The keynote shares some tips and best practices to choose a hosting package for your WordPress sites.
Originally presented by HostDime India at WordPress Trivandrum Meetup on 20 January 2018.
3. ● Once you have decided to build a new website, you will need
a platform who can manage your website content and Data
management.
● WordPress is well-known Website/blogging platform for
content management and website building.
● To install WordPress, you need a place to store your
Website Content.
4. 2. Things to consider while choosing
WordPress Hosting
5. ● Technical support
● Hosting Cost and renewal Price
● Uptime and reliability
● Control Panel
● Upgrade Options
● Security
● Backup
● Migration Services
● Customer reviews and Reputation
● Additional features - CDN Free Plugins, Performance Suggestions
8. Managed WordPress Hosting Containers
● Environment will be pre-installed with plugins and accelerators to favor the Wordpress
Hosting Exclusively.
● Hosting providers handle the hosting setup server optimization and management.
● Supercharged Speed
● Expert Support
● Powerful Security
● Backups
● WP Caching And CDN
9. 4. Comparing web hosting stacks ( Linux /
Windows )
● LAMP/WAMP Dev Stack
● L/W – Linux/Windows, the operating system
● A – Apache, the Web server
● M – MySQL, the database management system
● P – PHP, Python, or Perl, the scripting language.
● What’s the Difference?
10. Point of Interest
● Affordability
● Security
● Smoother Operation
● Flexibility
● Use within Enterprises?
11. 5. Boosting WordPress performance - Hardware &
Software ( Tuning Apache / MySQL / PHP )
● WordPress Load Time
Website Load time - a metric that can take your website to the next level
● How to check your Website Speed?
https://tools.pingdom.com
● Full of technical stuff and metrics
12. What slows it down?
● Webhost Server
● WordPress Configuration
● Page Size
● Bad Plugins
● External scripts
13. WordPress Cache
● Page generation are dynamic, so as concurrent visit increases, the site performance declines.
● Caching reduces multiple-page generation
● Popular Cache plugins are WP Super Cache, W3 Total Cache etc..
14. Optimize
● based on the image file format and the compression
● Image formats
● WP Smush, Lazy Load
15. Other Wordpress Performance Tips
● Keep Your WordPress Updated
● Use Excerpts on Homepage and Archives
● Split Comments into Pages
● Use a Content Delivery Network (CDN)
● Don’t Upload Videos Directly to WordPress
● Use a Theme Optimized For Speed
● Use a Faster Plugin for front end like Slider or gallery
● Split Long Posts into Pages
● Reduce External HTTP Requests
● Reduce Database Calls
● Optimize WordPress Database
● Limit Post Revisions
● Disable Hotlinking and Leaching of Your Content
18. 1. Use strong passwords for MySQL database user.
2. Use strong passwords for admin logins. If possible set an admin username other than using admin
3. Create robots.txt and deny access to defined pages.
4. Create Mod-sec rules for filtering incoming traffic and prevent DDoS
5. Set password protection for wp-admin folder.
6. Deny all IPs in .htaccess except for the admin user.
7. Update the wordpress, its related plugins and themes.
8. Enable Captcha for admin page, comment forums, contact forms for avoiding brute force attacks.
19. 9. Use SFTP for file transfer
10. Block access to wp-config.php
11. iThemes Security plugin can help you change your login URLs. Like so:
Change wp-login.php to something unique; e.g. my_new_login
Change /wp-admin/ to something unique; e.g. my_new_admin
Change /wp-login.php?action=register to something unique; e.g. my_new_registeration
12. Set permissions for files and folders.
Default : Files: 644
Folders : 755 (Avoid using 777)
13.Disable directory listing :
Options All -Indexes >> Adding in .htaccess
14. Finally, backup website regularly.
21. ● Check for the permissions and ownership of files and folders.
● Check for any invalid entries in the .htaccess file. Rename the file.
Make sure that you go to Settings » Permalinks and click the save button. This will generate a
new .htaccess file for you with proper rewrite rules to ensure that your post pages do not return
a 404.
● Check for any heavy resource usage by the website in the server. If so, optimise the website
and use the suitable php version.
● Check for any invalid php.ini file in the root directory
● Check for memory_limit.
● Deactivate the plugins. if not check for themes.
● Reupload the core files from wp-admin and wp-includes.
22. Server-side Security Measures
● Change default ssh port
● Disable root login with authentication. Instead go for ssh key.
● Kernelcare
● Hardware-level Vulnerabilities.
● Use of SSL.
24. ● If the server is having control panel, we can take backups of accounts
with the wordpress installation by scheduling.
● Daily/Weekly/Monthly Backups.
● If control panel is not installed, we can write bash scripts to take backup
manually.
● If the wordpress is installed using Softaculous, within softaculous backup
option is available.
These two types of hosting offer the same level of proficiency. So the type of hosting service you choose greatly depends on what kind of technologies your website needs. For example, if you would like to start a blog with WordPress, or setup an online forum using phpBB, then Linux hosting will be a great choice for you. However, if your website requires specific Microsoft technologies such as MSSQL, you are required to use Windows hosting.
Affordability
Linux is budget friendly, especially in the case of startups. While Windows operating system comes with tedious amount of cost as license fee. It is possible to cut your costs with Windows by getting a Windows Server Data Center license and creating a bunch of virtual machines. No matter what you do with Microsoft products, though, you’re using proprietary software that comes at a cost. The backend systems commonly used by IIS web applications also usually cost money.
Security
Typically startups do not have IT people working for them full-time. That can create a problem because when you’re working with Windows servers, staying abreast of updates can be time-consuming, and there are bad consequences for falling short.
Smoother Operation
MySQL, Apache and PHP are best used with Linux because that’s the main OS environment in which they were developed. In other words, Windows is just not quite as compatible with these open-source projects.
Flexibility
Companies often spend a good amount of time planning an upgrade to newer version(s) of IIS, .NET, Visual Studio and SQL Server, while it is easy to work with Linux environment for the ease of its configurations.
Use within Enterprises?
Linux stack might work well for startups, but is it the right choice for a large enterprise such as a university, government agency, or sizable company? It is, provided it’s the right situation. Large portions of Web giants such as Google and Amazon run on Linux as well.
Why Speed is important
Studies show that from 2000 to 2016, the average human attention span has dropped from 12 seconds to 7 seconds.
What does this mean for you as a website owner?
You have very little time to show users your content and convince them to stay on your website.
A slow website means users will potentially leave your website before it even loads.
According to a StrangeLoop case study that involved Amazon, Google, and other larger sites, a 1 second delay in page load time can lead to 7% loss in conversions, 11% fewer page views, and 16% decrease in customer satisfaction
How to check Website Speed?
Often beginners think that their website is OK just because it doesn’t feel slow on their computer. That’s a HUGE mistake.
Since you frequently visit your own website, modern browsers like Chrome store your website in cache and automatically prefetch it as soon as you start typing an address. This makes your website load almost instantly.
However, a normal user who is visiting your website for the first time may not have the same experience.
In fact, users in different geographical locations will have a completely different experience.
This is why we recommend that you test your website speed using a tool like Pingdom.
It is a free online tool that allows you to test your website’s speed from different locations
Your speed test report will likely have multiple recommendations for improvement. However most of that is technical jargon which is hard for beginners to understand.
The primary causes for a slow WordPress website are:
Web Hosting – When your web hosting server is not properly configured it can hurt your website speed.
WordPress Configuration – If your WordPress site is not serving cached pages, then it will overload your server thus causing your website to be slow or crash entirely.
Page Size – Mainly images that aren’t optimized for web.
Bad Plugins – If you’re using a poorly coded plugin, then it can significantly slow down your website.
External scripts – External scripts such as ads, font loaders, etc can also have a huge impact on your website performance.
WordPress pages are “dynamic.” This means they’re built on the fly every time someone visits a post or page on your website. To build your pages, WordPress has to run a process to find the required information, put it all together, and then display it to your user.
This process involves a lot of steps, and it can really slow down your website when you have multiple people visiting your site at once.
That’s why we recommend every WordPress site use a caching plugin. Caching can make your WordPress site anywhere from 2x to 5x faster.
Here’s how it works: Instead of going through the whole page generation process every time, your caching plugin makes a copy of the page after the first load, and then serves that cached version to every subsequent user.
As you can see in the graphics above, when a user visits your WordPress site, which is built using PHP, your server retrieves information from a MySQL database and your PHP files, and then it’s all put together into a HTML content which is served served to the user. It’s a long process, but you can skip a lot of it when you use caching instead.
There are a lot of caching plugins available for WordPress, but we recommend using the WP Super Cache plugin. Check out our step by step guide on how to install and setup WP Super Cache on your WordPress site. It’s not difficult to set up, and your visitors will notice the difference.
Images bring life to your content and help boost engagement. Researchers have found that using colored visuals makes people 80% more likely to read your content.
But if your images aren’t optimized, they could be hurting more than helping. In fact, non-optimized images are one of the most common speed issues we see on beginner websites.
Before you upload a photo directly from your phone or camera, we recommend that you use photo editing software to optimize your images for web.
In their original formats, these photos can have huge file sizes. But based on the image file format and the compression you choose in your editing software, you can decrease your image size by up to 5x.
At WPBeginner, we only use two image formats: JPEG and PNG.
Now you might be wondering: what’s the difference?
Well, PNG image format is uncompressed. When you compress an image it loses some information, so an uncompressed image will be higher quality with more detail. The downside is that it’s a larger file size, so it takes longer to load.
JPEG, on the other hand, is a compressed file format which slightly reduces image quality, but it’s significantly smaller in size.
So how do we decide which image format to choose?
If our photo or image has a lot of different colors, then we use JPEG.
If it’s a simpler image or we need a transparent image, then we use PNG.
The majority of our images are JPEGs.
MySQL Tweaks
Apache Event Configurations
Installing and using Memcached
Installing and using Varnish
Enabling PHP opcode caching
WordPress Page Caching configuration