Blog
We were approached to help a remote client recover their website after their in-house servers crashed. They had all the files and a recent database backup, which is great! We routinely reload websites from files and databases, so we didn’t see any problem walking the client through the steps over Zoom.
But what could have been a very quick repair turned into several hours of digging around because the database backup kept throwing errors when they tried to import it into the new MySQL server.
To be perfectly honest, the error message that showed when we tried to re-import the backup didn’t seem terribly helpful.
Syntax error near 'order, preferred, type, number, visibility) VALUES ( 1, 1, 0, 1, 'workphone', 82' at line 1Turns out a plugin vendor had chosen a perfectly sensible name, “order,” for a field that happened to also be a reserved keyword in the SQL database programming language. In day-to-day use this probably wasn’t a problem, but the standard MySQL archiving tool didn’t check while exporting the database.
The import tool, on the other hand, definitely did check. And didn’t like it!
It took quite a while to notice that the word “order” in this code snippet wasn’t being used as a reserved word but as the name of a field in a database table. It took a while because very few WordPress users know SQL. Or need to know it! One of the best things about WordPress is that it takes care of that sort of thing for you!
But as luck would have it, back before WordPress was a thing I used to have to hand-code SQL all the time. That was quite a while ago so I’ve gotten a little rusty. But after about the sixth try enough of it had come back for me to remember that the reserved word “order” needs to be enclosed in back-quotes, like this `order` if it’s going to be used as a name.
The good news is that we were able to tell the client what to do, they added the backquotes where needed, and the import ran fine. Easy peasey, right? 😂 As the old joke goes, SQL is completely intuitive once you understand it really well.
It’s not every day you run into problems like these with WordPress. In fact this is the first time I’ve seen this particular problem in years and years. But it’s good to have a deep enough background to be able to remember how it’s done… even if you hope you don’t have to do it very often.
Bottom Top line: Never, ever host a public website on your personal or business network. Pardon the mild profanity in the screenshot but this video by network engineer Serena from @serenashenetworks explains why very well.
The explanation might be a little more technical than you’re used to, but basically she’s describing the computer equivalent of someone breaking into a minor bank employee’s garage and finding the combination to the bank’s main vault. It would be a bad idea to keep such important information in an easily-accessed office, right? Turns out It’s just as bad an idea to keep important information on the same network as a public website.
(We won’t even talk about the perils of someone getting into your public website and, oh, say, infecting your entire home or corporate infrastructure with ransomware.)
LinkedIn was breached because an employee had an easily hacked website on a home computer. Similarly, the infamous “Panama Papers” scandal happened because a bank that provided secret offshore money-laundering accounts hosted its website on the same network as their internal financial documents.
Please don’t get me wrong — a well-maintained WordPress website on a credible provider’s server is going to be pretty darn secure. The problem is that do-it-yourselfers rarely take all the routine steps needed to keep their servers and websites secure, monitored, and up to date.
A public website is just that, a public website! A private network can have multiple, interlocking layers controlling who can access what and when. A website has to be visible to the world, and as a result it can be accessed continuously not only from actual people but bots, hackers, “researchers,” and other questionable actors.
Call your website the “front desk” your business. You wouldn’t keep the combination to your vault behind the front desk, and for the same reasons you shouldn’t keep your website inside your network.
If you or someone you care about is still hosting their website on a home computer or business network, have a talk with them about moving it out of their network and into a credible, off-site hosting company. There are hundreds of affordable, secure, and actively maintained companies out there — SiteGround, MDDHosting, HostWinds, Cloudways are all great, affordable offerings for smaller companies, and Pantheon, Pagely, ServeBolt, and others are awesome for large, mission-critical hosting.
But here’s the deal: even really, really bad hosting is still infinitely more secure than running your website on your personal or business networks.
Of course we’d be happy to help you chose the right hosting, help you move your site far away from of your personal or business network, and help make sure your WordPress website stays updated, backed up, and locked down tight. But there are plenty of other web professionals who can also help. It’s the right thing to do.
The short answer is “you probably should.” A number of larger industries like lumber and car-rental agencies are said to have been caught off guard by a resumption of demand as the COVID-19 pandemic is finally beginning to wind down. The problem seems to be more that they weren’t prepared than that there isn’t enough wood to turn into lumber or cars to turn into rentals. The question we should be asking ourselves is “can we learn from their mistakes.” And “how can we prepare our own businesses ready for a return to business as (more or less) normal?”
Via statistics-nerd blogger Kevin Drum, it looks like e-commerce sales are doing that “reversion to the mean” thing as things start to normalize after the COVID-19 pandemic shutdown storefronts and pretty much all non-essential shopping went online.
Drum says “This strikes me as evidence that, generally speaking, people want to get back to their old habits, rather than sticking to those learned during the pandemic.”
That sounds about right to me. As business people we all spent a lot of time in 2020 dealing… and sometimes reeling… from the consequences of the pandemic and people’s responses to it. Many people pivoted to online sales. Others started working from home. Still others started taking online orders. And almost everybody who did face-to-face business — from restaurants to hospitals to photographers to home-service and contractors — at least put a “our response to COVID-19” banner on their websites.
Looking at increasing rates of vaccinations and “openings” here in the U.S., and at decreasing rates of hospitalizations and fatalities, it’s looking extremely likely that business is going to start going back to normal.
The question is are you going to be prepared if (probably not when) it does?
Every web developer I know was absolutely swamped last year by requests to revise and sometimes rebuild website. We all worked as hard as we could to help people communicate with their customers.
As with the lumber and rental industries we may find ourselves swamped again as customers begin returning to businesses, and as businesses discover their websites are out of date yet again.
One last question to ask yourself: If my customers start coming back will my website be ready?
If you’re not sure please get back in touch with your friendly neighborhood web-support person before the rush.
I’ve been getting a lot of inquiries from clients asking “do I need to pay this bill?” This morning in a business meeting four members said they’d received one of these notifications from a company called “US Domain Authority” in Hendersonville, North Carolina.
In a nutshell:
- You don’t have to pay “Domain Authority” a penny
- Paying them nearly $300 won’t renew your domain (and $300 is easily 10 or even 20 times more than you’d pay a real domain registrar!)
- If you think you actually do need to renew your registration just log into your real domain registrar and check your account.
Based on what my clients are asking this notice can easily be mistaken as a bill to renew your domain registration. In reality, as “US Domain Authority” makes clear on a second page, they’re not domain registrars at all. Instead they’re a directory service, sort of like 20th Century phone books were directories for phone numbers. All you get for your $289.00 is your domain name added to their directory.
They’ve evidently been mailing these things to website owners since at least 2011! Not everyone is as, um, generous in their characterizations of this… interesting service as I am.
To save time I’m going to highlight a clarification, here’s the text from the disclaimer on the back page of what many people seem to, um, mistake for a bill or invoice:
“We are not a domain registrar and we do not Register or Renew Domain Names. … THIS IS NOT A BILL. THIS IS A SOLICITATION. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED ABOVE.”
Copy of solicitation received from a client who mistook the solicitation for a domain-renewal notice.
So the good news is that unless you want to pay $289 dollars to add your website address to a directory you may not have heard of then you can discard it.
Photo by H.L.I.T. 
We’ve updated this post with new hosting information
In a private Facebook group for WordPress hosting someone who’s trying to save as much money as possible asked a specific question about two hosting plans. They’d initially bought a plan from commodity provider HostGator but had been advised to switch a more premium SiteGround account. It was time for them to renew on SiteGround and they wondered if they could just go back to HostGator since it’s cheaper. (They’d never closed their HostGator account.
For some participants in that group the answer to any question (including “what’s your favorite color” will be “Cloudways” or “GridPane” or some other manager for virtual private server companies like Digital Ocean, Linode, Vultr, etc.
Being fairly new the original poster asked “thanks. Is Digital Ocean a host company?”
The rest of this post answers that question and considers the overall likely costs before getting back their actual, original question
What is a VPS and what is a VPS manager?
Digital Ocean hosts virtual private servers (VPS.) Very good, very fast, very inexpensive. Also very “bare metal.” Typically you have to setup the server as well as the website. Their support is almost exclusively related to “does the basic operating system boot and run.” If you’re comfortable doing Linux system administration then a plain Digital Ocean VPS would be a very good choice.
The recommendations above are to subscribe to a company that will setup, maintain, and monitor a VPS from a provider like Digital Ocean. Three commonly-mentioned companies that will do that for you are Cloudways, GridPane, and ServerPilot. There are a number of others. The pricing for those varies but it tends to roughly double what the base VPS would cost.
Depending on your hosting needs this is often as much as or more than you’d pay for HostGator, and often more than what you’d pay after renewing SiteGround.
Comparing Cloudways, SiteGround and HostGator pricing
For instance the least expensive offering from Cloudways is $10/month for a single Digital Ocean “droplet.” The regular price for SiteGround’s “startup” hosting is $11/month. HostGator’s “baby” plan, which is probably the lowest you’d want to go, is about $7.00 if their 60% discount expires.
Admittedly you’ll get much better performance out of a $10 or $20/month Cloudways/Digital Ocean server, and you’ll almost certainly get better performance and more security from an $11/month starter SiteGround account. But if price is really a bigger concern than performance, then to answer your immediate question, if your site will actually run on your HostGator then that really would be the cheapest option.
Accounting for domain name registration when considering hosting prices.
As for your domain, domain names are separate from hosting the way a phone-book listing is different from a phone. The domain name is just a friendly way to point to your server’s hardware address. Moving domain registration from one company to another is relatively tedious, plus you have to pay the new registrar even if you still have time on your old one. So most people don’t bother — they just point the domain to the new server instead.
Some hosting companies will waive the registration fee if you buy hosting from them. If HostGator gave you a free registration and you drop your hosting plan with them then they’ll begin charging you their regular registration fee when it’s time to renew. So that’s another cost consideration.
Cloudways, GridPane, and Digital Ocean don’t do domain registration, so if you went with them you’d still be out the ~15 dollars U.S. for domain name renewal on top of whatever you’d be paying them. Same for email, incidentally, as none of them offer free email either. If you go with SiteGround or another hosting company you can transfer the domain over to them… but they may or may not offer “free” registration for a transferred domain.
Lots of information, I know. But, again, if you’re really scraping the barrel for cash then switching back to HostGator will save you the most money. But, again, almost certainly at the price of considerably reduced performance.
This post was updated with new information.
We’ve added Cloudways to our list of recommended products and services.
We’re a little late to the VPS market as most of our small business clients don’t need the kind of horsepower you can get with a good VPS. And to be honest, until fairly recently managing your own VPS involved considerable system-administration skills — something we rarely see in non-technical professions. That’s where Cloudways comes in! They take care of the nuts and bolts server security and management tasks!
Another cool thing about them? Since they’re only managing servers you can sign up with a healthy array of very powerful worldwide cloud-service providers like Digital Ocean, Amazon Web Services, Linode and Vultr, and Google CloudPlatform! Unlike smaller and shared-hosting services that can “run out of room” as your business grows, with Cloudways you can scale your website to handle truly gigantic traffic.
Best of all, depending on the provider you choose you can often find a data center in your region and sometimes even in your own city! For instance people in the Pacific Northwest might be interested to know that Cloudways can set you up with a Vultr VPS located in a data center in downtown Seattle!
Check out Cloudways managed hosting (direct, no-affilate link.)
Image by Flickr user Steve Depolo
Note: this post has been updated with new information but what I said back in April, 2017 is sadly still true today.
I’m going to be real blunt here and say don’t use GoDaddy for shared hosting. Just don’t. I’m going to go further and say if you are using GoDaddy for shared hosting stop. Just stop.
I hate saying it because there are some very nice people at GoDaddy. Great support people. The company is really committed to WordPress and they contribute a lot to the community.
But their hosting is terrible! It’s slow! As I’ve said in the past GoDaddy shared hosting is unnecessarily and arbitrarily slow!
But you know what else? For cheap, small-scale shared hosting GoDaddy is also ridiculously expensive! Here’s what I mean when I say that.
Last weekend, I updated a client’s site with some fairly simple capabilities to their GoDaddy account. Those simple changes completely bogged down their server. I suggested (as I usually do) that they needed to upgrade their service level from “Deluxe hosting” to “Deluxe hosting Level 3.” Then I looked at the price of upgrading. And then I started looking at other hosting options. In the end, after a short conversation, I ended up moving them another inexpensive hosting company for less than GoDaddy would have charged to “upgrade” them to what would have still been really miserable performance.
Since last weekend I’ve moved two other clients. All three client’s sites now run well.
- Much, much faster.
- For less money!
- With fast, constantly updated software
(for instance GoDaddy’s inexplicably unwilling to upgrade their servers to safer and more secure versions of the PHP programming language.) - With free SSL security certificates.
(GoDaddy charges almost as much for a security certificate as some other sites charge for decent hosting plus a certificate!) - Without constantly running out of “I/O Usage” and other “resources.”
(I/O Usage is a bizarre bottleneck I’ve only really seen with GoDaddy hosting.)
So… yeah. Much as I like calling the support people at GoDaddy (they’re really nice) the fact of the matter is I almost never have to call support for other hosting companies. (All you really need to know is that I’ve got GoDaddy’s support number on speed dial!)
So I’m just going to say it one more time: Don’t use GoDaddy for shared hosting. If you do use GoDaddy for shared hosting stop. Just stop.
Switch to someone else. Almost anyone else!
Note: here are a few of the companies I’ve been recommending. These aren’t affiliate links and I don’t get compensation for them. I just think they’re good, popular, well-reviewed companies that I don’t have to have on speed dial.
Cloudways.com — they provide managed “big iron” virtual private servers (a.k.a. VPS) for as little as $12/month, but you can easily scale up to handle truly enormous traffic. It’s a little tricky to set up but depending on which provider you use you can often find a data center near your customer base — for instance someone in the Pacific Northwest might be interested in a Vultr server located in downtown Seattle
SiteGround.com — their shared hosting is a little more expensive (once their extremely generous signup discount expires) but they include premium services like hardware caching and image optimization.
Hostwinds.com — Their “business” hosting is very reasonably priced and the performance is great for small sites in located in the Pacific Northwest. This is an “old-fashioned” but also familiar “cPanel” hosting interface. But their business plans use very modern Litespeed web servers. Extra credit: unlike most other companies their “basic” plan is just as powerful and capable as their “ultimate” plan. The only difference is how many sites you want to host.
Does your website use one of the GrowthZone membership managers (including ChamberMaster and MemberZone) for your professional association, chamber of commerce, or other membership-oriented organizations? If so did you know you can integrate your membership pages with your website?
If you have a WordPress website there are two ways you can do this:
- By creating a “template” page so that member pages have the same look and feel as the rest of your website
- By using widgets — snippets of code — to embed bits of information right on your website pages
It’s not easy to find the documentation (here’s a link) but once you get the hang of it it’s pretty fun. And if you don’t find it all that much fun, or you don’t have time to figure it out you can always call us.
Just a reminder that for desktop users the Zoom app we use for meetings (including meetings to discuss maintaining, fixing, or building WordPress websites) doesn’t update automatically. And at least my Mac desktop version doesn’t even remind me to check for updates.
Everyone else may have already known about this so maybe I only need to remind myself. But…
It’s not just a (probably small) security problem if you don’t occasionally update Zoom. It also means you might not get to use some of the whizzy new features Zoom adds, including possible new or improved background options, administration features, better connection times, performance improvements, and better options for audio too.
For Apple Macintosh / OSX users
For Windows users
You can find more information from Zoom’s knowlege base article, “Upgrade / update to the latest version.”
Zoom seems to update their app at least weekly, usually for minor little tweaks and fixes. That doesn’t mean you should update every week but every now and then they do offer interesting or useful enhancements.
The main thing: don’t go a couple of months like I did. I just upgraded from version 5.4-something to version 5.6. There are probably some cool things I… haven’t taken the time to look into because I thought I should write this email first. :-)
Annndddd if by chance you’d like to schedule a Zoom meeting with us here at RealBasics.com you can do so with the very latest version of the Zoom app! :-)
In a private Facebook group about WordPress speed someone asked an excellent question:
I have a question about paid templates for WordPress, e.g. Themeforest.
Is it true that cool looking templates, with e.g. animated buttons or an interesting mouse cursor, are definitely slower and less optimized than the simpler, more standard-looking ones?
It’s true that there are many genuinely awful, bloated, badly-optimized themes in ThemeForest and other “marketplace” theme retailers, though Sturgeon’s Law, which says “90% of everything is cr*p,” has a lot to do with this.
This isn’t an endorsement of ThemeForest or other commodity theme vendors, just an observation that there are plenty of agencies out there with in-house development staff to meticulously hand-code purpose-built themes built from scratch, for thousands of dollars, that also drag their knuckles on page load.
Important! ThemeForest is a popular marketplace site that lets any developer upload and sell WordPress themes. They’re by far the largest such platform and so their name is often used as a shorthand for all such “marketplace” sites.
And finally, no matter how lightweight the theme, performance will crash if the customer decides to use dozens of 4000×4000 pixel, 12 megabyte PNG files in a gallery.
A bigger problem with ThemeForest-style themes is that their typical developer begins with a suite of relatively bloated and increasingly obsolete “bonus” plugins — two or three extraordinary but also extraordinarily bandwidth-intensive sliders, a certain dinosaur page builder, the oldest contact-form generator, etc. They keep using those things because a) those particular vendors offer really attractive licensing deals to developers and because b) new, mostly-DIY customers want as many bells and whistles as possible for the same low, low price.
Better themes on any platform will have demo sites. You can run performance-measuring tools to get an idea of what they’re throwing at you. GTMetrics, or the Network tool in Chrome-based browsers can help you estimate a theme’s performance before you buy.
The good news is that more responsible commodity-market developers will optimize their themes till they’re lighting fast. The bad news is that very, very few commodity-theme customers have the know-how to assess performance and so they’ll tend to base decisions on animated buttons and cool hero images in the demos.
