Blog
This post was updated with new information.
We’ve added Cloudways to our list of recommended products and services.
We’re a little late to the VPS market as most of our small business clients don’t need the kind of horsepower you can get with a good VPS. And to be honest, until fairly recently managing your own VPS involved considerable system-administration skills — something we rarely see in non-technical professions. That’s where Cloudways comes in! They take care of the nuts and bolts server security and management tasks!
Another cool thing about them? Since they’re only managing servers you can sign up with a healthy array of very powerful worldwide cloud-service providers like Digital Ocean, Amazon Web Services, Linode and Vultr, and Google CloudPlatform! Unlike smaller and shared-hosting services that can “run out of room” as your business grows, with Cloudways you can scale your website to handle truly gigantic traffic.
Best of all, depending on the provider you choose you can often find a data center in your region and sometimes even in your own city! For instance people in the Pacific Northwest might be interested to know that Cloudways can set you up with a Vultr VPS located in a data center in downtown Seattle!
Check out Cloudways managed hosting (direct, no-affilate link.)
Image by Flickr user Steve Depolo
Note: this post has been updated with new information but what I said back in April, 2017 is sadly still true today.
I’m going to be real blunt here and say don’t use GoDaddy for shared hosting. Just don’t. I’m going to go further and say if you are using GoDaddy for shared hosting stop. Just stop.
I hate saying it because there are some very nice people at GoDaddy. Great support people. The company is really committed to WordPress and they contribute a lot to the community.
But their hosting is terrible! It’s slow! As I’ve said in the past GoDaddy shared hosting is unnecessarily and arbitrarily slow!
But you know what else? For cheap, small-scale shared hosting GoDaddy is also ridiculously expensive! Here’s what I mean when I say that.
Last weekend, I updated a client’s site with some fairly simple capabilities to their GoDaddy account. Those simple changes completely bogged down their server. I suggested (as I usually do) that they needed to upgrade their service level from “Deluxe hosting” to “Deluxe hosting Level 3.” Then I looked at the price of upgrading. And then I started looking at other hosting options. In the end, after a short conversation, I ended up moving them another inexpensive hosting company for less than GoDaddy would have charged to “upgrade” them to what would have still been really miserable performance.
Since last weekend I’ve moved two other clients. All three client’s sites now run well.
- Much, much faster.
- For less money!
- With fast, constantly updated software
(for instance GoDaddy’s inexplicably unwilling to upgrade their servers to safer and more secure versions of the PHP programming language.) - With free SSL security certificates.
(GoDaddy charges almost as much for a security certificate as some other sites charge for decent hosting plus a certificate!) - Without constantly running out of “I/O Usage” and other “resources.”
(I/O Usage is a bizarre bottleneck I’ve only really seen with GoDaddy hosting.)
So… yeah. Much as I like calling the support people at GoDaddy (they’re really nice) the fact of the matter is I almost never have to call support for other hosting companies. (All you really need to know is that I’ve got GoDaddy’s support number on speed dial!)
So I’m just going to say it one more time: Don’t use GoDaddy for shared hosting. If you do use GoDaddy for shared hosting stop. Just stop.
Switch to someone else. Almost anyone else!
Note: here are a few of the companies I’ve been recommending. These aren’t affiliate links and I don’t get compensation for them. I just think they’re good, popular, well-reviewed companies that I don’t have to have on speed dial.
Cloudways.com — they provide managed “big iron” virtual private servers (a.k.a. VPS) for as little as $12/month, but you can easily scale up to handle truly enormous traffic. It’s a little tricky to set up but depending on which provider you use you can often find a data center near your customer base — for instance someone in the Pacific Northwest might be interested in a Vultr server located in downtown Seattle
SiteGround.com — their shared hosting is a little more expensive (once their extremely generous signup discount expires) but they include premium services like hardware caching and image optimization.
Hostwinds.com — Their “business” hosting is very reasonably priced and the performance is great for small sites in located in the Pacific Northwest. This is an “old-fashioned” but also familiar “cPanel” hosting interface. But their business plans use very modern Litespeed web servers. Extra credit: unlike most other companies their “basic” plan is just as powerful and capable as their “ultimate” plan. The only difference is how many sites you want to host.
Does your website use one of the GrowthZone membership managers (including ChamberMaster and MemberZone) for your professional association, chamber of commerce, or other membership-oriented organizations? If so did you know you can integrate your membership pages with your website?
If you have a WordPress website there are two ways you can do this:
- By creating a “template” page so that member pages have the same look and feel as the rest of your website
- By using widgets — snippets of code — to embed bits of information right on your website pages
It’s not easy to find the documentation (here’s a link) but once you get the hang of it it’s pretty fun. And if you don’t find it all that much fun, or you don’t have time to figure it out you can always call us.
Just a reminder that for desktop users the Zoom app we use for meetings (including meetings to discuss maintaining, fixing, or building WordPress websites) doesn’t update automatically. And at least my Mac desktop version doesn’t even remind me to check for updates.
Everyone else may have already known about this so maybe I only need to remind myself. But…
It’s not just a (probably small) security problem if you don’t occasionally update Zoom. It also means you might not get to use some of the whizzy new features Zoom adds, including possible new or improved background options, administration features, better connection times, performance improvements, and better options for audio too.
For Apple Macintosh / OSX users
For Windows users
You can find more information from Zoom’s knowlege base article, “Upgrade / update to the latest version.”
Zoom seems to update their app at least weekly, usually for minor little tweaks and fixes. That doesn’t mean you should update every week but every now and then they do offer interesting or useful enhancements.
The main thing: don’t go a couple of months like I did. I just upgraded from version 5.4-something to version 5.6. There are probably some cool things I… haven’t taken the time to look into because I thought I should write this email first. :-)
Annndddd if by chance you’d like to schedule a Zoom meeting with us here at RealBasics.com you can do so with the very latest version of the Zoom app! :-)
In a private Facebook group about WordPress speed someone asked an excellent question:
I have a question about paid templates for WordPress, e.g. Themeforest.
Is it true that cool looking templates, with e.g. animated buttons or an interesting mouse cursor, are definitely slower and less optimized than the simpler, more standard-looking ones?
It’s true that there are many genuinely awful, bloated, badly-optimized themes in ThemeForest and other “marketplace” theme retailers, though Sturgeon’s Law, which says “90% of everything is cr*p,” has a lot to do with this.
This isn’t an endorsement of ThemeForest or other commodity theme vendors, just an observation that there are plenty of agencies out there with in-house development staff to meticulously hand-code purpose-built themes built from scratch, for thousands of dollars, that also drag their knuckles on page load.
Important! ThemeForest is a popular marketplace site that lets any developer upload and sell WordPress themes. They’re by far the largest such platform and so their name is often used as a shorthand for all such “marketplace” sites.
And finally, no matter how lightweight the theme, performance will crash if the customer decides to use dozens of 4000×4000 pixel, 12 megabyte PNG files in a gallery.
A bigger problem with ThemeForest-style themes is that their typical developer begins with a suite of relatively bloated and increasingly obsolete “bonus” plugins — two or three extraordinary but also extraordinarily bandwidth-intensive sliders, a certain dinosaur page builder, the oldest contact-form generator, etc. They keep using those things because a) those particular vendors offer really attractive licensing deals to developers and because b) new, mostly-DIY customers want as many bells and whistles as possible for the same low, low price.
Better themes on any platform will have demo sites. You can run performance-measuring tools to get an idea of what they’re throwing at you. GTMetrics, or the Network tool in Chrome-based browsers can help you estimate a theme’s performance before you buy.
The good news is that more responsible commodity-market developers will optimize their themes till they’re lighting fast. The bad news is that very, very few commodity-theme customers have the know-how to assess performance and so they’ll tend to base decisions on animated buttons and cool hero images in the demos.
It’s true! In 2020, 80% of websites are still using PHP, 77% use jQuery, and Wordpress has 63% of content-management system (CMS) market share.
And, “worse,” the numbers are increasing. Only it’s not really “worse” at all. When you’re running a business it’s not necessarily “worse” to use common, standard technology as long as it performs well, is easy to operate, and as long as people who can support the technology are easy to find and no more expensive to hire than plumbers, electricians, or general contractors.
It’s an uncomfortable secret in the industry that sites that are custom built with more cutting-edge technologies are often very difficult and expensive to modify. The cutting edge moves very quickly, with the result that the hot development stack from just a year or two ago may now be virtually obsolete. With the result that it’s very difficult to find someone who can quickly understand and modify your site without spending hours or days reproducing the old programming environment, let alone mastering the code used to build it.
In my experience as a WordPress developer it’s often easier just to rebuild an older custom-coded site from scratch in WordPress than to wade into the old code.
For better or worse, WordPress has 17 years of practice handling updates. And for better or worse, WordPress has always had a firm commitment to backwards compatibility. And for better or worse, WordPress has had 17 years of tracking down and squashing bugs.
The comic asks what cool new web technologies will be available in 2030. I’m not promising that WordPress will still be the standard web platform in 2030. By 2030 WordPress may no longer be written in PHP! But! Chances are that for any given year in between there will be a decent migration path from “old” WordPress to “new” WordPress, just as there has been for the last 15+ years.
Analogy: is it “worse” that the number of delivery trucks and vans is growing? Not particularly — as business goes more and more online it makes sense that more businesses are delivering products to customers instead of having customers drive to pick them up. And it’s not like delivery truck technology is standing still — they’re becoming more electric, they’re getting better navigation and collision controls, drivers are becoming more sophisticated, and same with delivery scheduling and routing!
It’s the same with WordPress! As more and more people use it, it’s evolving to meet new needs.
WordPress won’t be around forever. But it will still be around in 2030.
A File Manager plugin can be a very useful tool when you need it, but you can say the same thing about a stick of dynamite! It’s not something you want to leave in the kitchen junk drawer in case you need it later!
David Innes, owner of RealBasics.com
The ultra-tech website Ars Technica reported a serious problem with an already crazy-risky WordPress plugin. Let me quickly explain how to fix it:
Delete the $%# plugin File Manager plugin if it’s installed on your website!
Done? Good. Now let’s talk about why you really, really don’t want or need the WP File Manager, an FTP client plugin, or any other kind of tunnel-into-your-server plugins on your live WordPress website. (Or any other kind of website for that matter!)
Even if the plugin didn’t have coding vulnerabilities, if you can just breeze into your server configuration from your website then… so can anyone else who can get into your site! In other words, even if the code was 100% secure the feature would still be an intrinsic vulnerability.
It’s always going to be 100% safer, more secure, and probably more efficient to use your hosting company’s control panel or a secure SFTP/FTP tool to access, manage, and edit files on your server. It’ll be a separate login for one thing. For another, hosting companies tend to be waaaay more security conscious and attentive than anyone who might randomly access your website’s dashboard — with or without your permission.
Question: do I think the developers who create plugins like File Manager are bad, wrong, wicked, irresponsible, or dumb for creating inherently insecure tools like a File Manager?
No! Not at all! There are certain cases where you really might have no other way to access your file system:
- you’re locked out of your server, for instance.
- your hosting plan is so old and obsolete that their control panel is basically unworkable
- you’re a contract developer trying to debug a particular issue for a client where you don’t have access to their hosting account and you’ve determined that the problem is with a file or directory that can’t be managed any other way.
Those are all really great reasons! But! They’re all really great reasons to install and activate the plugin, and then deactivate and uninstall the plugin the minute you’ve done what needs to be done.
Want to know the real reason 700,000 WordPress websites have the FileManager plugin installed on their website?
- Because they thought they might need it later
- They (or their developer) added it because they needed it while they were setting up the website but then never got around to removing it
Those are really bad reasons. A File Manager plugin can be a very useful tool when you need it, but you can say the same thing about a stick of dynamite! It’s not something you want to leave in the kitchen junk drawer in case you need it later!
Oh yeah, and on the offhand chance you’re actually using the File Manager plugin and you don’t want to delete it? Log in to your site and update it — the update at least appears to have fixed the code vulnerability. (If not the inherent vulnerability.)
First things first: if you got a confusing email from GSuite that says something like “[Action Required] Remove internal links to the G Suite Domain Contact page for your organization” don’t panic!
Bottom line up top: They’re just recommending that you clean up any old links to an out-of-date service that you probably weren’t aware of and almost certainly never used.
The rest of this post is a more detailed explanation, a little more reassurance, what to look for (just in case), where to look, and… a little more reassurance.
Details
If you use Google’s GSuite for Business for email you may have gotten confusing email from them. Here’s what the email says and I’ll tell you what to do about it
Subject: [Action Required] Remove internal links to the G Suite Domain Contact page for your organization
Dear G Suite Administrator,
You are receiving this email because users within your organization may have active links within their documents, websites, scripts, or applications that go to Google’s G Suite Domain Contact page. On August 31, 2020, the Domain Contact page will be removed, since it contains the Admin contact details of Google’s customers. If your users don’t remove internal links to this page in their resources, the links will break as of August 31, 2020, resulting in a “404 Error” code.
What do I need to do?
Instruct your users to remove the following Domain Contact page link within your organization’s internal documents, websites, scripts, or applications:
www.google.com/a/<domain-name>/DomainContact.You will need to provide your users with the <domain-name> for your organization and send them the following step-by-step instructions:
- To remove the Domain Contact link, follow the steps below:
- Step 1: Open your internal documents, websites, scripts, or applications.
- Step 2: Search for any links that reference
www.google.com/a/<domain-name>with your domain name filled in for<domain-name>.- Step 3: Look for links that contain
DomainContact.- Step 4: Remove each link.
- Step 5: Replace the link with a tested, live link to a document or website.
- Step 6: Save your document, website, script, or application.
What if I don’t do anything?
Google is not providing a redirection link for the G Suite Domain Contact page. This may cause a 404 “Page Not Found” error when your internal users attempt to use documents, websites, scripts or applications that rely on the link.
Your domain-names(s) listed below are affected:
- Domain: your-domain-here.com
How can I get help?
If you have additional questions or need assistance, please contact G Suite support. When you call or submit your support case, reference issue number 151080983.
Thanks for choosing G Suite.
—The G Suite Team
What to do if you think maybe you ever did link to Google’s “Domain Contact” service page?
Well. First of all if you did have a link you probably know it! Or more accurately, if you did have a link your company’s probably big enough that you have an IT specialist and they know about it.
What to look for
But just to be sure, as the directions say, to search your site for links that look like
https://google.com/a/your-domain-here.com/DomainContact
Then remove those links
Places to look:
- Your “contact us” page
- Other pages for or about current clients or current employees
- Other pages (unlikely)
- Blog posts (unlikely)
- “Social” links at the top or bottom of every page (possible)
- Other links at the bottom of your page (possible)
- In sidebar widgets (slightly more possible if your site is so old it still has sidebars!)
While you’re at it
- Remove any Google+ links you find, because Google+ is also obsolete
But really, don’t worry. As I said all the way at the top, the folks at GSuite just recommending that you clean up any old links to an out-of-date service that you probably weren’t aware of and almost certainly never used.
This post is a little bit “in the weeds” for regular business owners, but this might come in handy for more adventurous do-it-yourselfers and less-experienced WordPress professionals.
On a closed Facebook group for WordPress users someone asked
I’ve never converted a Visual Composer website to [another page builder.] I imagine it is a total rebuild from top to bottom? Any ‘best practices’ to convert a site that used VC?
Rebuilding usually is the best bet with shortcode-intensive page composers, though in some circumstances the following information might be helpful. All might not be lost but it can be a bit of a pain if you don’t know where to start.
It’s never a bad idea to rebuild from scratch, since Visual Composer most often comes included in “shovelware” themes that have all sorts of other less… necessary plugins, post types, and “demo” content.
I’ve done seven or eight conversions from shortcode-based page builders or Themes (Visual Composer, Aveda, Divi.) The good news is that the shortcodes tend to come in giant chunks.
The other good news is that DIY and low-cost “professional” sites made with Visual Composer rarely use too many features. These kinds of tools tend to be complicated, so most do-it-yourselfers tend to keep it simple.
The following steps will work for converting to other page builders or Gutenberg blocks, or even plain-old classic pages. So if the site isn’t too weighed down you might try the following:
- Disable Visual Composer and any VC-related helper plugins
- Add your page builder if you’re using one
- Open a page with the editor of your choice
- All the old content will be in one giant text or “classic” module
- There will be acres of [shortcode] blocks.
- With just a little bit of practice you can figure out what’s inside the shortcodes — it’s usually an opening block, headers, images, or sometimes column blocks.
- Cut everything out that doesn’t look like real information (e.g. header text, image links.)
- Next, you’ll need to re-apply header formats and re-insert images from the Media Library. If it’s an information-only page that may be all you need to do.
- If the layout you’re copying is a little more complex you may need to add columns and edit/paste content from the main block into smaller chunks.
- If the layout also includes dedicated module content — for instance galleries, slide shows, or contact forms that are built into Visual Composer — you’ll need to re-create those with new tools.
This is useful mainly for sites with lots of simple posts or pages. You’ll usually still have to rebuild the homepage, the contact page, and other “main” pages with more complex content. But I did it recently for a site with tons of reference pages and once you know what you’re looking for it can go pretty quickly.
Photo by tacker 
So another participant in a private Facebook group for WordPress users echoed something I’d said about the importance of making your own backups.
Similar to David Innes I use [a commercial backup plugin] for Scheduled backups ([cloud-based storage firm] is my choice, but there are many others)…
Member of a private Facebook group for WordPress users
And a lot of people when backups have been discussed say “why should I do my own backups when my hosting company does it for me?” – my answer is trust no-one! Make sure you have reliable backups that you have 100% access to in the case of an emergency situation!
It was a great point and here’s how I followed up
Yes! Trust no one is awesome advice when it comes to backups! 😂
(Somewhat) more seriously, virtually all hosting companies do daily backups, and all the halfway decent ones store the daily backups for 30 days. That’s a welcome change.
Less welcome is that they tend to be restore-only backups, meaning you can’t download and archive them. (This makes sense because to save space and processor resources they tend to be incremental rather than complete.)
The downside of that is that after 30 days the backups evaporate. To be fair, if something goes sour pretty much anybody is going to notice within 30 days. But!
- Ransomware often takes that into account and can hold off announcing for 3 or more months!
- With modern caching (CDNS, host-based, etc.) a site’s back end can be totally snarled for weeks or (for one prospect who contacted me) months while still “working” just great on the public side.
- Oh, finally, since I do a lot of emergency-repair work (I really enjoy helping people get back online) I’ve had quite a few clients who don’t notice their hosting account has expired till it’s gone, and I’ve had two clients whose whole hosting provider has shut down and never restarted! In all those cases, server-side, and server-stored backups disappear too.
Anyway, just can’t overstate how important it is to have your own complete, restorable archives in one or more safe places (not just on the server.) Or how important it is to keep copies for at least a year, just in case.
Here’s when RealBasics makes and downloads a backup for our clients
- Manual backup before we start working on their site for the first time (stored for at least three years)
- Manual backup before we start working on their site the next time (stored for at least three years.)
- Automated daily for maintenance clients (stored offsite for about 2 weeks)
- Automated weekly for maintenance clients (stored 156 weeks, a.k.a. three years.)
Bottom line: hosting-plan backups are great. Good hosting companies do the right thing and keep 30 days of daily backups. Restoring from a server backup is almost always dead easy. And…
You still can’t ever have enough good backups!
