10 Things to Know about Web Hosting + WordPress

This post is part of the:
100 Things you Need to Know about WordPress Series given by Anthony Montalbano and myself at WordPress Ann Arbor.

1. Choose a web host by reading complaints in official support forums

If you want to find out what web hosting company is the best, the last thing you want to do is look for “reviews”. All web hosting review sites are paid an affiliate commission if you click and signup through their link.

What you really want to do is see if they have an skeletons in their closet. Most web hosting companies have official forums for support, and most are public (and indexed by search engines). See what the most common complaints are, and if support is responsive. You could also Google the name of the web host you’re interested in with search terms like “issues”, “problem”, “broken”, “horrible”, or even “sucks”.

2. Unlimited Web Hosts aren’t really unlimited

Unlimited web hosting is a lie. They may say unlimited web sites, unlimited bandwidth, unlimited databases, but it’s simply not true. Every web host has controls in place to make sure you don’t use too many resources, too much memory, or too much CPU. If you do – they lock your web site until you fix the issue.

For example, most web hosts will allow unlimited web sites, but your account can’t use too many “processes” at once. Let’s say you have 100 web sites. If they have only 100 visitors per day you might be ok. But if they each get 1,000 visits per day you’re probably going to use too many server resources and get your account locked up.

Most web hosts have an “inode” limit. In your web hosting account filesystem, each file or directory is a single inode. A common inode limit is 250,000, and once you have about 100 web sites installed in a shared web hosting account – with all the plugins, themes, and core WordPress files, you will definitely go over your “inode limit” and get your account locked.

You can fully expect to only be able to host 50-80 web sites in an “unlimited web hosting” account, and most of these sites will have to be ones that get <1,000 pageviews per day. In most shared web hosting accounts you can have up to 5,000 pageviews per day (uncached) before you start to get notifications of too much memory or CPU usage (depending on how many and what kind of plugins you're running). Depending on certain variables, a cached site (or one using a CDN, content delivery network, can get up to <10,000 or more pageviews). 3. Keeping domain registrations separate makes it easier to move in the future

It’s popular for web hosts to allow you do register your domains with them and keep them in the same account. It’s not a very good practice to do this, and keeping the domain registrations separate (like at GoDaddy) is a better idea for several reasons.

The first is cost. GoDaddy (and some other registrars) run sales where you can bulk renew your domains and save lots of money. Most web hosts don’t do this (and charge more for domain names).

The second is security. If your web hosting account gets hijacked, the hackers have access to your domain names. How easy would it be for them to transfer authority to themselves, and how hard would it be for you to get it back?

The third and last reason is if you need to change web hosts – they can make it more difficult by holding up your domain name transfer. If you have the domains with a separate registrar, you control when you move and when DNS changes – not them.

4. Backing up off-site is best for disaster recovery

Web hosting companies say they do nightly backup, but typicall use a hard drive (RAID) “array” for all the servers. So, if a hard drive goes down they can pull it out and replace witha new one (hot swappable) without turning anything off at all. But what happens if the array controller (computer chip) goes bad? The array goes down and the data on the disks is corrupted – potentially losing all backups and the data of every single web site they host. This actually happened to one of the largest web hosts in 2010, and nearly all data was lost.

Backup your web sites “off site”, either yourself locally, or using a service such as Vault Press or Backup Buddy.

5. Change all passwords every 30 days

Use strong passwords, and change them every 30 days – especially WordPress admin and web control panel login. Changing your database password isn’t a bad idea either. You can learn about the about the best Australian web hosting here and use one of them, but there are too many ways for people to gain entry, either a web hosting employee gone bad, a compromised PC, connecting via public wifi or mombile. Changing your passwords ensures that if someone has your password (and you don’t know it), they won’t have it for long.

6. Directory indexing should be turned off

Many mainstream web hosts still have “directory indexing” turned on by default (as if it’s a feature). This allows hacker scripts and spambots to troll your domain looking for directories so they can figure out what you have installed (and how to break in). It’s like giving criminals the blueprints to your house to figure out where to go in advance. It’s a simple setting in most web hosting control panels, turn “directory indexing off”.

7. Minimize resources by caching your site as much as possible

Your want your web site to load as fast as possible because Google uses site load speed as a ranking factor, and users stay longer on fast loading sites. WordPress has to “look up” information in the database every time a page is loaded. If you “cache” your WordPress install to static pages, you minimize (and in some cases eliminate) the database queries. You can also “offload” content loading to other sources as well.

Here are the best 2 WordPress database caching plugins:

W3 Total Cache

WP Super Cache

You can also use a CDN for WordPress, in conjunction with a caching plugin.

You can upload video to YouTube and use a plugin like Smart YouTube.

You can offload some content loading by using Amazon S3 for WordPress or similar plugins.

8. Keep other software up to date so WordPress doesn’t get hacked

If you install forums, other CMS systems, or scripts in your web site – keep them updated! Much like WordPress, over time all software developers security holes and vulnerabilities. If you abandon a software install in your site, and hackers or spambots get in, the will attack your WordPress install as soon as they get there!

9. Optimize your database tables automatically

Database tables get “overhead” over time, and “optimizing” them keeps them running smoothly. You can install a plugin like WP-DBManager and automatically “optimize” your database at specified intervals.

If you have the technical ability to use phpMyAdmin in your web hosting control panel, it’s also a good idea to remove all database tables that are leftover from plugins you once used, but no longer have installed.

10. Externally monitor your website’s uptime yourself

Never rely on your web hosting company to tell you what your server uptime is. Use a free external monitoring tool to notify you as soon as your site goes down or isn’t available.