WordPress is Awesome; hosting it is a pain in the ass.

If you were subject to what many called “2012: the Summer of Hacks,” you know what I mean.

The platform gives you unparalleled abilities to easily run your site, but those abilities can leave your site vulnerable to attack, possibly prone to breakage upon updates (if not built correctly), and tough to manage as it grows—if you don’t understand how hosting works.

Main Considerations:

  1. Shared vs. dedicated hosting environments
  2. Consistent connections
  3. Static IP addresses
  4. Backups
  5. IP Blocking and security
  6. Child themes/custom
  7. Updates

Shared vs Dedicated Hosting/Consistent Connections:

I first started working with WordPress version 1.5.2 back in 2005 when it was just a blogging platform and you had to manually connect the database and ftp files; no 5 minute setup then!

It was great, and the beauty was in its simplicity.

When I started building WordPress sites for other people in 2007, I used GoDaddy’s shared hosting platform. I would set up 25 sites per hosting account, and it worked great…until.

I learned about this little thing called “consistent connections” (note: Godaddy still has these on their servers). This is where you are limited to how many times the mysql database (backbone of WordPress) can serve up data.

On the days that my clients’ sites got a lot of traffic, their site would serve up 404 errors and run really, really slowly. I would get panicked phone calls and would practically tear my hair out trying to figure out the problem. Eventually, I moved all client sites to Godaddy’s Grid hosting platform that spread the sites in a cloud over blocks of 27 servers. This worked great…until godaddy began to update the IP address of the hosting account—without warning.

Static IP Addresses:

Changes to the IP addresses would automatically update if the URL was registered in my Godaddy account, but the site would go down if it was in my client’s account. Thus I would have to log in to each client’s account and update the @ Record to the updated IP address.

This quickly got old and I learned about static IP addresses. This is where you assign an IP to group of websites/hosting account. This worked well…until some of my client’s sites got hacked and the IP was blacklisted- preventing my other client’s sites from coming up at their client’s places of work. (Side note: see who else is hosted on your IP here)

This then led me to assign a static IP address per website, which is how we do it today.

Backups:

Hosting was cruising along well until I started to run into trouble with GoDaddy going down constantly. While they were nice enough to put a live person on the phone when I would call, I was experiencing outages of up to 48 hours.

I knew that I would have to look at other options, especially when and I found that I was losing data as the sites were brought back up. I never installed any backup protocols on my sites, so I started having trouble with data integrity (keep in mind, I was only charging my clients to host their site, not for management of that hosting. If you are experiencing these same problems with your current web developer, look to see what you are being charged for). I recommend that you—in addition to whatever you are using to host your site—consider using a Backup plugin and keep weekly backups of the site.

IP Blocking and Security:

You’ve heard before that the best defense is a strong offense, and as such I’m a big proponent of blocking known hackers before they even have a chance to hit our site.

The majority of hacks come from “bots” that are programs that just troll the internet looking for vulnerabilities. The majority of these attacks can be stopped by just blocking them altogether with IP Venger.

After that, you should consider some basic security plugins that prevent stuff like “brute force” attacks, removal of “admin” usernames, and changing of your database tables. Simple security plugins such as Better WP Security do a great job of automating and walking you through these steps to basic blocking.

Child Themes/Custom Design:

When the theme design ability first came out and you wanted something changed, you were required to edit the code of the theme itself. This worked great until the theme needed updating.

A recent example of this was when the TimThumb.php hack script went crazy last year. If you weren’t using child themes, all of your theme customization was lost and your site would be broken when you updated the theme to fix the hack.

Fear no more!

By building child themes, you are able to overwrite the code, customizing in parallel to the main theme, without ever changing the core files of the theme itself. This way, when new updates are released your site isn’t broken. Whoever builds your site MUST build with either child themes or a custom theme for your project such as we do—see here.

Anything else will save you money up front (possibly), but cost you 10 times more in frustration and cost down the road.

Updates:

It used to be that when you updated WordPres,s you had to do it manually. Now, it’s a piece of cake with a few clicks.

Be sure when updating, however, to first backup the site, then disable all plugins. When you’re updated, turn your plugins back on…one at a time.

Often, plugins will conflict with one another when new variables are introduced. You might also find that some plugins are not compatible with the newer versions of WordPress.

As a best practice, we generally wait a few weeks after a WordPress update is released before we push it out (unless there is a major security issue that needs to be fixed).

Be sure to keep your site updated. Again, this is something that you either have to do on your own and be able to fix or install new plugins when old ones break or pay someone else.

Takeaway:

WordPress is an amazing piece of software. It provides unparalleled customization, ease of use, Search Engine Optimization ability, and is fast becoming the global standard for websites. A powerful tool that can take you and your business to new heights, but has to be built on a solid foundation and managed by people who know what they are doing. Consider these factors when selecting your partner and your site will surely perform the way it was intended with far fewer headaches!