The brutal truth, in most cases, you are the problem. There, I’ve said it! The website owner is the biggest threat to any WordPress site. If you’re not taking the proper steps to protect your website, who is? I can tell you it’s not your five dollar a month hosting company! This is were WP Engine fills the gaps and becomes one of the most important assets a website owner can have!
WP Engine has worked hard to build an infrastructure that not only keeps your site secure, online, and fast, they also put a lot of focus on reducing the amount of time required to manage your site.
This article will show you how to take the “you” out of the problem.
Picking a Reliable Hosting Provider
Too often I see people asking in social media groups where to get free hosting or which company has the cheapest hosting for a WordPress websites.
These questions show complete ignorance and a complete lack of foresight. Price has nothing to do with picking a reliable hosting provider.
As you read through the additional sections in this article, I will guide you through the important aspects of picking a reliable hosting provider.
Hosting Support and Beyond
Any hosting provider that offers Managed WordPress Hosting, but does not offer support for WordPress should be avoided.
GoDaddy for example, does not offer support for WordPress, unless you purchase a support subscription, and then, if you’re lucky and you issue is covered by their limited scope, be prepared to wait a couple days before hearing from one of their WordPress support team members.
You want a company that takes ownership of their own products, but Managed WordPress products should also include help when you have questions or issues with your WordPress site.
Now don’t expect these hosting companies to solve all of your WordPress issues, that is not what I am suggesting here. However, when you have a simple conflict error, or a fatal error displayed on your site, they should be willing to take a look, and provide some basic level assistance.
They should be skilled enough to identify the issue and point you in the right direction towards fixing the problem.
I’ve been personally using WP Engine since 2009, and they have some of the most knowledge support staff I’ve every used at a hosting company. Even more, I really appreciate that they are always available (24/7) for support via chat.
Most of the time, when we need support, we need it now, and waiting for an email just isn’t going to work. I love that we can easily and quickly connect with a support member and get our questions answered almost instantly.
Keeping Your Site Updated
This is it! The biggest vulnerability to any WordPress website is out of date plugins and themes. Most hosting companies that offer Managed WordPress products also provide some sort of auto updates.
This is important, only enable these features after verifying with your hosting company that they are performing backups before the auto updates are performed.
Additionally, confirm that your host is performing visual regression testing after the updates. This is a check looking for any errors, if any are found, the updates are reverted using the pre-update backup.
WP Engine, by default, has auto update activated for WordPress core and their system will perform a update before and after the update, along with regression testing to ensure the update did not break your site.
However, WP Engine does not auto update immediately, they first test the latest version to ensure there are no platform issues and any major issues with the latest version of WordPress. Only after the update passes the test, will WP Engine initiate the auto update process.
You can not disable this feature, but you can defer the next update if you know your site is not ready and you do not want the update breaking anything.
As of the release of WordPress version 5.5, WordPress now offers support for auto updates of plugins and themes. However, we do not recommend enabling this feature! There is no backups, and no visual regression testing. You may not know your site is down until one of your customers calls you.
With the assistance of WP Engine’s Smart Plugin Manager, you can now take advantage of the same powerful update process WP Engine uses for WordPress core updates for all of your plugins.
Another step in helping to take an important task off your shoulders!
There are a ton of backup plugins available in the plugin repository.
The issue with most of these plugins, unless they integrate with a third party file storage service like Dropbox or Google Drive, your backup files are being stored in your wp-content folder. Which means, if your hosting provider is unreliable, or you forget to pay your bill, you could not only lose your site but all of your backups too.
Automated backups is probably the first thing listed for most Managed WordPress hosting features. These backups are usually performed once a day, and stored, hopefully, on a secure server separate from your hosting account.
Some hosting companies do not allow you to download these backups or perform your own on demand backups. In these cases, the only access you’ll have is when you need to perform a restore.
WP Engine has one of the most accessible backup systems I’ve seen in a Managed WordPress hosting provider.
Their backups are stored for 30 days, you can download them, you can manually create a backup at any time, and you can restore from any of the available backups.
Even if you are using your hosting providers backups feature, it’s not a bad idea to also use a backup plugin, when it comes to your data, redundancy is a good thing!
Below are the plugins we recommend. Each of theme supports storing your backups in an offsite location.
There are also services like ManageWP that connect to your site via a plugin, but will allow you to manage backups and store them offsite.
Security can be complex and complicated when you start talking about servers and firewalls etc. While I don’t want to get into the details of what security is and how much you should have, I will say, you want to make sure you have enough.
If you’re using a cheap hosting provider, like GoDaddy, I’d recommend adding an additional layer of security, their shared hosting environments, which their Managed WordPress product is built on, is not as secure as you want it to be.
GoDaddy offers website security provided by Sucuri, which is a great service for protecting your website, and we do recommend using it, however, even with Sucuri you’re still vulnerable at the server level.
When it comes to security, WP Engine has gone above and beyond to provide several layers of server side security that is unlike any Managed hosting provider I’ve used.
They’ve got the basic covered. Things like:
- Integrated SSL Certificates
- The latest software (i.e. PHP 7.4 & HTTP 2)
- Encrypted backups
- WordPress core updates
However, where they really shine is in their advanced security features:
- Threat Detection & Blocking
- Plugin Vulnerability Mitigation (more on this below)
- Continuous Monitoring
- Global Edge Security
I’d encourage you to click through and read more about each of these features because they are really important.
Adding some redundancy to your site security isn’t a bad idea. You can never be to secure, and while WP Engine adds a ton of security to the site level, it’s still your responsibility to secure your site.
These are a few of the security plugins we recommend:
We’ve already covered plugin updates and WP Engine’s Smart Plugin Manager, so in this section I want to focus on a couple additional aspects to managing your plugins.
- Plugin Vulnerability Mitigation
If you don’t know what plugin vulnerabilities are, they’re weaknesses in the plugin’s code that can be exploited by hackers to attach your site.
Much of the time, the developers are aware of these issues and do put out a ‘patch’ or update to fix the vulnerability. However, some developers just aren’t as proactive in fixing these issues, which leaves your site a target for hackers.
iThemes offers a great resources if you want to manually monitor what’s going on with plugin vulnerabilities. Every month they post an article listing all of the vulnerabilities for all the different plugins and they let you know if updating resolve the issue, or if you should remove the plugin from your site.
However, if you prefer to offload this management task, WP Engine’s Security Team monitors feeds closely to proactively alert you of any plugins with potential security risks.
It’s really that simple, they keep an eye on the issues, if you’re site is using one of the vulnerable plugins, WP Engine sends you an email to inform you of the threat.
- Disallowed Plugins
I’m not aware of any other Managed WordPress hosting provider that enforces the removal of disallowed plugins, but WP Engine does, and it’s really a good thing.
By doing this, they are not only increasing your protection, but they are decreasing the likelihood of you installing a plugin that will interfere with their platform and end up causing all sorts of issues.
They’ve written a great article that provides a complete list of disallowed plugins and they’ve even broken down the list of plugins into groups to provide some context as to why they cannot be used.
Said another way, growth and traffic spikes.
If you run a membership site or have an ecommerce site, you know that there are times your traffic and growth are going to increase, and other times when things are pretty stagnant.
Many ecommerce sites are going through their busiest time of year, the Holiday season. Hopefully they’ve planned accordingly and were ready for the enormous traffic spikes and new signups they received over the past couple months.
In other cases, you may have social media post hit, and start directing two or three times the amount of traffic to your site then you’d normally expect.
COVID-19 was, I’m sure, a wake up call to many online stores that were not ready for the increased traffic and orders that were driven by fear and the shut downs.
We want growth and spikes, these are good for business, usually! That is when you’re hosting provider is prepared to help you succeed.
There are hosting providers that will simply shut you down. Once you hit your limit, your site is no longer accessible. Which means you’re not getting paid.
With WP Engine, each pricing tier has different limits on how much traffic is included and how much storage you can have, however they do not shut you down if you go over those ‘limits’. They do charge you for the overage, but it’s a reasonable $2 for every 1,000 visitors over your limit.
We experienced this in March 2020 with one of our clients. They have an international company in the medical industry, and one of their locations is in China. As a result, their traffic tripled in a week (over 55k) and after about two months of spikes their traffic slowly started to return to normal.
There was no impact on their ability to do business and service the increase traffic. We paid WP Engine a little more for a couple months, but we were glad to do it!
They are able to provide this level of scale because of the platform they’ve built using the following technology:
- Amazon Web Services
- Global Data Centers
- Clustered Configurations
- Proprietary EverCache®
- Fully Managed Global CDN
- Scalable Architecture
You can read more about how WP Engine has built a platform that is prepared to help you scale here.
The Cost Savings
Not knowing how much you value your time or how much time offloading these tasks will actually free up for you, I cant really offer you a unique price, but I can break the savings down by how much we charge to provide these services.
We charge $147 per month, on top of your hosting fees, to provide the support and maintenance required to perform all of the items we just covered in this article.
These tasks don’t take us very long because we have systems and processes and skilled developers that can quickly manage our clients sites.
I’d suspect the average WordPress user could spend a couple hours a week trying to properly maintain their site.
You won’t have to spend the time updating plugins and themes, if you need help you’ve got a great team available 24/7, your site is secure, and always online!
The Wrap Up
If you’re currently paying $10 or $15 per month for hosting and you have the attitude that, “it’s fine, I haven’t had any major issues, and it really doesn’t take me that long to update plugins”, you’ve missed the point, and you’re still basing your decision on pricing.
Using WP Engine to host your site is the only way to avoid relying on services like WordPress Care Plans, and WordPress Support Plans, and get the proper solution to reduce your website maintenance efforts and risk.
If you have any question, please us the chat or comments below!