Should you stream audio or video from your shared hosting account?

By David Innes, | May 5, 2019

victrola photo

Photo by Flickr user LRD615

It’s not a good idea to stream audio or video directly from your WordPress website.  Especially on shared hosting.  Uploading may be easy for you but can be glitchy for your users, and costly for mobile users on limited data plans.

On a Facebook group for new WordPress users someone asked

“Generic Website questions pertaining to downloads – so i have a series of video and audio and transcripts for sermons on my site – do people download much to their phones – instead of watching it online – why would they download it to their phone? I’m an old man i guess and I’ve never downloaded to my phone unless it was an app – other than that ??? thoughts…”

Relatively few people download raw video or audio to a folder on their phones. Some do but usually they’ll use an app for that — a music player like iTunes, a podcast app, etc.

Those who do download files have two main reasons.

  • So they can listen or watch when they’re offline or when they have really expensive data plans.
  • When their bandwidth or streaming quality is really low.

The second can happen when your phone signal is really low, but it can also happen when a website author uploads the audio or (especially) video files directly into their shared-hosting website (their WordPress media library, for instance) instead of uploading it to a streaming service (e.g. YouTube, SoundCloud, Vimeo) or just high-volume cloud storage (e.g. Amazon Web Services.)

The problem is that shared hosting often can’t stream fast enough to avoid glitching when more than one visitor is streaming at once. And unlike video streaming services that will radically compress and buffer video for phones and other low-resolution or low-bandwidth devices, if you upload a 4K video your site it will struggle to stream the entire 4K video even though the user’s phone may only be 400 pixels wide!  (In other words, streaming audio or video from your shared-hosting server can waste huge chunks of a user’s data plan.)

In those circumstances users wait till they’re on WiFi and download to watch or listen may be the only reasonable choice.

Incidentally, while they may not actively block you most shared hosting plans say right up front that their servers don’t support streaming audio or video.

Bottom line: use a 3rd-party streaming service if you want to share streaming content on your average WordPress website.

Extra bonus points: While this isn’t strictly related to performance, most SEO experts will remind you that YouTube is the #2 search engine in the world after Google!  For better or worse that makes uploading your videos to YouTube and embedding them on your own site can double your exposure.  That plus any references or links you add to your video or captions create inbound links to the rest of your site.


How much to build a (Real Estate) website?

By David Innes, | May 3, 2019

for sale photo

Photo by Flickr user Matt_Lodi

In one of the Facebook groups for WordPress developers I follow someone asked: “Question what is the average charge or cost to a customer to build them a real estate web site?”  And someone answered: “Anywhere from $1500 to $100,000.”  That was not a flippant answer.  Here’s why.

I happen to be working on this question at the moment. I’ve been approached by a senior Realtor who’s mentoring younger ones. He’s asked if I could put together a reasonably priced package for new Realtors with a simple, streamlined plan and timeline.  Not cheap, not cookie-cutter, but not high-stress for the Realtor either.

I can tell you that the base price for a five page site with standard back-end provisioning would be cheeeeep!  You can build a five-page site in about the same time it takes to put together an IKEA Billy bookshelf!

The trick for a website, like the trick with a book shelf, isn’t how you put it together, it’s what you put IN it.

Photos. Writing. Testimonials. Service area marketing and market research. A carefully curated portfolio of properties sold (to appeal to sellers) and clear message of value, trust, and differentiation (not properties!) to get buyers to call.

That second part?  Knowing and gathering what to put in the website?  That part ISN’T cheap. At all!  But unless there are fewer than maybe 10 Realtors in a town, if you don’t have that second part then the cheapest ThemeForest demo-ware site (with the typical full front-page MLS/IDX listings to send your visitors to other brokers’ listings!) is just gonna waste your time and the Realtor’s time and money.

I’m going to say the actual WordPress + theme + plugin component should be no more than a third and maybe only a fifth of the total cost compared to market research, written content with clear calls to action, graphic design and elements acquisition, business coaching, and especially photography, and videography.  And that’s just the stuff that has to happen before the site goes online — a successful Realtor’s site will need consistent content updates as the market changes, portfolio updates, and new blog posts to help capture seasonal, regional, and economic changes in their market.

A multi-agent real-estate company site is a different question. MLS/IDX makes sense for that, for instance. But unless it’s for a seriously small town in a pretty depressed market you wouldn’t use a ThemeForest theme for that either — you’d be talking real money!

That’s why the first comment on that Facebook group isn’t as flippant as it sounds…


Belts and suspenders, eggs in one basket, backup plans, and A2Hosting ransomware!

By David Innes, | May 2, 2019

locked out photo

Photo by docoverachiever

The popular A2Hosting company is struggling with a ransomware attack that’s knocked quite a few of their Windows-server clients offline.  While we’ve recommended A2Hosting to some of our WordPress clients we direct them to Linux hosting so they’re unlikely to have been affected by this attack.

Ugh! Ransomware is a serious problem for smaller ISPs and hosting providers. I’ve briefly mentioned ransomware before, but a few years ago one of my clients’ small local host went down, taking literally their entire enterprise with it. The owners of the hosting company literally couldn’t afford the ransom — it was multiple times their annual revenue — so they just gave up. My client and every other client of the hosting company was simply gone — no on-site backups, no access to DNS records, domain registrations, email, archives, NOTHING!  My client’s online presence had completely disappeared!

And as we all know, ransomware exploits typically wait 3-6 months after infection before performing a lockout to ensure that all reasonable backups are also toast.

This wasn’t one of my maintenance clients but I did occasional work for them and always make and retain my own backups. And their IT service had backups of all their email. But it took days to re-acquire their domain from ICANN and get them back online with a new (not-so-small) hosting company.

Kind of daunting to realize a company as large and generally savvy as A2 is also vulnerable!

All the more reason every business website owner should

  • Register your domain with one company
  • Host your email with a different company (probably Google or Microsoft or someone else REALLY big.)
  • Host your website with a third company
  • Make and keep offsite, isolated backups out the wazoo, including backups of your DNS settings, FTP/SFTP paths, etc.
  • DON’T rely solely on 30-day backup schemes, not from your host and not even from 3rd-party backup providers.

Is the California Consumer Privacy Act the next GDPR? Yes, so don’t worry

By David Innes, | April 29, 2019

privacy photo

Photo by doegox

A friend in the local WordPress Slack channel cited a recent post on the tech site Ad Age and added “in case you haven’t heard – California’s new “Consumer Privacy Act” (‘GDPR’) law goes into effect January 2020. Clients should start taking their Privacy Policies more seriously. Fines of $750/privacy violation + AG can sue for $7,500 for each ‘intentional’ violation.”

Marketers and tech companies confront California’s version of GDPR
California passes digital privacy law similar to the GDPR and yes, every brand, agency and tech company under the sun will be impacted
Ad Age, Jun 29th, 2018

As I used to tell my children, take three deep breaths.  No, every brand, agency, and tech company under the sun probably won’t be “impacted” by California’s Consumer Privacy Act.

Observation #1 from the GDPR thing: lawyers made it sound way scarier than it actually was. That’s not knocking lawyers, but their job is to ensure zero liability for clients even if it costs them infinite billable hours

Observation #2 from the GDPR thing: virtually nobody cares — to the best of my knowledge no one’s ever used GDPR to sue anyone except maybe Google and Facebook under GDPR, and those people were suing them anyway.

Observation #3 from the GDPR thing: In a timely manner WordPress developers added features for GDPR compliance (stating your policy, right to see what the site “knows” about you, right to remove that stuff) are common courtesy and good user hygiene anyway.)

Observation #4 about the new CCPA: Most of what you’re going to see will be written by lawyers, who’ll take the worst possible cases to heart.  If it’s actually a big deal then a plugin and/or WordPress core will deal with it. Otherwise if a site is generally GDPR compliant it’ll be CCPA compliant too.

Observation #5 Unless you cough up a massive data breach that exposes sensitive user data (that you shouldn’t be storing on a WordPress site anyway) you’re probably going to be fine.

More level-headed head-to-head comparison from the privacy policy group

Bottom line this is another one of those chicken-little situations where as long as you’re doing the reasonable things to protect user privacy (and it’s not actually that hard to do) then complying with user privacy regulations isn’t that big a deal.


Don’t hire really big companies to build small websites!

By David Innes, | April 29, 2019

abandoned work photo

Photo by darkday.

Here’s why you’re probably better off with a small firm the specializes in websites than hiring a large marketing firm that builds websites “on the side.”

Brief local history lesson: In Washington State in the 1980s, a rural water district approached a large, prominent engineering firm to design a very small dam across a very small stream to help control minor spring flooding.  The engineering firm asked for and received several million dollars and, after much measuring, surveying, and quite a few months they delivered a plan for a 50-foot high concrete hydroelectric dam.  One that in today’s dollars would cost perhaps $100 million.  Then or now the amount was higher than the total assessed value of all the property in the district!  Bonus points: the flow of the stream was so low they estimated it would take four years to fill the reservoir behind it and even then it would only generate electricity a few months out of the year.

The district approached a smaller firm that put together a plan for a 10-foot dam that a) controlled flooding, b) cost just a few hundred thousand dollars.  Oh, and c) even had a low-head hydroelectric generator that would work year round.

The district had paid the original firm nearly ten times more for unworkable plans than they paid the other firm to design and build what they’d actually wanted and needed.

While I’m not knocking the large engineering firm for demanding millions of dollars to design something they were used to building, I do knock them for not designing the dam their clients actually wanted and needed.

Which brings me to this headline from the tech news website TheRegister

Accenture sued over website redesign so bad it Hertz: Car hire biz demands $32m+ for ‘defective’ cyber-revamp
Rental firm fuming after consultancy ‘never delivered a functional site or mobile app’
By Kieren McCarthy in San Francisco 23 Apr 2019 at 21:12

While I’m not knocking Accenture for demanding forty odd million dollars for a website I am going to knock them for not even bothering to make the site work on mobile devices.  Ok, actually I am knocking Accenture.  Forty million smackers is a heck of a lot of money for a $%!#% website!!!

Just to be clear, I’m not saying Hertz should have hired us to rebuild their enterprise website either.

Both the local water district and Hertz’s cases the projects they needed completed were far below the scope and scale of the companies they hired.  The engineering firm was used to bidding billion dollar public works.  Accenture (an accounting, management, and “professional services” firm, not web developers) had revenues of 41 billion dollars in 2018.

In both cases the projects they were asked to undertake amounted to rounding errors in their grand schemes of things.  And so in both cases they simply weren’t able to think small enough.  Or their idea of “small” meant only “less giant, and less over budget than our day jobs.”

Ok, so let’s bring this down to earth: if you’ve got a small to midsize business and you need a website you’ll probably be better off hiring a small web design and development company than hiring a large marketing firm that builds websites “on the side.”

Websites aren’t necessarily cheap, but compared to a television ad campaign they’re not even a rounding error.  And so even the best-intentioned large marketing company is going to be hard-pressed to understand your budget.

For the record I do know a tech group that regularly bills in the five million dollar range for websites. For sometimes stupidly simple final sites.

The “secret” is they work for major brand marketers for whom $5 million is a rounding error. But to get to one final site they might generate dozens of fully functioning finished sites a month trying to stay on top of the design changes coming out of the clients marketing departments.

Each one has to be meticulously optimized, photographed, up-designed, usability tested, manually tweaked for dozens of target devices, made accessible… and then ditched because some new idea comes along from up top.

Which I’d just another way of saying $32 million sounds like a heck of a lot of money. Even at $1,000 a pop for a favicon there can’t have been 32,000 other components that cost $1,000 each!



Should You Use Round Cube vs Horde vs Squirrel Mail for Email or Should You…?

By David Innes, | April 29, 2019

This post answers the question whether to use Horde, SquirrelMail, or RoundCube for webmail

Question from a client:

[My Hosting Company] is asking to select default between Round Cube, Horde, and Squirrel Mail for the email… Not sure which too choose?

For decades now most web hosting companies include email with their server plans.  And all of them offer the same three, decades-old webmail clients as well: RoundCube, Horde, and SquirrelMail.  We’ll discuss whether you should use any of them in a moment (short answer, no, you shouldn’t use shared hosting for email) but let’s answer the client’s actual question first.

Not sure which to choose?  According to the official cPanel documentation here’s the difference:

  • Horde is for users who need a full suite of features that includes mobile email access and advanced productivity tools.
  • RoundCube is for users who need a user-friendly web interface with some additional features available.
  • SquirrelMail is for users who need a simple interface with which to read and reply to emails.

Most modern hosting plans will let you try them all out — using one won’t stop you from using another!  And if you like one more than another, most hosting plans will let you choose a default.

And if you don’t have any other email accounts, and you don’t already use another web-based, desktop, or mobile application for email, any one of the three will probably do a fine job.


If you do have other email accounts, and if you do use Outlook, iMail, Gmail, Yahoo, etc., then you can use one of those instead.

Chances are your hosting company’s control panel has configuration information for desktop and mobile.

If you use a different web, phone, or desktop mail client chances are you can use that instead.

Point being that while it’s nice that you can use one of the webmail clients from your hosting company, chances are you really don’t have to.


But what if the malware is on your browser not your website?

By David Innes, | April 28, 2019

Visit the FotoForensics browser malware and spyware test page.

Here at RealBasics we care a lot about keeping websites secure and sustainable.  But occasionally a client will say there’s something funny going on.  For instance that their website is showing advertisements or popups — something we never build into client’s business websites.*   This occasionally happens to computer security researcher Dr. Neil Krawetz, who did something about it!

“If you see ads on your browser when viewing any of my web sites, then it’s not because of anything I’m doing. More likely than not, your browser or computer are infected with adware, spyware, or other kinds of malware. … I just added a new test to my malware tutorial. Test #3 checks for unexpected HTML alterations” — Dr. Neil Krawetz

You can use his malware test too!  It’ll test your browser for evidence of malware or spyware, evidence of an ad blocker, and evidence that your browser or an up-stream service (your data provider or ISP!) is altering results.

Click here for a quick check.

Pretty cool.  And free!

Note: like Krawetz we’re unable to help people with hacked browsers — you’ll need a computer or phone repair person for help with that.  But if your browser gets a clean bill of health but your site’s still not doing what you think it should?  Give us a call — we love fixing websites.

* We think ads are a terrible idea on business websites.  Getting a prospective client to visit your site either takes a lot of effort or a lot of luck — far more than the few pennies you’re likely to get for hosting an ad that… leads your hard-earned prospect to leave your site and visit someone elses!


Three questions every business site should answer, one question every business site should ask…

By David Innes, | April 28, 2019

“Market Street” photo by Pixabay contributor Geralt

Every business website needs to communicate three things quickly and clearly to their ideal clients – your value proposition, a reason to believe, and your distinctive difference from your competitors.  The more quickly someone gets those three things the sooner they’ll answer your call to action.

Value Proposition — you’re worth it!  better, faster, less expensive, more options, better communication

A value proposition is a promise of value to be delivered, communicated, and acknowledged. It is also a belief from the customer about how value will be delivered, experienced and acquired. A value proposition can apply to an entire organization, or parts thereof, or customer accounts, or products or services — Wikipedia

Reason to Believe — you’ll do it!  Experience, satisfied customers, clear examples, brand familiarity, portfolio of your product or service or self

Establishing brand identity using the concepts of value; values; personality; attributes; and benefits. A reason to believe should always accompany your brand statement. It builds the case for the target audience accepting your brand position or unique selling proposition as true and credible. — Market Directions

Distinctive Difference — why choose you instead of your competitors.  You’re not one-size-fits-all, you’re the right fit for your ideal client!

By focusing on the needs and wants of a target market, a company can deliver more value than its competitors. The marketing concept emphasizes the “pull” strategy”. This means that a brand is so strong that customers would always prefer your brand to others.  — Oxidian GmbH

Call to action — the action you want a visitor to take that changes them from a passive observer into an active client: call or email you, click “buy now,” schedule a meeting or appointment, sign up for service or more information.

Of course every page on your site should have at least an implied call to action.  “About you?”  You want visitors to decide you’re credible, capable, experienced, and likable.  Portfolio or testimonials page?  You want them to decide “I want you to do that for me.”  But your entire site should have an overall call to action: call us, email us, buy now, book an appointment, sign up, buy a ticket… the overall action you want someone to take once they recognize your value, believe in you, and decide what makes you different.


Moving websites on shared hosting is easy, moving email on shared hosting is hard so…

By David Innes, | April 20, 2019

mailbox photo

Photo by Flickr user Jo@net

This post is about choosing a 3rd party to host your company’s email instead of using the free email service that comes with almost all shared hosting plans.

I got a call on Friday from a former client, a small, highly-technical business with a handful of very large, old-school Fortune 100 customers. Their site and email has been on BlueHost for more than 15 years!  Unfortunately, the network address on his server was recently blacklisted.  His site and email were fine of course.  However as a shared-hosting customer his site in on a large server that’s shared with hundreds or even thousands of other accounts.  One of the other accounts was hacked or otherwise got blacklisted for spamming and so he and everyone else on his server ended up blacklisted too!  As a result, his biggest client’s IT department started bouncing all his email!  Yikes!

This is another very good reason why it’s important for businesses to host their websites, email, and domain registration with different companies.

As a web developer my biggest considerations for choosing email hosting are

  • spam filtering, which is good,
  • blacklisting, which is bad, and
  • spam-filtering email from the contact form, which is also bad.

That last one’s kind of tricky so here’s a quick explanation: an email provider should be able to understand when your web server sends email from the same domain name your mail server is managing.  If it doesn’t understand this then it’ll assume your web server is trying to spoof or spam using your email address.  Depending on your mail provider it can be easier or harder to “reassure” them that your web server is authorized to send you email.

Moving websites is easy. Moving email’s a serious nuisance. No matter who you go with, if you have multiple email addresses and especially if you use 3rd-party mail clients like Outlook, iMail, Thunderbird, etc., at the very least you’ll have to change their IMAP and POP settings when you move your email.

Google’s GSuite for Business and Microsoft Office 365 have excellent spam filtering and zero problems with blacklisting, and for roughly $5.00 per mailbox they also offer excellent interfaces and a ton of goodies like calendars, office-productivity tools, and storage.  They’re my top two choices… but there’s a reason I almost always recommend Google’s GSuite.

Google’s server settings are super easy to set up, so bouncing website contact email is rarely a problem. Many cPanel hosting plans let you change the settings for Google with one click!

It’s another story with Microsoft Office 365.  Unless you’re willing to give me administrative access to the client’s backend Microsoft 365, on the other hand, is a giant pain to deal with when it comes to getting all the settings right on a web server. If you don’t get everything just right they bounce your contact form notifications and other email from your website. I mean, it’s awesome that they take security that seriously, but it’s still super annoying.  (To be technical about it they’re so strict they recommend you use their nameservers and add A and CNAME records to whoever’s doing your actual web hosting.

So strictly from my selfish, egocentric WordPress web-hosting point of view, while Google and Microsoft are the #1 and #2 choices for never-move-it-again email hosting, Google’s GSuite is my first choice and Microsoft 365 is a distant second.

Note: if you’re not ready to make a change this post can help you make the most of your shared-hosting email.


We like to help people with slow websites…

By David Innes, | March 20, 2019

Sample GTmetrix results before and after - performance rating from F to A, from 44% to 99%, from 9.5 second upload to 1.8, from 6.6 megabytes to 1.77

When we bring a new client onboard for a site cleanup we use the excellent GTMetrix tool to assess site performance before we begin and after we’ve worked on it.  We’re always proud when we can see results like this.

This client came to us with an “orphan website,” one that their previous developer had mostly finished and then disappeared.  The site was built using the resource-intensive DIVI theme, hosted on a middle-of-the-road shared-hosting server.

What we did in this case, in addition to “loading down their site” with security-monitoring and SEO plugins was…

  • Add and configure a good caching plugin
  • Optimized all the images so they’d download faster
  • Cleaned up and optimized the database to reduce query times
  • Replaced a number of crusty, slow-performing plugins with newer, much more efficient ones
  • Hand-resized some of the images to better fit the page (reducing some image sizes by more than 90%)
  • “Minified” and consolidated helper files (css, javascript) to reduce the total number of files downloaded from 114 to a respectable 34T

We’re pretty happy with the results before and after: Changing the performance rating from F to A, the PageSpeed score from 44% to 99%, the page load time from 9.5 second upload to 1.8, and the page size from 6.6 megabytes to 1.77.

You can do most of those things yourself with the right high-quality, open-source plugins from the WordPress repository.  Or get in touch if you’d rather we do it for you!