Website hosting & security
A dependable website hosting company is a crucial partner for your internet marketing efforts. We recommend using “managed WordPress hosting” which means the company where you host your website will also take care of other things for you like:
- moving your website to their hosting
- installing HTTPS
- optimizing your website speed
- keeping WordPress up to date
- keeping your plugins up to date
- regularly backing up your website
- keeping your website secure from hackers
Or you can use a company like Find Local Company which takes care of all these things and much much more for you 😉
Managed WordPress hosting is more expensive than a scaled back website hosting platform but in our opinion managed hosting is worth the investment and over the long term, you will save money and heartache by working with true professionals.
If you are someone who insists on hosting your website on your own, we would recommend using the following plugins:
Wordfence Security – Firewall & Malware Scan
Wordfence Security is an “all in one WordPress security solution”. Using Wordfence is a great first step but Wordfence will not ensure that your website will be fully secure, far from it. Wordfence has a number of useful features that can greatly increase the chances of your website staying safe. The most useful Wordfence feature that we have found while using the Wordfence plugin is its notification option, among plenty of other updates, you will receive an email when:
- a new WordPress update is released
- a new version of a plugin you use is released
- there’s a security update of WordPress or a plugin you use
- a plugin that you use has a security issue
- a plugin that you use was removed from the WordPress directory
WordFence has plenty of other useful options besides notifications. The notifications is a small feature of the Wordfence functionality that wasn’t even mentioned on it’s plugin page. We focused on the notifications in our eBook because we believe staying up to date with current updates can prevent you from having to deal with other issues.
But why would anyone want to hack my website?
A ranking factor for Google and other search engines is the popularity of any particular website, one of the ways to assess a website’s popularity is by counting the number of links (backlinks) and the quality of backlinks that a website has pointing to it from other websites around the web.
Because of the quantity of backlinks being a ranking factor, there are people working full time on trying to hack every website possible to put links to their websites and their products on your website. The scariest thing is that after some hacks, you won’t even see that your whole website was replaced by a completely new one.
After a hack when you open your website, your site will seem normal, but when Google tries to index your hacked site, Google will see the hacked version of your site with links to other websites and products. Hackers don’t want you to be suspicious and even worse for them, try to fix your website.
After a while your website will drop in traffic for your keywords and will instead start showing up for the hacked keywords. If Google notices that your site may be hacked, Google will block your website from its search results or display a warning next to your website. Sometimes after a hack that was not caught early, it can be easier to just start a new website on a new domain than trying to recover from the hack.
The fact that hacking is so prevalent is another reason that we recommend using a managed hosting solution, if you don’t have the time or willingness to take care of your website health, you should outsource the care of your website to someone that has the expertise to proactively manage your site.
UpdraftPlus WordPress Backup Plugin
There are instances when you need an older copy of your website, for example:
- a plugin or theme you installed or updated crashed your website
- you change some setting and now the website stopped working
- your site got hacked
The examples above is where the UpdraftPlus plugin will save you a lot of time and headache.
Unfortunately sometimes your website will inevitably stop working correctly, there can be a number of reasons for your website to stop working, from hosting problem, a plugin that breaks, a security update that messes up some code or through someone hacking your website. Whatever the reason, you should know about your website going down right away and the uptime monitor can notify you anytime there is a problem.
We recommend using an uptime monitor even if your using a managed WordPress hosting platform as you can never be too careful.
WebGazer is an uptime monitoring service, you can register here.
After filling in the information above click “Add Gazer”, fill in your website details and if your website goes offline you will immediately get an email notification from WebGazer about your website going down. You will also receive stats about your website average response time and any time that your website was offline. Knowing when your website has been offline is information that will come in handy when evaluating your website hosting provider.
Adding HTTPS encryption to your website
Having Hypertext Transfer Protocol Secure (HTPS for short) on your website means that the connection between your website and the person who is browsing your website is encrypted and third parties can’t monitor the connection.
HTTPS is important for the privacy of your visitors and HTTPS is also a ranking factor for Google when deciding which pages should be higher on the Search Engine Results Page (SERP for short). HTTPS is a box that needs to be checked off for SEO but just because your website is HTTPS does not mean that you are going to rank much better in the SERPs. Google admits to at least 200 different factors that impact the SERPs and HTTPS is one of the minor factors.
Another reason for having HTTPS is that Google Chrome (by far the most popular browser in the US) will show a “Not Secure” notification to its users when they are browsing your website, and many times if a user sees “Not Secure” they may leave your website right away.
The HTTPS issue might be more difficult to fix than most of the issues that we have touched on in this eBook. We can’t go into detail on how to add HTTPS to your website because adding HTTPS will depends on your hosting provider.
In general, to add HTTPS to your domain you should check your hosting providers website for an article on adding HTTPS. Adding HTTPS should be free using Let’s Encrypt which “is a non-profit certificate authority that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge” (via. Wikipedia), but sometimes hosting companies want to sell you proprietary certificates as they may not support Let’s Encrypt. When your hosting provider does not support Let’s Encrypt you either have to buy what they’re selling or consider changing your hosting provider. If your hosting provider does not support Let’s Encrypt, that might be an indication of other nickel and dime fees they charge that will add up over time.
If you don’t want to spend a lot of time on your website we again would recommend moving to a “Managed WordPress Hosting”, the managed solutions are about three times more expensive than generic hosting but in most cases managed hosting is worth the price and things like moving your website to the new provider and installing HTTPS will be done for you.
Before doing anything concerning HTTPS encryption we would recommend doing a full website backup. There are things that can go wrong when installing HTTPS and you don’t want your website offline.
After installing a certificate on your hosting you have to force WordPress to start using the new https:// address, to force WordPress to start using the new https:// address we recommend using the Easy HTTPS Redirection plugin.
After installing and activating the plugin the only thing left to do is “Enabling automatic redirection to the “HTTPS”” in the plugins panel. And if you use the aforementioned W3 Total Cache plugin, you will need to clear the cache.