WordPress Logo Dark

The Importance of Keeping WordPress Up to Date

WordPress is the world’s leading content management system (CMS), and powers roughly 25 percent of all the websites on the internet, from personal blogs to Forbes and the BBC. It’s popular because of the combination of simple functionality and complex capabilities. Its widespread use is enabled by plugins, widgets and themes created by a robust community of developers. These add-ons are easily integrated by WordPress users to customize their sites for their specific needs.

The strength of WordPress also gives rise to one of its main criticisms; that it is difficult to maintain functionality and security, because of all the parts that must be kept up to date. The criticism is not baseless, as the global wave of breaches and website hacks has touched the quarter of the internet powered by WordPress. It would be more accurate to say that WordPress must be maintained properly to preserve functionality and security, and the various parts can make that difficult for individual users to do. If WordPress and its add-ons are kept up to date, it is an incredibly powerful platform. If they are not regularly updated, vulnerabilities are discovered and exploited, particularly in plugins, but also in the WordPress core.

Why It’s Important

WordPress updates extend its capabilities, integrate new technologies, address performance issues and fix security vulnerabilities. In the event of critical vulnerabilities, a temporary patch is issued to close it, pending the next full update.

All elements of the platform need to be kept up to date to keep them working together properly, including the core, plugins, and also tools like PHP and MySQL/MariaDB. The more of these elements are running out of date versions, and the more out of date they are, the more likely and severe performance and security problems are likely to be. Research by website security firm Sucuri indicates that the majority of hacked WordPress installations (55 percent) are running out-of-date software.

Administrators of websites suffering a breach or loss of functionality generally intended to keep their WordPress instance completely up to date, but may have put off performing updates during a busy or inconvenient moment. Once the updating process is disrupted, catching up becomes increasingly critical, and potentially more difficult, as obsolete versions may stop working properly as other items are brought up to date.

What to Do

WordPress itself has been working on making things easier for site administrators, and introduced automatic background updates with WordPress version 3.7. This feature enables minor core updates such as maintenance and security releases by default.

More robust tools have been developed to automate updates, ensuring that updates will be completed as frequently as necessary without constant attention from website administrators and owners. Automating updates generally takes little or no more time than performing updates manually, so a small investment of labour will see returns very quickly, even beyond the assurance of continued performance stability and security. If there is a problem with an update, the troublesome element can be rolled back to the previous version, and updated again when the issue is resolved.

KnownHost offers an auto-updater tool with our managed WordPress hosting packages. These managed plans need not be expensive, and can make sure the WordPress core, its themes, its plugins, its scripting and database integrations are all running their most secure and stable version.

Taking advantage of these tools allows WordPress users to easily keep their websites running smoothly and securely, while spending their valuable time creating great content to engage with their audience.

Read More

Shared Hosting versus Managed WordPress Hosting

Shared Hosting vs. Managed WordPress Hosting

What’s the difference between shared hosting and managed WordPress hosting? Shared hosting is an easy target for hackers and exposes you to “bad neighbor” problems with accounts that are on the same server with you. Managed WordPress hosting offers customized technical sophistication, resulting in superior performance and niche data protection.

 

Does shared hosting sound bad? It gets worse. Let’s really take a deep-dive and explore what’s wrong with shared hosting – by example (via a small business horror story), by risk analysis (via ways that shared hosting has problematic security), and by business model evaluation (via the notion of “bad neighbors” within the server). After looking at the dark side, we will turn to the lighter side – the positives of managed hosting, leading into steps you can take to move forward.

 

  • Shared hosting – SMB horror story
  • Shared hosting – 3 primary security vulnerabilities
  • Shared hosting – the “bad neighbor effect”
  • Managed WP hosting – 6 positives
  • How to activate managed WordPress hosting

 

Shared hosting – SMB horror story

 

Laura Dapkus of web design firm Sheep Boutique received a phone call from a man who had recently been hired as the manager of a retail business. The manager inherited the company’s website when he took on the position, but he was not given full administrative details. He quickly started to get messages from customers that the site was giving them virus warnings. Once the man spoke with Dapkus, he had been getting these messages for more than a month.

 

Dapkus started looking at the site, and she found that malware had been a problem with the shared hosting service used for the site. The host, a discount company, was not properly maintaining its environment, such as failing to install patches.

 

Shared hosting – 3 primary security vulnerabilities

 

That shared hosting horror story is not uncommon. Here are three reasons that shared hosting is not secure for any site, listed by security training site InfoSec Institute:

 

  1. If any single site on the server get hacked, an intruder has a gateway to all the other sites.
  2. A criminal can simply purchase a shared hosting plan from a host and use that authorized account to illegitimately enter other users’ sites.
  3. You cannot security-harden a shared server. You are not able to configure its core technologies, such as the scripting language or web server.

 

Shared hosting – the “bad neighbor effect”

 

The issues that might arise from shared hosting are related to the fact that it is intended to make hosting as cut-rate as possible. The way that a host can most easily lower cost is by loading as many as hundreds of different customers onto the same machine. A server has a finite amount of memory. If one site starts overusing memory, it is detrimental to the performance of the rest of the companies that are on the hardware. If you are one of those other companies, you have fallen victim to the “bad neighbor effect” that is often experienced on shared hosting. You can run into the same issue with other resources (storage, processing power, bandwidth) and actually even including something such as support.

 

A shared host might stop providing service to a site that is overusing resources consistently because of a coding bug, but they will usually not be prepared for one of their accounts getting an influx of traffic from a news report or similar unexpected spike. Because that’s the case, performance fluctuates in shared environments.

 

In summary, shared hosting is fundamentally unreliable. Plus, the sharing of resources and the broad spectrum of apps in a general setting combine to hinder your speed.

 

Managed WP hosting – 6 positives

 

Of course, adopting managed WordPress hosting is not just about avoiding the shared variety but embracing the strengths of the managed approach. Here are six, as suggested in WordPress resource and tip site WinningWP:

 

Managed hosting positive #1 – speed

 

Since managed WordPress hosting is specific to the popular content management system (CMS), that means you are able to introduce fine-tuning of the configuration that is not possible in a general setting. Core technologies such as the scripting language (PHP), database system (MySQL), and web server (Apache) are all optimized for best performance with WP.

Because the hosting is geared toward WordPress, you can often improve speed by as much as 1-2 seconds. You may think that a second does not sound like a significant amount of time. However, Aberdeen Group found that page load time had an almost ridiculously negative impact on numerous business metrics:

·      11% reduction in page views

·      7% lower conversions

·      16% hit on customer satisfaction

Beyond the direct impacts represented by those analytics, the search engines will also judge you by your performance, with Google including it as a ranking factor since 2010.

 

Managed hosting positive #2 – security

 

Through a managed hosting plan, your security will be improved through a broad set of specialized protective strategies and tools. Those elements include security protocols centered around WP-specific risks, daily malware scans, intrusion detection systems optimized to meet attack traffic head-on, and distributed denial of service (DDoS) mitigation systems.

 

If your site does get hacked because of a security vulnerability at the level of authorized access or some other form of entry unspecific to the infrastructure, your host will be far better prepared to help if they are focused squarely on the CMS.

 

Managed hosting positive #3 – daily backup

 

A strong managed WordPress hosting plan will back up your site each day (see “Free Backups”) so that you are well-prepared for any disaster. Backups are generally automated, with a restoration process that is simple and ultra-fast. Backups are also usually stored off-server for better redundancy (i.e. so that your data really is stored in two separate locations). This tactic is an advantage over the common shared hosting practice of backing up through cPanel – meaning the backup is on the same machine.

 

Managed hosting positive #4 – auto-updating

 

When you use managed WordPress hosting, you have access to a highly specialized, niche-focused staff that is entirely focused on hitting certain superior-level performance benchmarks consistently. One element of that efficiency is ecosystem-wide auto-updating. That means that nothing is susceptible to human error or avoidance/neglect, from the operating system (OS) to core backend technologies such as PHP and MySQL (tools that support WordPress and both pieces of a LAMP Stack), along with the actual WordPress installation.

 

Unlike many in-house environments, you will always have the most up-to-date versions of the fundamental server software – but also everything having to do with WordPress. The underlying technologies, at the level of the hardware/infrastructure and extending to the core software level will be protected; but you will also maintain the most secure version of the WordPress installation, as well as all your plugins and themes.

 

Managed WordPress hosting will certainly be the only place that you will find maintenance of your WordPress updates, but shared hosting often will not be as proactive on the other elements as well – since the service is such a low-end offering.

 

Managed hosting positive #5 – stronger uptime and scalability

 

Shared hosting is not built for scalability. It does not allow you to increase and decrease your volume of traffic as desired. You must migrate to another system if you want to be able to keep growing without leaving some users with poorly functioning service.

 

Within managed WordPress hosting, since the environment is optimized for your specific situation to a much better degree than the one-size-fits-all of shared hosting, you will better be able to handle traffic; plus, if you are on a virtual private server (VPS), then you will be able to easily expand your resources on demand. Higher levels of resources will increase your costs, but you won’t be in a situation that requires you to “pick up and move” – like you are being evicted from your server.

 

A managed WordPress host will be pleased you are growing and will look to facilitate that immediately, rather than treating your account as an immediate problem and “congratulating” you by kicking you off the equipment (in a worst-case scenario if your traffic grows suddenly – a common experience for small businesses).

 

Uptime will be significantly improved as well within a managed environment.

 

Managed hosting positive #6 – Better problem-solving

 

The technicians that help you at a shared host will not be focused on WordPress. In contrast, a managed WordPress host will be immediately aware at all times of your version of the WordPress software, along with all plugins and themes, since that is all directly related to the service they are providing.

 

How to activate managed WordPress hosting

 

Are you convinced that managed WordPress hosting might be worth further exploration… or possibly even activation? At KnownHost, with our 24/7/365-supported Fully Managed WordPress hosting packages, you can get your site up and running in no time – without any of the technical hassle of shared hosting. See our WordPress packages.

Read More

10 Common WordPress Mistakes

10 Mistakes People Make When They First Start With WordPress

The incredible popularity of WordPress gives hackers an incentive to go after it. Once they find a way in, they can replicate the attack across thousands or even millions of sites. One of the most prominent ways that the CMS has been attacked most recently is through a content-injection weakness that was identified early this year and patched by WordPress 4.7.2. Regardless of the patch, 1.5 million sites were defaced by February 10, according to Threatpost. It is one of the worst points of WordPress compromise to ever develop, according to WP security plugin maker WordFence. The problem (an issue with a REST API endpoint that led to unauthenticated privilege escalation) was patched by WordPress 4.7.2 on January the 26th – although news of the patch didn’t emerge right away. One of the core developers noted that the CMS organization waited to let people know about the vulnerability until people were able to make the update and clear themselves from potential exploit.

 

Since hacking is devastating to businesses (with one report indicating that 3 in 5 hacked businesses go bankrupt within six months), it is important to focus on that particular element. However, we will not neglect various other ways that companies can, well, screw up with WordPress when they’re getting started. Let’s look at some of the most frequently occurring mistakes so that you can avoid them.

 

10 WordPress mistakes that you can avoid

 

How can you get the most out of WordPress? Well, one of the easiest methods is process of elimination. Here are 10 common mistakes to avoid:

 

#1 – Forgetting to update WordPress

 

To return to the above discussion, what can we learn? Takeaway: stay updated. It is often a good idea to set up the CMS to update automatically. One way or another, keep it at the latest version. As noted by Sue Anne Dunlevie of Successful Blogging, software used by attackers scans the Internet looking for installations that have not been properly updated – so don’t let that be you.

 

#2 – Failing to make a backup

 

You certainly need to know that your WordPress is being backed up regularly. Failure to create a backup may seem like a rookie mistake to those who perform those backups standardly – but it’s something easy not to prioritize. Plugins such as BackWPup, VaultPress, and BackupBuddy are recommended by WPBeginner. You can also use a managed WordPress hosting plan that comes with free backups (with both those options recommended for an additional layer of protection).

 

#3 – Retaining the default admin username

 

The username admin is created when you install WordPress. That account has administrative privileges. Hackers know that. It is straightforward for someone who wants unauthorized access to your site to run a brute-force attack targeting the admin username. To be clear, since this user’s privileges are so substantial, it’s especially important that it not continue to display the generic title that comes out-of-the-box.

 

Internet marketing thought leader Jeff Bullas notes that since it’s so easy to change this username when you are installing, it is nonsensical not to go ahead and change it right then. Bullas adds that it is important to make your username and password complex via inclusion of letters, numbers, and special characters. Let’s retire password123?

 

#4 – Going nuts with plugin overload

 

Do you get a new phone and immediately install 200 apps on it? That should not be your same process with WordPress.

 

You want to have as few plugins as possible on your site, advises developer Nathan Ello. “If you can run your entire WordPress website with zero plugins,” he says, “then congratulations, you’re officially a wizard.”

 

The key basis for Ello’s argument is that plugins sometimes are not completely compatible. Beware of plugin conflicts.

 

The risk presented by plugins is not just about conflict among plugins, of course. There are often security vulnerabilities – so vet carefully, and always make sure that your plugins are tested with the latest WordPress release.

 

#5 – Publishing without enough forethought

 

Given how obsessive the digital world has become with consistent posting of content through blogs and social media, it is interesting to see Dunlevie suggest slowing down. She notes that Google updates have increasingly prioritized how user-friendly and valuable your content is (and that is at a broader semantic level rather than just related to keywords).

 

Specifically, Dunlevie says that any posts should be carefully revised and edited prior to publishing them. Beyond your search engine results, it will also help you from a user experience perspective.

 

She suggests working with an editor. You can use an editor if you want to improve pieces you already have on your site or as part of the process to refine new ones as they’re created.

 

#6 – Skipping favicon customization

 

Ever look at the browser window, see those tiny icons adjacent to the title of the page, and wonder how you could have your own? It is easy not to pay enough attention to that element, the favicon. The problem with neglecting favicons is that they will get their information elsewhere. You don’t want your site to be advertising your theme company through its favicon.

 

Your favicon should be thought of as your identity, says WPbeginner. Here is the Code information on Creating a Favicon if you need help moving forward.

 

#7 – Poor (faulty or off-point) choice of theme

 

WordPress is a standardized way to approach the web, so it’s important that you make the most of the elements that are most easily controllable – such as your theme. Think about it this way: the structure of your design will have a major impact on how well you do in search. Think usability, affordability, and credibility when selecting a theme, says Bullas – who suggests going straight to the WordPress Themes Directory to find one.

 

#8 – Lack of a staging environment

 

Staging is a concept that’s important to development. You have your production environment, which is your live site. The public can see that version of your site. You could even say that “is” your site. There should be another part of your site, though – so that you aren’t always playing around with the live site when you make changes.

 

Small changes? Sure: it makes sense to correct typos and make other minor adjustments to the live site. The production environment should generally not be something you modify, though – without first sending it through staging for boot camp.

 

Ello mentions examples of three typical WP changes you would want to introduce first in staging:

 

  • – Upgrading to a new release
  • – Installing and trying out a new plugin
  • – Changing or updating your theme

 

#9 – Keeping the default permalink

 

What link tends to stick around and mess with your search engine presence? That’s a permalink. The permalink is a static hyperlink referring to one of your blog posts. Default structure is www.thisisyoursite.com/?p=123. That structure could be much better both for engagement and to better feed Google – so you want to change it.

 

Making your permalinks friendlier to users and to the search engines will give you better visibility. It will also convey to your audience that your approach is professional, organized, logical, coherent, and systematic.

 

Overall, you can change your permalink structure through Settings > Permalinks. For each post, you can improve your SEO performance if you use strong keywords (and key concepts).

 

#10 – Disregarding the machinery

 

Let’s get back to that mention of staging – which points to the importance of preparation prior to launch of any new (and significant) modifications. “Staging” sounds like it’s on the stage, but it’s really about something going on backstage, in a way. While staging is about preparation, you also need to think about the behind-the-scenes aspects of your site in terms of infrastructure. Having a highly reliable site on enterprise-grade hardware is critical on numerous levels: it will not only deliver information faster to users (and to you!) but will also improve your SEO.

 

Want to avoid mistakes and accelerate your server for CMS peace of mind and success? Choose WordPress hosting with isolated resources, 99.996% proven uptime, and fully managed 24/7/365 support. Get started.

Read More

Powerful Hosting for WordPress

Why WordPress Might Need More Powerful Hosting Than You Think

When deciding on the backend environment of a site that will serve as the place where you’ll make all changes to content and functionality, there aren’t any wrong or right answers. While there are some specialty cases, like e-commerce, where you’ll probably want to help yourself by choosing an e-commerce specific CMS at least as a base, you can use any solution you’d like. While coding a site from scratch is a perfectly suitable solution, many people opt for a CMS for a variety of reasons.

 

For those who aren’t web developers by trade, or business owners who just prefer simplicity when it comes to making site changes, the use of a CMS is a popular choice. Though content management systems vary, the benefit of using them is that they are relatively easier to use due to being broken down into logical “fill in your content here” sections rather than intimidating users with a wall of code that they have to accurately edit.

 

The most popular CMS in the world, by far, is WordPress. Current estimates have WordPress powering more than a quarter of all websites on the internet. It’s easy to see why so many think of WordPress as synonymous with CMSes, like Xerox and copy machines. WordPress is fairly straightforward, it can be modified to do nearly anything, and the cottage industry of plugins and themes that has developed around it means the combinations are nearly limitless. But, while using WordPress is simple to a degree, it is not a simple software. If you’re just starting out with a website, there’s a good chance you’ve opted for the combination of WordPress on a shared hosting plan.

 

While this set up will probably work for you in the very early days of your venture, don’t be surprised if you quickly outgrow it, especially if this website is for your business. There are two things to keep in mind here: increases in traffic and the demands of WordPress as a software. Sooner or later, you’ll see that you’re going to need to migrate to a managed VPS in order to get the performance a professional site needs.

 

Migrations aren’t fun, so it’s best to set things up initially with an eye on your future needs. That’s why you should skip the shared hosting and go straight for a managed VPS when launching a site on WordPress. Here are some characteristics of WordPress to keep in mind and why you may need more powerful hosting than you realize.

 

Keep Traffic in Mind

 

Many of the factors that can make a WordPress site feel like it’s running slow or performance isn’t what you’d expect comes down to the software itself, not necessarily your hosting. What this means is, upgrading to a managed VPS isn’t necessarily a magic bullet. Rather, it gives you more room to work with to offset some of the characteristics of WordPress that can make it sluggish. The only thing your server is primarily responsible for in this equation is handling traffic loads.

 

Between the information presented in cPanel and Google Analytics (which you really should set up on your site) you’ll be able to extrapolate if you’re seeing notable increases in bandwidth usage and traffic. If these metrics are higher than they have been historically and you’re noticing that your page load time is exceeding three seconds, you probably need a more capable server. Google themselves have said two second load times should be the target.

 

If external factors are affecting site performance, a VPS should be something you look into.

 

The Nature of WordPress

 

Now we’re going to get into how WordPress in particular can be a bit sluggish. Since we are speaking in terms of literal seconds, sluggish is a relative term. But the difference between three seconds and six seconds when it comes to user behavior is significant. Pinpointing ways to shave down fractions of seconds is something you’re going to want to do if you’re looking to make money with your website.

 

When it comes to issues of WordPress itself, your host can only act as a buffer. With a more powerful hosting solution like a VPS, the added CPU and RAM provides more leeway when it comes to more bloated themes or plugin usage. The hardware in a shared hosting plan will begin to suffer under the load of a heavy site sooner. But, ultimately, it’s about striking a balance between necessary functionality, good design choices, and having a reliable host. Here are some of the aspects of your WordPress build where things can bottleneck.

 

Your Theme

 

The theme you choose doesn’t just contain the design of your site. Themes that have a bunch of bells and whistles have functionality hard coded into them. That means more elaborate PHP. This makes for heavier code that can bog down your site. When possible, go for the most lightweight theme possible. Chances are you won’t use all of the features coded into the theme. It’s better to add functionality yourself via plugins you select yourself. This leads to the next point about plugins.

 

Plugins

 

One of WordPress’ biggest selling points is the ability to easily add functionality with plugins. The downside to this convenience is you can get a little plugin happy and find yourself with many installed in your WordPress build. While plugins are necessary to get the site you want, it’s important to know that each plugin can add a fraction of a second to your page load time because the browser has to process them. It’s also important to note that not all plugins are equal. Some can be significantly heavier than others with similar functionality. That’s why you should test and evaluate to see which to keep and which to get rid of.

 

Image Optimization

 

Rarely, if ever, should you be keeping images on your site that measure in megabytes. Large images can be a culprit behind slow load times. These images add up, so a long post history with large images can absolutely cause performance issues. Get around this by installing a plugin that automatically optimizes images as you load them into the CMS. This takes the responsibility of going through and editing every image off of you for convenience.

 

Caching

 

You can help your site load quicker with a caching solution. W3 Total Cache is a popular plugin for this . It makes a variety of behind the scenes changes without actually altering your theme or plugins. It was designed to work in any hosting environment, including your VPS. Check out its long list of features. It makes many small changes to how certain content is cached in order to improve the user experience.

 

Conclusion

 

Your website depends on reliable hosting to get the results your business needs to thrive. Don’t accept slow performance and erratic uptime. A managed VPS is a great investment for businesses of all sizes. The combination of a managed VPS and WordPress could be the ideal environment for yours. If you’ve grown frustrated with your current hosting plan or you want to start fresh, contact the team at KnownHost today. We’ll help you choose the hosting solution that makes the most sense for your business.

Read More