Keeping WordPress updated with Installatron

Keeping WordPress updated with Installatron

Keeping WordPress updated with Installatron 1

As everyone knows by now, the biggest reason for hacked WordPress Websites is lack of maintenance, resulting in vulnerabilities caused by out of date WordPress core, plugins and themes.

IT is critical to keep your WordPress installation up to date as well as all your themes and plugins, failing to do so will result in your website having vulnerabilities that cybercriminals can take advantage of to get access to your website, install malware, redirect your traffic, use your site to DDOS other sites or steal customer data.

With so many tens of thousands of plugins available, many created by bedroom coders, many also often get abandoned by their developers or just do not get updated regularly enough to stay compatible with the latest version of WordPress. In some cases, the developers have been known to sell their plugins to cybercriminals.

So it is also important to keep a check on all your plugins to make sure they are still being maintained and supported and have not been removed from the WordPress plugin repository.

I do a lot of WordPress support these days, removing malware, fixing bugs, improving performance, migrations and of course, performing updates and installing security. In almost every single case I find that customers are not taking advantage of the tools they have available through their control panel.

Installatron

A service from Installatron.com for website owners and small businesses, Installatron Remote accepts any website's FTP or SSH information, enabling web applications to be uploaded, installed, and managed.

Installatron is an application installer that allows quick and simple installation of web application such as CMS’s, blogs, forums and much more. It is used by many hosting providers in their hosting control panel (Cpanel, Plesk and DirectAdmin) and is also available as a remote installation for anyone else.

What most people do not realise is that Installatron also has the ability to monitor your WordPress installation and inform you about updates or to just install them for you automatically.

First login to your hosting control panel and look for the Installatron icon. If you do not have this, then your hosting probably does not offer this option, in which case you have the option of installing the remote version yourself or moving to a host that does offer Installatron.

If you are based in the UK then I can recommend my own hosting provider Guru, you can read my review of Guru here.

Installatron icon  in Cpanel

Clicking on this icon will then show you all your existing apps which were installed using Installatron. If you did not install WordPress using Installatron, then it will not show up here, but don’t worry you can also import any existing WordPress install (see below).

Manage Your Application

Keeping WordPress updated with Installatron 2

From the list of installed application, click on the wrench icon to manage your application. From here you can choose your notification or update settings.

Note that Installatron will send out email notifications whenever an action is completed, so be sure to verify that the email address you have set is valid and that you have whitelisted emails from the control panel.

Keeping WordPress updated with Installatron 3

What settings you use here very much depends on how critical your website is you and your business.

If you have a simple brochure website, then you could just set everything to auto update, and then just make sure you check your site after updates occur to ensure everything is still working as expected.

If your website up time is critical to your business, then I would suggest just enabling notifications, and then performing the updates manually outside of business hours so that you can easily roll back if any issues occur.

NOTE: If something goes wrong during an update, which breaks your website, then you will need to restore your latest backup. So the first thing I recommend is that make sure that you have backups in place and that they are working and that you know how to restore your website if required.

Check with your hosting provider how often they are performing backups of your website, and test out the restore process.

Installatron also gives you the option to perform a manual backup prior to performing any updates. You can choose to backup locally to your hosting space, to backup externally to various cloud storage services or via FTP.

When you perform a manual update by clicking the “update” button, it will ask you if you want to perform a backup first. You can also perform backups on demand using the backup button.

Keeping WordPress updated with Installatron 4

IF you do not want to perform untested updates on your live site, then you can use the clone button to make a copy of your website on a sub-domain (e.g. testing.yoursite.com). You can then perform all the updates on the clone first, make sure everything is working, and then do the same to the live site.

For detecting abandoned plugins or plugins with vulnerabilities I recommend installing WordFence. This will scan your installation and report any issues it finds with your plugins and themes.

Import existing WordPress install

If your WordPress installation was not created via Installatron, then no problem. Simply go to the application browser, choose WordPress, then choose import instead of install.

The process is very simple and entirely automated, all you need to do is choose the website/domain you want to be imported.

You will then have access to all the Installatron features.

Keeping WordPress updated with Installatron 5
Litespeed Cache issues on WordPress Multisite

Litespeed Cache issues on WordPress Multisite

Litespeed Cache issues on WordPress Multisite 6

So I fairly recently moved all my WordPress websites to Guru (which I am happy with BTW) who use LiteSpeed server. As a result I also switched over to the Litespeed cache plugin.

This was working fine for about 1 month, then I started getting some weird and unwanted behavior, probably after installing updates.

On every single page on my site (this one) I was getting a background image inserted that was nothing to do with my site at all as well as some other random layout and menu issues.


I inspected the source and saw that the image in question was actually coming from one of my sub-sites Even more strange was the fact that this image was not even a site-wide background image on that site either, it was only used on a single page.

I determined it was Litespeed delivering the image by checking the network activity in the chrome inspector, and then disabling all the features in the lscache debug tab, which caused the CSS issues went away. So I then started disabling all the features individually and nailed it down the “critical CSS” option.

So I then contacted Litespeed support for help, who surprisingly were quick to respond and help, especially considering this is a free plugin.

It turns out that the critical CSS generator by default only generates one set of CCSS for all the websites, due to which sometimes a different CSS can get mixed up.
This can be solved by using the following https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:cache:lscwp:configuration:optimize#separate_ccss_cache_post_types

And set Litespeed Cache plugin to generate different CCSS for each page and post. I am told I shouldn’t get this issue again, so fingers crossed.

How to fix WordPress “Briefly unavailable for scheduled maintenance”

How to fix WordPress “Briefly unavailable for scheduled maintenance”

How to fix WordPress "Briefly unavailable for scheduled maintenance" 7

So you have most likely performed an update on your WordPress site, which has resulted in your site being down with the message “Briefly unavailable for scheduled maintenance. Check back in a minute”.

Don’t panic as this error is fairly easy to fix, read on to find out how.

What causes this error?

Whenever you perform an update in WordPress, such as updating a theme or plugin, WordPress automatically puts itself into maintenance mode. And during this maintenance mode, it displays the “Briefly Unavailable for scheduled maintenance” message to visitors rather than just leaving you with a broken website throwing errors.

Under normal circumstances, once the update is complete, the maintenance mode is disabled and this message disappears. But sometimes the update process may fail, usually due to timeouts or plugin issues, and the maintenance mode will remain enabled.

The quick fix

When maintenance mode is enabled, WordPress also creates a special maintenance file in the WordPress directory. Once the update process completes, this file normally gets deleted, this disabling maintenance mode.

When the update process fails or gets interrupted, this file is not deleted, which results in maintenance mode remaining enabled and the “BRIEFLY UNAVAILABLE FOR SCHEDULED MAINTENANCE” still being displayed.

So a quick fix is to manually delete this file from the server, here is how.

The quickest and easiest way to do this is via your hosting control panel using File Manager.

How to fix WordPress "Briefly unavailable for scheduled maintenance" 8
Cpanel hosting control panel

Simply login to your web hosting account and then hit the File Manager Icon. The above image is from CPANEL which is what most hosting providers use. If you are not using CPANEL and cannot find any file manager, just ask your host where to find it.

If for some reason your host does not provide a file manager, then you can also do this via FTP. Your hosting provider will have specific instructions on how to do this.

How to fix WordPress "Briefly unavailable for scheduled maintenance" 9
Cpanel File Manager
  • Once you are inside the file manager, locate the home directory for your WordPress installation. This is usually “public_html” or “wwwroot“.
  • Now find the .maintenance file in your WordPress directory.
  • Do a right click on the .maintenance file and choose the delete option.
How to fix WordPress "Briefly unavailable for scheduled maintenance" 10

If you do see the .maintenance file, you may need to “show hidden files” in the file manager settings. Click the settings button in the top right.

Then refresh the file listing and hopefully the file will now be visible, allowing you to delete it.

Once the file is delete, refresh your website, and hopefully, it should be working and no longer displaying the
“Briefly unavailable for scheduled maintenance” message.

Managed WordPress Hosting & support
Review of guru.co.uk WordPress hosting

Review of guru.co.uk WordPress hosting

Review of guru.co.uk WordPress hosting 11

Disclaimer: I use affiliate links (who doesn’t), this makes no difference to you, but gives me a small commission if you then decide to make a purchase from that company. Please note I do not ever recommend a product or service just to get clicks. Unlike a large proportion of reviews out there, my reviews are legitimate, honest and based on personal experience of actually using said product/service. If you have a problem with affiliate links, don’t click them, simples.

GURU is another host which I am seeing recommended more often on my WordPress groups, as usual with lots of positive feed and great reviews on Trustpilot, but nowhere near as much as the likes of SiteGround, which is easily the most popular recommendation. So in my quest to find something better than SiteGround, Guru were next on my list.

In this review I am using their £19.95 reseller plan.

Note: I decided to stick with Guru, so I will be updating this review of their services over time.

Migration

Since I provide website migration services myself and ran a web hosting company for 16 years, I have obviously done hundreds of website migrations over the years and I know how to do it with my eyes closed. But anytime a host offers free migration, I will ask them to do it for me to test their migration skills, customer service skills, WordPress knowledge and overall competency.

I submitted a request for free migration and sent them a link to the backup which I had shared via one-drive. Unfortunately, they won’t accept links to backups you have done yourself and insisted I give them access to the site instead to do their own backups. I found this a bit weird, as it just makes the job more time consuming for them, but I provided a temp login and waited

3 days passed and still nothing, so I chased up the ticket only to be told they were too busy and it probably wouldn’t be done until next week now , which would have been another 5+ days. So I decided to do the migration myself instead as i wanted to get my performance tests done.

I have since submitted a few other sites for migration to see how long it actually took. I used my own site this time, which is a multi site network consisting of 7 domains, and a few regular sites.

They completed the migrations successfully, however it did take them between 6-9 days for each site, which is pretty slow, when you consider I can migrate a site in under 1 hour. So I wouldn’t rely on them if you need the migration done urgently, and you would definitely need to plan this well in advance of your old hosting expiring if you wanted to take advantage of the free migration.

Guru use Blogvault to do their backups and migrations, which failed to do my multisite, and they had to resort to doing it manually. I usually use All-in-one WP Migration to do my backups and migrations, and it has not failed me yet, including on this site. This tells me my backups solution works better than BlogVault 🙂

Review of guru.co.uk WordPress hosting 12
Website Preview

I also want to mention this very useful ‘website preview’ option they have. I have used numerous cpanel hosts, but it is not a feature I have seen before, so it may be a custom module they have developed.

This module creates a temporary sub-domain for you (or your client) to access and test the website prior to making DNS changes. Presumably, it creates a bunch of rewrite rules to achieve this, although they are not created in the .htaccess file, so I assume it is done at the litespeed level.

So far it has worked 100% and allows full testing of the website, and does not cause the WordPress redirect to kick in. This is certainly a much easier solution than having to explain to clients how to mess about with their hosts file to tests the site.

The other major benefit with having this testing URL, is that you can even run it through pagespeed tests as well so that you can also tweak the site before making it live.

Performance

Review of guru.co.uk WordPress hosting 13

In their KB, guru recommends using the LiteSpeed cache plugin. I have tried this before on other LiteSpeed hosts and have never achieved very impressive results compared to other caching plugins, but on Guru’s servers, it has so far matched the performance of W3 total cache, with less effort.

Bear in mind that the tests below were not done during peak times, when servers will be more busy.

SITE 1 : Mamma Mia Pizzeria

Review of guru.co.uk WordPress hosting 14

I performed 10 tests on the site using LiteSpeed, W3TC and LiteSpeed+Cloudflare. Only 6 tests on Pingdom as the variance is much less, and you have to wait much longer between tests as pingdom block you if you do too many too quickly.
I have compared against my old host Siteground, where I am using Cloudflare as standard as all sites are slower without it.

GURU SCORESLiteSpeedW3TCLS+CloudFlare
Average GTMetrix PageSpeed4s4.14s4.41s
Average TTFB4242148ms
Pingdom Load time947ms947ms1.14s
SITEGROUND SCORESLiteSpeedW3TCLS+CloudFlare
Average GTMetrix PageSpeedna4.44sna
Average TTFBna1sna
Pingdom Load timena1.88sna

As you can see the difference between LiteSpeed Cache and W3TC is insignificant, LSCACHE wins by a fraction, although I have only use dthe default basic config and not tweaked the advanced settings.

So considering how much simpler LSCACHE is to use, with minimal configuration, I would likely stick with this plugin, plus it will likely achieve better performance once I start playing with the advanced settings.

Using Cloudflare provided no speed improvement whatsoever and was in fact slower. The big difference is the TTFB which is 3.5 x slower using Cloudflare. So the only advantage of using Cloudflare here would be for the DDOS protection.

When compared to Siteground, the TTFB is about is almost 3 x faster and according to pingdom the page speed is almost 1s faster.

SITE 2: michaels.me.uk

Review of guru.co.uk WordPress hosting 15The loading times when compared to Siteground are not very different, but once I enabled cloudflare this took 200ms off. Guru’s TTFB once again is about 3 x faster than Siteground.

GURU SCORESLiteSpeedW3TCLS+CloudFlare
    
Average GTMetrix PageSpeed1.47na1.61s
Average TTFB43msna73ms
Pingdom Load time1.01sna285ms
    
SITEGROUND SCORESw3tcW3TC+CloudFlare
    
Average GTMetrix PageSpeedna1.69s1.67s
Average TTFBna149ms205ms
Pingdom Load timena1.12s413ms
   

Support

Guru support

During my initial migration my tickets were opened in the early hours (past 1AM) and were responded to within 2.5 hours. If this was during peak hours, I would be fine with that, as that is when they are busy. But I would rather expect responses to be quicker at this sort of time when most customers are sleeping and things are quiet.

Subsequent tickets I have opened thus far have been responded to much quicker and I have had no issues.

The few times I tried the live chat I got no response or it took a very long time, but I have since been told that they were having some issues with the live chat on those days and that this is not normal. I have not any such issues since then.

Apart from the time it took for the migrations, overall I have been happy with the service/support so far. All my questions have been answered and my issues dealt with.

On one of the sites I migrated, the Litespeed cache was not working, and threw an error claiming it was disabled when it wasn’t. They resolved this problem for me without any blagging or excuses or attempts to blame me or my other plugins.

So the experience so far has been quite refreshing compared to the type of responses I have grown accustomed to with Siteground, which were usually unhelpful, arrogant and condescending and would usually make every effort to refuse to help and make it “your problem”.

I have my fingers crossed that guru staff are more observant about their customer’s technical skills and respond accordingly rather than treating you as an incompetent muppet by default.

Based on my experience of the service and the support thus far, I determined it is significantly better than Siteground across the board, and so have decided to make the switch permanent and have migrated all my sites to guru.

Security

Guru have WAF (Web Application Firewall) protection on all their cloud servers by default, which monitors and protects against known attacks and intrusions.

On the reseller account I can create a separate cpanel account for every customer/site and thus isolate them from each other.

Guru also does not allow remote access to mysql by default, requiring you to use SSH. This is a PITA if you need to use external tools which do not support SSH, such as manageWP, but is good from a security perspective, as attackers simply cannot even try to hack into your databases, which otherwise affects server performance with all the daily hack attempts that occur.

In addition, they do not allow plain un-encrypted FTP, it is FTPS only. this is good.

SSL

When I was with siteground, the letsencrypt ssl renewal would regularly fail (silently), leaving my site broken until I noticed. I would then have to contact siteground support, get blagged and told the issue was with my site, have to argue with them and try to convince then it was an issue with letsencrypt and try to get them to fix it.

With Guru, the auto renewal happens in advance of the expiry date, giving you time to take action if it fails. When it did fail, it sent me an email to tell me why so that I could fix it. In every case it was due to no longer active aliases or sub-domains.

The first time it happened I did not realise I could fix it myself via cpanel, so contacted guru supported, and they simply fixed it without any blagging.

Summary

Here is my pros and cons list, almost all of these trump Siteground, who do not offer the same.

PROSCONS
Fast Servers + cachingno direct access to database backups
Support are helpful and
not condescending
No staging option
Very reasonable pricingSlow migrations
Performance boost option
Four-hourly Off-site Backups, hourly on pro plans.
£1 for first month, so cheap to try them out
multiple cpanel accounts/cages
Free on-demand backups
Website Preview
More RAM per site than other hosts (1GB)
port free subdomains for services
e.g. cpanel.yourdomain.com
webmail.yourdomain.com
Notifications if ssl renewal fails

I have been told they are working on a staging option, which is great, and if they added a few other useful features in Cpanel, they would be pretty much perfect in my books.

E.G.

  • Password/IP Protected Files/folders manager
  • Enable/Disable wp_debug
  • Collaborator Access (temp logins)
  • Force HTTPS :
    Redirect all requests made to your site over HTTPS
  • Staging

I know these things can be done manually, so these are feature requests of convenience.

UPDATE: MAY 2019

Well, it has been nearly 3 months, and I still have no complaints. There have been no major problems, all my sites are running fast and support so far has still been great.

They have responded to tickets in a timely fashion and have solved any issues I have had without passing the buck or fobbing me off, and I have not smelt a whiff of bullshit 🙂

WPX Hosting Review

WPX Hosting Review

WPX Hosting Review 16

Disclaimer: There are affiliate links ahead, because why not!. My reviews & opinions are always honest and legitimate and I will never falsely recommend a product or service just for affiliate clicks. If you have a problem with this, just do not click the links.

I have been considering moving on from Siteground when my yearly hosting expires (read my siteground review) and decided to give wpx hosting a try, so here is my wpx hosting review.

Wpx hosting seem to have almost too good to be true reputation, with positive reviews everywhere and they boast that they have superior WordPress performance and support compared to all other WP hosts, and the reviews do seem to concur, especially this one.

So wpx hosting have quite a reputation to live up to and I have quite high hopes and expectations from them here. However the same was also true of SiteGround, it is very hard to find negative reviews, yet my experience with their customer service and support has very rarely been positive.

1. The website migration

Since I provide website migration services myself and ran a web hosting company for 16 years, I have obviously done hundreds of website migrations over the years and I know how to do it with my eyes closed. But anytime a host offers free migration, I will ask them to do it for me to test their migration skills, customer service skills, WordPress knowledge and overall competency.

Sadly this was a #fail from the get-go, as they refused to do the free migration based on the fact that I also wanted to change the domain name during the migration, citing that it was a complicated and time-consuming process. If I wanted them to do the migration then I would have to pay $98, so I declined and did it myself.

I have done the domain name change many times, not only for clients, but it is the standard process I use when testing out hosts, which involves cloning my own site over to a sub-domain, which of course involves changing the domain name.

Now granted if you were a noob and you were doing this for the first time and thus tried to do this manually, then yes it could be a complicated and time-consuming process. But as any WordPress professional (or host) should know, there are plenty of tools that will do the job for you with little to no extra effort.

WPX Hosting Review 17

I generally use All-in-One WP Migration, which allows you to change the domain name when you perform the backup, which automatically changes all references of the old domain in the database to the new domain. So when you restore your backup at the new location, it is running on the new domain. I have also used ManageWP to do the job on several occasions as well.

Amount of additional time/effort required : 0
So I found $98 to be rather expensive just to switch the domain name, which I can only assume is down to lack of knowledge on how to do it efficiently.

WPX Hosting Review 18
A 301 redirect is a permanent redirect from one URL to another

The second issue I had was the 301 redirect from the old domain to the new domain. Again this should have been a really simple process.

The usual process is as follows:-

  1. add the old domain as an alias to the new domain
  2. add 301 redirects into your .htaccess file from old domain to new domain.
  3. update dns for old domain (if moving to a new host)
  4. Re-generate your letsencrypt SSL so that it includes the domain alias. This is required for https redirects to work.

You may be asking, why didn’t you do the SSL before updating your DNS? Well, unfortunately, the way lets encrypt works (has been implemented at most hosts) requires that your domain is already pointing at the hosts server first, as the SSL registration process first checks the DNS, and if it points elsewhere, it fails.

This is obviously a massive PITA for migrations or if you use cloudflare or Sucuri as it also breaks the 3 monthly renewal of letsencrypt. Hosts really need to disable the DNS check on their letsEncrypt implementation to make it more reliable.

Now with almost every host I have used, you generate the letsencrypt ssl within cpanel, and it includes all domain aliases by default. But WPX hosting control panel did not do this. As a result, the redirect failed, because as soon as anyone hit the old domain over https, they got a security alert from the browser about an invalid ssl certificate, which stopped the redirect from ever happening.

I had to contact wpx support to get this fixed and I had a hard time making them understand what the root cause of the problem was and how to fix it. At one point they decided to install “Really Simple SSL” plugin on my site to redirect http to https, which they thought would fix it.

I then had to explain that no plugin would fix this issue since it existed outside of WordPress and was nothing to do with http to https, which was working just fine without the plugin.

This worryingly showed a general lack of knowledge about hosting, ssl, browser security and WordPress. All things that a host and self professed WordPress expert really should know inside out.

So first impressions were not great and so far and thus do not give me any compelling reason to think that wpx hosting’s support will be any better than SiteGround when I need to use it.

2. The Website Performance

WPX Hosting Review 19

Once again my expectations were high based on what I have read. But after running some tests with gtmetrix and pingdom, sadly I did not see any significant performance improvement compared to Siteground.

When I asked wpx support about this, they told me that I needed to use W3 Total Cache to get the best performance on their servers.

This was rather annoying, as I specifically do not use W3TC because it doesn’t play well with the DIVI theme I use on my sites, and I have to keep disabling it to make the DIVI builder work properly. But I disabled my normal caching plugin and enabled W3TC instead, and performed my tests again.

With the following tests below I am using WPX-Cloud on the WPX site and Cloudflare on the siteground site, so both are using a CDN.

With W3TC + WPX-cloud enabled there is a small improvement of about 0.5s, which is certainly nowhere near the 3 x speed improvement they claim, although the TTFB is considerably better, but this is mostly down to cloudflare which generally makes TTFB worse.

Bear in mind also that gtmetrix tests the “fully loaded time”, which includes all external resources that load asynchronously too (google maps, font, facebook pixel etc), so can be misleading as these load on the client side and thus will always load at the same speed regardless.

Winner: wpx hosting

WPX Hosting Review 20
SiteGround gtmetrix score
WPX Hosting Review 21
Siteground TTFB
WPX Hosting Review 22
WPX gtmetrix score
WPX Hosting Review 23
wpx hosting TTFB

Next I tested with pingdom tools, which doesn’t count the asynchronously loaded resources, which was giving an average just below 1s for wpx, compared to Siteground which more consistently between 1-2s. So the difference is just under 1s on average.

However I did 2 tests a 2 different times of day, and got different results. During the day, Siteground was better, at 2AM GMT, wpx was better.

Winner: Siteground

WPX Hosting Review 24
Pingdom score for wpx hosting
WPX Hosting Review 25
Pingdom score for Siteground
WPX HostingSiteGround
GTMetrix Pagespeed4s4.44s
TTFB31ms1s
Pingdom Score0.76s1.88s

In both cases you can see that wpx hosting does have a better performance grade and TTFB, but is it enough to warrant changing hosting provider?

I contacted wpx hosting and sent them these scores to see what they would have to say and asked if they had Memcached or Redis or any other caching tech on the server which would enable to me to achieve the superior performance they boast of.

Here are some of the responses I received, which I found a little odd.

To be more objective I tested the website directly from London where the location of the server is located.


You can see that the test shows a load time of 1 second for the homepage despite the external resources taking over 400 ms load time: http://take.ms/dfHLh / https://tools.pingdom.com/#5a2c0eb825800000

Another test : https://tools.pingdom.com/#5a2c10014ec00000 shows again that all the resources spcifically from the server are loading without any issues, again only the external resources are taking up load time.


Svetlozar T.
Senior Technical Support at WPX Hosting

My tests were also done from London, so not sure how his tests could be more objective than mine, but Svetlozar insisted they were and refused to budge on this or explain why.

Also, he seemed proud of the fact that his Pingdom test took 1s (500ms longer than mine), and kept pushing this fact. I had to point out to him twice that lower response time is better and thus his scores were worse than mine and not better, but he absolutely refused to accept this.

I also had to explain that you cannot simply do 1 test and base everything on this result, as the test results fluctuate a lot. You have to perform multiple tests and look at the average score. He also refused to accept this or discuss frther as well, so I decided it was probably time to quit and cut my losses at this point as I was beating my head against the proverbial brick wall.

Based on the responses I received, I felt that they do not fully understand how to do performance testing or how to interpret the results nor do they understand the difference between gtmetrix and pingdom.

Test 2

I also went ahead and cloned over a 2nd site for testing (zenmsp.uk) just to give them the benefit of doubt.

On Siteground, it is using Siteground’s own Supercacher plugin and no CDN. This is only because the theme originally had issues with W3TC and I am unable to use CloudFlare on this domain for other issues I won’t go into.

On wpx I used W3 Total Cache with their recommended settings plus their wpx-cloud. So I really expected wpx to win this one.

Average score after 10 tests

WPX: 3.87s

Siteground: 4.14s

So yes wpx won by a mere 0.27s (270ms), which is an insignificant amount. I think if I switched the Siteground version to W3TC and used cloudflare, it would beat this score by a more significant amount.

I have given wpx the opportunity to look at the site and have a go at improving the performance, so I will report back if anything happens.

Resource Limits

One thing many people do not take into consideration is resource limits. While a hosting may seem like a good deal when you just look at the price and quotas, this is often marred by resource limits which would cripple a busy site quite quickly, causing you to need to upgrade. This is a tricky tactic a lot of hosts use.

I asked wpx support about the resource limits imposed per site, and this is the reply I got back.

All websites are separate from each other and they do not share resources nor can affect another.

The number of simultaneous server processes is 3 php processes per site. The plan you are on (the Business plan) has 128 MB memory limit per website and 1 dedicated CPU for the whole plan. 

Ani D

If you are only hosting 1 small site, this will suffice. But if you were hosting multiple sites as the plan allows, then these limits are very likely to cause performance problems.

Modern sites using themes/builders like DIVI, wpbakery, beaver builder etc all require 128MB as a minimum, so imagine if you have 5 sites all fighting for that same memory.

So busy sites, eCommerce sites, resource heavy sites etc will need something better.

3. Control Panel

WPX Hosting Review 26

Pretty much every host out there uses cpanel these days, I have not come across one for a long time that doesn’t. Which was something I found appealing about wpx hosting initially, as they have their own in-house control panel instead and frankly I hate cpanel, the UI is awful.

Sadly the appeal soon wained once I started using it and realised how limited in functionality it was, it was also painfully slow, most actions such as adding a domain or email took several minutes.

Okay so they only do WordPress, and they are clearly targeting non-technical customers and agencies who want a fully hand-held, managed solution, so they do not need all the functionality of cpanel, which is fair enough, and if you are one of those types of customers, you will probably love it. But if you are more technical like me and want the ability to do things yourself, you will find it a very lacking and probably get quite frustrated having to constantly contact support.

4. Pricing

WPX Hosting Review 27

If you have multiple small websites, then i’d say the wpx pricing is very reasonable. At $24.99 for 5 sites on the business plan, that is only $5 per website +tax. The bigger plans are cheaper per site. Frankly If you are not willing to spend a measly $5 per website on hosting, then you deserve crappy/slow hosting.

If you only have 1 small website, then $24.99 may seem expensive compared to other hosts, but then those hosts are not offering the same level of support and management.

WPX hosting claim that they will fix any issue with your site or remove malware completely free of charge. This is worth the price all by itself and is what “managed hosting” should be. Sadly I cannot confirm or deny whether they deliver on these claims, but given the caveat with the free migrations, I must admit to being a bit skeptical.

Every plan includes all the following features, which is pretty good to be honest, as not a lot of hosts offer some of these features.

High-speed, custom CDN  Unlimited Site Migrations*  Unlimited SSLs
24/7 Fast-response Support  Staging Area  Email  Manual Backups
DDoS Protection  Malware Scanning & Removal  PHP 7.X  HTTPS/2
30 Day Money-Back ● 28 Day Automatic Backups
99.95% Uptime Guarantee
1-Click WordPress Installations ● USA + UK Hosting locations

If you only have a single website, then I would be inclined to recommend GetFlyWheel instead, as their TINY plan is cheaper at $15 and in my experience, the service is almost flawless and the performance is better as it is not shared hosting, plus they also offer a fully managed service.

Comparison

Here is a comparison between 3 plans I have setup for the purpose of hosting multiple sites for clients. They are all roughly around the same sort of pricing. Although SiteGround is considerably cheaper for the initial period, the price below is the renewal price.

 WPX HostingSiteGroundGURU
PlanBusinessGrow BigReseller
Price$24.99 pm (£14.30)£14.95 pm£19.95 pm
Accounts11Unlimited
Sites5
CPU1CPU total20,000 cpu seconds per day30% cpu per account
Processes3 per site20,000 per day50 per account
RAM128MB per site∞ (not sure I believe this)1GB per account
SPACE 10GB 20GB 100GB
DATA 100GB1000GB
EMAIL 0
WAFyesyesyes
DDOS Mitigationyesno 
Stagingyesnono
Auto BackupsDailyDaily4 hours
Manual Backupsyes$19.95 per backupyes
White Labelnonoyes
Site isolationyesnoyes (by using separate accounts)

Summary

If the performance and support of wpx hosting had met expectations, then I would have certainly say it is easily worth the extra cost for a fully managed service with high-quality support from WordPress experts and would have transferred all my sites.

But sadly they did not live up to their own hype and my expectations were not met, and I certainly did not get the feeling of dealing with WordPress experts and the performance improvement was not that significant. Sure they are faster than the average generic host, but not faster than other WordPress optimised hosts I have used.

While it did feel they would probably be more helpful dealing with WordPress issues and support, in general, especially with the claim to fix any issue for free. I did not feel as though the level of competence or knowledge was any better than Siteground which could result in the same bad advice and mistake being made that I have experience with siteground.

Another annoyance was that they seemed completely unwilling to accept the possibility that the client might actually know what they are talking about and might possibly know more than them, which was quite arrogant.

PROS

  • you get a fully managed, hand-held hosting service
  • they are probably more willing to help you rather than tell you “not our problem” as other hosts do.
  • you get all those other features thrown in which most hosts do not offer.
  • simple control panel for non techies
  • CDN is effortless and also seems to include load balancing
  • Pre-configured W3TC

CONS

  • performance not as good as claimed
  • support not as good as claimed
  • control panel very limited if you want to do things yourself
  • No WordPress tools to do things like reset your admin password, clone site etc, which Siteground has.
  • No white label domains, so your clients will see you are using wpx.

If you do need a fully managed WordPress solution, then you do need more than just managed hosting, as they of course only manage the hosting and not the website itself. So you may want to look at Managed Service Providers like ManagedWordpress UK or hire someone like me 🙂

PS. I did move away from Siteground, and chose GURU as my new host. You can find my review here.

Are you sharing sentitive data & passwords on freelancer websites?

Are you sharing sentitive data & passwords on freelancer websites?

Are you sharing sentitive data & passwords on freelancer websites? 28

As a freelancer/consultant I use freelancer sites like PeoplePerHour or upwork to get gigs. One of the issues evident in every job I have done is the disregard for security.

Most IT or web related jobs done on PPH are going to involve the exchange of sensitive data, which is required in order to do the job. Clients will gladly share everything with multiple freelancers without a second thought, including their logins for control panels, hosting accounts, domain registrars, website and everything else.

This unconscious sharing of such details has massive security implications which I will address below and offer better and more secure alternatives.

Security Bad Practices

Your login details are for your own use, and everything that is done with your login credentials links back to you. If you share these credentials with multiple people and there is a security breach, you will have no idea who is responsible. If you are an employee and have a boss, then you will most certainly be blamed for the security breach, which could cost your company dearly.

You should not post any sensitive information in the job chat/discussion on the freelancer site (unless they are temporary logins which will be revoked). These conversations will most likely be stored in plain text and not encrypted in any way. Certainly, in the case of PeoplePerHour, I have asked them directly and they have confirmed this is the case.

Are you sharing sentitive data & passwords on freelancer websites? 29
Hackers are everywhere

Thousands of sites get hacked and data is stolen every single day. Most of them are unaware they have even been hacked and the breach can go unnoticed for months or even years in some cases.

If any of the freelancer sites suffer a security breach, the hackers will have access to any data which is not encrypted, which includes all those login details that clients have entered in the chat with their freelancers. Not forgetting that the support staff can also read all your discussions as well, so any dishonest support agent could simply lift your login details and use them for illicit purposes.

Sadly there are also a lot of unscrupulous freelancers out there too, who will intentionally do damage to your systems in order to generate more work for themselves, or may seek revenge in the event of a dispute or disagreement.

I have had several jobs cleaning up after such situations and have found all kinds of back doors, insecure plugins, malware and extraneous logins which presumably had been created by other freelancers.

SECURITY GOOD PRACTICES

Ideally, you should find a single reliable freelancer/company who you are happy with and stick with them, rather than using a different freelancer each time. Not only is this better for security, but using multiple freelancers can also cause other problems as they are oblivious to what work their predecessor has done, and so will often break or undo each other’s work.

Sticking with the same person/company creates a relationship as well as a recurring income, which will, in turn, result in better quality of work, fewer issues and less expense as they will know your systems and the work they have done before and be more inclined to keep you happy.

Plus any decent freelancer/contractor will use a task/project manager and will keep notes on the work he does for ongoing clients which also improves communication and project management.

Do not post sensitive information in the workstream/chat. An exception would be if you are providing a temp login which will be revoked once the job is done.

If you do need to give a freelancer (or anyone) temporary access to your accounts or website, then ideally you should provide them with their own login, not give them yours, which you should revoke (delete) once the job is done.

If it is not possible to create a separate login for your freelancer, then you should always change your passwords after the job has been completed.

HOW TO SECURELY SHARE YOUR DATA

Are you sharing sentitive data & passwords on freelancer websites? 30
everyone should use a password manager

Cloud document sharing

Everyone has access to cloud storage and the ability to share files and documents FOR FREE.

I come across a surprising number of people who are unaware of this, but every single Windows user has access to OneDrive by default. It is part of Windows operating system and allows you to sync up to 5GB of files to the cloud for free. You can then share these files with anyone simply by sending them a link.

Even if you do not use Windows, you can still get a free Microsoft /
OneDrive account.

So you could temporarily put all the info you need to share into a text file or word doc, and share that link with your freelancer. Once the job is done, unshare that file and delete it.

NOTE: This is also not an ideal method and still not very secure to have your login stored in plain text, but it is certainly better and putting them into your workstream where they be on display forever or sending them via email.

If you do not know how to share files with OneDrive, then please read this article “how to share files with others using OneDrive“.

You can also do the same with Google Drive, which you also already have access to if you have a free Gmail account.

Use a password manager

Are you sharing sentitive data & passwords on freelancer websites? 31

Using a password manager is something I recommend to everyone. It will remember all your passwords and other personal info for you, software licenses, bank details etc. It will automatically log you into websites, fill in forms, generate strong passwords for you and more.

The two solutions I generally recommend are LastPass and Dashlane, both of which offer a free edition, although there are many other apps available which vary in features and simplicity.

Password managers are also the most secure way to share logins and other sensitive information with your freelancer and then revoke the share once the job is done. You simply choose to share a login, enter the freelancers email address, and it will send them a share request. If they already use the same password manager, then job done, otherwise, they simply need to register for the free version in order to accept your share request.

As a result the login details are never shared in plain text, as the freelancer will only use the password manager.

WORDPRESS ACCESS

I am going to mention WordPress specifically because this is somehting I deal with a lot, since I build, support and manage WordPress websites.

In almost every WordPress job I do, clients will send me their own admin login, which they have sent to every freelancer before me, who still have access as the password has never been changed.

If you need to give someone permanent access, then create a new admin user just for them, if just need to provide temp access, then I suggest using the “temporary login without passwordplugin , which will allow you to provide a temporary login which will automatically expire after x number of days.