Choosing a Wordpress Hosting Platform

Joe Cress: Hey everyone. My name is Joe Cress and I'll be presenting how to choose a WordPress hosting platform today. And by the end of this presentation you'll have the knowledge to go out and make a decision on your WordPress hosting platform from a security standpoint and general best practices. And here's a quick agenda for this presentation. So we'll go over a quick introduction, I introduce myself, tell you a little bit more about me. We'll go over what your website actually does. Also, why security is important. Picking a web hosting provider and don't let security control your life. So again, my name is Joe Cress. I have 10 plus years of web hosting management and security experience, operated a successful WordPress hosting platform for seven years, business advisor to a local Indianapolis development agency, and a technical implementation specialist and solutions engineer at Trava where I specialize in vulnerability scanning and education. So let's go over what your website actually does. And it's a lot more than just a pretty homepage where you can advertise your services and how awesome you are. So WordPress sites for the most part are vulnerable to malicious activity. Not always simply from the WordPress core, but your risk rises as you begin to add plugins and themes. And this will end up being the foundation of your risk with having a site built on WordPress. And where that risk gets higher is you're trusting a stranger with the security of your website. You're simply at the mercy of the developer's ability to code a secure plugin or theme that you're using. And to give you a quick primer of how the internet works, when someone types www. xyz in their browser, it's going to connect to your server where your site's hosted and it's going to processing PHP for WordPress. The server is. This compiles the front page of your website, loads all of the assets, theme, plugin, CSS, JavaScript, the whole shebang, and then displays the final page to your browser. If your site is cashed, the server simply displays an HTML page, which requires very little time because there's no real processing on the back end. But that all seems like a lot. That is one of the reasons you need a premium hosting provider with a powerful hosting infrastructure. Now, all this happens, your site is collecting information from the surfer, even if you didn't know. So the web server itself is collecting the surfer's IP address and browser information. So for example, Joe Blow connected with a Firefox web browser from this specific IP at this time. If you have security plugins, you're also collecting information and storing it in the WordPress database. If you're allowing cookies you're collecting data from their selection as well. Do you have a heat map plugin or service running? You're collecting data on the surfer what they're doing on your website. How long are they spending on your page? Did they actually read your page or simply move on to the next website? How long did they focus on a single paragraph of words? As you can see, there's a ton of data collected, and I bet you didn't even know all of that was being collected. So, why should you be worried? Why does it matter? So security is usually a total afterthought until something happens to you. Take identity theft for example. I would say that most of you haven't thought about identity theft in months, possibly years, because it's never happened to you. Do you think you would be proactive, have a proactive approach for security if your site has been hacked in the past? Of course you would. So next step, let's say your website gets hacked and the next thing you know people are seeing a bunch of online gambling information with a different language displayed on your page and no data about your business. What next? What if they're just redirected to another malicious website instead of loading your site? Do you think that person would even consider your business for their needs? Absolutely not. You've just lost that lead. And say your website gets 500 unique visitors a month. If your site is hacked for three days, you've potentially lost up to 16 leads. Some sites can stay hacked for many days until you have someone clean it up. And that sounds like a problem. Doesn't it? WordPress powers one third of the entire internet. Think about that statistic for a minute. A third of the internet. Hackers are having a field day with WordPress and you have to have a security first standpoint with your online business. And to give you a good example of how serious this is, back in December of 2021, 1. 6 million WordPress sites were hit with 13. 7 million attacks in 36 hours. Let that resonate with you for a minute. 1. 6 million websites impacted. And I'll even give you a few seconds. Now, keep in mind that is not a scare tactic, but it is important to know the ramifications of not taking security seriously. So after all this, what makes a good hosting provider? So first step is communication. So when you first go to their website, you're reading about the hosting provider. That's communication. If you live chat into the sales team, how's your experience with that? If you have a bad experience out of the gate, it's not looking too good for support. You're probably going to have a poor experience within the organization. So that's key. Secondly, I would absolutely recommend engaging with support before you're a customer. Email support, ask them a question, see what kind of response you get. Are they helpful and friendly or very bland and rude? That's going to set the tone for your experience with that organization. You'll want to check out their speed. Is their website fast? Does it load fast? Does it look visually appealing to you? Read some information on their website of how they tout their speed? And if it makes sense, it's worth investigating some more. You'll also want to look at their website for some security information. What they're doing in terms of compliance if they offer compliant hosting. What they're doing for physical security in their data centers, in their office, all of these. All of these should be taken into account when you're looking for a provider. And most providers, most reputable providers will give you whatever information you request within reason to make sure you are making the appropriate choice. And on the flip side of that, how to stay away from a poor hosting provider. So one would be, read the dang reviews. I wouldn't trust reviews on blogs. A lot of them use affiliate links. Of course they're going to speak highly of that provider. I would rely on G2 is a very reputable place to read reviews. But also you could read reviews on Twitter, Reddit. There's a lot of different platforms you can get legitimate reviews from. Secondly, if they have cheap pricing. That's usually a quick red flag. If they have cheap pricing, they're probably overselling their servers, which means putting more people on there hoping that not everybody will use all the resources they're allotted. So that's usually a red flag when there's very cheap pricing. Furthermore, a lot of storage space. If they're telling you they'll give you a terabyte of storage space for$5 a month, that's very much too good to be true. They're overselling their servers simply as with the cheap pricing. If their website's underdeveloped. If you go to their website and they don't look like an older company, they don't look like a mature company, that's usually a red flag. I would absolutely recommend going through and having communication with them. Having some dialogue to get their history of the organization how long they've been around. If they're offering crazy guarantees. Like 100% uptime, and your site never goes down, that's unrealistic. Maybe in a lab setting, but in the real world you are going to have downtime from time to time. The general consensus is what they call a five nines which is 99. 999%. Even that is fairly unrealistic nowadays in the world. So keep that in mind when you're reading about their guarantees. And finally a red flag is when they don't specify any specific type of platform they host. So WordPress, Joomla, things like that. You want them to specifically work with WordPress. They are the WordPress experts. That's what you want. Not a jack of all trades. And finally, don't let making your website secure rule your life. Education is very, very important, but once you identify the risks you have, whether it's themes, plugins, code, once you identify those risks with your website, then you can assess those risks and then control them as much as you can. And that's the goal is just identifying, assessing, and controlling the risks. Well, I hope you found this presentation very informative. It was wonderful to present this to you and good luck finding your next hosting provider.