in place that doesn’t allow constant login attempts if the password is incorrect. Remember, most brute force attacks are automated. A different login URL and a wrong password limit can easily thwart them.

 

Conclusion

 

A secure WordPress installation means a successful website. Well, that’s part of the equation anyway. Another integral part to the success of your online business is your hosting provider. You need a high performing, quality VPS or dedicated server that is up to the task of keeping your site online around the clock. At KnownHost, we know how important performance and reliability is to your business. Our servers and dedication to exceptional customer service make us the hosting partner you need so you can achieve your goals. Contact us today and we’ll help you find the perfect hosting solution for your business.

Read More

8 Key Social Rules to Guide Ecommerce

8 Key Social Rules to Guide E-Commerce

Diamond Candles is an e-commerce company that specializes in (you can’t make this up) soy candles with rings inside them. Maybe you are familiar with this product; well, this market: in the Internet era, there is a market for soy candles with rings inside them. It’s a niche, that’s for sure. And the arguable ridiculousness of putting a ring inside a candle is exactly why this company is succeeding on social media – despite not having spent a dollar on advertising.

The brand, which has 1,036,526 Facebook Page Likes and counting, had difficulty growing when the business was originally formed. The problem was that marketing funds were low, and the product was not getting the kind of exposure that the founders felt it deserved. They figured out how to grow when they embraced social media and realized that any user could be their brand ambassador once they experienced (at least digitally and visually if not in person) the one-of-a-kind product that they offered. As customers started sharing their pictures more on the social sites, co-founder Justin Winter took that incredible user-generated content and used it to create additional value for the company. Winters and his team have grown the brand very simply, through word-of-mouth social posts and through carefully produced images. And let’s be honest, it’s even more impressive that the brand has been able to get a million Facebook fans while having lower than a 4-star rating (as of July 2017) on Facebook.

Diamond Candles is relevant because it is one of the social media success stories cited by web entrepreneur and marketing thought leader Sujan Patel in Forbes. Many of us would like to achieve the same e-commerce success on social media that Diamond Candles has; and there is certainly money to be made, worldwide. As an example, let’s look at the US-based online shopper: that person now purchases fully half (50%) of their products online, according to a 2016 UPS/comScore study that surveyed 5000 people in the US (where online shoppers now make up 79% of the population); in fact, to loop back to social, the same study found that the portion of people that said social posts influenced their buying decisions rose from 25 to 34% year-over-year, while the segment who said that they purchased something through a social site was at 23%.

Do you want to have the success of Diamond Candles on Facebook, Twitter, Instagram, Pinterest, Snapchat, and/or elsewhere? Let’s talk about 8 golden rules of success (like a diamond within a candle, there are golden ideas hidden within this piece) espoused by Patel and others – for smarter, more powerful integration of online sales with social media.

Rule #1 – Facilitate post-sale sharing.

It can be easy to focus so much on the process of getting the sale that you forget to sell after the sale occurs, advises Ellie Martin of Startup Change Group. Of course, you want the person to keep buying or to otherwise help boost your revenue – and a very simple way to do that is with post-sale sharing buttons.

Just look at all your various forms of messaging following the sale (thank you page, confirmation email, receipt email, newsletter, etc.) and consider how social buttons can better be brought into the fold. (If you generally want to improve your game post-sale, you can check out this advice on how to improve customer lifetime value with post-sale content – which includes this great quote from marketer Dan Kennedy: “I’ve long believed that, rather than getting customers to make sales, it is smarter to make sales to get customers.”)

Rule #2 – Tell stories.

Patel says to narrate your brand. He gives the example of BeardBrand as a business that has excelled in this way. BeardBrand actually didn’t just expand by telling stories; they did so by telling them in a way that both built a recognizable brand identity and even created an identity to represent the buyer: the “Urban Beardsman.” By carefully crafting characterization and plotlines, the company was able to carve out a more specific space for itself, resulting in first-year sales that hit $120k per month. (On a related note, sadly, StacheBrand.com is already taken.)

Rule #3 – Celebrate every holiday.

You want to think more broadly than November and December when it comes to thinking about seasonal communications, says Alex D’Amore on Social Media Explorer. Plan well in advance for the year. You will undoubtedly need a progressively granular calendar to get everything organized and executed properly.

In terms of key dates, what is relevant to your business? For instance, anyone selling Apple products should pay attention to when their launches occur. We all know (except, perhaps, some of the robots reading this) how critical trending hashtags and language are to social prominence.

Rule #4 – Tie into a higher purpose.

Incorporate something for a nonprofit cause, says D’Amore. Whatever it is that you do for a charity can be based on social media or elsewhere, but you can certainly use social media for its promotion – and probably will score greater rapport with your customers for doing so.

Rule #5 – Create an air of exclusivity.

You open the doors to the business, and you want people to keep flowing in – to a point. It can also be effective to control access. Martin suggests making some sales and products (particularly in the case of clearances or raffles) only available when people follow you.

Rule #6 – Promote UGC.

No, not UFC: UGC. However, it does relate, because user-generated content can (sort of) help you to roundhouse-kick your niche competition on social media. User-generated content is just as it sounds: content created by your customers on social sites, either on their own or in order to take part in a giveaway or contest you organize. How powerful is UGC, or CGC (consumer-generated content)? Business Insider found that shoppers who see CGC are 97% likelier to buy; that is compelling.

Images that shoppers create of your products, as with the ever-popular picture-of-my-most-recent-meal, should really be taken seriously from a business perspective. Consumers like photos taken by consumers more than they do those taken by professionals – a 77% to 22% preference for amateur-generated Instagram photographs on product description pages over those created by career photographers, according to research by Yotpo.

Why are your images so important? “Using authentic visuals will demonstrate social proof, drive high-intent users from Instagram to product pages, increase on-site conversions, and improve ad performance,” notes Aaron Orendorff on Social Media Examiner.

Beyond that, there is additional value in repurposing if the Yotpo study holds true: once cleared with the appropriate parties, you could (maybe?) bring some of that UGC onto your product pages to give your site itself a better sense of community.

Rule #7 – Be supportive.

Social media is not just about posting content and interacting at the level of content but also serving as a communication channel. You want to pay attention to your messages. For one thing, Facebook lets users know how long it takes for you to reply, says Martin. Remember that this environment is not just a content channel but also a support mechanism.

Rule #8 – Use great site speed to support your social.

People think of social media as supporting the website, but the reverse is also true: if the user experience on your site is great, it will help further boost your social growth. One easy way to deliver great UX is simply performance-based, with the low latency offered by enterprise-grade solid state drives. See our managed SSD VPS hosting.

Read More

Ideas for Ecommerce Pros

7 Blogs with Great Ideas for Ecommerce Professionals

This article addresses a search that every thoughtful person working in the e-commerce industry must perform: finding the most valuable blogs or informational sources that deserve their attention. Here are a few that have strong insights and are often mentioned in the industry.

 

The problem with the internet is that everyone is trying to sell you something. It’s, of course, a funny thing to say in an e-commerce-related blog, but we all know it to be true: we go online to find information, but we often end up having difficulty finding advice that is transparent and forthright. To be specific, when you want to succeed as an e-commerce entrepreneur, you want to be able to pick up knowledge without feeling that you are simply being herded toward certain material to make sponsorship dollars or other backroom revenue for another person. You just want your question answered. The humor of the situation, then, is that when people want to succeed at selling online, it can be hard for them to get educated because of other people who are selling online.

 

Because it can be challenging to find the right information to answer your questions about e-commerce, we end up with this somewhat circular blog topic: an e-commerce blog article about e-commerce blogs. As indicated above, it can be helpful to have a roadmap to locate the best blogs quickly. Here are 7 of the best ones, with recent example stories from each that are on particularly interesting topics:

 

Ecommerce Blog #1 – Practical Ecommerce

 

Launched in July 2005, this site has been in action for a full 12 years. It is actually a spinoff of an earlier publication, Web Marketing Today, that was founded all the way back in 1995. As indicated by Kerry Butters of live chat SaaS company Userlike, this blog is authored by reporters and industry professionals. Offering straightforward, matter-of-fact ideas and information for e-commerce entrepreneurs, Practical Ecommerce covers a range of topics, from analytics to marketing, management, and development. New content is published every day.

 

Example Practical Ecommerce story & summary: “Avoid Bland Wording for a Unique Company Personality” >>> This article runs through a few e-commerce examples to demonstrate how the right descriptive language can make an online store come alive.

 

Ecommerce Blog #2 – Digital Commerce 360 (Internet Retailer)

 

This site, mentioned by the eCommerce Training Academy, gives tips related to web merchant tasks. What makes its angle a bit more defined is its focus on research (describing itself as “Your source for e-commerce news, analysis, and research”). There are two other ways this blog makes itself distinct: by focusing on more direct interaction, via webinars, and on more analysis, via rankings of e-commerce leaders by industry and category. (As an example of the latter, see the 2017 US Top 1000 Report.)

 

Example Internet Retailer story & summary: “Salaries in e-commerce” >>> Using data from consultancy Hay Group’s “2017 Global Salary Forecast,” this article projected that salaries within US retail would rise 3.0% during 2017.

 

Ecommerce Blog #3 – Kissmetrics Blog

 

Neil Patel is considered a master of web marketing, which is obviously fundamental to e-commerce. And it’s rightful that Patel is viewed in this way: his email newsletter recently pointed out how he accidentally got the #1 Google listing for the keyphrase “online marketing” for this piece). It is no wonder, then, that one of his blogs makes the ReferralCandy top blog list. Bear in mind that Kissmetrics is an analytics platform, so there is a sales angle present — but Patel’s guidance means that the Kissmetrics blog contains plenty of solid information and perspectives. Its scope is described in its tagline: “a blog about analytics, marketing, and testing.”

 

Examples Kissmetrics Blog story & summary: “Persuasive SaaS Onboarding Emails: 10 Conversion Lessons Stolen From Attorneys” >>> This article goes through strengths of these early sales emails, using a courtroom analogy to create stronger imagery and better engage us as we read.

 

Ecommerce Blog #4 – E-Commerce Times

 

The target audience for this Los Angeles-based publication is SMB managers and C-level executives. The broader ECT News Network publishes 9 articles in a typical week (including eye-catching cultural titles such as “The Stupidly Dangerous Politics of Blame” and “Could Tech Nerf North Korea?”). That’s according to Feedspot’s “Top eCommerce Blogs” ranking system — which lists the source in a user-scored 2nd position, trailing only Practical Ecommerce (mentioned first here as well).

 

Example E-commerce Times story & summary: “4 Marketing Strategies That Can Boost B2B Sales: Study” >>> This report suggests you can boost B2B sales “by up to 25 percentage points” through 4 techniques, using results of a poll of almost 200 marketing professionals at American-based enterprises (conducted by business management consultancy Altman Vilandrie & Co.).

 

Ecommerce Blog #5 – eCommerceFuel

 

eCommerceFuel, cited by Butters and others, describes itself as a “private community for 6 & 7 figure stores”; in order to join the network of about 1000 people, you must own or be employed by an e-commerce store that makes a little over $20,000 per month. Because of the focus on that target, this brand (which also prominently features its podcast) is framed not for startups so much as for people who have had some e-commerce success… but why not peek in the door regardless?

 

Example eCommerceFuel story & summary: “How to 100x Your Business in 3 Years” >>> This piece looks at a case study of My Choice Software, a California-based company that experienced an extremely fast period of growth over a short period of time – expanding from $250,000 to $25 million in sales between 2014 and 2017.

 

Ecommerce Blog #6 – HubSpot Ecommerce Blog Posts

 

HubSpot essentially has two blogs, one on marketing and another on sales (and of course there is some good information there), and both of which provide advice and strategies that are intended to educate people on those broader business subjects. However, the site also organizes all its content by topic, and one of those topics is e-commerce – so you can filter down to just those pieces if you like.

 

Example HubSpot Inbound story & summary: “The Year of Customer Experience: How Ecommerce Brands Can Prepare” >>> Five examples are given of e-commerce brands that are effectively catering their approach to serving better customer experience (CX), getting granular with ways companies are changing the color of buttons and making other seemingly minor adjustments.

 

Ecommerce Blog #7 – Bootstrapping Ecommerce

 

This blog creates a certain niche focus by centering the blog on bootstrapping. Because of that focus, founder Shabbir Nooruddin is able to be especially helpful to those who are just getting their businesses off the ground and have shoelace budgets. Despite the focus on those low-budget scenarios, there is some generally good DIY advice here. Although the blog often goes months without a new post, the content is large and exhaustive related to the theme.

 

Example Bootstrapping Ecommerce story & summary: “Ecommerce SEO: The Complete How-To” >>> Keeping in mind that this post was published back in 2015, this can still be a good resource as an introductory, broad guide to search engine optimization.

 

*****

 

Do you want success for your ecommerce brand? One key element of rapid expansion is the strength and scalability of the infrastructure that backs your site. At KnownHost, we offer lightning fast managed SSD VPS hosting. Click here for pure SSD drives.

Read More

Open Source Hosting

The Open Source Technology That Powers Your Hosting Solution

When it comes to the technology that powers your business, there are generally two prevailing attitudes about it: 1. I have specific demands and I’d like to know what each piece of software is that’s keeping my website online. 2. I don’t particularly care what the software is, I just want the website to work with minimal headaches. Both of these attitudes are valid, but even if you’re in the second camp, it’s important to know what software is being used to power your website.

 

There are a lot of moving parts when it comes to taking your site from a bunch of files sitting on a local computer to a website that’s making you a lot of money. Whether you’re working with a managed VPS or a dedicated server, you need to know your way around even if you’re going to delegate much of the web work to another member of your team.

 

Many hosting environments are powered by Linux, which is an open source base for many different operating systems. You can also find Windows hosting if you’re running proprietary software that requires Windows. Otherwise, Linux is your best bet when it comes to flexibility. Granted, not every specific piece of software that makes up your development environment is open source in and of itself, but many are.

 

Regardless of its truly open source status, each piece of software works together to create the environment you and your team will be working with every day. Some software allows customization and in many categories you have choices when it comes to which solution to go with. Let’s take a look at the OS on the server itself, what control panels you can use to make changes, and what content management system you may want to install in order to generate your user facing content.

 

Linux Server

 

The base of your server, the operating system, is some flavor of Linux which is an open source technology at the kernel level. However, there are some proprietary Linux variants that may be of use to you that aren’t open sourced.

 

CentOS

 

Red Hat is the name in enterprise level Linux, however CentOS is the popular and free, open source variant that has become the backbone of many development environments over the last decade or so. That’s because it has matured into a simple, no-frills stable OS that comes with some helpful security featured baked in. Its most attractive quality is the fact that the development cycle isn’t too rigorous and it is developed in such a way to reduce the risk of crashes and errors.

 

CloudLinux

 

If you’re running a dedicated server with the plan to resell space on it to a multitude of clients, CloudLinux may be of interest to you. This operating system allows you to better divide the space of a dedicated server to “rent” out to clients in a shared hosting arrangement while reducing the chances of one site’s resource usage greatly affecting the resource pool of other sites on the server.

 

Control Panels

 

Many of the most popular control panels aren’t open source in and of themselves, but your host will provide them for you and they are compatible with a Linux environment.

 

cPanel/WHM

 

Easily the most popular control panel, cPanel and WHM are offered by practically every hosting company as an option. WHM is used to generate user accounts that can then be given cPanel logins. Again, this is ideal for a hosting reseller situation where you’re dividing up server space amongst other clients. cPanel itself is where you’ll be doing a lot of the big picture work. You can install your content management system here, alter code, manage email accounts on the server, access FTP, and more. cPanel is flexible and relatively easy to get the hang of so it’s often the default choice in a Linux environment because it is designed with CentOS, Red Hat, and CloudLinux specifically in mind.

 

Plesk

 

Right off the bat, if you’re running a Windows server, you’d be using Plesk (or something else) instead of cPanel because Plesk has Windows compatibility while cPanel is Linux only. However, if you’re on a Linux server (and at KnownHost you would be using Linux) you have a choice. Plesk is seen by some as easier to understand, though this is a matter of preference. Some believe Plesk on Linux isn’t quite as useful as it is for Windows, but your mileage may vary.

 

Content Management System

 

You may not think about your operating system daily and if you’re not a developer you probably won’t even be in your control panel terribly often. But, what you will be using every single day is your content management system. Each of the following content management systems is open source and is great for different reasons.

 

WordPress

 

Over a quarter of the web runs on WordPress, so as far as documentation and developer resources are concerned, the possibilities are endless. WordPress powers many major sites and has evolved to include nearly any kind of functionality. However, it’s the ideal platform for informational based sites. If you’re planning on launching an ecommerce site, you’re better off with a CMS designed for it specifically such as…

 

Magento

 

Magento is the big name in ecommerce CMSes, especially large-scale sites. The learning curve is on the steeper side, and unlike some of the other CMSes, WordPress in particular, you’re going to need a developer on hand to do a lot of the heavy lifting when you need certain types of functionality. Once it’s configured to your liking, though, it becomes clear why so many large retailers rely on Magento.

 

Joomla

 

As far as difficulty of use is concerned, Joomla probably sits somewhere between WordPress and the CMS that will round off this list next. If you need more flexibility and power than what WordPress offers, Joomla is a popular choice. It’s not too technical, but you can certainly go into the weeds if you are so inclined. This flexibility means you don’t necessarily need to be calling your developer all the time. Joomla is great at ecommerce, though it isn’t designed exclusively for it like Magento is. Interestingly, if you’re looking to develop your own social network, Joomla is the best of the bunch to use in order to accomplish that.

 

Drupal

 

Drupal is arguably the most powerful CMS on the list. But, that power comes with a trade-off. The trade-off is accessibility. You’ll need to understand HTML, CSS, and PHP to get anywhere with Drupal, making it the ideal choice for the hybrid developer-business owner or the business with a dedicated Drupal developer on staff. If you have the personnel resources, you can make Drupal do nearly anything you want. Whether you want to develop a website, a store, a social network, or an online application, you can make Drupal work for you.

 

Conclusion

 

Your hosting environment is made up of many parts. They all provide different functionality that makes up your VPS or dedicated server. While you personally may not spend much time tinkering in the backend of your site, someone on your team probably will be. At KnownHost, we’re dedicated to providing you with the customer service you need when you need it. Contact us today to find out more about how we can help your web presence grow.

Read More