10 Things to Know about Web Hosting + WordPress
This post is part of the:
100 Things you Need to Know about WordPress Series given by Anthony Montalbano and myself at WordPress Ann Arbor.
1. Choose a web host by reading complaints in official support forums
If you want to find out what web hosting company is the best, the last thing you want to do is look for “reviews”. All web hosting review sites are paid an affiliate commission if you click and signup through their link.
What you really want to do is see if they have an skeletons in their closet. Most web hosting companies have official forums for support, and most are public (and indexed by search engines). See what the most common complaints are, and if support is responsive. You could also Google the name of the web host you’re interested in with search terms like “issues”, “problem”, “broken”, “horrible”, or even “sucks”.
2. Unlimited Web Hosts aren’t really unlimited
Unlimited web hosting is a lie. They may say unlimited web sites, unlimited bandwidth, unlimited databases, but it’s simply not true. Every web host has controls in place to make sure you don’t use too many resources, too much memory, or too much CPU. If you do – they lock your web site until you fix the issue.
For example, most web hosts will allow unlimited web sites, but your account can’t use too many “processes” at once. Let’s say you have 100 web sites. If they have only 100 visitors per day you might be ok. But if they each get 1,000 visits per day you’re probably going to use too many server resources and get your account locked up.
Most web hosts have an “inode” limit. In your web hosting account filesystem, each file or directory is a single inode. A common inode limit is 250,000, and once you have about 100 web sites installed in a shared web hosting account – with all the plugins, themes, and core WordPress files, you will definitely go over your “inode limit” and get your account locked.
You can fully expect to only be able to host 50-80 web sites in an “unlimited web hosting” account, and most of these sites will have to be ones that get <1,000 pageviews per day. In most shared web hosting accounts you can have up to 5,000 pageviews per day (uncached) before you start to get notifications of too much memory or CPU usage (depending on how many and what kind of plugins you're running). Depending on certain variables, a cached site (or one using a CDN, content delivery network, can get up to <10,000 or more pageviews). 3. Keeping domain registrations separate makes it easier to move in the future
It’s popular for web hosts to allow you do register your domains with them and keep them in the same account. It’s not a very good practice to do this, and keeping the domain registrations separate (like at GoDaddy) is a better idea for several reasons.
The first is cost. GoDaddy (and some other registrars) run sales where you can bulk renew your domains and save lots of money. Most web hosts don’t do this (and charge more for domain names).
The second is security. If your web hosting account gets hijacked, the hackers have access to your domain names. How easy would it be for them to transfer authority to themselves, and how hard would it be for you to get it back?
The third and last reason is if you need to change web hosts – they can make it more difficult by holding up your domain name transfer. If you have the domains with a separate registrar, you control when you move and when DNS changes – not them.
4. Backing up off-site is best for disaster recovery
Web hosting companies say they do nightly backup, but typicall use a hard drive (RAID) “array” for all the servers. So, if a hard drive goes down they can pull it out and replace witha new one (hot swappable) without turning anything off at all. But what happens if the array controller (computer chip) goes bad? The array goes down and the data on the disks is corrupted – potentially losing all backups and the data of every single web site they host. This actually happened to one of the largest web hosts in 2010, and nearly all data was lost.
Backup your web sites “off site”, either yourself locally, or using a service such as Vault Press or Backup Buddy.
5. Change all passwords every 30 days
Use strong passwords, and change them every 30 days – especially WordPress admin and web control panel login. Changing your database password isn’t a bad idea either. You can learn about the about the best Australian web hosting here and use one of them, but there are too many ways for people to gain entry, either a web hosting employee gone bad, a compromised PC, connecting via public wifi or mombile. Changing your passwords ensures that if someone has your password (and you don’t know it), they won’t have it for long.
6. Directory indexing should be turned off
Many mainstream web hosts still have “directory indexing” turned on by default (as if it’s a feature). This allows hacker scripts and spambots to troll your domain looking for directories so they can figure out what you have installed (and how to break in). It’s like giving criminals the blueprints to your house to figure out where to go in advance. It’s a simple setting in most web hosting control panels, turn “directory indexing off”.
7. Minimize resources by caching your site as much as possible
Your want your web site to load as fast as possible because Google uses site load speed as a ranking factor, and users stay longer on fast loading sites. WordPress has to “look up” information in the database every time a page is loaded. If you “cache” your WordPress install to static pages, you minimize (and in some cases eliminate) the database queries. You can also “offload” content loading to other sources as well.
Here are the best 2 WordPress database caching plugins:
You can also use a CDN for WordPress, in conjunction with a caching plugin.
You can upload video to YouTube and use a plugin like Smart YouTube.
You can offload some content loading by using Amazon S3 for WordPress or similar plugins.
8. Keep other software up to date so WordPress doesn’t get hacked
If you install forums, other CMS systems, or scripts in your web site – keep them updated! Much like WordPress, over time all software developers security holes and vulnerabilities. If you abandon a software install in your site, and hackers or spambots get in, the will attack your WordPress install as soon as they get there!
9. Optimize your database tables automatically
Database tables get “overhead” over time, and “optimizing” them keeps them running smoothly. You can install a plugin like WP-DBManager and automatically “optimize” your database at specified intervals.
If you have the technical ability to use phpMyAdmin in your web hosting control panel, it’s also a good idea to remove all database tables that are leftover from plugins you once used, but no longer have installed.
10. Externally monitor your website’s uptime yourself
Never rely on your web hosting company to tell you what your server uptime is. Use a free external monitoring tool to notify you as soon as your site goes down or isn’t available.
A really helpful article. I’ve wanted to get this info all in one place before so thanks for your hard work. I knew there was no such thing as unlimited ‘shared’ hosting but having a number (for how many sites) to work with is very useful.
So when do you go for VPS or even your own Dedicated server?
I never use VPS – as far as I’m concerned they are completely useless. You can get more out of a shared hosting account than a VPS anyday because a VPS is almost always based on “burstable” RAM and CPU and shared hosting is not. My benchmark is usually once a site gets 5,000 unique users or 25,0000 pageviews per day – in most cases it’s time to go straight to my dedicated server.
I’m hardly a newbie, but there were some great tips in here. I especially liked your reasoning behind keeping your domain separate from the hosting. Perhaps GoDaddy isn’t totally evil after all.
Thank you!
thanks! To be honest this is the only thing I use GoDaddy for, but with the HUGE sales they have, if the massive amount of money you can save when bulk renewing – it’s not worth it to go anywhere else. Just never, EVER, use them for web hosting.
Can a WordPress blog be put into an existing website?
@Kelly – there are 2 answers to this question.
First, you can add a WordPress blog to an existing website, by installing it in a sub-folder or sub-domain. We have done this dozens of times over the years.
Second, I thought since your link was a wordpress.com website – you might be asking about that, and YES, you can move a wordpress.com web site to a self-hosted wordpress installation. Actually WordPress offers this service for $99 in house, and there are LOTS of WordPress consultants around the world (like ourselves), that can help you with this too!
I have a blog on wordpress.com with around 20,000 pageviews per day. The database of about 2 GB. Through the “guided transfer” ($99), I move the blog to a sell-hosting, but several times my blog has been locked, and the hosting provider advise me to use the VPS service.
Do I have to use the VPS service (or should I use a dedicated server)?
Thank you.
Personally I would go dedicated server, because you’ll most likely exceed any VPS server constraints. I had to move one of our busy sites to a dedicated box at about 20,000 pageviews per day.