HostingMonth | The Blog Pros

April 28, 2020

DNS: We Got It And Now We’re Giving It To You!

If you already know how DNS works, the good news is we now have it as part of our hosting and you can have it too! If you’re not sure what DNS is and why you need it, Do Not Stress! Below you’ll find all you need to know.

But first, as mentioned, we are delighted to announce that WPMU DEV Hosting now comes with complete DNS management!

With our new DNS hosting you can just point your nameservers at us and we will manage and set up all your DNS records for hosting, email, and free wildcard SSL for your subdomain multisites…. skip to lower down in this post to find out all about that :)

Plus, coming soon, we’ll have:

Auto-populating DNS from site Domains tab
DNS hosting started from site Domains tab
Auto-populating DNS from site email tab (yep, I said email, stay tuned to the blog tomorrow)
DNS page linking specific records to the sites they are connected to

So, go straight here and do not pass go to set that up… otherwise proceed onto our DNS explainer below (with cartoons… you know you want to).

Because unless working with IP addresses and networking is in your blood, most people wouldn’t know DNS from DNA.

The fact is, DNS is an essential part of what makes the Internet work.

Most people use DNS every day to surf the web, get their work done, run their business online, check emails, watch a movie on their tablet, or idle away their time playing games on their smartphone.

Cartoon of Devman juggling many devices at once — DNS is so essential to the Internet we should grow extra limbs just to try and keep up!

In this post, we explain:

What is DNS and how does it work?
How can DNS benefit you?
How to set up and manage DNS for your domain name.

So … What is DNS?

Let’s say you want to call your friend Steve for a chat. You type in “Steve” into your phone contacts’ search box. When Steve’s name comes up, you click the call button, and next thing you know…your phone is dialing Steve’s number.

How did your phone know Steve’s number?

Easy…when you created a new contact for Steve, your phone added Steve’s number to his contact record along with other details, like his profile picture, etc.

You don’t have to remember Steve’s number (or even what his face looks like) to dial him–just type in his name and your phone’s contact management system works out the rest!

DNS works in a similar way.

DNS stands for Domain Name System (or Service or Server, depending on who you talk to and what you are referring to).

Basically, DNS makes it easy for someone to do things like find your website, or send you an email using your domain name (e.g. www.YourDomainName.com or you@yourdomainname.com).

It does this by creating and maintaining a directory of records containing all the information associated with your domain name.

Now, because there are over 360 million domain name registrations across all top-level domains (TLDs), it’s impractical to store and maintain every record for every domain name in one single directory.

This directory would have to be super-gigantic, and keep transient information up-to-date like who the current technical administrator for the domain is, who’s currently hosting the website, and emails associated with the domain, etc.

So, one company called ICANN (Internet Corporation for Assigned Names and Numbers) keeps a central database of domain name records and sets all the policies, standards, and protocols for making domain names work securely across the Internet.

ICANN then assigns the responsibility of maintaining accurate DNS records for all individual domain registrants to domain name registrars and web hosting companies.

These companies must abide and follow ICANN’s rules and protocols and agree to share this information with other servers, computers, and web browsers all around the world. Allowing users to access domains, websites, emails, etc. on the World Wide Web.

To paraphrase Wikipedia’s definition…

DNS provides a naming system for computers, services, or other resources connected to the Internet or a private network to associate various information with domain names assigned to each of the participating entities.

Let’s briefly examine some of the key concepts in the above definition.

What’s in a Name?

It’s important not to confuse an IP address with a DNS address.

An IP address is an address assigned to any computer (including servers) or internet-enabled device to identify it on a given network.

This can often be an interchangeable and temporarily assigned address.

For example, a search for “IP address” in Google displays the IP address currently assigned to my laptop.

Example of an IPv6 IP address. — This is the IP address currently assigned to my computer device.

A DNS address, on the other hand, translates domain names and hostnames into IP addresses (forward DNS), or IP addresses into their associated domain names/hostnames (Reverse DNS) with the help of a DNS server.

This allows users to easily find a website by entering the domain name into their web browser, instead of trying to remember a bunch of numbers and letters associated with the domain’s IP address.

An example of a DNS name used for hosting a website is “ns1.yourhostingcompany.com”.

To see the result of a DNS server in action, open up your web browser and type in this IP address: 216.58.194.142.

You will be taken to Google.com. Somewhere in the process, a Domain Name Server translated the IP address (216.58.194.142) into its corresponding domain name (Google.com).

The above allows a hosting company (e.g. YourHostingCompany.com) to host a bunch of websites, domain names, and email services under one DNS server address (e.g. ns1.yourhostingcompany.com), and manage all of their clients’ domain records.

Managing the DNS records of millions of domains worldwide is a distributed service.

This complex networking system allows Internet users all around the world to find websites by simply typing a domain name into their browser, and makes sure emails are sent and received correctly in the blink of an eye.

I could talk about DNS all day long (Do Not Stop), but I suggest instead that you check out our Ultimate Guide to DNS or just watch this really cool video:

(DNS totally explained!)

Now that you know what DNS is, how it works, and that it’s not a K-Pop boy band, let’s talk about WIIFM (What’s In It For Me).

How Can DNS Benefit You?

We’ve just seen that some of the benefits of DNS include things like:

Making finding websites easier by using domain names instead of trying to remember long IP addresses.
It’s fast, secure, and allows companies and people all around the world to set up websites, emails, servers, etc.
It allows you to take advantage of an already-built complex and expensive infrastructure. So you can just enjoy all the wonderful things the Internet makes available.

Being able to use DNS and manage your own DNS records means that you can also easily do the following:

Set up web hosting for your site and email for your domain (this can be on the same server or a different server depending on your hosting configuration and your needs.)
Transfer your website from another web hosting company (for example, you can host all your sites with WPMU DEV)

In addition to the above, there are some unique challenges that you can encounter when trying to go beyond just setting up basic sites.

For example, what if you need to install and configure a WordPress Multisite network where each of the subdomains requires using their own custom domain?

WordPress multisite domain mapping only addresses part of the solution. If you are using a custom domain as your multisite’s primary domain (e.g. mysupersmultisite.com), subdomain subsites will be created as subdomains of that primary domain automatically (e.g. subsite.domain.com). This requires a DNS record to be set up with your DNS provider for each of your subdomains.

The recommended way to do this is to install a wildcard SSL. Setting up SSL for WordPress Multisite subdomains, however, is very challenging. Trying to understand what you can and can’t do with an SSL certificate when it comes to setting up subdomains, add-on domains, wildcards, and matching things up so that what can access who is trickier than trying to figure out how to make a bowl of hot curry when all you’ve got to cook with are cucumbers and ice cubes.

The best way to avoid all the hassle is to let your hosting company take care of these challenges. Passing the buck without paying your host big bucks, however, requires smart DNS management tools.

Introducing … DNS Manager by WPMU DEV

We’re very proud to announce the exciting addition of smart DNS Management to our hosting services.

DNS is complicated. Life is complicated. We love life and hate complicated, so we’ve set out to make life a whole lot easier for you. Our new DNS hosting and management tool comes with built-in automation, expert configuration, and a whole lot of differentiation.

Just point your nameservers to us and we will manage and set up all your DNS records for hosting, email, and free wildcard SSL for your subdomain multisites.

As a WPMU DEV member, you already get access to a complete suite of powerful WordPress plugins and blazing-fast hosting for all of your (and your client’s) sites. Our state-of-the-art hosting includes features like Site Cloning, WAF, IPv6, Email, Backups, SSH, and more.

And all of this can be managed from The Hub (your central WordPress command and management center), saving you time and money.

Whether you’re an individual site owner, a web developer, or an agency hosting one hundred or more WordPress sites or Multisite networks with us, the ability to manage DNS for all your domains from The Hub puts you in complete control of your online presence.

And we’ve made our DNS management console really easy to use.

Let me show you…

Using DNS – Tutorials

For this tutorial, I’m going to show you three different scenarios for configuring DNS using WPMU DEV’s DNS management console and hosting service as an example:

Configuring DNS for a brand new domain name.
Setting up a brand new WordPress website with a new/existing domain.
Migrating an existing WordPress site from another web host to WPMU DEV hosting.

See our official documentation section for complete step-by-step documentation on managing domains and DNS records from the HUB.

1. Configuring DNS for a Brand New Domain Name

For this example, we’ll set up DNS nameserver records to point a brand new domain name to WPMU DEV.

Once this is done, we’ll change the domain registrar’s nameservers to point the domain to WPMU DEV’s DNS server, so we can set up web hosting and manage DNS for the domain all from WPMU DEV.

To get started, log into your WPMU DEV member’s area, then go to The Hub and click on DNS.

Click the + symbol to add your domain.

Add your first domain to manage DNS — Let’s add your domain…

Type in or paste your domain into the Domain field. After the system checks and validates your domain, click the blue arrow to continue.

As this is a brand new domain, there are no previous DNS records to verify, so let’s skip this step and click the blue arrow to continue.

Setup DNS - Verify DNS Records screen. — Nothing to see here-click the blue arrow to skip this step!

Our system automatically configures everything and displays the DNS server addresses you will need to enter into your domain registrar’s records.

This will point your domain to WPMU DEV’s nameservers and allow you to manage your domain’s DNS from WPMU DEV.

DNS Nameservers screen - WPMU DEV DNS — Almost there…we just need to point the domain to WPMU DEV nameservers.

Each domain registrar has its own process for managing nameservers.

For this example, I registered a free domain at freenom, so I’ve followed their documentation to change the nameserver records for my domain.

Refer to our documentation for guidance on editing nameservers using common domain registrars.

freenom nameserver records — Change the nameserver records in your domain registrar.

After changing nameserver records in your domain registrar, come back to The Hub DNS console and click the Check nameservers button.

Check nameservers button WPMU DEV DNS — Check nameservers…

Nameserver changes can take 24-48 hours to propagate.

If the nameservers haven’t propagated the new records, you will get a message letting you know that your domain is still not pointing to WPMU DEV’s nameservers. Give it anywhere from a few minutes to a day and try again.

Message displayed if nameserver settings not propagated. — Nameserver changes can take 24-48 hours to propagate.

You can use a free DNS propagation checking tool like DNSChecker or WhatsMyDNS to check the status of your nameserver propagation.

For this example, we’ll use DNSChecker.org.

Enter your domain, select NS from the dropdown menu, then click the search button to check DNS.

DNS Checker - DNS Propagation Checker — Check nameserver propagation using a DNS propagation tool like DNSChecker.org.

In this example, my domain’s nameserver propagation happened really fast (in under 5 minutes).

DNS Checker DNS Propagation results — This domain’s nameserver changes have already propagated to the new DNS server…woohoo!

Once the changes have propagated for your new domain, your DNS should be all set up.

2. Setting Up a New WordPress Site and Domain Name

Suppose you want to host one or more WordPress sites with WPMU DEV.

Here are the steps you would take:

Set up hosting for your new website with a temporary web address.
Transfer over your domain’s DNS records.
Link your hosting with your domain name.

If you need detailed instructions on how to set up hosting for your site, see our hosting documentation.

Essentially, to set up a hosting account with WPMU DEV, you just:

Go to The Hub and click on the Hosting menu.
Locate and click on the Plus button to bring up the hosting options.
Choose Create New Website.
Create a temporary website URL (i.e. username.wpmudev.host).
Click through the screens and follow the instructions until your hosting is fully set up, automatically configured, and your site with the temporary domain is ready for use. This should only take a minute or less.

When everything is set up, your new site will appear on your Hosting list. Click on the button next to your temporary domain name to access your site’s hosting management panel.

WPMU DEV Hosting screen with Manage button highlighted. — Click on the arrow next to your new site to access the hosting management panel.

Inside the Hosting panel, click on the Domains menu item.

The Hub - Hosting menu. — The Hub > Hosting > Domains.

This panel displays the DNS records for your new site. You will need these to connect your domain name with your new site.

To add these records to your domain name, we first need to add your domain name to your hosting setup.

Click on the Add Domain button.

Hosting > Domains screen with Add Domain button highlighted. — Hosting > Domains > Add Domain.

Enter your domain name, tick the optional www if you would also like the www version to be configured for your domain and click the Add Domain button.

Add A Domain screen with Add Domain button highlighted. — Click Add Domain.

After clicking the button, you will return to the Hosting panel’s Domains screen.

Now that we’ve added your domain name, let’s make your domain and hosting space aware of each other’s presence.

To do this, copy the DNS records from the Domains screen to your clipboard and paste these into a plain text file. You will need these for the next step.

Sample website's DNS records. — Copy these to your clipboard and paste into a text file.

Just for the A record … what’s your CNAME?

So far, we have set up a new hosting space on WPMU DEV’s server and added our domain name. Now it’s time to make these talk to each other.

This is where the DNS part of this tutorial kicks in (finally…woohoo!)

Before we can do this, you need to set up and configure your nameserver records for your domain, then point your domain name to our hosting servers.

This was covered in step-by-step detail earlier in Tutorial #1. Just follow those tutorial steps until you arrive at the screenshot below.

Once you have set up and configured your nameservers, click on the Add button to add the additional records saved in your text file to the DNS Manager.

DNS Records dropdown menu list. — Click on the Add button to set up additional DNS records.

Clicking the Add button lets you select from a bunch of different records.

Let’s start with the CNAME record.

Because you’ve chosen to set up and run everything from WPMU DEV’s hosting, just copy the details shown below, enter these into your own record fields, and click the Add button.

Add New CNAME Record screen — Add your CNAME record.

Repeat this process to add the A record for your IPv4 address (use the unique address saved to your text file).

Add New A Record screen. — Add your A Record.

Finally, do the same thing to add an AAAA record for your IPV6 address.

Add New AAAA Record screen. — Add your AAAA Record.

Your DNS records screen should look similar to the screenshot below.

Sample DNS records screen. — That’s looking peachy!

All you have to do now is wait for the records to propagate.

As mentioned earlier, you can check the propagation status using a free DNS checking tool like DNSChecker or WhatsMyDNS.

If everything has been set up correctly, you should end up with a screen full of lovely green ticks like the one shown below.

The Hub > Hosting > Domains screen with new domain added successfully. — DNS successfully created and propagated!

All that’s left to do now is choose which of the options you’d like to set as your primary domain (e.g. with or without the www extension), and you’re all good to go for hosting, site, and DNS!

The Hub > Domains screen. Domain set up successfully! — Hosting, site, and DNS set up successfully … game, set, and match!

3. Migrating An Existing WordPress Site Or Domain

In this tutorial, let me show you how the DNS tool can help you when migrating an existing site or domain over to WPMU DEV.

For this example, I’m going to bring over a domain that I’m currently hosting somewhere else to WPMU DEV.

First, log into your WPMU DEV member’s area, then go to The Hub and click on DNS.

The Hub with DNS menu item highlighted. — The Hub > DNS.

Click on the ‘Add a domain’ button in the Domains section.

DNS Domains screen - Add a domain button. — The Hub > DNS > Domains > Add a domain.

Enter the domain you’d like to bring to WPMU DEV and click the blue arrow button to continue.

The DNS Manager automatically scans your existing provider and allows you to import any common DNS records it finds automatically to your new DNS configuration.

As suggested, you can also add additional records or remove any records you don’t need before updating your nameservers.

Verify DNS records screen displaying scanned DNS records from existing provider. — All these DNS records will be imported from the existing provider when you click the button to continue.

The DNS Manager will automatically import all your DNS records. All you need to do now is configure your nameservers as shown in Tutorial #1, then set up your hosting and migrate your site over.

Screen showing all DNS records for example domain name. — WPMU DEV’s DNS Manager screen.

For complete documentation on how to set up and manage your domains and DNS records, check out our documentation section.

DNS Dearness

You don’t have to manage your DNS records through WPMU DEV, you can use another DNS management tool (e.g. your domain registrar), but you won’t have access to features like free email or multisite management, so…why not manage everything from The Hub?

Our DNS Manager is just part of our mission to deliver you the most convenient, reliable, fast, easy, and expertly-managed way to run all your (and your client’s WordPress hosting needs).

And like an “all-you-can-eat” electronic buffet, it’s all included as part of your WPMU DEV membership package.

WPMU members get access to our entire suite of sweet plugins and hosting for 3 sites included with their membership.

And speaking of hosting…

It’s Hosting Month here at WPMU DEV! Try out our hosting and go nuts with our new DNS Manager for 3-months for FREE. Grab the special coupon here and add your email below to be part of our #HostingMonth giveaway.

April 21, 2020

What is SSH? The Magic Of Remote WordPress Access

Did you know you can securely access your WordPress site remotely? But how is it done? By some magician’s trick? Actually, it’s called SSH — and now’s your chance to get to know it.

It’s possible with a dash of login credentials, a sprinkle of an interface, and a pinch of a good network connection.

Then, like a good WordPress potion, everything works together and you’ll have a secure way of getting it all accomplished.

In this getting started guide, we’ll be going over all things WordPress SSH to get you started and familiar with how it operates.

More specifically I’ll be discussing:

What is SSH and when you’d use it.
How to setup SSH.
Accessing SSH.
Setting up a user for it.
Commands to perform SSH functions.
Differences between SSH, SFTP, and FTP.
Our hosting and SSH.
And more!

Though it looks like I’m trying to keep this under wraps (SSH can easily become confused with shhh), it’s no secret that by the time you get through this, you’ll be so comfortable knowing SSH that you can set it up and securely log in to your computer remotely.

You’ll also discover how the process can be simplified with good hosting.

Once you get the hang of SSH, you’ll see why it’s so popular and how remote access can make life easier for you (unlike some other things that are remote).

Dev Man looking under couch cushions. — Luckily, we’re not dealing with a lost TV remote.

So, What is SSH?

SSH is a UNIX-based command interface and protocol. It stands for ‘Secure Shell’ and is defined as a protocol for secure remote login and other secure network services over an insecure network.

It functions by using public-key cryptography for connection and authentication.

What this means is that you can use it to gain access to your WordPress website remotely from any computer.

It doesn’t matter where your site is hosted, as long as you have credentials to log in.

SSH is here to provide a secure login, to ensure nobody has access to your connection while you’re on it.

When you want to connect your server by using SSH, you just need two things:

An interface
Login Credentials

Something to keep in mind is if you’re running Linux or macOS, there is already an interface built into your operating system, so installing an SSH client isn’t necessary.

However, if you’re running Windows, you’ll have to install a client. More on that coming up…

Let’s Talk Client and Server

To establish an SSH, there are two components: a client and the corresponding server.

A client is an application that you’ll install on your computer to connect with another computer (aka — server).

The client uses the remote host information to initiate a connection and, when the credentials are verified, establishes the encrypted connection.

Meanwhile, on the server-side, there’s a component defined as SSH daemon that is regularly listening to a specific TCP/IP port for potential client connection requests.

When a client initiates a connection, the SSH daemon will reply with the software and the protocol versions it supports.

Then, the two will exchange their identification data. If all is well and the credentials pan out, SSH creates a new session for the appropriate environment.

It’s almost as if the client and server were passing each other a briefcase. Any crook getting in between that wants to get into the briefcase can’t, because they don’t have a key.

This keeps the items in the briefcase secure until the client opens it up with a key, and is able to pass things back and forth securely.

When Do You Need To Use SSH?

With cloud servers becoming increasingly popular and affordable, more and more clients favor the use of a cloud server for their website.

That makes SSH the most commonly used tool to handle tasks of various degrees on cloud servers.

Some examples of when SSH might be used are when a developer sets up a web server for a website of a client, or to possibly deploy source code to a production server.

Prerequisites For SSH

Before you can establish a secure remote desktop protocol with a remote machine, there are some requirements.

Here is the checklist:

Ensure you have the necessary permissions to access the remote computer.
The Firewall settings have to allow a remote connection.
Have the IP address or the name of the remote machine you want to connect up to.
The remote computer has to be turned on and have a network connection.
Client and server applications need to be installed and enabled.

Of course, to check some of these items off, you’ll need to know how to get set up in the first place.

On that note, here are…

The Key(s) To Getting Started

You will have to set up SSH correctly to ensure you’re able to login to the cloud server from your local computer.

So, how do we go about doing that?

As I mentioned, if you have a Linux or macOS, a pair of public and private keys are already built into your operating system.

If you’re Windows-based, you’ll need to install a client to get started.

It’s free and easy to do. It’s just a matter of downloading a client to your system.

There are a lot of free open source software options out there for Windows, such as PuTTY, SuperPuTTY, and PuTTYtray. Download whichever option you prefer, and then you’re ready to move forward.

They’re all a bit different. For example, Absolute Telnet is designed strictly for Windows and not for Linux. Whereas, eSSH Client is designed for both.

Example of SSH clients. (Source: Wikipedia)

You can take a look at more comparisons and see what works best for you.

SSH Set Up

To get set up, we’ll need to generate the public and private keys pair.

In this example, I’m on a Mac OS, so I’ll be doing this from Terminal. The Terminal is located in Applications>Utilities>Terminal.

Once there, we will run this command:

ssh-keygen -t rsa

In this command, the -t option will allow you to specify what type of key to create. It’s typical to use RSA.

RSA is one of the earliest public-key cryptosystems and is widely used in secure data transmissions.

RSA is here by default, so there is nothing to change unless you specify something else.

Enter file in which to save the key (/Users/demo/.ssh/id_rsa):

Now you’ll enter the path where you’d like to store the public and private key pairs. On Mac OS X, typically they’re saved in the user’s home directory. However, save it anyplace you’d like.

Once you have it saved, next up is to enter a passphrase.

If you’re running this for the first time, keep it as the default value.

Enter passphrase (empty for no passphrase):

Type in a password to protect your private key. This is the password you’ll need to enter each time you access the private key.

If you don’t want a password, you can keep it empty.

Enter same passphrase again:

You’ll next confirm your password.

Once you do that, your identification is saved and you’ll get a confirmation and the key’s randomart image will appear on the line below.

Example of randomart — Example of the key’s randomart image that will appear after successfully creating a key.

It will also tell you where the public and private key is saved to above the image.

An example of the public key would be /Users/demo/.ssh/id_rsa.pub and /Users/demo/.ssh/id_rsa for the private key.

You’re moving right along now with SSH. You have your key, passcode, and the information stored in a location on your computer.

Note: If you’re on Windows, search online for “generate ssh keys windows” and you will get a list of tutorials showing you how to do this.

Here, for example, is one that came up for manually generating ssh keys in Windows using PuTTY.

Okay, What’s In Store Next?

Glad you asked. We need to ‘store’ the public key to the cloud server, so you can allow users access to your website.

Your hosting company should have an admin section for you to upload the public key. Every cloud service will be different, so you may have to reach out to yours for specific information on where to do this.

Since we offer hosting here at WPMU DEV, I’ll show you how to do this through our hosting service.

(P.S. We’ll be going over hosting later in this article.)

We make it simple and easy to store the public key and allow users access.

With our hosting, you’ll log in to your WPMU DEV account and go to The Hub 2.0, click on your website, and then click the Hosting tab.

The hub hosting tab. — My website’s hosting area in The Hub.

You’ll see a bunch of tabs appear beneath. Click on SFTP/SSH.

This will give you the option to add an SFTP or SSH user. Click Add User.

Once you hit Add User, you’ll have a choice between SFTP or SSH.

Tough choice, huh?

If you’re wondering what the difference between an SFTP user and SSH user is, here is some clarification.

SFTP (SSH File Transfer Protocol) is a file transfer protocol that is built upon the SSH transport layer. It’s used to securely move large amounts of data over any given internet connection.

Of course, we defined it earlier, but just to refresh, SSH is a protocol that allows you to connect securely to a remote computer or server by using a text-based interface.

Similarities Between SSH and SFTP

With SFTP, the protocol can’t exist without SSH, making SSH the binding agent that lets SFTP transfer files securely. Most SSH servers include SFTP capabilities, however, not all SFTP servers support SSH actions and commands.

Differences?

They’re both used to transfer information securely, but unlike SFTP, SSH can exist on its own.

Many applications for SSH are remote command-line, remote command execution, and log in.

SFTP provides secure file access, file management, and file transfer over a data stream.

Alright, now that you know the differences, you can choose accordingly what type of user you’d like to add.

We’re going to stick with SSH for this tutorial.

Once you click on SSH User, a screen pops up with additional information to add for a new SSH user.

Here, you set up a Username, Password, Path Restriction (optional), and Environment.

In the Password section, you have the option of using a Public Key that we went over earlier (/Users/demo/.ssh/id_rsa.pub). Or, you can create your own password.

In the Path Restriction area, you can add restrictions for wp-content, Plugins, or Themes. By default, it’s on None.

In the Environment area, we’ll select Production.

After you get the information entered, your Users will appear on the SFTP/SSH dashboard.

It shows the Username, Environment, Type (e.g. SSH), Path Restrictions, and SSH Connection Info.

SSH users image. — Where your Users will appear.

From this point, your users will have SSH access.

You can change your password and edit the user however you’d like in this area.

When you’re ready to log in, the Connection Info is where you can copy and paste the user name for configuration.

Connection info for SSH. — Quick configuration screen.

You would then paste or type this into your Terminal. After that, it will prompt you to enter a password.

If the username and password are correct, you’ll have access and a screen similar to the one below will appear.

WPMU DEV login screen for SSH. — What a successful login looks like.

You can now use commands and perform functions.

Setting up an SFTP User is similar to SSH. Just follow the prompts and, like our above example, it will then appear in your dashboard once successfully set up.

Connecting Client and Server

Now that you’re set up, refer back to our checklist at the beginning of this article. If you have your remote machine and your own computer set up with SSH, you should be in business!

To operate a remote machine, SSH is performed by commands. There are numerous command capabilities that you can use. Here’s a rundown…

SSH Commands

You can run certain commands from one computer on a remote machine. This will enable you to copy files, list files in a certain directory, move files, and more.

This is more advanced and will require getting to know the commands and what ones do what.

However, once you know what each command does, you can then operate a system remotely with them.

Several examples of commands are:

ls will display the details of the files, such as the modified date and time, size, and permissions.

Cd is used to change directories. It will take you to the new directory and the command line indicates where you are.

Mkdir will create a new directory.

There are a lot of popular commands in SSH. A list of commands that are allowed with WPMU DEV hosting can be found on our SFTP & SSH information page.

It will be necessary for you to know commands if you’re going to be the one working with a computer remotely.

There are cheat sheets out there that can give you more insight and examples of what commands can do.

Something to keep in mind is SSH is a pretty powerful tool, so if you DO create commands, you have to be careful or you could break your site.

You can add and delete files, so if you enter a wrong command, you could lose content.

Be sure to backup your website before using commands and get familiar with how they function.

SSH and FTP

You may have heard about FTP as a method of transferring information remotely.

So, what’s the difference between SSH and FTP?

FTP (File Transfer Protocol) is a standard network protocol that is used to transfer files between a client and a server on a data network. File transfer connections are (typically) initiated by an FTP client and responded to by an FTP server.

Then, when authenticated, a connection occurs between the client and the server.

Any files and folders can be transferred to either direction between the connected computers.

How FTP works. — An example of how FTP works.

It’s different from SSH for several reasons.

SSH is vastly more secure. When FTP was designed, network security wasn’t as important as it is today.

It wasn’t created to be secure and offers no protection for the privacy or integrity of the files that are being transferred. So, information can easily be intercepted.

And if you’re great at using Unix commands, then SSH is probably going to be your best choice. That being said, with FTP, you can use any favorite editor for file editing.

Also, for speed, SSH is quicker.

With FTP, you need to download files to your PC and then upload it to the server using FTP.

With SSH, getting files from server to server with commands is fast, once you learn what commands do what. You can download a library within seconds.

So, for a secure transfer of information, speed, and reliability, SSH is typically the best option.

There’s Never Been a Better Time To Try Our Hosting

I told you we’d talk hosting, and here it is…

As I showed you earlier in this article, setting up SSH with our hosting, it’s an easy way of doing it in The Hub 2.0.

Plus, with our hosting, we offer 24/7 support, our award-winning premium plugins, advanced releases on updates, and much more!

I mention specifically our hosting because this April we’re celebrating Hosting Month!

Yes, it’s a thing. And you can try our hosting for 3-months for FREE.

BTW: We’re also giving away a total of $10K in WPMU DEV credits!

I could go on and on about this big event, so the best thing to do is read all about it here and enter our giveaway at the bottom of this article.

Be sure to join the fun on our social media, too. You can find us on Instagram, Facebook, and Twitter.

We’re having an amazing caption contest this month that’s part of our $10K giveaway and always have tons of other shenanigans socially.

We’ll Fini(SSH) With This…

Now that you’ve dabbled in SSH, you can securely set up your website remotely and have it worked on without being there.

As you can see, it IS like magic!

Okay, in this day and age, maybe I won’t go that far. However, it is a great option for working on your WordPress site remotely.

Add in a dusting of great hosting (waving hand) and you’ll be in good SSH-ape — and I’ll stop with the play on words.

April 20, 2020

Bulk Pricing Discounts For WPMU DEV Hosting Are Go!

The take-up of WPMU DEV Hosting has blown us away since our official launch last September, with members loving the ease of use of the platform, our trademark awesome support, and of course the pricing.

So how can we improve on that? How about better pricing for members who host a lot of websites with us? Done.

Yes you read that correctly…

We’re making our already ridiculously affordable dedicated, fully compartmentalized, managed WordPress hosting product, even more competitive.

We chose to do this for a few different reasons.

The first being that we’ve had a lot of members pick up hosting for scores, and even hundreds of sites.

And to you, we’d like to say thank you.

Here’s a nice big pile of money back you didn’t know you were getting. :)

We're giving existing members a whole lot of cash they weren't expecting! — From here on out you’ll be rewarded handsomely for hosting mucho sites with us.

Secondly, because a lot of members were trying out our hosting (and really enjoying it!), but were hesitant to commit all their client sites, as they were getting discounts from other providers, and/or didn’t want to go hard early on.

And thirdly… well, I’ll add thirdly at the end.

So What Are These Bulk Discounts You Speak Of???

Well, it’s nice and simple, and it looks like this:

A breakdown of our hosting bulk pricing discount tiers. — The more you host, the more you save!

So, put simply, if you host 20 websites with us you’ll get 10% off, 50 websites gets you 15%, and 100: 20%.

Now let’s say that your average client website is at a Silver level ($25 per month, per site) if you host 100 sites with us…

You SAVE $500 Per Month, Or $6,000 Per Year!

Which, if you’re one of our existing members doing just that, we just gave you back :)

And in terms of the third reason why I’m so keen to offer this…

Well it’s because I really don’t think you should be paying that much for dedicated, managed WordPress hosting… and I want to be completely transparent as to why.

The bigger hosting companies are now almost all owned entirely or in part by investors / private equity and/or shareholders.

And the reality is:

These Companies Often Prioritize Profits Ahead Of Providing An Excellent Product

Dev Man having to toss his current hosting plan in the trash as some companies put profits ahead of their product. — Website Hosting Inc. puts profits ahead of product. Don’t be like Website Hosting Inc.

We are beholden to no investors, we’re entirely privately owned, and we can therefore make decisions based on a great product and user experience.

We can look to the future first, and to profit second. Our only investor is you – our members.

What’s more, we’re using a fantastic existing product as the underlying provider of our hosting (Digital Ocean Droplets).

You can even review them right now to see how they compare to another hosting product like AWS (hint, D.O.D are much better).

Thus, the more significant component of this is that I can show you EXACTLY what’s under the hood of our hosting.

No Broad Claims, Nothing That Isn’t 100% Verifiable

In fact, if you want, you can go and use Droplets yourself, and save on the markup (and in turn see how much added value, and ease of use we provide with them… at least I hope you will!).

So there :) I’m not quite the Bezos of WordPress just yet (hehe) but I am committed to a similar Amazon principle.

This isn’t About How Much Money We Can Wring Out of You To Pay Our Investors or Shareholders…

It’s about being customer focused, about delivering a product that goes beyond the hype and the marketing (current marketing team members: 1, me).

A product you can also rely on both now and as your client list grows… each step of the way enjoying more discounts.

Oh, and one last thing, since we’re talking about bulk hosting discounts, I can’t end this article without also mentioning…

It’s #HostingMonth Here at WPMU DEV!

Dev Man is excited for #HostingMonth — This April we’re giving away $10K!

But what does this meeean?

Well for one… we’re giving away 5 prizes of $1,000 WPMU DEV credit at the end of the month.

To get in the draw all you have to do is subscribe to our blog (enter using the form below, you can’t miss it!).

We’re also giving another $5,000 away on our social media platforms this month!

$4K on FB and Insta with our weekly caption contests…

And another $1K ($250 per week) on Twitter – all you have to do is “retweet” a #HostingMonth tweet.

But Wait My Friends, There is Indeed More! :)

To top it all off, we’re giving all our new member friends (don’t worry existing members we have you covered too) FREE 3 MONTH WPMU DEV membership trials, all in the name of hosting!

That means if you’re new, you have a whopping 3 months to try our hosting (AND everything else a membership gives you might I add!).

Then, once you’ve come over to the light side, you can also take advantage of those amazing bulk hosting discounts.

Here’s that coupon for the 3 month free trial if you’re interested. Otherwise, check out our announcement post for the rest of the nitty gritty details.

Happy #HostingMonth!!!

April 16, 2020

Shared, Dedicated, VPS, Cloud… Which Type of Web Hosting is Best?

So you’ve bagged the perfect URL, got tons of ideas for your new site, and you’re eager to get started. You’ve always gone for the cheapest hosting in the past, but this site’s gonna be big. It’s definitely time to check out your options…

There’s more to consider when choosing a method of hosting than just cost.

To put it into perspective – if your page load time increases from 1 to 3 seconds, your bounce rate can shoot up as high as 32%.

You need to choose a hosting method capable of ensuring your site operates at peak performance.

While WordPress technically works with all hosting methods, some are better than others, especially when you have a specific project in mind.

Since hosting comes in a variety of forms, this article will explain the difference between them, their pros and cons, how much “WordPress” different hosting types can handle, and how to choose the hosting option that’s right for you.

Here are the hosting options we’ll be covering:

Free WordPress Hosting
Shared WordPress Hosting
WordPress Dedicated Server Hosting
Virtual Private Server (VPS) Hosting
Cloud WordPress Hosting
Colocation Hosting
Managed WordPress Hosting
Serverless (Headless) WordPress Hosting
WPMU DEV WordPress Hosting
WordPress Hosting Options Summary

But first…

Why WordPress Hosting?

You know about WordPress CMS, WordPress plugins, WordPress themes, and you’ve probably heard about the WordPress support community.

But WordPress hosting? When did this become a thing?

Well, consider this …

WordPress powers over one-third of the world’s CMS websites. WordPress is free (if you didn’t know this, check out this liberating article: Why is WordPress Free?).

Additionally, WordPress is open-source software used to build millions of websites designed to suit all kinds of purposes.

WordPress even makes tens of thousands of free plugins and themes available to users in its repositories and directories.

WordPress is not only free, open, and available, but WordPress is just PHP, MySQL, and JavaScript.

So technically speaking, any LAMP (Linux, Apache, MySQL, PHP) stack can be used to host a WordPress site.

The first question is, why does WordPress need WordPress hosting? Why not just any kind of hosting?

Well, as the popularity of WordPress increased, people began using WordPress to create sites for kinds of purposes — not just blogs and websites – but eCommerce, membership sites, directories, multisite installations, etc.

Also, WordPress has unique requirements when it comes to things like performance optimization, improving page loading speed, web security, maintenance, and updates.

So, more and more hosting providers realized there is a need to provide a web hosting environment specifically optimized for running WordPress sites.

WordPress hosting allows web hosts to provide WordPress users with many custom features like management dashboards, marketplace integration of plugins and themes, SFTP access, automatic WordPress backups, WordPress file update versioning, and so on.

So, that’s why WordPress hosting exists.

Now that we know this, let’s dive in, and find out which hosting option is right for you.

Starting with the basics…

Free WordPress Hosting

I’m only mentioning this option for the sake of being comprehensive.

If all you plan to do is start a blog, then get yourself a free WordPress.com site. It’s basically free hosting for a WordPress blog.

Unless it’s part of a marketing strategy to sell you a paid upgrade (e.g. offering a free trial), choosing to host your site with companies that offer WordPress hosting for free can have serious drawbacks.

The main downside of free web hosting is lack of support, especially when you need it the most. If you plan to build a real business, you need a real online presence with great hosting support.

As the old saying goes, “the only free cheese is in the mousetrap.” Free always comes at a price (except WordPress, of course. WordPress really is free!)

Photograph of hosting technician trying to fix messy data center. — Choosing the wrong type of hosting for your WordPress site can really hurt your business! (image: peterkastner.wordpress.com)

What is Shared Hosting?

Shared hosting is basically what it says on the tin – you share your hosting space with other websites.

Showing the link between the server and the pcs — One server powers multiple sites, so resources are shared between them.

The main benefit of shared hosting is reduced cost. You share the burden of the server maintenance with other site owners, which means you can get some pretty cheap deals.

But, with a reduction in cost, comes an increase in risk.

As you’re sharing resources, one site’s surge in traffic could be your site’s bad day. An influx of visitors to your neighbor’s site means that the server could crash or restart, resulting in downtime for your own site.

A small business or a beginner to WordPress would usually suit a shared hosting plan, but if you have big ideas for your business, be prepared to outgrow it.

If you’re averaging more than a couple of hundred visitors a day, it may be time to consider other hosting options.

Shared Hosting Pros:

Very cost-effective – It’s the most affordable choice, often as little as $5 per month or less.
More than enough for a blog – A good solution for small site owners or bloggers who want a simple experience.
It’s useful if you’re a back-end beginner – Server security and maintenance is all managed for you by the host.
It comes with almost everything you’ll need – Most tools are already installed for you (e.g. cPanel)
A beginner-friendly option – It’s quick to get started and easier to use than the other options.

If you ever run into troubles on a shared hosting plan, you can contact your hosting company’s support team and they can handle just about any issue you have.

Therefore you don’t need to worry about being technically proficient enough to take on the role of a site or system admin.

Shared Hosting Cons:

Security is not guaranteed – Since you don’t know your server neighbors, they may not be taking the same security measures as you. If one site is compromised, there’s a potential that other sites on the server could have their data stolen or be infected with malicious code, including your site too. Also, if you don’t have a dedicated IP address, your site could be blacklisted because of something that someone else has done on a different site on the server sharing the same IP address.
Support may not be as responsive – One of the key differences between shared hosting and the other types described below is the level of dedicated support you can expect to receive. With shared hosting, it can take longer to get support or answers from your host.
You have limited access to settings – With shared hosting, you often don’t have root access, some files are hidden from view and you may not be able to access advanced settings. For example, if you run out of PHP memory or you want to stress test your site to be prepared for traffic spikes, you won’t be able to resolve this on your own. Also, many shared hosting services don’t allow you to install certain plugins or applications.
Your site shares important resources – Since you’re sharing the server with others, you’re also sharing server resources such as bandwidth. If many sites on the server suddenly get tons of traffic, it creates a bottleneck and since there’s not enough bandwidth to go around, your site may become unavailable to your visitors intermittently. So there is more chance of your site experiencing performance issues or downtime.
It’s not unlimited – Many hosting companies have “unlimited” shared hosting plans which sounds like they don’t put a cap on the resources you can use, but if you check their terms of service, this is definitely not the case. When the hosting company decides you’re using too many resources on the server, they could shut down your site.

Who Does This Hosting Option Fit Best?

While the cons to shared WordPress hosting may be enough to make you want to steer clear, it may be the best fit for you if you’re just getting started and don’t expect loads of traffic yet, or if your (or your client’s) site only needs a couple of plugins installed and a few pages with the occasional new post.

What is Dedicated Hosting?

Dedicated hosting refers to a hosting service that provides one server for each website.

Showing the link between a dedicated server and the pc. — An entire server powering your site – but that means you’re solely responsible for its cost and upkeep too!

You have the run of the whole server so you’ll benefit from its full resources and capabilities.

This should result in a reliable and fast site, but obviously, this comes at a price.

This type of hosting is typically more costly than others, but for sites seeing large volumes of traffic, it can be a necessity.

With no neighboring sites, your site is as secure as you make it.

You don’t have to worry about another site’s breach affecting your security, so if you ensure your site is well protected, you’ll have a sturdy, secure website.

And to make it even easier, a plugin like Defender can quickly take care of protection for you.

Dedicated Hosting Pros:

You’re not sharing the server – All the resources are yours – you’re not sharing with anyone. You’re free to soak up all those server resources and can allow only the people you want to be server admins. Or you can create a reseller account and allow others to host their sites on your server if you want.
Access to all settings – Nothing’s held back. You have full control over your site and server including root access and all the otherwise hidden files and advanced settings. You can make just about any change to your server that you want.
A bit more secure – While security can never be fully guaranteed, as you’re the only user on your server (or the one controlling the server if you plan to allow other users on your server), you don’t have to worry about your site being compromised because of other users’ actions. You can implement all the necessary security measures you want to harden your server with less fear of being compromised by external influences you can’t control. No neighbors means no chance of other sites causing issues for yours.

Dedicated Hosting Cons:

You’re solely responsible for your server – If something goes wrong, it’s on you and it’s up to you to fix it (although to be fair, most companies offering dedicated managed hosting are usually very helpful and will handle most server issues for you).
It’s not scalable – The resources you get can’t be changed unless you migrate to a bigger server. You can’t suddenly create more space, bandwidth or other resources.
Cost, cost and…cost! – Everyone would have their own server if it was cheap, but unfortunately, if you want the whole server – you’re going to have to pay for it. Dedicated servers aren’t as affordable as VPS. Be prepared to spend $100 per month or more, and up to $300 – $700 per month for larger servers.

Who This Hosting Option Suits Best

Dedicated servers are a better option for complex sites that require better security, custom applications, and complete control of their hosting environment.

It’s also a good option for running a large eCommerce, social media, directory, or membership site. You can also run a Multisite network with ease, even if there are many sites on the network.

Ultimately, it depends on the size of your server, but in most cases, dedicated servers are fairly large, unless you’re paying for the lower end of the scale, in which case, your hosting may be similar to a VPS in terms of resources.

The main thing to consider with dedicated WordPress hosting is that you won’t be able to add more resources if your site suddenly becomes popular and begins to experience consistent growth in traffic.

If you don’t have enough server resources, you can find your server falling down intermittently, which will render your site out of action until things are restored or you upgrade to the next level.

Still, dedicated servers can be great for developers or agencies looking to host client sites and companies whose sites have outgrown their VPS hosting capabilities.

It’s also a great option for hosting hundreds of thousands of blogs using Multisite or loads of interactive users and members if you run an eCommerce, membership or social media site.

What Is Virtual Private Server (VPS) Hosting?

Here’s what I like to call a happy medium.

A VPS is a nice compromise between shared and dedicated hosting.

Showing the link between the virtual (VPS) server and the pcs. — One server is split into multiple virtual servers, with each one running its own site.

You may not get the complete peace of mind security-wise which comes with dedicated hosting, however, it’s a big step up from shared.

There is a virtual barrier between your site and the other ones on the server, which aims to prevent any form of exploitation from spreading.

It also means you get to use all the resources of the virtual server, and with many plans, these can be customized to suit your needs.

With a VPS, you can often choose your dedicated memory, bandwidth, and storage – with many providers allowing room for scaling.

This means if your site begins to attract more traffic, the server will have the facility to cope, and your visitors won’t be left high and dry.

Different providers will have different plans for events such as these, ranging from charging you extra should you exceed your allocated bandwidth, or simply contacting you to let you know it may be time for an upgrade.

Whilst having the extra resources your site might need ready and on standby is a definite plus of VPS hosting, if sites are left unchecked to exceed their bandwidth, this is when they start to become a nuisance to their neighbors.

If there is a large, unexpected peak in traffic, it can cause the server to restart or crash, which can affect other sites on the server.

VPS Hosting Pros:

It’s more cost-effective than renting a dedicated server – VPS hosting is generally a lot cheaper than dedicated hosting.
You have more control – Having your own virtual server gives you administrative access. In most cases, you will have root access, be able to view all hidden files and have access to all settings. This allows you to install and configure any software or script you want, customize your server configuration settings, and more.
You have more flexibility – You can customize your plan to suit your needs, and your site gets to take full advantage of available resources. Unlike shared hosting, if there’s something you don’t have access to or want installed on your site, your hosting company is more likely to accommodate your needs.
It’s scalable – The option to scale and add more resources when required means your site can always run at optimum performance. VPS hosting typically provides instant deployment, low startup costs, allows you to pay only for services that you use, and easy upgrades. Most of the time, you can upgrade your plan if you need more resources without having to migrate your site to a new server, as opposed to shared hosting, which typically has a set limit to how far you can grow.
More allocated resources – Unlike shared hosting, VPS has dedicated resources (RAM and CPU) and can be run independently of all other websites on the server. Since you’re renting a larger portion of the server, you get access to a lot more of the server’s resources than shared hosting. VPS hosting can also handle a lot more traffic than shared hosting plans. Some plans are uncapped, meaning you don’t have to worry about unexpected surges in traffic to your site (it should be something to celebrate, after all!)
Better security – Sites hosted on a VPS server are more secure than they would be on a shared server.
It can be more profitable if running many websites – If you plan to manage many WordPress sites, a single VPS hosting plan can be cheaper than paying for multiple shared hosting plans. Also, as already mentioned, a VPS lets you manage your own hosting account. If your hosting environment uses cPanel, for example, you get access to both cPanel and WHM, which gives you the ability to create multiple cPanel accounts for different websites or even resell hosting services.

VPS Hosting Cons:

Cost – VPS hosting is a big step up from shared hosting and not within everyone’s budget. While the average cost of most VPS hosting plans has come down over time, you can still expect to pay between $20 – $80 per month, whereas many shared hosting plans start as low as $3.95 per month.
Security is still not guaranteed –You still won’t be invincible to threats brought on by neighboring sites. Your site may still be affected by what other people on the server do, especially if they get hacked. A lot of the onus is on the service provider to ensure you’re sufficiently protected from outside threats.
Server is still being shared – Even though you’re sharing with far less people, you’re still sharing. This means that resources may not be equally distributed among all users, so you may not have access to all the resources you need when you need it, such as bandwidth.
Technical skills are required – Even though it’s a virtual server, managing it still requires more technical expertise than shared hosting. You may not get as much help from technical support, especially if you choose an unmanaged plan, where you are responsible for maintenance, software updates, security, etc.

Who This Hosting Option Suits Best

WordPress VPS hosting suits traffic-intensive sites like small to medium-sized enterprises and popular blogs that are getting thousands of visits per day.

If you plan to run one or more sites where each site needs multiple different plugins installed, a VPS is usually a good solution.

Also, if you’re expecting thousands of site visitors each month, then VPS hosting is also a good fit. It’s also roomy enough to run Multisite well.

Here are a few examples of the types of WordPress site you could set up with VPS hosting:

A new company that requires a complex site but doesn’t expect to grow too quickly.
A photography site or blog planning to post tons of photos or other media types (e.g. videos) on a regular basis.
A site that needs to run custom scripts and plugins.

When choosing a WordPress VPS hosting solution, consider the balance of features, pricing, and performance.

And if you’re interested in the flexibility of VPS hosting, but don’t want to manage all the technical details like software installation and maintenance updates, then consider the next option below.

What is Cloud Hosting?

The word ‘cloud’ gets thrown around so much these days that it should come as no surprise that Cloud Hosting exists.

Showing how the a cloud server cluster services a group of sites. — A cluster of servers work together to power multiple sites.

With cloud hosting, a network or ‘cluster’ of servers are the host.

Your site can take what it needs, when it needs it, as there are enough resources spread between the servers to cope with demand.

Most other methods of hosting share a common problem – if your server encounters an issue, your site will be affected.

This isn’t the case with cloud hosting.

Since there’s a network of servers all working together, if one goes down, the rest are ready to pick up the slack.

This means your site should have virtually no downtime!

Meme of Dev Man wearing sunglasses like Morpheus from the Matrix with a line that says 'What if I told you that the cloud is just someone else's computer?' — Morpheus – I mean, Dev Man, knows the deal.

Before you start getting excited, cloud hosting is best suited to sites with very high volumes of traffic, so unless you’re running a popular site with a steady stream of visitors, it’s probably a bit overkill.

This improved reliability and capacity to tap into virtually unlimited resources obviously comes at a price.

Cloud hosting is generally more expensive than any other type of third party hosting, and is usually billed slightly differently.

If your website has a surge in visitors and requires more bandwidth, it’s easy for the cluster of servers to provide that, but it means you’ll be charged accordingly.

It’s easy to think of it as an extra utility bill – you pay for what you use.

Cloud Hosting Pros:

Super reliable – Other servers in the cluster can pick up the slack of any which encounter issues. Plans also come equipped with better security features than shared hosting.
Highly scalable –It’s easy to scale your plan based on demand. If you suddenly need more resources or access to more bandwidth, you can automatically get it.
Flexible pricing – With cloud hosting you pay only for what you actually use. Many CDN companies offer similar plans.
Redundancy & rapid deployment – Your sites load faster and since your site can automatically resize when more resources are needed, your site is a lot less likely to go down. With cloud hosting, you also get the feature of redundancy, allowing your site to be cloned on other environments to further reduce downtime. Multiple servers means resources can be directed straight to where they’re needed, ensuring peak performance for your site.
Innovate faster – the cloud gives you fast and easy access to a broad range of technologies, allowing you to innovate faster.

Additional pros of cloud hosting can include complete ownership of all software and data, full access to most of the server settings you need (this depends on the hosting company and plan you choose), and better user experience as the hosting company maintains all the infrastracture and can deliver blazing fast speeds.

Also, many CDN solutions offer firewall and other security features including SSL certificates to increase overall security.

Cloud Hosting Cons:

Cost – Cloud hosting is typically more expensive than other types of hosting.
Security & privacy not guaranteed – By leveraging a remote cloud-based infrastructure, you are basically outsourcing everything and depending entirely on external security and privacy protocols. Also, as you’re still sharing resources, your site may be affected by what happens to other sites using cloud hosting.
CDNs only display static sites – Most WordPress sites are dynamic so in most cases, a CDN won’t do much when it comes to speeding up your site’s front end (but it can improve and speed up the back end significantly.)
Platform dependency – depending on the platform you choose, you can end up becoming ‘locked into’ the applications used to make your site run, making it difficult to reconfigure applications, migrate from one cloud hosting platform to another, or expose your data to additional security and privacy vulnerabilities.
Learning curve – Cloud hosting isn’t an easy solution to set up and can often be difficult even for technically-minded developers. It’s not impossible, but it’s also not for beginners. CDNs, on the other hand, are often incredibly easy to set up, but navigating the options may be a bit more challenging when it comes to getting the right balance for dynamic WordPress sites.

Who This Hosting Option Suits Best

Huge companies and institutions such as Netflix, Airbnb and NASDAQ use cloud hosting. If your site is as big as any of these, then you should consider cloud hosting as your best option.

In fact, we’ve even written a tutorial on how to install WordPress on Amazon Web Services (AWS) if you want to set up WordPress on the cloud and manage your own WordPress cloud hosting service.

Almost any WordPress site can benefit from a CDN other than simple sites with a small audience.

You can also check out our CloudFlare review for more details about their free CDN service as well as some of the benefits and drawbacks of using a CDN.

You can also check out some of our other articles for more details about cloud hosting and CDNs: Moving WordPress Media To The Cloud With Amazon S3 and CDN77 Review: A User-Friendly CDN for WordPress Faster Than Amazon CloudFront.

What is Colocation Hosting?

Colocation hosting definitely isn’t the most common form of hosting – in fact, it’s best suited to experienced developers.

Showing how the concept or renting space on a server rack works. — With colocation, you generally own the server and rent the space.

It’s the concept of buying or renting your own server and then having it housed in a data centre.

The benefit of this is that it’s your server so you can configure it however you like, meaning you have full control of your security and applications.

It’s a good alternative to hosting it on a server in your own house or business. The data centre’s environment is optimized for server storage, with cooling systems and climate control.

They also have the bonus of ‘industrial strength’ bandwidth which you can take advantage of – one of the only things you’ll need to negotiate when you rent server space is how much bandwidth you’ll need.

Colocation may not be for everyone, but there’s no harm in knowing what it entails.

What is Managed Hosting?

If you’re a small business wanting to launch your first site, it’s one thing putting in the time and effort to learn how to use WordPress and create an attractive, functioning site.

It’s another to have the time and resources to invest into learning how to take care of a server.

This is why managed hosting exists.

It’s a great solution for companies with small IT departments, or that don’t have the technical knowledge needed in order to manage a server.

One of the biggest perks of this is that you’ll always have access to support, which means that if your website does ever go down, you have a team ready and waiting to help you get it back up.

The provider will usually take care of updates, management of the resources, configuring the infrastructure, and identifying and fixing issues.

You’re then free to concentrate on the front-end stuff, knowing that the rest is all in good hands.

Who This Hosting Option Suits Best

As your small business or digital presence grows into a high-traffic website, you may need to scale things up and this is where choosing managed WordPress hosting for your site makes sense.

Scaling things to the next level, however, presents many challenges. To learn more about the benefits and pros and cons, or whether this option is even right for you, we’ve written a comprehensive guide on managed WordPress hosting.

What is Serverless Hosting?

Serverless hosting, headless, static – these are a few words that are getting a bit of buzz recently.

Though they all mean the same thing, they’re not technically a type of hosting per se… rather a method of managing WordPress.

With standard WordPress, you log into your account and make changes to your site using the dashboard. This amends the files which are stored on the host’s server elsewhere.

Headless WordPress is the concept of separating the front and back end of WordPress. This means that your admin dashboard will be detached from your files.

The files that contain the elements of a webpage, i.e. the HTML, CSS and JS, are then hosted on a server. The dashboard side of WordPress can either be on a separate server, or run locally from your computer.

As the data isn’t having to be passed back and forth between the website and the database, static sites are usually faster.

The code can easily be sent directly to the web browser, ready to display on the viewer’s screen.

It does mean, however, that since the files are static, you forfeit the use of most plugins that require any form of interactivity such as form builders or eCommerce – as the data is only being passed one way between the viewer and server.

On a good note, there’s less chance of any form of cyber attack, as all that is hosted on the server are your static code files.

If you host WordPress on your own PC, your admin dashboard and most of your data is only accessible from your own computer – so it’s fully protected from intruders.

I know – this all sounds great!

The only problem is that it’s really suitable only for experienced developers. The average WordPress user wouldn’t have the technical knowledge to separate WordPress in this way, and in general, it takes a lot of effort.

But if you’re an advanced user looking for a new challenge and new ways to flex your skills, headless WordPress seems to be the way forward – take a look at a tutorial and see what you think.

What is WPMU DEV WordPress Hosting?

Ok… this is going to sound like we’re tooting our own horn but here at WPMU DEV, we really do offer a unique hybrid and better type of hosting for WordPress that is in a category all of its own.

We are using hosting technology so advanced that it would be inaccurate to describe it using any of the above definitions.

You see, every single site we host sits in its own fully compartmentalized, isolated, dedicated, and managed ‘droplet’. Your site gets allocated resources that are not shared or dependent on anyone else’s site.

Each site is set up inside its own secure, virtualized machine that sits atop secure, virtualized hardware, in a hosting environment that has been expertly configured and is being managed and supported 24/7 by our technical team to make sure that your site performs at optimal levels, operates at blazing fast speeds, and is fully backed up in a globally distributed network of redundant servers should anything ever happen.

You are able to choose from (at the time of writing) 8 different geographical locations and your site comes complete with IPv6, object caching, and more.

WordPress Hosting Options Summary

The table below provides a quick summary of the different types of hosting available for WordPress, which types we recommend using depending on your level of traffic, and the pros and cons of each option.

Shared WordPress Hosting

Low

Affordable. Quick to get started. Environment is all set up and managed for you.

Support may not be as responsive. Security can be compromised by other users. Shared IP address can affect your site. Limited settings (e.g. disallowed plugins or applications. Shared resources.

WordPress Dedicated Server Hosting

Very High

Your own server. Complete control/access to everything. Better performance and reliability. Faster speed. Can resell hosting.

Higher investment. Not scalable. High level of technical skills required. You’re responsible for troubleshooting issues (unless it’s a managed hosting service). Occasional hardware failures can lead to downtime.

Virtual Private Servers (VPS) Hosting

High

More flexibility and control. More flexibility. More privacy. Site security is not affected by other users sharing the server. Less users than a shared hosting server.

Higher cost than shared hosting. No support from host (unless it’s a managed hosting service). Resource allocation not always equally distributed. Technical skills required to manage server.

Cloud WordPress Hosting

Very High

Own all your data. Highly scalable. Flexible pricing. Redundancy & rapid deployment. Innovate faster. Speed, resilience & technical support.

Security & privacy not guaranteed. CDNs only display static sites. Platform dependency. Learning curve.

Colocation Hosting

Very High

Better connectivity. Redundancy. Room for growth.

Cost. Advanced developers only.

Managed WordPress Hosting

High

100% focused on WordPress. Faster speed. Enhanced security. Automated updates and backups. Outsourced management. Full technical support and expert advice.

Higher cost than shared and VPS hosting. Little to no technical control. May have restrictions on certain plugins. WordPress only. No other platforms.

Serverless (Headless) WordPress Hosting

Very High

Freedom to create front-end to suit project.

Advanced developers only.

WPMU DEV WordPress Hosting

All Traffic Levels

Fully dedicated and managed.

None.

Unless you want to build a small site that is going to stay small, the best option for most startups and small businesses is usually WordPress VPS hosting or managed WordPress hosting.

For larger companies, networks, and eCommerce or social media sites that get a lot of traffic and user interaction, a WordPress dedicated server or cloud hosting is a better fit.

The cost of hosting is always important, but if you’re just starting, thinking too small could limit your growth and require upgrading later to a new server.

On the other hand, if you think too big too soon, you could be stuck with a hefty bill for resources that you’re not going to need or use for quite some time.

No matter what your choice of hosting is, think with the end goal in mind and plan a route for scalability.

This way, as your site grows, you will have a plan that will allow you to easily upgrade your resources and transition to a new hosting environment much more easily with minimal disruptions or downtime.

It’s also important to note that all hosting companies have their own preferred hosting environments and hosting plans, so make sure you know what you need and check with them to find out exactly what you’re getting before you sign up.

And last but not least, no matter which company, hosting type or plan you choose, remember that no hosting provider is immune to service outages.

Anything that is hardware-based can fail or fall over, and anything that depends on an internet connection can leave you without access.

So now that we’ve visited all the main types of hosting, you still have the problem of picking a provider…

Have You Tried Our Hosting Yet?

We launched our own hosting back in September 2019 – WPMU DEV members get enough credit to host not one, not two, but THREE websites – at no extra cost!

And with the imminent launch of Hub 2.0, they’ll soon be even more of a dream to manage.

You get a ton of resources for each site, but you can always upgrade if you need more.

Showing some of the benefits of our hosting including 1GB dedicated memory, 1vCPU, 10GB SSD storage, 1TB bandwidth and 20k monthly visitors allowance. — And this is only the bronze plan…

You can add more sites or resources to your plan as and when needed, and you have complete peace of mind knowing we won’t ever punish or cap you for exceeding your bandwidth.

Scaling is super easy, so if you find your site is getting a lot more traffic than usual, we’ll work with you to ensure you have the right resources for your site’s traffic.

We also take the pain out of managing your server – our hosting team are behind you to handle the routine maintenance, allowing you to focus on your site itself.

All of this is included with your WPMU DEV membership, so on top of this you get access to our fantastic suite of plugins and awesome 24/7 WordPress support.

PSA… We’ve labeled April #HostingMonth, and To Celebrate We’re Giving Away $10K !

Subscribe to our blog using the form below this article (you can’t miss it!) to automatically get yourself in the draw – and check out our announcement post for more about our giveaways.

We’re also offering new members 3-month FREE WPMU DEV trials. Giving you plenty of time to test out our hosting, and everything else a membership has to offer.

*Unlock your 3 month free trial coupon here.

April 14, 2020

What is a WAF? – Website Application Security Explained

If a cyber attack targeting your web applications never reaches your website… Did the attack even happen? The answer is YES, and it was most likely a WAF that stopped it. In this article learn more about this intuitive firewall and why your site could benefit from having one.

Today could be the day you meet your brand new head of web security.

And best believe this cyber security guard isn’t your typical “fall asleep on the job” type.

Because he doesn’t just check people’s I.D’s at the door… he checks their address, their height, their eye color, their card expiry date, what they have in their pockets, who they last texted…

You get the point. This fierce protector is ensuring only trustworthy door knockers make it inside your WP doors.

But enough with the small talk, you’ve read the title of this article, and you know the head of security I’m talking about is a Web Application Firewall (WAF).

And today we’ll be covering all things WAF and web application security.

More specifically, we’ll be talking about:

Why WAFs are important for WordPress site security.
How they can help you protect your web applications from malicious attacks.
How they assist you in adhering to various security standards/requirements (e.g. the PSI).

We’ll also give you a quick run through of WPMU DEV’s new WAF, which has just recently gone live on our managed hosting service.

We’ve been hard at work testing and fine tuning this puppy – ensuring it’s giving you the best web application protection possible.

Unlike most in-built security plugin WAFs, ours also forms a protective wall OUTSIDE of your WP borders.

We’ll get into why this is super important later… but first let’s start with the basics:

What is a WAF?

A Web Application Firewall (WAF) is a specific type of firewall that protects your web applications from malicious application-based attacks.

In layman’s terms, WAFs act as the middle person, or security guard for your WordPress site.

Standing guard between the internet and your web applications, all the while monitoring and filtering the HTTP traffic that wants to join your bumping party.

Of course, like any raging WP party there are always gate-crashers to worry about.

The good news is, WAFs use a set of rules (or policies) to help identify who’s actually on your guest list, and who’s just looking to cause trouble.

WAFs act as cyber security guards for your site and web apps — You’re not getting passed a WAF unless you can be trusted.

Not To Be Confused With a Network Firewall…

WAFs should also not be confused with your standard Network Firewall (Packet filtering), which assesses incoming data based on a set of criteria including: IP addresses, packet type, port numbers, and more.

There are a number of other firewall types, but for the sake of brevity, we’ll stay WAF focused in this article.

If you’re interested, here’s a great read detailing the different types of firewalls.

Anyway, back to Network Firewalls…

These types of firewalls are fine, and great at what they do. The only downside is they don’t understand HTTP, and as a result cannot detect specific attacks that target security flaws in web applications.

That’s where WAFs save the day and can help bolster your web security in ways a Network Firewall cannot.

You see, a network is kind of like an onion – there’s layers to it.

And employing different security measures can help you further protect the individual layers.

Peeling Back a Network’s Layers: The “OSI Model”

In order to understand these layers, you need to understand the OSI model.

The OSI model is a framework that divides the overall architecture of a network into seven different sections.

Every layer has its own security postures and mechanisms, and anyone overly concerned with security should know how to detect and establish appropriate security methods for each.

The 7 network layers are as follows:

A look at the various layers of a network — The OSI model breaks a network into 7 distinct layers.

When analyzing the layers above… your typical Network Firewall helps to secure layers 3 – 4, and a WAF assists with the protection of layer 7.

This should also serve as a reminder that WAFs are NOT a one-size-fits-all solution. And they’re best paired with other effective security measures – such as a quality Network Firewall.

Alrighty, now that we have a basic idea of what a WAF is, let’s dive a little deeper into HOW it actually protects your precious web apps.

How WAFs Protect Your Web Applications From Malicious Attacks

According to a 2019 web applications report by Positive technologies, on average, hackers can attack users in 9 out of 10 web applications.

The report also found that breaches of sensitive data were a threat in 68% of web applications.

Statistics like these reinforce the need for more effective web app protection.

As touched on earlier, WAFs protect your server by analyzing the HTTP traffic passing through – detecting and blocking anything malicious BEFORE it reaches your web applications (see below).

A look at how a WAF protects your site from cyber attacks — Talk to the WAF hand pesky attacker.

WAFs can also be network (hardware) based, software based, or cloud based – meaning they are virtual or physical in their nature.

When it comes to how WAFs filter, detect, and block malicious traffic – they achieve this in a couple of different ways:

WAF Security Models: Blacklist, Whitelist, Or Both

A WAF typically follows either a “Blacklist” (negative) or “Whitelist” (positive) security model, or sometimes both.

When employing a Blacklist security model, basically you can assemble a list of unwanted IP addresses or user agents that your WAF will automatically block.

The Whitelist model does the opposite, and allows you to create an exclusive list of IP addresses and user agents that are allowed. Everything else is denied.

Both models have their pros and cons, so often modern WAFs will offer a hybrid security model which gives you access to both.

How WAFs Guard Your Web Apps Against The “The OWASP Top 10”

As well as performing based on one of the three security models mentioned above, WAFs come automatically armed with a specific set of rules (or policies).

These policies combine rule-based logic, parsing, and signatures to help detect and prevent a number of different web application attacks.

In particular, WAFs are well known for protecting against a number of the top 10 web application security risks, which are listed every year by OWASP.

This includes malicious attacks such as cross-site request forgeries, cross-site-scripting (XSS), file inclusions, and SQL injections.

Another effective safeguard you’ll hear many WAF providers talk about is something called a “virtual patch.”

A VP is essentially a rule (or often a set of rules) that can help resolve a vulnerability in your software without needing to adjust the code itself.

Many WAFs (including our own!) can deploy virtual patches to repair WordPress core, plugin, and theme vulnerabilities when required.

WAFs Also Help You Meet Legal Security Standards

If your organization works with, processes, or stores sensitive information (credit card details etc.), it’s important you comply with security requirements and standards.

WAFs can help businesses of all sizes comply with regulatory standards like the PCI, HIPAA, and GDPR – making the firewall valuable from both a compliance and a security perspective.

For example, the number one requirement for organizations under the Payment Card Industry Data Security Standard (PCI) is: “Installing and maintaining a firewall configuration to protect cardholder data.”

WAF Security Plugins… The Good and The Ugly

There are plenty of great WAF plugins out there to choose from.

Some follow a “SAAS” model, offering an easy and stress-free introduction to the world of application firewalls.

On the other side of the coin…

Some Security Plugins Get WAFs Oh So WRONG!

It’s all dependent on the level at which your WAF sits.

For example, some plugin WAFs sit at the DNS Level, which usually means the firewall monitors and filters HTTP traffic before it reaches their cloud proxy servers.

This is the recommended level for these kinds of firewall plugins.

Some well known WAF providers that are set up in this way include the likes of MaxCDN (StackPath) and Cloudflare.

Then you have other WordPress security plugins with built-in WAFs that sit at the application level.

Meaning the firewall examines incoming traffic after it has already reached your server – but prior to loading WordPress scripts.

According to our in-house firewall/hosting expert and CTO Aaron Edwards, there are a few big problems with this.

Here’s what he had to say on the matter during the security episode of our HelloWP podcast:

“In my opinion, a firewall has no business being in a plugin. First of all, they’re already inside of your application before the firewall starts working on it.

So, it’s technically possible that an exploit or something that happened to your system can disable that firewall.

Another problem is it’s much slower, because every request has to go through PHP and it has to do all these filters and more at the PHP-level.

It’s like putting a fence inside of your house.” – Aaron Edwards, CTO at WPMU DEV.

Introducing WPMU DEV’s Brand New WAF!

If you didn’t know already, we recently introduced our own WAF which is enabled by default for all new users who host a site with us.

Unlike the naughty plugins above, our WAF builds a fence on the OUTSIDE of your house as it analyzes all traffic before it hits WordPress.

We’ve done extensive testing and fine tuning to ensure it will not slow your site down. And we keep it updated with the latest rules, and add any new known vulnerability footprints nightly.

It also couldn’t be easier to manage!

To access and activate our WAF (if you’re a member) simply navigate to our Website Hub and click on the website you’d like to set up, or manage your firewall on.

Start by selecting the website you'd like to activate your WAF on.

You can then access the firewall through either the “Hosting” or the “Security” tabs. For this example let’s go through Hosting.

Click either hosting or security to access the WAF.

Next select the “tools” toolbar, and then you should see the “Web Application Firewall” option.

Click web application firewall to begin the process of adjusting your WAF.

Once you’ve clicked through, you’ll be given the option to protect your site with our firewall.

After you elect to do so, the firewall will activate and begin protecting your site.

Here's where you choose whether to activate the WAF or not.

You’ll also now see the “Whitelist” and “Blacklist” fields that appear below.

We already maintain a set of rules that identify and unsafe traffic – but as mentioned above, admins can Whitelist (allow) or Blacklist (block) IP addresses and user agents as they see fit by filling out these fields.

Choose to block or allow various party's with our WAFs blacklist and whitelist features.

Scroll past the whitelisting and blacklisting rules and you’ll find our final WAF feature: The ability to disable specific WAF rule Ids.

This feature can come in handy if specific WAF rules are not compatible with your site, and are causing false alarms.

Simply enter the rule Id that’s causing problems, and it’ll be immediately disabled.

Rule Ids and errors can be found in your “WAF Log.”

If you're running into issues you can also disable a WAF rule if needed.

The WAF log itself can be found under the “Logs” tab, which is in the same toolbar as “Tools” was above.

Logs can come in handy when you want to see where attacks are coming from, which requests have been blocked, and what rules those requests triggered.

For example, let’s say you’re performing a valid action on your site, and for some reason you get blocked.

The logs allows you to understand exactly why this happened, so you can whitelist a particular IP, or disable a specific WAF rule.

After all, you wouldn’t want your security guard kicking your best friends out of the club!

And don’t worry, if this sounds at all complicated, our members get access to 24/7 round the clock support, and someone will always be on hand to help out with any difficulties.

You Can Never Have Too Much WordPress Security

As I touched on earlier, WAFs aren’t the answer to ALL of your security problems.

Doing simple things like installing a Network Firewall, keeping WordPress up to date, ensuring your PHP is up to date, and making sure your sites are constantly backed up – can all go a long way to protecting your sites.

And although we don’t think a WAF belongs inside of a plugin, security plugins still have their place, and can be a handy last line of defense.

Speaking of WordPress security plugins, you can’t go past our own Defender.

Our Defender plugin is the added security you need for your sites. — Bots and hackers are no match for our Defender.

Yep, this guy’s as mean as he looks when it comes to fighting off hackers and bots (although he’s a teddy bear outside of the cyber-security ring).

In short, Defender can also help protect you from: Brute force attacks, SQL injections, Cross-site scripting XSS, and more!

He also handles operations like: malware scans, and two-factor authentication login security.

Choose Your Own WAF Path

Don’t you just love it when the conclusion of an article ends with “it depends”?

Well, sorry to be a bummer, but when answering the question of: “Do I need a WAF?”

It does indeed depend on your personal situation!

Do you need one? No. Should you have one? Of course!

The more security layers you can cover, the safer yours and your client’s data will be.

Speaking of client data, if your website does collect client data it’s vital that you have extra security measures like WAFs and Network Firewalls in place.

Not just for protection, but to protect your reputation, and to adhere to website security regulations and standards.

This is especially important for eCommerce sites, and sites that handle a ton of monetary transactions every day.

We’re Not Ones To Toot Our Own Horn, But…

As mentioned earlier, we’ve just recently introduced our own WAF as part of our hosting service, and we’d love for you to try it for free with a WPMU DEV trial.

In fact, since it’s #HostingMonth here at WPMU DEV, we’re gonna let you try it FREE FOR 3 MONTHS! No risk, no catch, cancel anytime.

*Unlock your 3 month free trial coupon here.

We’re also giving away a share of $10K WPMU DEV credit on our social media channels and blog (sign up below to get yourself in the draw).

Check out our #HostingMonth announcement for the full spiel.

Finally, if you’re already a WPMU DEV member and you don’t currently host any sites with us, be sure to migrate a site over, or whip up a test site if you want to give our new WAF a no-hassle whirl.

Other than that, stay cyber-safe out there folks!

April 8, 2020

Building in Peace: An Introduction To WordPress Local Development

You’ve purchased your domain and you’ve secured your hosting. You’re halfway through your new kick-ass homepage, but you can’t shake the feeling that you’re being watched. That’s because your site is live, so who knows who might be looking over your shoulder…

At WPMU DEV, many of our members use local environments for a variety of tasks, including building a new site from scratch, major overhauls of existing sites, and developing plugins.

But for those who are yet to venture into local development or are looking for a refresher, we bring you this guide.

Here’s a look at what we’ll be covering:

What is a Local Environment?
How do local environments work?
An insight into the two main types of local environment – server stacks and virtual machines.
How to set up a local environment using Local by Flywheel.
How to migrate a locally developed site to live hosting.

So let’s get to it and start at the beginning…

What is a Local Environment?

Local environments come in a variety of shapes and sizes, however, they all share the same purpose – to allow you to develop WordPress sites or plugins in a safe and secure space.

The average WordPress user starts their site-building process by purchasing a domain and then choosing a hosting service – which they then log into and begin to create their site.

However, this means that whilst you’re building your site, it’s live on the net and Google is free to start its indexing procedures.

The last thing you want is someone stumbling across your site when you’re in the process of building it. Also, when still in construction, your site is especially vulnerable to cyber attacks.

Developing in a local environment relieves you of these worries, as you get the same features and functionalities of WordPress – but it’s all tightly secured within your very own computer.

There are no servers or clouds involved, no chance of anyone who isn’t on your pc gaining access, and no extra cost.

You can develop your site for free and away from prying eyes – total bliss!

Cartoon of Dev man running with his PC. — Dev Man isn’t aware that he can show his friends his locally hosted site without leaving the house – luckily this article will explain how!

There are a few other ways to achieve privacy when building a site, such as under-construction themes and plugins and staging environments – but since they still involve your site being hosted somewhere on the net, there’s no peace of mind quite like a local environment.

How Does a Local Environment Work?

WordPress is made up of three core elements: PHP, SQL and JavaScript, and in-turn can be hosted locally on software that supports these elements.

The first method is on a server stack.

Using Server Stacks For Local Development

Local server stacks take the form of an Nginx or Apache server, along with a database (usually in the form of MySQL or MariaDB) and a platform for managing everything, such as phpMyAdmin.

But, what is a server, I hear you ask!

Well, it’s essentially a place to store all the content that makes up a website (application data, text, images, etc), and once someone requests access by visiting the URL, the server delivers the goods.

All sites need to be stored on a server, whether that be a local one such as included with the software stacks mentioned above, or secured through a hosting provider.

If your website is live and you pay a hosting subscription, it’s still hosted on a server, just on someone else’s computer.

Showing the relationship between the server and web browser with the HTTP response and request passing betweenn — The HTTP request and response passes the information between the server and browser.

It may sound complicated at this stage, but luckily you can download everything you need in a neat little package.

Two of the most popular server stacks are MAMP and XAMPP.

MAMP is technically for use on Mac (however you can run it on Windows – I’ve done this myself in the past) and XAMPP can be used across Windows, Mac, and Linux.

Whilst actually using WordPress when it’s hosted on an apache server stack is quite a simple and pleasant experience, the installation and setup process for XAMPP/MAMP isn’t as straight forward.

You need to install the download from either the XAMPP or MAMP website, as well as manually downloading and installing WordPress (which does involve some manual moving around of files on your hard drive) configuring your database, and then linking it to your WordPress site.

Once you have the server up and running, you create a WordPress account and then log in to get to the dashboard.

You do all this through your browser so you get the same look and feel as though you were on a live site.

But don’t worry – if all this sounds a bit daunting, you’ll be pleased to know that there’s an easier option.

Using Virtual Machines For Local Development

The other branch of local development environment (and most would argue, the easiest) comes in the form of virtual machines.

If you aren’t familiar with virtual machines, a virtual machine is a partition created on your PC that basically acts as a separate computer.

It comes with its own operating system and is usually accessed in a window like a normal computer program, but is detached from the rest of your software.

This makes it a handy place to carry out any risky experimentation, as anything you do is isolated from the rest of the computer; meaning you can’t do any damage to your main operating system.

The virtual machine is just a place to host your website in our case. You won’t need to have any interaction with the separate operating system as you manage your sites through the dashboard of your local environment.

A popular local environment choice that utilizes virtual machines is Local by Flywheel.

The reason that it’s such a great option is that it does all the legwork for you behind the scenes.

You install it just as you would any other program, and you’re greeted with a simple dashboard that allows you to manage your sites.

You can add multiple sites in just a few clicks, whereas with MAMP/XAMPP you have to create a separate WordPress folder and database for each site and manage them separately.

It’s clear from what we’ve learned so far that an environment like Local is going to be an easier option for those new to local development.

Server stacks might be the route of choice for advanced developers who want more functionality, however, for the purpose of building a site and a safe, offline space, Local is a fantastic choice.

Okay, enough tooting Local’s horn… let’s really find out how easy it is to use.

Here’s a simple guide:

Installing And Using Local By Flywheel

First of all, you’ll need to go to Local’s website and download the software.

Screenshot of the Local website — Choose your platform and follow the simple instructions.

It’s super easy to install (it’s literally just like any other program you download from the internet), so I’ll refrain from teaching you how to suck eggs.

Once you’ve installed and opened the program, you’ll be met with this screen:

Showing the first screen of Local after installation — Now we’re ready to create our first site.

You then need to give your site a name.

One of the best things about Local is that you can create as many sites as you need, and they’re all super easy to access and switch between – so try and keep the names practical.

Screenshot of the screen where you name your site. — It has a very simple interface and is so quick to get up and running.

The domain is automatically populated when you name your site, and there’s no need to change the site path at this stage.

When it comes to choosing your environment, you can select preferred unless you have a specific reason for wanting to use a different type of database or version of PHP.

Showing where you can select your preferred version of PHP and database. — If you just want to get set up and start building, you can select preferred and move to the next screen.

You then need to enter a username and password (you can use the same one across all of your test sites) and enter an email address.

Showing the setup screen where you choose a username, password and enter your email. — It’s important to use a valid email address in case you ever need to reset your password.

One last click of ‘continue’ and you’re good to go!

It takes a few minutes to set everything up and install WordPress, but as you can see, as far as local hosting environments go, this is one of the easiest to use.

Screenshot showing the site details including name, path, domain, database version and WordPress version. — You can view all your site’s details using the tabs here.

The two main buttons you’ll need are on the top left of your screen: ‘Admin’ and ‘View Site’.

Click on Admin to log into WordPress.

Screenshot of the WordPress login page. — You need to enter the login details you created when you set up your site in the Local dashboard.

Once you’re logged in, you’re free to use WordPress as you would with any other hosting method.

But That’s Not All, Folks

If all you want is a nice, quiet space to develop your website, the guide above should do the trick.

Since your entire WordPress site is installed on your own computer, it means you can even build your site without internet, which is great for those long train journeys.

However, Local does offer a host of other features.

Some of these are best suited to advanced users, and there are a few that may come in useful for those new to local environments as well.

Below I’ll give you a brief overview of some of my favorite aspects of Local.

Let Someone Take A Little Peek…

One of the main benefits of developing locally is that no one will be able to see your half-finished work.

Whilst this is usually advantageous if you want to create a new site, or make large-scale changes to an existing one in peace, it does mean that if you encounter problems, or just want a second pair of eyes, you can’t just send your site URL to a friend or colleague and ask for their advice.

Local has a useful tool that allows you to create a temporary live link to your site, and it’s as simple as one click of the mouse.

This is a fab little add-on from ngrok and is completely free to use.

Just click enable and a temporary link will be created.

Copy the link and send away!

You can send this link to anyone you’d like to view your site in its current state.

The link will stop working when you exit Local – or you can manually disable it using the button next to it.

If you want them to access the site again, you’ll need to re-enable Live Link, which will mean that a new link is created.

This is handy if you need someone’s opinion but don’t want to risk them popping back in future by revisiting the link. You’re building your site locally for a reason – it’s fine to want a little privacy!

If It’s Not Broken, Don’t Fix It

If you tend to use the same set of plugins when you build your sites (our free plugins are a great starting point) or have the same theme or menu and page setup, you can save a site as a ‘blueprint’ and use it as a base for future sites.

If the same site setup works for you then that’s absolutely fine, and luckily Local makes it easy to reuse the same template.

All you have to do is right-click the site you want to use and click ‘Save as Blueprint.’

Showing the option to save as a blueprint. — You could even save multiple blueprints – one for each style or type of site you create.

Now when you create a new site, you’ll have the option to start from your blueprint rather than from scratch. Handy, right?!

Your Files, Your Way

Editing your WordPress site’s files isn’t always the easiest thing to do (especially for beginners).

If your site is live and hosted externally, it will involve either using a plugin such as File Manager, an SFTP client with an SSH connection.

These platforms allow you to access your WordPress files, which are stored on the host’s server, so that you can make changes to them.

Different hosting providers allow different levels of access to your files. However, when you’re developing locally, you have full access and full control.

With Local, it’s super easy to access these files. They’re stored on your computer, so you don’t need to initiate any kind of connection to gain access.

If you’re a skilled developer, you can still use an SSH connection and WP-CLI commands to edit your files and make changes to your site, however, when you’re working on a site locally, you can click one little button to get access to your files directly.

Showing where you can access your files from. — Just click the little arrow, and you’ll be able to access your WordPress files.

Showing the WordPress site's file in your explorer menu. — I’m using Windows, so my WordPress files pop straight up in an Explorer window.

Just click the little arrow, and you’ll be able to access your WordPress files.

This is a really useful way to get to know the WordPress folder layout and become familiar with some of the key elements of a WordPress site.

From here, you can make changes to your style sheet, create a child theme, or even venture into some of the more complex files.

The beauty of it is that if you change something that creates an issue, you’re free to scrap that site and start a new one.

It allows you to experiment without needing to worry about doing irreversible damage to a live site.

Learn Your Acronyms

A local environment can also be a great place to get familiar with using WP-CLI through an SSH connection.

WP-CLI stands for WordPress Command Line Interface and is a way of completing tasks by typing commands – similar to the way you can use your in-built command prompt.

SSH (Secure SHell) connections are usually initiated between multiple computers – they create a secure connection on an unsecured network.

You may only be communicating with the virtual computer inside your own pc, however, you still need to issue commands through this connection.

Our article showing how to speed up your WordPress development using WP-CLI is a great starting point if you’re new to this.

You can easily access the interface by right-clicking on your site and selecting ‘Open Site Shell’

Showing how to access 'open site shell' to connect to initiate the SSH connection. — Initiating the SSH connection is simple – your entire site is on your own computer after all.

You can then experiment with different commands.

I typed in ‘wp user’ which shows a list of commands centered around changing user permissions and settings.

A screenshot of WP-CLI — You can make many types of admin-y changes through the interface.

You can find a list of WP-CLI commands on the WordPress website.

These commands are often utilized by developers to make speedy changes to a WordPress site – a local environment is a great place to get to grips with them.

How To Migrate From a Local WordPress Installation To a Live Server

Now your site’s not going to be much good to anyone sitting on your hard drive (unless you’d prefer to keep it that way!). So the next step is moving from a local installation to a live server.

There are a couple of different ways to do this:

The manual method – Check out this in-depth breakdown of moving WordPress from Local to a live server by Torque.
The plugin method – We also have our own guide on migrating from local to a live site using the Duplicator plugin.

Of course, you’ll still need somewhere to host your live site. It’s advisable to research the different types of hosting and perhaps even compare a few different hosting plans before your site is ready to launch.

You’ve put in all that work after all so you need to choose your hosting provider carefully!

I know of a company that does some really great hosting, you should check them out.

OK, it’s us, WPMU DEV, but I promise you our hosting is top notch. If you do allow us the privilege of hosting your website for you (we’ll take good care of it, I swear).

We’ve Also Made it Super Simple To Migrate An Existing Site!

You can also easily migrate your existing site using our WordPress site management tool – The Hub (FYI check out Hub 2.0 Beta which was just recently released!).

All you’ll need is the SFTP username and password of your existing site. You can typically locate these credentials via your host’s control panel.

Some hosts will automatically create an SFTP user for you, while others (like WPMU DEV hosting), will allow you to create one yourself.

For example, here’s how WPMU DEV users can create their own SFTP credentials.

Once you’ve located your credentials, your site can then be migrated and launched in a couple of steps.

Showing the WPMU DEV website migration options. — Migration in a few simple clicks – heaven!

Let’s not pretend that migration is always a walk in the park though. Many migrations go smoothly, but some come with a whole host (pardon the pun) of problems.

If you do run into issues when migrating to our servers, you have the peace of mind of having a bunch of WordPress experts at your beck and call. They’re on hand 24/7, ready to solve any problems you encounter.

If you choose to go with a different hosting provider, we’d recommend migrating using our Shipper plugin.

PSA… We’ve labeled April #HostingMonth, and To Celebrate We’re Giving Away $10K !

Subscribe to our blog using the form below this article (you can’t miss it!) to automatically get yourself in the draw – and check out our announcement post for more about our giveaways.

We’re also offering new members 3-month FREE WPMU DEV trials. Giving you plenty of time to test out our hosting, and everything else a membership has to offer.

*Unlock your 3 month free trial coupon here.

So What’s Next?

Your site’s all grown up now – you’ve helped it develop from one simple ‘Hello World’ to (hopefully) an attractive and functioning site.

You can now use WordPress ‘as normal’ through your hosting service and update your site as and when needed.

The local environment you used can always be called upon if you want to test out any major changes or wanted a safe space to play whilst you expand your WordPress knowledge.

April 6, 2020

How To Reduce Your TTFB and Boost WordPress Page Speed

In this age of instant gratification, nobody likes to wait. This includes search engines and website visitors. Reducing the TTFB (time to first byte) of your WordPress site is essential to keep it ranking well and ensuring visitors don’t click away. Find out why in this article.

In today’s article, I’ll be going into detail on why TTFB is important, as well as the differences between TTFB and loading time.

I’ll also show you how to diagnose why your speed isn’t up to snuff, and improve TTFB with the help (wink, wink) of our hosting and Hummingbird plugin.

By the end, you’ll have a good idea of what you can do to ensure your viewers (or Google) aren’t impatiently tapping their fingers waiting for your website to load.

So WTH(eck) is TTFB?

Though it sounds like a text acronym, such as TTYL, TY, or TBD — it’s much more than that.

Fastest TTFB WordPress with Dev Man. — Please do not confuse TTFB with a text.

TTFB is a metric that determines when a user’s browser receives the first byte of data from your server.

A web page cannot render for any user until their browser receives that data. In a nutshell, if it’s too slow, your user may click away – thus affecting the UX, and the SEO of your site.

It’s also a way to troubleshoot a slow website by measuring how fast your website starts loading in a certain location, or with a variety of settings.

TTFB is composed of three main parts:

The time needed to send an HTTP request
Connection time
The time needed to get the first byte of a web page

How TTFB basically works. (Image source: https://varvy.com/pagespeed/ttfb.html)

The calculation of TTFB in networking also includes network latency in measuring the length of time it takes for loading.

Many people use this reading as a way to test server speed. This works, but it’s only part of the big picture.

With a CMS (content management system) like WordPress, the server must do all CMS computations necessary to produce content.

The PHP service has to load your MySQL database, retrieve content, do a calculation for the appropriate HTML output, and finally return it to the site’s visitor. Whew!

So, if you have a lagging CMS, those steps can take time and you might get back some pretty awful TTFB results. And that doesn’t always mean your hosting server is sluggish.

Many factors can affect your TTFB. With WordPress, often it’s outdated plugins, old themes, or clunky ads that can impact performance.

To Be, or Not to TTFB

The next question you might be asking yourself is: “Is TTFB really that important?”

Well to start with, fast loading times and speed are important for SEO (btw, there’s a difference between load time and TTFB, which I’ll get to next). A quicker website can also increase conversions.

Plus, Google has made some big algorithm changes in the past few years that emphasize speed. So, yes — TTFB is important.

Of course, it’s not the only factor when it comes to making your WordPress website more efficient.

Quality content, design, simplicity, location, and other variables can affect the quality and rank of your site.

But, for usability, SERPs, and to stay ahead of the game, it’s important to be aware of TTFB and to monitor it. And lastly, keep it in good standings.

Get a Load of This

One thing to note about TTFB is that it shouldn’t be confused with load times. As they are two very different things.

As already mentioned, TTFB is when a user’s browser receives the first byte of data from your server.

Load time, on the other hand, is described as how long a specific page took to load in its entirety. That goes for all of the CSS, images, scripts, and any third-party resources.

Of course, this means that load time takes longer than TTFB. After all, there’s a lot more to the process than just the time it takes to connect the first byte of data from a server.

In a sense, TTFB is more “behind the scenes” before you see the big picture.

Having a Good Time (To First Byte)?

Now that we know what TTFB is… the next step is knowing what type of website speed you should be aiming for.

In the latest v5 PageSpeed API, the TTFB has only a pass or fail option. Anything above 600 ms will fail and anything below 600 ms will pass.

There are quite a few ways to test your TTFB time with tools such as Sucuri, GTmetrix, and our very own Hummingbird (which we’ll be discussing in detail soon).

But Whoah! Sloooow Down a Minute…

Say you run a report and, uh-oh, your TTFB is slow…

First, it’s a matter of figuring out the underlying problem of what’s causing it.

There are several factors behind why your TTFB usually isn’t up to par.

The main culprits are:

The amount of traffic
Web server configuration
Dynamic content creation
Network problems
Inefficient code on the origin server
Database design that results in slow queries
An origin server that has reached its capacity

What causes slow TTFB. — A few reasons can be the cause behind slow TTFB. (Image source: https://varvy.com/pagespeed/ttfb.html)

How To Get Up To Speed

As you can see, there are a variety of reasons why the TTFB might not be up to speed. Some of the reasons you have more control over than others.

One area you DON’T have control over is visitors to your website.

It’s great to have a ton of visitors (yay!). However, that can also lead to servers buckling under pressure and your TTFB takes a hit.

Another example is dynamic content creation. This on the other hand, is a factor that you DO have control over.

WordPress pages are dynamic, and a few things have to occur between the time it receives a request and when it offers a response.

You can look at it like this: static content is quickly handed over, and dynamic content needs to be built by getting php files and interacting with a database before it’s handed over.

Static and dynamic differences TTFB. — A few differences between static and dynamic. (Image source: https://varvy.com/pagespeed/ttfb.html)

This is a lot. It can take thousands of interactions to build just one page. And this process happens every time the page is called by a browser.

And it can be a big contributing factor that grinds TTFB to a halt.

Cache Me If You Can

A great way to fix this is to provide cached versions of your pages.

Website caching is used because it provides a much better experience for your visitors. It does this by saving a static copy of your site, and therefore your site will load much more quickly.

The most efficient way of doing this is choosing a great host and installing a caching plugin.

Humming To a New Tune (Up)

This is where our plugin Hummingbird can help.

Hummingbird plugin image. — Hummingbird is here to save the day!

Hummingbird provides an efficient page, browser, RSS, full-page and Gravatar caching.

Beyond that, it scans your site for potential speed improvements and helps improve your Google PageSpeed Insights score (and more).

It’s a great tool to analyze the WHY behind your site being slow, and recommendations on how to fix it in a full audit and report.

So, when it comes time for faster TTFB, Hummingbird can tell you exactly where you’re at.

Let’s Take a Quick Look at How You Can Check Your TTFB with Hummingbird

When you activate the plugin, the first thing you’ll want to do is run a test. You can do this in just several clicks and in about a minute.

From the dashboard under Hummingbird, click on Performance Test. From this point, click on New Test.

Hummingbird running a performance test. — Hummingbird performing a test.

It takes only a few moments for her to run the test and get you the results.

Hummingbird test results. — The results from the performance test.

This test will show you all the areas that can be improved upon, how to do it, and also all of the audits that passed. From this, you get a score out of 100. With this run, my site scored a 96. Not too bad.

Our concern today is TTFB results, so let’s check that out.

After running the test, click on Audits.

From there you’ll see all of the audits. Just scroll down until you see the TTFB audit.

It gives a dropdown to show you any detailed information in an overview, what the score is, and if you need to improve.

TTFB audit by Hummingbird. — A look at the TTFB report on Hummingbird.

As you can see, our TTFB scored 100 and took 540 ms.

Nice!

With a 5-star rating and over 100,000 downloads, Hummingbird is completely free. However, if you’re really serious about optimizing your site, there’s also Hummingbird Pro which comes with a WPMU DEV membership.

Also, this plugin works great with our other performance plugin Smush.

Smush optimizes your images by turning on lazy load, resizing, compressing, and improving your Google Page Speed — which helps with TTFB.

With Smush Pro, you can also decrease TTFB with its Content Delivery Network (CDN).

That means, if you have a WordPress site that’s serving visitors in many places across the globe, this can reduce your TTFB significantly.

Turn On, Tune (Plugin), Drop Out

Something else to keep in mind is to drop old outdated plugins and update essential ones.

The quality of your plugins can significantly impact your TTFB (Hummingbird will let you know about them). They can cause your WordPress site to become slow.

Also, unnecessary plugins can be canned. If they’re not necessary for your site, just get rid of them.

Get The Most Out Of Your Host

Last but not least, a great way to reduce TTFB is by choosing an excellent WordPress host.

By using a faster host, you can see a 20% decrease (or more) in TTFB globally, and a 32% decrease in TTFB across the United States and Canada.

Also, to ensure that you have the latest version of PHP, good hosting is important.

Combining a fast host with a well developed WordPress site can drastically improve your TTFB score.

This is another area we can help with our own WMPU DEV hosting. You see, with us there’s no shared hosting and no shared IPs. This keeps your site completely isolated and separated from any other sites.

It also includes object caching by default. Our hosting is optimized for WordPress and blazing fast, which is exactly what helps lower your – you guessed it — TTFB.

Plus, if you weren’t already aware, we’ve officially labeled April #HostingMonth, and to celebrate we’re giving away a cool $10K WPMU DEV credit!

Subscribe to our blog using the form below this article (you can’t miss it!) to automatically get yourself in the draw – and check out our announcement post for more about our giveaways.

We’re also offering new members 3-month FREE WPMU DEV trials. Giving you a plethora of time to test out our hosting, and everything else a membership has to offer if you’re not signed up yet.

*Unlock your 3 month free trial coupon here.

TTFB (Time To Finish Blog)

With all that I’ve gone over in this post, you can see that when it comes to achieving a faster website, there are quite a few solutions, including:

Effective caching
Keeping your PHP up to date
Choosing a great hosting provider
And more!

All of these help with improving (and keeping) and good TTFB score and scoring big with rankings — and visitors. Plus, it’s fairly simple to get TTFB in a good range with all of the tools provided here.

TTFB isn’t the only factor for SEO and won’t alone earn you a top spot on the SERPs, but slower speeds will prevent you from ranking higher. So, optimizing your site for peak performance is always a win.

I won’t keep you waiting any longer. Go for it and get your site’s TTFB up to speed.

TTYL.