Choosing a hosting platform is as much about matching requirements as it is finding a good fit. WDG sat down with the experts at Automattic/ WordPress.com VIP to better understand the process of choosing a hosting provider. Tamara Sanderson, Director of Business Development & Strategic Partnerships at WordPress.com VIP, offers an inside look at which qualifications to look for–and which to avoid–when choosing a hosting provider.
What are the top concerns to keep in mind when choosing a hosting platform?
“For just about any web development project, we recommend making WordPress the CMS of choice. It’s flexible, powerful, and easy to use. WordPress is built with the user in mind and has a huge ecosystem around it,” says Sanderson. Choosing a hosting platform should go hand-in-hand with the chosen CMS. Fortunately, there are a number of great hosts out there supporting WordPress. Research and reviews will help you choose a provider that can successfully scale with your site.
Page load speed, uptime, and other factors play a big role in SEO and ecommerce performance, so choosing a fast, reliable provider is key. Security is a critical factor, so you’ll want to know how a host safeguards your site against security breaches and other threats like DDOS attacks. It’s also important to ensure your host is compliant with the requirements of other countries if you do business internationally.
What security measures should a hosting platform account for?
“While there is a reactive element to any security threat, your hosting provider should be proactive in demonstrating interest in your project roadmap before crises emerge,” says Sanderson. You should make sure your traffic is encrypted and that your host has complete control over SSL certificates while monitoring the code base. Your provider should be on top of security patches and plugin updates as well.
Code quality is another area that can impact security directly, as developers can inadvertently expose vulnerabilities by not following best practices. Site monitoring, security patches, and adherence to public privacy frameworks like Privacy Shield should be included in any security measure. Whether writing your own code or relying on outside integrations, the WordPress.com VIP team performs thorough code checks and reviews all plugins and integrations for clients. Sanderson offers a few insider tips if you choose to review your own code first:
- “Don’t trust user input or third-party APIs. Always make sure to validate and sanitize all data that can be populated from the ‘outside.’ See more about validating, sanitizing, and escaping data here.
- Try to exploit your code with common XSS methods as a test. Visit http://ha.ckers.org/xss.html for a list of basic XSS attacks and make sure pasting these snippets to input fields or URL parameters will not harm your site.
- Make sure to implement nonces to avoid duplicate submission of forms and fraud activities. Click here for more information.
You should also analyze how this fits in with your team’s process. For WordPress.com VIP, “we hook in to pull requests on the master branch in GitHub for code review. That makes it easy to kick off a review and keeps all of the discussion inline with the code. It also allows our clients to decide and control when to deploy the reviewed code” she adds. Learn more about GitHub Code Review here.
Other than speed and security, what factors should you consider?
Scale is certainly an important factor in choosing your hosting provider. “Large sites tend to have high baseline traffic with key traffic spikes. Some of these are predictable, but many aren’t. For small-to-medium sized sites, the delta between their normal traffic pattern and a spike can be even higher. It’s important to know that a hosting platform can power planned and organic traffic spikes,” adds Sanderson.
Price can be a factor, as additional costs can add up for excess capacity. Do you have unlimited traffic included in your hosting fees, or will you pay extra when you exceed a certain cap and require additional resources on the fly? Can your provider scale up in tandem with your site? Choosing a hosting provider who can scale successfully at cost is as important as choosing the right CMS for your site. See why WordPress is quickly becoming the CMS of choice for large scale sites worldwide.
What features should users look for in support?
Support is obviously one of the key tenets of a great hosting provider. There are a few questions you should ask of any hosting platform:
- Do they know your CMS, frameworks, etc. inside and out?
- Have they demonstrated their knowledge and commitment by contributing to open source projects?
- Have they worked with a wide variety of projects and a broad scope of technical features?
- Do they have a guaranteed SLA to ensure timely and efficient answers?
- What is the process like? Are there tiers or levels of support staff? Do you need to go through an escalation process or is an immediate response guaranteed?
- What type of support is covered under your support plan, from outages to in-depth code review and consulting?
“You also want to know what the response time commitment is and to make sure that it matches your needs,” says Sanderson. “Turn-around time guarantees are typically tied to cost, so it’s best to evaluate your business needs rather than assuming you need the highest tier of support available.”
It’s important for a hosting platform to anticipate issues before they become problems. If your hosting provider already has a decent understanding of your architecture, they’ll be far more ready to jump in and solve problems down the road. WordPress.com VIP gets involved in the project early on, offering architectural guidance while navigating potential pitfalls. “If we spot something in our proactive monitoring, or if a user reports an issue, we already have a baseline understanding of the client’s project. We can get solutions much faster than if we were starting out cold,” Sanderson explains.
VIP calls itself a “fully managed service.” What does that mean?
“A fully managed service means your organization does not need to concern themselves with making updates, handling DevOps, ramping up scale for high traffic, or handling load balancers. When issues arise, your host will take them on as if they were debugging their own site,” explains Sanderson.
It’s important to establish a foundational set of best practices from the start. With this guidance, VIP clients work from a strong baseline and are able to scale for growth. This early involvement also puts WordPress.com VIP in a strong position for debugging and troubleshooting as the project progresses.
A few questions you should ask:
- Can the service guarantee your organization will be completely hands-off for DevOps?
- Can they troubleshoot as far as debugging and tracking down hard-to-diagnose issues that will inevitably arise? Or will they leave you on your own to facilitate a solution when you’re not confident of the problem source?
- Is your hosting partner going to delve into the details of architectural consulting by providing tailored guidance for your project plan, or will they rely on a blank canvas model?
- Have they anticipated future CMS updates? Will they take an interest in helping your team’s applications as they evolve and grow over time?
Sanderson explains, “If your host is offering a fully managed service, you should be able to focus on your project plan, your site, or your business application and leave the rest to them. You should be free to publish, create, market, or essentially, do what you do best.”
What features make WordPress.com VIP a powerful and capable hosting platform?
“Our support team consists of WordPress developers and experts who live and breathe WordPress at scale,” says Sanderson. Importantly, VIP stays ahead of the technology curve. She notes that as new ideas bubble up, “we’re there to help vet new technical integrations, recommend implementations for new features based on best practices across the enterprise community, and make proactive suggestions for what to think about next.”
The platform is supported by a hand-selected partner ecosystem as well. “We’ve partnered with best-in-class web development agencies covering strategy, UX, design, and front and back-end development worldwide. We also have exciting web technologies, from video players to analytics and paywalls,” she explains. “Here, we make targeted recommendations for clients based on their specific needs to help them achieve their business and long term goals.”
By employing a concrete, targeted approach to choosing a hosting platform, organizations will be able to better ensure performance, troubleshooting, technology improvements, and proactive support from their provider.