Protecting Your WordPress Servers

Protecting Your Server Environment if You Use WordPress

Popularity and accessibility often go hand in hand and, unfortunately, are often a double-edged sword when it comes to security. On the flip side, the belief is that if something is more obscure, it is by definition more secure. There is some truth to all of these beliefs, however, some of it is overblown. For example, people often point to Windows as being particularly vulnerable to viruses and exploits. Yes, most people use Windows, therefore most malicious software is written to target it. But, with the right security practices, you can avoid any kind of serious breaches. All it takes is having the sufficient knowledge and taking the right precautions to avoid situations that would leave you vulnerable. The same can be said when it comes to your website.

 

Every business owner has security on their mind at all times. That’s because we live in a world where the costliest crimes don’t happen because some robber in a mask sticks up a store. Instead, it’s someone with the right technical know-how attacking your system from halfway around the world. Even more alarming, you’re not even always necessarily the specified target. You just get caught in a widespread attack seeking to get its hooks in anywhere it can. That’s why you need to be mindful of doing what you can to protect your VPS or dedicated server.

 

Using WordPress

 

All of this is to say, you need to take the right steps to secure your site no matter what software you use. But, this is especially true when dealing with very popular (and exploitable) content management systems like WordPress. WordPress is far and away the most widely used content management system in the world and it’s estimated to be powering nearly a quarter of all the websites on the internet. It’s popular for good reason. It’s a very easy to use bit of software that makes creating and updating a site relatively pain-free and is perfect for people who aren’t necessarily tech inclined. You certainly don’t need to be a developer to make changes to your site as far as adding more content.

 

That popularity does come at a price, though, as WordPress is often troubled by security issues. That is not to say you shouldn’t use WordPress. Many of the security problems people face when using WordPress often come down to the user. If you engage in best practices, you won’t be so open to malicious attacks. It just takes work staying on top of things. Many times, attackers try to crack a WordPress install in order to gain server level access and essentially turn it into a zombie, using the server to automate spam emails.

 

Whatever the goal of the attack is, you obviously want to thwart it. The best defense is prevention, so there are a number of things you’ll want to do to ensure that your WordPress installation is secure. Remember, a lot of the responsibility of securing a site falls on the user. While many hosting companies will provide some complementary protection for things like DDOS attacks, many of the standard fare brute force entries or file injections occur because of things like outdated software or a lack of following best practices. The following list will contain some obvious things you’ll want to do because they are the most effective at enhancing security. Hopefully, you’ll see some outside of the box things to try that you didn’t think to try before. With the right precautions, you can rest easy knowing that your site isn’t as vulnerable as you might think. While there are no guarantees, you have the ability to greatly reduce security incidences.

 

Update the Core Software

 

Honestly, if everyone stayed on top of updating the core WordPress software, many security issues would simply go away. It’s not a cure all, to be sure, but it comes as close as you can get. WordPress is open source, so anyone can see the code. This is both good and bad. When a new exploit is found, the software gets patched and those loopholes get closed. Rinse and repeat for every new release. If you’re still on an old version of the software with a well-known exploit, you’re setting yourself up for a potential attack. By keeping your WordPress installation up to date, you’ll be going a long way towards keeping your site secure.

 

Be Careful with Plugins

 

A similar approach should be taken with plugins (and themes for that matter), but you need to go a little further here. Your plugins need to be kept up to date for sure. Just like with the core software, out of date plugins and themes can be exploited to act as an entry point for malicious activity. However, as a general rule of thumb, you should try to limit going plugin crazy when building your site. Each plugin brings a vulnerability. While you of course need these plugins for essential functionality, limit them and only install them from reputable sources. Plugins you’ve never heard of that have no reviews and are hosted in suspicious repositories should be avoided.

 

Closing Loopholes

 

You’re getting into development work now, but as you probably know the backbone of WordPress is PHP. You may want to disable PHP error reporting. For troubleshooting purposes, an error report is great. However, the downside is your PHP error report also includes your entire server path in it. If that error report falls into the wrong hands, that’s full access to the whole endeavor. Site, server, all of it is in plain view. You’ll have to add some code to wp-config.php to disable it.

 

Leverage .htaccess

 

The .htaccess file has a tremendous amount of power over your site. It has a large amount of influence over nearly every aspect of your site, including the security. Therefore you want to use the .htaccess file to your advantage. For example, you can use it to hide the wp-config.php file which itself is critical to your security. You can even restrict admin access down to only certain IP addresses.

 

Obscure the Login

 

The default WordPress set up for logging in is much too easy to brute force. Everyone knows the URL and everyone knows the default username is “admin.” The first step that needs to be taken is changing these things. Change the login URL and choose a different username. Also, put a limit in place that doesn’t allow constant login attempts if the password is incorrect. Remember, most brute force attacks are automated. A different login URL and a wrong password limit can easily thwart them.

 

Conclusion

 

A secure WordPress installation means a successful website. Well, that’s part of the equation anyway. Another integral part to the success of your online business is your hosting provider. You need a high performing, quality VPS or dedicated server that is up to the task of keeping your site online around the clock. At KnownHost, we know how important performance and reliability is to your business. Our servers and dedication to exceptional customer service make us the hosting partner you need so you can achieve your goals. Contact us today and we’ll help you find the perfect hosting solution for your business.

Read More

8 Key Social Rules to Guide Ecommerce

8 Key Social Rules to Guide E-Commerce

Diamond Candles is an e-commerce company that specializes in (you can’t make this up) soy candles with rings inside them. Maybe you are familiar with this product; well, this market: in the Internet era, there is a market for soy candles with rings inside them. It’s a niche, that’s for sure. And the arguable ridiculousness of putting a ring inside a candle is exactly why this company is succeeding on social media – despite not having spent a dollar on advertising.

The brand, which has 1,036,526 Facebook Page Likes and counting, had difficulty growing when the business was originally formed. The problem was that marketing funds were low, and the product was not getting the kind of exposure that the founders felt it deserved. They figured out how to grow when they embraced social media and realized that any user could be their brand ambassador once they experienced (at least digitally and visually if not in person) the one-of-a-kind product that they offered. As customers started sharing their pictures more on the social sites, co-founder Justin Winter took that incredible user-generated content and used it to create additional value for the company. Winters and his team have grown the brand very simply, through word-of-mouth social posts and through carefully produced images. And let’s be honest, it’s even more impressive that the brand has been able to get a million Facebook fans while having lower than a 4-star rating (as of July 2017) on Facebook.

Diamond Candles is relevant because it is one of the social media success stories cited by web entrepreneur and marketing thought leader Sujan Patel in Forbes. Many of us would like to achieve the same e-commerce success on social media that Diamond Candles has; and there is certainly money to be made, worldwide. As an example, let’s look at the US-based online shopper: that person now purchases fully half (50%) of their products online, according to a 2016 UPS/comScore study that surveyed 5000 people in the US (where online shoppers now make up 79% of the population); in fact, to loop back to social, the same study found that the portion of people that said social posts influenced their buying decisions rose from 25 to 34% year-over-year, while the segment who said that they purchased something through a social site was at 23%.

Do you want to have the success of Diamond Candles on Facebook, Twitter, Instagram, Pinterest, Snapchat, and/or elsewhere? Let’s talk about 8 golden rules of success (like a diamond within a candle, there are golden ideas hidden within this piece) espoused by Patel and others – for smarter, more powerful integration of online sales with social media.

Rule #1 – Facilitate post-sale sharing.

It can be easy to focus so much on the process of getting the sale that you forget to sell after the sale occurs, advises Ellie Martin of Startup Change Group. Of course, you want the person to keep buying or to otherwise help boost your revenue – and a very simple way to do that is with post-sale sharing buttons.

Just look at all your various forms of messaging following the sale (thank you page, confirmation email, receipt email, newsletter, etc.) and consider how social buttons can better be brought into the fold. (If you generally want to improve your game post-sale, you can check out this advice on how to improve customer lifetime value with post-sale content – which includes this great quote from marketer Dan Kennedy: “I’ve long believed that, rather than getting customers to make sales, it is smarter to make sales to get customers.”)

Rule #2 – Tell stories.

Patel says to narrate your brand. He gives the example of BeardBrand as a business that has excelled in this way. BeardBrand actually didn’t just expand by telling stories; they did so by telling them in a way that both built a recognizable brand identity and even created an identity to represent the buyer: the “Urban Beardsman.” By carefully crafting characterization and plotlines, the company was able to carve out a more specific space for itself, resulting in first-year sales that hit $120k per month. (On a related note, sadly, StacheBrand.com is already taken.)

Rule #3 – Celebrate every holiday.

You want to think more broadly than November and December when it comes to thinking about seasonal communications, says Alex D’Amore on Social Media Explorer. Plan well in advance for the year. You will undoubtedly need a progressively granular calendar to get everything organized and executed properly.

In terms of key dates, what is relevant to your business? For instance, anyone selling Apple products should pay attention to when their launches occur. We all know (except, perhaps, some of the robots reading this) how critical trending hashtags and language are to social prominence.

Rule #4 – Tie into a higher purpose.

Incorporate something for a nonprofit cause, says D’Amore. Whatever it is that you do for a charity can be based on social media or elsewhere, but you can certainly use social media for its promotion – and probably will score greater rapport with your customers for doing so.

Rule #5 – Create an air of exclusivity.

You open the doors to the business, and you want people to keep flowing in – to a point. It can also be effective to control access. Martin suggests making some sales and products (particularly in the case of clearances or raffles) only available when people follow you.

Rule #6 – Promote UGC.

No, not UFC: UGC. However, it does relate, because user-generated content can (sort of) help you to roundhouse-kick your niche competition on social media. User-generated content is just as it sounds: content created by your customers on social sites, either on their own or in order to take part in a giveaway or contest you organize. How powerful is UGC, or CGC (consumer-generated content)? Business Insider found that shoppers who see CGC are 97% likelier to buy; that is compelling.

Images that shoppers create of your products, as with the ever-popular picture-of-my-most-recent-meal, should really be taken seriously from a business perspective. Consumers like photos taken by consumers more than they do those taken by professionals – a 77% to 22% preference for amateur-generated Instagram photographs on product description pages over those created by career photographers, according to research by Yotpo.

Why are your images so important? “Using authentic visuals will demonstrate social proof, drive high-intent users from Instagram to product pages, increase on-site conversions, and improve ad performance,” notes Aaron Orendorff on Social Media Examiner.

Beyond that, there is additional value in repurposing if the Yotpo study holds true: once cleared with the appropriate parties, you could (maybe?) bring some of that UGC onto your product pages to give your site itself a better sense of community.

Rule #7 – Be supportive.

Social media is not just about posting content and interacting at the level of content but also serving as a communication channel. You want to pay attention to your messages. For one thing, Facebook lets users know how long it takes for you to reply, says Martin. Remember that this environment is not just a content channel but also a support mechanism.

Rule #8 – Use great site speed to support your social.

People think of social media as supporting the website, but the reverse is also true: if the user experience on your site is great, it will help further boost your social growth. One easy way to deliver great UX is simply performance-based, with the low latency offered by enterprise-grade solid state drives. See our managed SSD VPS hosting.

Read More

Traffic Levels and Hosting

Why You Need to Consider More Than Traffic Levels When Choosing Hosting

As far as web hosting solutions go, there are very few solid rules that someone should follow. There is no one size fits all model, though sometimes you may wish for one. But, if an unofficial rule could be made up right on the spot, a good one might be “Plan for the traffic levels you’re getting now and factor in the traffic levels you hope to hit.” If you’re not migrating a site and you’re building a completely new one, you can change that first part to “Plan for the traffic levels you think you’ll get in the near term.” Basically, make sure you’re signing up for a hosting solution that won’t just suit your needs now but will also hopefully last you a few years. Site migrations aren’t exactly fun, so the less moving around you need to do, the better.

 

When initially debating whether shared hosting, a VPS, or dedicated server would be best for your business’ needs, you of course think about the hardware in relation to the ability to handle large amounts of traffic. Make no mistake, traffic levels are the biggest concern when shopping for web hosting plans for a website. If you’re looking to host a software development environment or an email server, your concerns are obviously going to be more geared towards disk space and processing power. But, for a website, the big number to keep an eye out for is bandwidth because that is what gets rapidly depleted by high volumes of traffic.

 

However, traffic isn’t the whole story. While you may not be so concerned with the server hardware’s horsepower if you’re just looking to host a website, you should keep it in consideration because a multitude of factors beyond traffic levels and bandwidth go into choosing the ideal hosting solution. And, yes, some of those factors will rely on the power of your server. While many of the more technical ins and outs of the site will no doubt be handled by a developer, as the decision maker it’s important to understand some of the critical things to consider when selecting your VPS or dedicated server. Shared hosting, unfortunately, is often not up to the task of powering a large-scale business website. This is especially true when talking about e-commerce. Here is what you need to look for when choosing a host.

 

Traffic Concerns

 

While it’s important to understand that traffic isn’t the only concern you need to have when selecting a hosting solution, it’s the big one, so let’s touch on that. There is a close relationship between bandwidth and the levels of traffic to your site. The simple explanation is that the more bandwidth you have in your hosting plan, the higher the level of traffic your site can support. But it’s important not to just think about it in terms of volume over time. For example, if you’re getting 100,000 visitors a month and experience steady traffic at all times, that won’t be as demanding as experiencing 20,000 people trying to access your site simultaneously. Higher bandwidth will protect your site from experiencing slowdowns or, worse, getting knocked offline because too many people are trying to access it at once. Being very popular is a good problem to have, of course, but your infrastructure needs to be able to handle the demand. Traffic spikes and overall traffic are two different metrics you need to factor in when looking at that bandwidth number in the spec sheet for the hosting plans you’re considering.

 

That’s the condensed version of what you need to know as far as traffic when it comes to shopping for hosting. The more powerful the hardware, the more bandwidth you get generally. A dedicated server, beyond having a stronger CPU, more RAM, etc. also has more bandwidth. That’s why they are often the choice for e-commerce. With traffic out of the way, here are other issues you need to keep in mind when selecting a hosting solution.

 

Content Management Systems

 

Even if you don’t concern yourself too much with how your site is going to work on a technical level, you’re familiar with how to make changes to it. Broadly speaking, there are two ways to control the content and functionality of a site: handwritten coding or the use of a content management system. If you have a site of even moderate complexity or you are building an e-commerce site, you are most likely working with a CMS.

 

A CMS can sometimes be a bit of a double-edged sword from a technical standpoint. On one hand, it makes updating the site much easier. This is especially true for those without a development background who want the ability to upload pictures or change content quickly and easily. On the other, a CMS can be a heavy piece of software that is taxing on system resources and can bog down performance. Many of the major CMSes come with what some may define as “bloat” in the code. Add in the fact that the popular platforms like WordPress rely on plugins which can slow your site down for functionality, and you can start to see why you’ll want at least a VPS when hosting WordPress or similar sites. You need strong enough hardware to power through the additional load times caused by the CMS so you can present your audience with a seamless experience.

 

Specialty Software

 

This is a simple point, but an important one to touch on. Hosting companies offer hosting environments that are either powered by Linux or Windows. You’ll find many arguments for each, but at the end of the day, the most important thing to keep in mind is any software you hope to run on your server. If you’re running software that is Windows only, that about makes up your mind for you. Otherwise, it all comes down to preference if you have one.

 

Guarantees and Amenities

 

You may consider these “extras” however they are anything but. For example, having maximum uptime is not a luxury. It is a necessity. Search for a hosting solution that offers 99.9% uptime so you can be confident that your site will be accessible at nearly all times. A site that is offline is a site that is not making you money. Additionally, look for amenities like managed services, free backups, free migrations, and some security provisions. While no host will guarantee a full lockdown, high security set up, you can find some complementary DDOS protection. Just having a customer service team available to contact at any hour of the night is a tremendous benefit.

 

Conclusion

 

Landing on the right hosting solution can often feel like a combination of luck and the ability to see the future. It really isn’t. Armed with the right information, you can make a decision that will suit your business today and in the near future. While growth is of course always the goal, you want a hosting solution that will meet your needs for as long as possible. Whether it’s a VPS or dedicated server, it has to work for you. Contact us today to speak to one of our experts. At KnownHost, we know that choosing a hosting solution for your business is a major endeavor and we’re here to help.

Read More

Managed Hosting Prevents Maintenance Headaches

How Managed Hosting Can Help Prevent Maintenance Related Headaches

If you’re a small business owner, you often feel pressure to be a jack of all trades. This is both a practical manner and preference. You trust yourself to do the job right and you want that control. Also, hiring staff is an expense. If you’re at the point where you’re looking to launch a business online or at least a digital component, you probably already have at least a small team to make it happen. What the team does is obviously unique to your individual situation.

 

The question you have to ask yourself is, “Is one of those people on the payroll just to look after the server?”

 

Now, you may be wondering why you need a full-time employee just to deal with the server. Let’s just say there’s a reason why a managed VPS is one of the most popular hosting solutions for businesses. For those who aren’t so interested in the technical goings-on of what happens on a server, the perceived savings of going for an unmanaged plan often aren’t worth it.

 

What many business owners may not realize when setting up a website, whether it’s e-commerce or informational, is that it’s not just a “set it and forget it” arrangement by default. With a developer’s help and managed hosting services, yes you can reach that point. You and your team would only need to spend minimal time in the backend of the site. But, those are conscious decisions you need to make when planning your site rollout. The decision of what hosting provider to go with and what kind of hosting solution to sign up for is a critical first step. That’s why it’s so important to not necessarily look at just the monthly price of a hosting plan, but to also factor in the hidden costs you would need to pay if you don’t sign up for the hosting plan that best suits your realistic needs.

 

Let’s explore what those hidden costs are and why most business owners would be wise to opt for managed hosting over unmanaged solutions.

 

What Do We Mean by Hidden Costs?

 

When first looking to purchase hosting, your eyes immediately go to the big number on the bottom line that displays the monthly cost. That should certainly play a role in the decision you make. Any good business owner knows the importance of keeping overhead low. But, it’s important to point out that in the discussion of managed vs unmanaged hosting, unmanaged has some hidden costs that may not be immediately apparent.

 

We’ll get into the major differences between the two next. To put it simply, though, unmanaged hosting gives you login credentials and that’s it. So, nearly everything going on with the server is up to you to manage. This will be an everyday job. In order to keep your site online and working properly, you’ll need to dedicate a full-time employee to handle these rudimentary tasks. It may even require after hours work. That comes at a big cost. The loss of time and personnel resources are major hidden costs that can quickly add up and far outpace the comparatively higher monthly price tag associated with managed VPS hosting. The few extra dollars per month for managed hosting in comparison to unmanaged usually pays for itself.

 

Managed vs Unmanaged

 

When evaluating the pros and cons of going with unmanaged vs managed, it’s easy to get caught up in the weeds of an exhaustive list. By all means, weigh the arguments for each. The decision you make will shape your business. But, it may also be helpful to summarize the ways the two differ from one another for quick reference.

 

Unmanaged hosting gives you nearly complete control and responsibility over your server environment, for better or worse. Backups are on you. Migrations are on you. You can choose the control panel you want to use, but you’ll also need to install it yourself. You could even be responsible for figuring out why your site is offline if you’re experiencing downtime. In many instances regarding unmanaged hosting, the host is only responsible for hardware malfunction. Even upgrading software will be up to you. Having technical knowledge and an in-depth understanding of the OS is a pre-requisite for unmanaged hosting.

 

Managed hosting offers more of a hands off set up. It’s ideal for the less tech savvy and for those who don’t have the time to spend on managing the server. While you are encouraged to always take your own protective measures when it comes to multiple backups and security, your host will provide some assistance on that front. Typically, you get a daily backup and migration assistance should you need it. You have 24/7/365 monitoring should anything go wrong. If your site is suddenly offline, you have someone to call and that can investigate. You also have DDOS protection, which can help you thwart an attack in many of the most common scenarios. The only real downside to managed hosting is you are presented with the hosting company’s options for control panels and the like and you have to use them. If you’re not a tinkerer, that’s fine.

 

How Managed Hosting Contributes to Performance

 

A lot of factors contribute to how well your site performs. Traffic levels, bandwidth, CPU, and your coding are just some of the contributing factors to site performance. While not as direct an influence, don’t discount how managed services will help your VPS perform better. For example, you may see that 99.9% uptime figure and think that’s a great guarantee. That’s only possible with managed hosting because of the constant monitoring that occurs and the customer service you have access to. This is important because performance issues greatly affect your bottom line. This is especially true if you’re running an e-commerce operation. Downtime and slow speeds severely impact customer behavior, to say nothing of the lack of sales if no one can actually access the site.

 

Struggling with Downtime

 

No matter what industry you’re in and what downtime looks like to you, the results are the same. Downtime costs you a lot of money and it’s not just from lost sales. Also consider that page load delays can cost you significant revenue, and you can see why it’s worth having the peace of mind provided by leaving your server in the hands of the experts. In an unmanaged hosting environment, not only do you have to deal with the customer service issues that will arise from a site malfunction, but you’ll also have to figure out how to get the site back online at the same time.

 

Conclusion

 

There is more riding on your hosting solution than you may realize. While everyone recognizes the importance of having a website that is reliable, it’s also critical to your business’ success that you have the right infrastructure to support your personnel needs. Whether it’s hiring more staff or stretching your current staff thin by having them perform duties that are outside their job description, managing your server yourself is often too costly in both time and money. Let your hosting company manage your VPS environment for you. Contact us today. The team at KnownHost is here to partner with you so you can have the hosting solution that makes the most sense for your business. Ask us how our managed services can help your business grow.

Read More