These are the key points taken from the latest episode of The Marketing Strategy Show “3 Fundamentals of a Fast-Secure Website”, with special guest Justin Meadows (our web developer and the director at an IT company that specialises in helping agencies that build websites)
Keeping your website fast and secure is no doubt critical to gaining new leads and turning those leads into paying customers but what makes a website fast and secure. Having a base understanding of hosting, domains and website security can set you aside from the competition and ensure that you are asking your web developer the right questions to get the best service possible.
Hosting
- Hosting is one of the biggest factors influencing site speed as if you are using cheap hosting (a shared server with a lot of websites) if the server/computer is receiving a ton of requests for different websites at the same time your website could very likely be affected
- When comparing the different types of hosting the general trend that you can notice is that the more you pay its going to be faster as there are less resources on the server and because it is faster it makes for a better customer experience
- There are several different types of hosting;
- Shared Hosting (your website in on a server or a computer with a bunch of other websites) – this is the cheapest option by far
- VPS (Virtual Private Server – this is where yow will have a server that the hosts night split the server into a few chunks and the server manager might say we are only going to host 10 websites on this server in the different chunks
- Dedicated Servers (this is where you are the only person who has an account for the server) – recommended for larger businesses or businesses who have e-commerce attached to their website
- Cloud Hosting (this is where you have a network of servers, so there will be one server where the website is hosted and it will be connected to a network of other servers)
Domains
- The domain name is often called the url so yourbusiness.com.au would be an example of a domain name
- Your domain needs to be registered with a domain registrar, examples of domain registrars are Go Daddy, Crazy Domains and Namecheap
- One of the most important things regarding domains is ensuring your domain never expires, it is possible to set up auto-renewal on your account with a credit card so the domain registrar will always renew the domain before the website expires
- Also make sure the domain nam has the owner of the business, or a generic email not the IT/Website/staff member who may lose contact.
- You can use whois.com.au to check who owns the domain for your website
Website Security
- The best way to ensure your website doesn’t get hacked is to have good hosting in place
- You should make sure all the website files, themes and plugins are kept up to date as if there are any updates that are not made to the website it can affect the code of plugins and themes making them vulnerable to malware and hackers
- Another way you can prepare against any unforeseen website issues is to constantly make backups of the website so if there is a massive issue you can just use the backups to ensure there is minimal interruption to your day to day business.
- Have a “hard to hack” long and complicated password as too often the easy to hack ‘password’ or ‘admin’ passwords are often used.
- You should use some of the litany of extra security options that you have available to you, there is loads of security software both paid and free (you get what you pay for) or use website plugins like Wordfence for WordPress that add an extra layer of security in the form of a firewall
Listen on your Favourite App
The easiest way to listen is to subscribe on iTunes. Reviews on iTunes are the best way for us to get more listeners and spread the word, every review counts so please take a moment to do so!
Want + leads + clients + sales? We’d love to help – just Contact Us
If you want more from this episode check out the full transcript below:
Kym: Hi and welcome to today’s Marketing Strategy show. The Marketing Strategy show is all about getting the right marketing for your business. Now, in the marketing strategy episode, we pull back the curtain someone who is an expert on our specialized topic and today we are going to look at part 2 of our website series and help you get the best online presence you can. Today is going to be a little more tech-y, Why? Because as the person commissioning or paying for a new website, you need to be aware of several things so you ask the right questions. By taking the time to ask the right questions and having a basic understanding in plain English of the key issues of things like; domain name, hosting and security you not only get the best website built but you get a website that operates like a well-oiled machine and is secure that means more leads, clients and sales of course.
Kym: So today we have a special guest to help us de-mystify this as our resident website expert, Justin Meadows. Now Justin Meadows is from Evergreen and he’s going to help us translate tech into plain English to explain these key concepts of domains, hosting and security. Just as a reminder Justin’s company doesn’t just build websites for businesses, he builds them for agencies, so his business is the business behind digital agencies that build websites and because he builds websites for clients customers he has seen a lot of good and a lot of not so good websites. So let’s hold on for some real marketing jewels from Justin today
Kym: Hey Justin welcome back are you there?
Justin: G’day Kym, yeah thanks for having me
Kym: No problem at all, so today we are going to delve a bit deeper into websites, in our last episode we talked about some of the fundamentals and things to look for but there’s also some traps I guess and the thing that I hear so often is these things like domains and hosting and security, so I thought that’s worthwhile covering it off because if you don’t get it right it can really cost can’t it. (2.38)
Justin: Yeah absolutely, it can be a massive stressful headache and I’ve seen in some situations people can really lose a lot and it can cause a lot of pain and cost to their business.
Kym: I’ve had situations where clients will say to me, not only clients but a lot of mates have come to me and said “um my website is not there anymore”. To which I’ll say “what do you mean” This is often because someone bought a domain for them, set up the website for them and forgot to renew it so their website has just disappeared overnight so they have to spend hours, days and even weeks to try and get the website back which could be a real problem. So why don’t we talk a little bit about domain vs hosting, what they mean. (3.28)
Justin: Sure! So, domain is really like maybe your registered business name. So, it’s not really got much to do with the website itself. It’s just that the name that you have and like with your business name. If you were to say get into an uber or something and say so, I want to go to the OB shop then they would take you, that would find the address for that shop and take you to that shop and then you’d arrive at the actual shop. In a similar way, when you type in the website’s domain name into Google or something like that, it will then show you the way to that website. So essentially, it’s telling the computer to go to this address and get the website from that server which hosted that address. So, I’m not sure if I’m explaining this right but yeah. So, it’s like having your physical shop is where your website is hosted on at its physical address. And the name of your business tells people where to go to that shop. (4.31)
Kym: Okay so, I’ll just use an example of yourbusiness.com or .com.au. That’s your business name on the internet. Now your real business name won’t be your business but your business name on the internet is www.yourbusiness.com.au. That’s the domain name or sometimes called url, isn’t it?
Justin: Yup! Yes. Can I just quickly explain the difference between url and domain name. So, domain name is the part it will just be yourdomainname.com.au and then the url will be the www.yourdomainname.com.au and for your services page, www.yourdomainname.com.au/services and that’s the url. That’s the full address of that page.
Kym: Okay, that’s a good point. So, when I’m in a website looking at a Contact Us page, it will have www.yourdomainname.com.au/contact or /about or /whatever the page name is, so that’s the url of that page name.
Justin: Yeah. The domain is just the yourdomainname.com.au bit. (5.43)
Kym: Ok, and so with the domain, the domain needs to be registered with a domain manager does it?
Justin: Yeah, so with the domain registrar, there are a number of those out there. There’s one like Godaddy, Crazy Domains, Namecheap is a whole host of them. That’s where you buy your domain name and it will be then registered with them. And you can actually change it to a different registrar if you’re not happy with it or if you want to consolidate if you have a lot of them all into one registrar.
Kym: And the very very important thing is that has a renewal on a domain name. So, you need to actually watch when you should with host accounts get a renewal notice from them but sometimes websites are set up by technical people. And they forget after they set up the website to transfer that domain registration detail to your email and your details so you need to be very careful about that. (6.38)
Justin: Yeah and you need to be very careful that your… domain name is registered in your name. Quite often, I’ve seen this, it’s not so common these days but in the past it’s was very common that a website developer would go and register a domain name for you. It would be registered in their name and they would just simply charge you but then that means that they actually own your domain name. And that’s an important asset for your business. It’s like having a registered business name. It’s important because if someone else owns your registered trading name, they can just take it away from you and set up shop in your name and there’s not a lot you can do about it. So, if someone else owns your domain name, they can simply delete your website or sell it or whatever they want. It’s important that it is in your name and when you do register, I highly recommend setting up auto renew on that. So, putting your credit card details and set it up to automatically just charge you again when the 1 or 2-year period is up. And because it’s really such a small amount and it can make a big difference to your business if that is taken away from you. (7.52)
Kym: Yeah, if you’re really talking about $20 or $30 a year or something in that ballpark, Australian. So, it’s really not something you want to play with and risk. Hahahaha!
Justin: Absolutely, yeah!
Kym: So, now hosting… I guess I’m aware of it from a non-technical viewpoint. If you think about this hosting and registrars being in the cloud but in reality is actually hosted in a cloud server somewhere, right? So, this is a server, is an address as you call it where it’s hosted. Is it called DNS? Is that… Am I right on it?
Justin: No. So, the server’s address… So, the DNS is a different thing. So, that’s something that it’s like having a business card I guess for your business name. It tells you where the address is. So, for your domain name, the DNS tells you where to go, what the address is of the physical server of your website. (8.51)
Kym: Right, it’s not a server itself that tells you the address to go to.
Justin: Yeah, and the DNS can sometimes be with the domain registrar. Sometimes, it will be it might be the actual server or it might be hosted with a separate third party. And I actually recommend going with separate DNS hosting. So, I’ve always used cloudflare for all the websites that we look after. It has a number of benefits including a bit of added security layer and speeding up your website but essentially what happens is when people type in your address into Google or whatever, it checks with the domain registrar and says where’s the server for this and the domain registrar goes I don’t know, check with the DNS hosting. And that will go over the cloudflare and basically it just points to cloudflare. Cloudflare then has inside it, the actual address of your server and that tells your computer where to go to get those website files from to display your website. (9.55)
So yeah and although it seems like you’re going it make a longer journey. It actually is speeding it up because the cloudflare has data centers all over the world and they will hold the website information not maybe all the website files but most of the website files. And so, if you are in Melbourne for example, but the website you are trying to look up is hosted in the US, if they have cloudflare set up, there will be a data center in Melbourne that has the information for that website in Melbourne in that data center. So, when you go to cloudflare, instead of just going directly to the server all the way in the US and back to get those website files displayed, it will just go to the little cloudflare data center that’s closest and that makes the loading of the website a lot faster.
Kym: Right, so even if you’ve got cheap hosting and you’re in Sydney and the hosting server happens to be in Melbourne, that is still going to be slow right because it’s one server just in Melbourne so it’s got to go between Sydney and Melbourne? (11.02)
Justin: Yeah, yeah. So, it has a lot of benefits when you’re looking at a larger audience and lots of people seeing your website from many different places.
Kym: The other thing too that I’ve heard, I’m not sure if it’s correct. If you go with cheap hosting sometimes your website is hosted on a server where there’s a lot of other websites on there. So that means, it’s naturally slower because there’s a lot of other websites trying to reach that part of the server, is that right?
Justin: Yeah yeah, that is right. I might just talk about the different types of hosting?
Kym: Yeah, that would be good.
Justin: So, there’s really… There’s sort of four different main types of hosting that most websites are hosted on. And the first one is shared hosting. So, that’s your cheap hosting. So if you’ve seen hosting that’s cheap, it’s usually shared unless it maybe says otherwise. But you’re not going to get cheap hosting in any other way. That means, there’s one computer that hosts hundreds of websites. So, there is hundreds of websites, all sitting on this one computer and when people want to see that website, the request goes into that computer and that computer sends out the data for that website. And so that can be problematic when you have so many websites. If those websites become popular and there’s a lot of requests coming in to see those websites then that server can get overloaded quite quickly. And there’s a host of of other issues with that for example if one of those websites, one of those hundreds of websites in the server is not kept up to date or not very well secure has a weak password or something like that then malware can get into that and it can actually affect all the websites on that server. So, there’s a lot uhmm it’s not as secure and it’s not as good as from a performance point of view. So, that’s why it’s cheap and you get what you pay for there. (13.02)
The next step up is VPS. That’s Virtual Private Server. And that’s where you might they might have a server and I’ll split it off to just a few chunks and they’ll say right, we’re only going to let maybe 10 people have accounts on this server. Most people have you know, they might have a few websites, they might have up to 50 websites or 100 websites but yeah again, it’s better because it’s not hundreds of individual different accounts. There’s only a few accounts and there’s going to be less websites in there but it’s still not ideal. It’s better but it’s not ideal. (13.39)
So, there’s a dedicated server. You are the only person who has an account for this one server. So, we have a few dedicated servers and we manage some websites all on the one server but it’s only less a hundred websites and we maintain all those websites and we make sure they’re all secure and passwords are kept up to date so we know that all of those websites can have a good performance. Also, we manage the performance in the load of the entire server. So, if we find that one website is using a lot of resources, we might change them into a different server or something like that.
Then the other fourth option is cloud hosting. So that’s where you have a network of servers. So, there will be one server where the website is actually hosted but it will be connected to a network of other servers and that’s better because then you can have a smaller amount of people on your little server and that server might be smaller but its got just your stuff and if you need more resources, it’s easy to just upgrade that to a larger server and it will just move all your files to a larger computer on the same network.
Kym: That’s the cloudflare you were talking about earlier?
Justin: No, cloudflare is actually a separate thing. Again, so that’s just a network of the servers and cloudflare is a different, it’s a layer that sits in front of that as well.
Kym: Right, okay. So we got, Shared, VPS, Dedicated Server and Cloud Hosting and over and above that we have cloudflare. (15.32)
Justin: Yes.
Kym: And so, the benefits of those if you go further up, number one because you’re sharing less resources, it’s going to be faster and faster of course means a couple of things it’s a better customer experience right? So, if you switch on a mobile, you are not going to have to wait to wait for it to load so if you’ve got a slow server and there’s another website on it, it’s going to be slower to load.
Justin: Yeah.
Kym: It’s a good point, you know it’s a poor user experience and people leave your website. Second thing is Google tracks for these little things. So if your website is slow to load, you will get ranked lower by Google when compared to all the competitors which means people see it less. Because your experience is deemed bad by Google. So you want as fast as possible server within your budget of course. (16.21)
Justin: Yeah, absolutely. So, it might not be worth you getting a dedicated server just for your one website but certainly if you have… Once your business grows, it might be you have an e-commerce site and you’re selling a lot of products that would be worth looking at that as an option but cloud hosting is a really good way to go because you can scale it to meet the needs and it does give you, it’s part of that network which does make it fast at loading. (16.53)
Kym: And you’re talking about significant price difference between cloud hosting and the shared hosting. Is there really a big difference in price?
Justin: Ahh, yeah! It can be. I mean there’s a lot of different options out there but you can get really cheap shared hosting but I would warn people against that. Hahaha! And with cloud hosting that’s… In cloud hosting, you can start pretty low so you can get some low entry level sort of options and that’s not going to be as expensive as a dedicated server or maybe VPS. You have limited amount of resources that you can use, it will just be on a small server. And then, as your needs grow, you can then easily upgrade to what you need.
Kym: But it is certainly better much better than the shared server.
Justin: Yes, absolutely because you’re not sharing. (17.50)
Kym: Okay. So, that’s our different hosting options, But before we continue we might touch on why updating WordPress is important and the number of times I’ve seen and I’m sure you have too where you login to someone’s WordPress site and in the back end there are all these little red boxes that say these things haven’t been updated. Let’s talk a little about WordPress and security and updating.
Justin: Sure. So, one of… I think first to explain, WordPress is just a software. So, it’s like a program that runs on that server and it just contains all the website files, and controls how the website files might change as you make changes to the website and that sort of thing. So, it’s a piece of software and its actually got other pieces of software connected to it as well. So, there’s the WordPress core files but then there’s also the theme files which is just controls how your website looks and how it’s laid out and sort of the styling. And then, there’s a bunch of plugins which do a variety of things they might control how your SEO is set up or they might be for back ups, they might be for displaying little ads or… There’s all these little bits of functionality that are better handled by a plugin rather than handled by the theme itself. And so, it’s important to make sure that these are all kept up to date because apart from functionality changes. Sometimes, things are updated just so they are easy to use or it has the ability to do better things with your website, make it easy to navigate or make it more mobile responsive or all sorts of different thing in a functionality point of view. One of the main reasons why these updates come about as well is for security. So, malware is evolving and hacking – people are using different techniques and writing different scripts that finding different ways to trying to get in to your website. And so, you need to make sure that WordPress needs to make sure that it evolves its security code to make sure that there’s no gaps in there that the malware can get in from. And so, when you update WordPress, you also need to update the themes and the plugins quite often because that will be using the same sort of bits of code and that be connected to each other in different ways. (20.27) And so, it’s important to update them all but its also important to make sure that you’re updating them at the right time. So, you don’t want to update the WordPress core files if the theme is not ready to you know, the people who created that theme, they need to also update their code and send it up and if you update one part when the other part is not quite ready to update then it can break things in. So, it’s a bit complicated, I think that’s why it’s better to get a developer to handle those updates and some of them do happen automatically but there are other like theme in particular cannot be done automatically because, basically because there’s so many different themes out there and there’s no way of checking if anyone has made edits to the theme itself. So, they don’t want to release an automatic update if that’s going to break whole bunch of people’s websites. So, yeah it’s really needs to be done by your developer and it’s important to get that done to make sure that the security is kept up to date. (21.27)
Kym: I guess that’s no different than slowly updating a new version of Microsoft Windows. So you’re not using Windows 2000 in 2017 right? Hahaha! So you update your anti-virus software. All of these need to be updated because as you said it’s a security risk. So, basic functionality needs to be there as well. So, make sure you update and then, I think you’re right. Having managed many websites for many years for many people. Finding a developer who knows what they are doing is absolutely the key to it because in rules I’d busy running our business, the last thing you want to is do is something that is going to break the website for the sake of your 20, 50 or 100 bucks, a month Hahaha! And that’s all you are talking about as a price difference.
Justin: Yeah, picking up on your analogy there that’s so… If you’re looking at it as a PC computer yeah, they’re Windows. The Windows update is like the WordPress core that everything sits on and then your Chrome and your Microsoft Word, they’re like your theme files or something like that and then you have your anti-virus and that sort of thing works your plugins. And if Windows released an update, the ant-virus will need to make sure that it’s updated to make sure that it’s still protects everything in the new version of Windows and Word will need to be updated to make sure it works on the new Windows platform and that sort of thing. Yes, so it’s alot moving parts involved. (22.55)
Kym: Yeah, 100% and that’s why you need that. Fortunately, I think when WordPress updates its not as bad as when Windows does hahahaha!
Justin: That happens all the time.
Kym: Yeah! I guess another thing, now this is getting technical, Hosting vs ?? Hosting .one of the things that I, I think lot of business owners and people managing the business say oh look hosting is only $30 versus $120. Why I’m going to pay $80 more but the reality is, they are two entirely different things when you look at hosting and maintenance out there. We talked about this a little bit before the call. I mean if you can get basic hosting for $20 or $30, it really delivers nothing and when something goes wrong, you don’t know who to contact. That’s the biggest problem with it. Tell me more about hosting vs hosting and maintenance and what should you be thinking about in particular. (23.54)
Justin: Yeah, absolutely! So, I guess, if we go back to that analogy of having your physical business (if you had a store), so your just e paying rent to the building itself. And that’s essentially what you’re doing and you’re just sort of, if you’re just paying for hosting, you just get the building and then you’ve got to look at everything from there whereas with the maintenance package, that sort of having someone who looks after having the cleaners come around and take out the bins and having security patrol the area and check on things and maybe update your locks every now and again. That sort of thing, So, it’s like having someone that actually looks after that for you because if you’re just getting the hosting itself, then you’re going to have to do those things for yourself and if you’re running a business, you don’t want to also be the one who’s doing the cleaning, taking out the bins, coming around in the middle of the night to check on the security and that sort of thing. it’s a lot better to be paying someone else to be doing those things and they’re the experts at it. They are going to know when it’s important to update. They are going to know when they were looking at the website, they will be able to look at the back end and quickly see if there’s any issues. They are checking it one every month or every week or whatever it might be. Then you are going to get much better service from them doing it rather than you trying to do it yourself and also you don’t have to learn a lot all those things and you don’t have to go through the hassle of doing those sort of updates. And I have found, with our service in particular, we have never had any worry that was having their website maintained on their monthly basis get hacked. However, I have had websites that we’ve built and the person is gone, Oh! look I’m just gonna go with, I’ve got my own cheap hosting, you know, I’m just going to go with that and then they’ve come back to us, you know, and then six months later or something saying, Oh! It’s been hacked, can you help me fix it? And it’s because they didn’t keep it updated, so, it really is important and it’s worth paying the extra money to just have someone else make sure that your business is being looked after and always online and there’s no issues. And if there is, if things do happen, Oh, Ooopps, I’ve accidentally broken something, you can go to your maintenance people usually and get them to fix it whereas if you’re just paying for hosting there’s no one really to help you and might end up paying quite a lot to get things fixed. (26.20)
Kym: And that is a real issue to because I’ve had clients like what if you and I first met and I have a website that’s was hacked and you had to rebuild it the very first time. It was an absolute nightmare to do that. Trying to fix it and it kept getting hacked because I went down the path of cheap hosting, I learned a lesson the hard way and I’m sure there’s a lot of people who’ve done that as well. Other clients have done that as well. They refuse to pay it. And you’re talking about probably $80 or $100 monthly not only to get the hosting, you’ll get basic website fixes done and when you think about the value of your business. I mean, I’m saying the businesses, the business has been down for a week on ten days while they’re trying to resolve it. Imagine how many sales you’ve lost with that or your customers go to your website and they’ve seen these funny scripts appearing because it’s been hacked. Seeing your website where songs appear, messages come up and imagine that impression that gives people. Your reputation, your online reputation is too important to worry about. So, this is an area that you shouldn’t skimp on based on personal experience. So, I have a lot of empathy for anyone who has been through that so you should be very wary and very cautious. (27.42)
Justin: Yeah, definitely not something you want to DIY unless you’re a website developer yourself.
Kym: Hundred percent. That’s really an interesting point you made there. Should your website developer also be the person who you host your website as well?
Justin: I think, I personally believe, Yes. It is better to have one person to go to. So, I quite often see people, other website developers, they’ll get someone, they’ll just refer you to some other cheap hosting. Look, just go over here, host with them and I’ll do the updates or whatever. But then when it’s a hosting issue, then it’s like, well, I’m not going to help. It’s not my area, you’ve got to contact their support and I think it’s a better service if you roll everything into one, if you have one person or one team who’s looking after your hosting, your website maintenance and also doing the changes to your website. I don’t believe that most business owners should be logging in to their WordPress website and uploading, changing images and that sort of thing. It really is, it’s like, if you’re doing that sort of thing, your really need to go and read the e-myth again and realise that these things shouldn’t be touching yourself and you need to outsource that to experts, who can do it faster and you don’t have to worry about the hassle of learning how to do it and the headache of trying to do it when you don’t know what you’re doing, breaking things and that sort of stuff. It’s better to just have someone else you can go to and then send them an email saying I want this done and they’ll make those changes for you. They will make sure that your website is kept up-to-date and is totally secure and they’ll look after the hosting issues and that sort of thing as well for you. So, I believe that it’s much better thing for a serious business owner to just have all those technical hassles handled by one person that’s easy to deal with. (29.43)
Kym: Hundred percent. I would even go one step further to say you get someone to create the content for them because that will be of self-interest.
Justin: Yeah, absolutely! That’s right.
Kym: So, one of the other thing is the side issue there too. You’ve talked about the hosting. You’ve got to make sure and we’ve talked a little about this with the domain. You have to have the admin rights and control of the hosting accounts as well as the domain account. Is that right? Oh sorry, who does? The business owner or the business needs to have the admin access and control of the hosting account as well as to the domain account as well.
Justin: I think that is important, yeah. And I think the domain, I never register domains for other people. I always believed that the domain is something that, is important asset for your business. It’s something that the business owner should register themselves and should have complete ownership and control of that. (30.41)
Kym: Like the business name of company name, same thing right?.
Justin: Exactly and you might hand out a log in for that so they can set up the hosting but you want it to all be in your name and you’ve got complete control over that. With the hosting, yeah. Absolutely, you want to make sure that you have access to that as well, so that you can, if something goes wrong with the person who’s looking after your website maintenance or hosting or whatever and you can’t contact them and you heaven forbid if they died or something like that, you want to still be able to access your things and maybe move it to someone else or if the relationship goes sour you want to still have that access, control of your own asset. You don’t want to have someone else controlling your business or important aspects of your business. (31.29)
Kym: Hundred percent. Okay, so that’s hosting, speed and etc. What about security? These days, it’s major issue, right? People are out there for, God knows for no reason I have no idea why they do it, hack Business owners, businesses websites just for the sake of doing it. So tell me about security and why are people hacking stuff and how do you protect yourselves?
Justin: Well, I also don’t know why they do it. They are a number of things, I think. There’s a whole variety of reasons why people do it. Why these malware scripts are out there. I don’t really want to go into that but the main thing I think you need to do as a or make sure is being done for your website on your behalf is that, firstly you have secure hosting. So, you want to make sure that you are not going with cheap hosting and your hosting is kept up-to-date as well because your hosting also has several parts, several pieces of software and that’s got to be kept up-to-date and looked after. So, you want to make sure you’ve got secure hosting and you’re using security encryption. So, you might have heard about that there’s an SSL or HTTPS. Basically, that’s become a bit of a thing lately because Google just released an update saying they are using that as a ranking factor in the search engines. And that’s basically just when the information is sent from the server to the visitor’s computer, it gets encrypted along the way. So, no one can intercept it while it’s travelling through the internet. And yeah, you want to have that security encryption and you want to make sure you’ve got strong passwords on everything. On your hosting and on your WordPress website. So, all your passwords are need to be good secure ones not 1234. (33.28)
Kym: That’s the admin password.
Justin: And yeah, you want to make sure that your WordPress files are all kept up-to-date, the latest security updates and patches, that sort of thing. And then, you want to make sure that your WordPress themes and plug ins that you’re using are actually quality well supported themes and plugins because quite often, people create these plugins and then they just stick them up and they might not support them. And so, if the security update occurs that they might need to just update their code a little bit to make sure they gets protected against that issue. Yeah, you want to make sure that you’re selecting plugins that are supported by a team that does that. They don’t just leave it out there for forever and never update it. And same with your theme files, don’t go with cheap themes that are poorly supported. So that can be an issue. (34.27)
Kym: So, how do you determine what’s a good plugin? Is it a number of people who’ve downloaded it? How do you make a decision?
Justin: Usually I would look at not just the number of downloads. So, number of downloads just gives you a bit of indication whether it’s more popular than others but the more important match is just looking, you can usually see in the WordPress depository where you can get the plugins. So, if you’re looking at themes from a market place or whatever, you can usually see when they were last updated and what they’re compatible with currently and so that should be the latest version of WordPress and that sort of things so, you can also often see how they respond to support request in their support.
Kym: Yeah, in a forum or something
Justin: Yeah, are they responsive to support requests and that sort of thing. You can generally say that.
Kym: Right, so if the last question answered was three years ago. You’ve probably should steer away from it. (35.26)
Justin: Absolutely.
Kym: That’s really a good tip there. Look, with passwords. What’s your experience with passwords in how should they be constructed or you should use the automatic one that’s generated with the ten digits or the fifteen codes what’s your advice with passwords?
Justin: My advice is use the complicated long one that you’re never going to remember because you might only need to use it once a year or something like that. You’re not going to be logging in all the time. You don’t, it doesn’t need to be a password you know how to remember, you just need to have that stored safely somewhere on your computer so you can copy and paste it. I think that’s or if you’re using a password, that’s a much better way to go and this is just a general bit of password advice.
Kym: Yeah.
Justin: Generally, you are better off, to have a password that you want to remember, try to remember a sentence password. So don’t just use the eight digits or whatever. You better try to think of a sentence. I’ll try to think about, so maybe it’s like three or four words and within those words some I’ll capitalise, some I’ll replace the letters with numbers. (36.49)
Kym: Yeah.
Justin: That is a lot more, it’s easy to remember if you make into sentence like that but it’s a lot more secure than a short password that just has all those, you know, the capital, the symbol, the number, you know, that sort of thing.
Kym: So, not the sentence itsmypassword, not like that?
Justin: No. (37.15)
Kym: And the other thing I think that’s really important, I’ve seen so often with websites is because they don’t have a username called admin. Because so often, that’s the most common thing, it’s so risky about admin because sometimes there’s an admin password right? Admin Admin, I’ve seen that before as well. Username Admin is the password.
Justin: Yeah.
Kym: It’s like holding your arm up and saying come hack me. And make sure that usernames are good usernames as well as password are reflected. I guess the other thing is to be careful if you are outsourcing. I’ve seen quite a lot of people who will outsource to people overseas give developers log ins, etc. When you finish that piece of work, delete that password or change the password or have one that you regularly give your contractors and have them the usual passwords. If you’ve got to use an outside contractor Give them a specific password.
Justin: Absolutely yeah or in WordPress itself. You can set up different users. So you might set up a separate user for that person who’s going to be looking after the website or working on it. In that way, if you need your, you’re not affecting your logins, you can simply delete that user and then they won’t be able to access it anymore. (38.35)
Kym: That’s the important thing I think too because you’ll also track the changes have been made by Date and Users so it’s important to see that. Don’t give your password to everyone. Set up separate users and separate passwords for people as well.
Justin: Absolutely. And then the other thing just with regards to security and WordPress is that you want to have a good security firewall plugin. We use Wordfence and there is other ones for security, there’s a couple of good ones. Yeah, that just adds a layer of protection of your website against brute force attacks and things like that where they have a great database of what their current malware and what their security flaws are and that sort of things. They are really good of being able to keep your website secure as possible. And finally, another step that you should take with a WordPress website is make sure you have solid back ups and have stored. We actually go as far as three layers of back up server.
Kym: Right (39.41)
Justin: We have backups of the database that gets sent to the Gmail account just in Google hosting and then we have full WordPress backups taken and stored in Amazon hosting. So, they’re in three different locations and we always know that there’s something that we can fall back on if one of them fails. Yeah that just means that if something does happen, if the worst comes to worse, we can or if there’s just small files and stuffs in there, we can simply wipe the website and load that up from the back up.
Kym: How often would you back up?
Justin: We do daily server backups. We do weekly database backups and monthly full site backups. (40.25)
Kym: And I guess that’s another reason to work with the hosting and maintenance type package where they will do with the backups as part of that right?
Justin: Yeah, absolutely.
Kym: Because otherwise, you’ve got to work how to do back ups yourself and where are you going to save it. All those sort of stuff. Again, you don’t want to do.
Justin: Some of that can be automated but it is good to also just manually check the backups and that something we do as part of our monthly maintenance is just do a manual backup but make sure that it’s all good.
Kym: Yeah because there are backup plugins you can use and you mention as well that you can save it on your desktop. There is all sorts of options for that but again it’s something that you really want to be doing.
Justin: Yeah, absolutely.
Kym: We’ve covered a fair amount of ground today. I’m sorry it’s been a little techy but I think it’s an important thing, , you have really got to think about when you’re looking at rebuilding your website even if you’ve got a current website be thinking about your domain, thinking about your hosting and thinking about your security and asking the right questions. You know, getting your domain in your name , always in your name so if you don’t know where it is, the very first thing is you go to your website developer or you can look at your school whois.com.au, from memory is that right?
Justin: Yep, Whois will tell you the registrar where it is registered with. (41.47)
Kym: So, if you don’t know the log in, you can certainly look that up and contact the registrar and say you find out whether you do own it and make sure it’s on your name and make sure you’ve got the right hosting and not cheap shared hosting ideally cloud hosting or vps or if you’re getting to a bigger e-commerce business dedicated servers and also, I guess make sure you’ve got the right hosting, you have access, you have admin control of that hosting account in case something goes wrong. You might want to delegate to someone I guess but you should take ownership and control of it. Is that right, Justin? (42.23)
Justin: Yeah.
Kym: And also just to look at what you’re doing with hosting, don’t just go for cheap hosting do your research. Look at all the little updates that are important. You are going be doing all the little backups in each daily and weekly. Do you really want to be doing all the changes you’d probably can’t do. So look for a package where you can get hosting and also hosting and maintenance. I’ll put a link in there, we can look some of those that we have in conjunction with Justin. Otherwise Google it and ask people but find the right hosting and maintenance package. And I guess the final thing is security, right? Those five things we’ve mentioned: No cheap hosting, making sure you use https (and also about https aside from security, if Google says it’s a ranking factor it’s going to become more and more important and you will actually lose ranking if you don’t have it. If you haven’t moved yet to https that needs to be on your agenda asap), Strong Passwords, Having the right security plugins and sort of back ups. That was it, wasn’t it?
Justin: Yeah
Kym: So we’ve covered a lot of ground mate. I’ve really appreciated picking your brain. Anything else as a final thing that you want to add? (43.46)
Justin: No, I think when it comes to looking after your website and making sure you’ve got good hosting the main issues are security and fast loading and making sure you’ve got good support so you can if and when things go wrong or you need help you know you can have someone you can rely on to help you out quickly.
Kym: Yeah, hundred percent. But mate thanks again. Absolute Marketing jewels as usual when we speak to you Justin. I really appreciate that mate and hopefully that will help people get sorted and gain knowledge not just to build that websites which we talked about our last episode but actually to keep running like a well oiled machine and run it properly because it is a shopfront to your business. People will see and if it looks bad then your reputation is bad and if the site is slow to load that will impact visitors. Make sure you’ve got a website that is working well that fast and is well protected. Nothing worse if someone is being hacked and then that affects the customer right? Even worse.
Justin: Yeah.
Kym: So make sure it’s all working fine. Thanks again mate, I appreciate that and we will speak soon.
Justin: No worries at all. Thanks for having me on the show. (44.53)