When your website or eCommerce store is slow and your hosting provider has no solution, it is time to think about migrating to a new hosting platform. Unhappy hosting clients have lots of options to choose from: traditional shared hosting, dedicated server hosting, virtual server hosting, and more.
But many choose cloud migration to a modern hosting platform that combines the benefits of traditionally managed hosting with the flexibility and scalability of virtualization.
Just like shared hosting, cloud application hosting is a multi-tenant platform – more than one clients’ site is hosted on each server. But that is where the similarity ends. Cloud hosting uses virtualization and orchestration software to join many servers together into a large pool of compute and storage resources. Each site uses a slice of the resources in the pool.
What does that mean for hosting clients? The “pool of resources” model is more flexible than shared hosting or a dedicated server. When a site migrates to cloud hosting it gains superpowers. It can, for example, be given more resources whenever it needs them. When a site hosted on the Hostdedi Cloud is under heavy load, we can give it a bigger slice of the pool automatically.
Let’s look at some other ways a cloud migration could improve your hosting experience.
When a site that starts life on shared hosting or a dedicated server grows too big, it has to be migrated to a different platform or more powerful server. In contrast, the cloud makes it easy to scale from small to enormous without migrating. A cloud hosting account has resource limits, but they can be increased indefinitely as the site grows. In the cloud, you will never experience a site that slows to a crawl because it is too successful.
Reliable, Redundant, and Fast
Reliability, redundancy, and performance are difficult for even the largest online businesses to achieve. For smaller businesses without a large IT department, a reliable, redundant, and fast hosting platform is too complex and expensive to build from scratch. But after a site is migrated to cloud hosting, it gains enterprise-grade reliability, redundancy, and performance for “free” – it’s baked right into the platform.
A well-engineered cloud platform makes it easier to build and maintain a secure site. The Hostdedi Cloud includes security features such as web application firewalls, a PCI-compliant hosting environment, and security hardening at deployment.
A new website or eCommerce store can be launched onto a cloud platform in seconds. Large and complex deployments may take a couple of hours, but that is much faster than other types of hosting, which can take days to be ready for migration. Rapid setup has other advantages too. It is quicker and easier to deploy testing and development sites on the cloud. Click a button and your new testing site will be ready and waiting.
Migrating your WordPress site or Magento store to a modern cloud platform is the solution to your hosting reliability, scalability, and performance issues – now and in the future.
They say that moving home is one of the most stressful events in our lives. Migrating a website to new hosting can be pretty stressful too, especially if you aren’t well prepared. In our last cloud migration article, we talked about why you should migrate your site to a cloud platform. In this article, we look at the challenges you may face on your cloud migration journey.
In a properly planned migration, the site starts the day on one hosting platform and ends it in the cloud with minimal downtime or disruption. But it’s good to be aware of what could go wrong and what you can do to help the migration run smoothly.
What Cloud Migration?
Cloud migration can have unforeseen side effects if the people working on the site aren’t informed in advance. Discuss the migration plans with stakeholders to minimize disruption. It would be unwise of your marketing department to launch a new campaign on the day of the migration, or for developers to roll out major site changes just as you’re about to move the site to a new hosting platform.
Discussing the migration with stakeholders allows them to raise concerns: perhaps the marketing department is running tracking scripts that may break during the migration – if stakeholders know what’s coming, they have time to prepare.
Choose a Cloud Platform That Aligns With Your Objectives
There are many different types of cloud platform. Some, like the Hostdedi Cloud, are engineered to provide the best possible hosting for selected applications. Others are general server hosting platforms that require more work and technical knowledge to achieve the same result. Many provide minimal support. Your cloud migration will be less disruptive if you know what to expect from the cloud vendor.
Plan to Avoid Downtime
A well-planned cloud migration should cause minimal downtime. Some factors can’t be controlled, such as the time it takes for changes to DNS records to propagate, but with careful preparation and implementation, disruption can be kept to a minimum.
Search Engine Optimization
A badly executed site migration can negatively impact SEO. Cloud migration without a domain name change should not cause SEO problems. Migration can be more tricky if the site is moved to a new domain. A detailed discussion of domain name changes is beyond the scope of this article, but you should be aware of the potential for disruption if redirects and DNS record changes are not handled properly.
Planning is the best way to avoid the issues we have discussed. In the next article in our series on cloud migration, we will discuss how to build a successful migration plan.
Each year, half a billion dollars is lost to slow websites after users abandon shopping carts and content pages. The reason? Insufficient hosting support, undefined expectations, and hosting provider marketing that doesn’t line up with reality.
It’s for this reason that it’s important to know what your hosting provider means when they refer to uptime, support, control, and performance.
This article covers the questions you should be asking your hosting provider, so you can make sure you get the best hosting solution for your business.
Choosing a hosting provider is a complex task, made more so by convoluted rhetoric and sales pitches designed to confuse. For first time buyers, the mountain of options available can sometimes seem insurmountable. Luckily, we’re here to help with a simple breakdown of the questions and answers surrounding web hosting.
First, it’s important for you to ask yourself the question: what do you want from web hosting? To do that, you need to identify the attributes of your business and its website. This includes:
Each website has a unique set of requirements designed around specifications set by you: the owner. When choosing web hosting, it’s important to set your expectations from the outset. If you will require increased capacity during sales events, make that clear. If you will likely need help during the migration process, let your sales rep know.
Hostdedi offers free migrations as standard, complete with a dedicated migration team to assist.
We have broken this article into five sections, each covering an area of importance. For our full breakdown of web hosting questions and answers, download our eBook.
1. Disaster Recovery
Disaster recovery should be one of the first things you ask. Even the most well-prepared and secured data center facility can experience a problem. Asking about disaster recovery will let you know what your provider will do about them.
54% of businesses experience a downtime event lasting eight hours or longer.
More than half of companies experience a downtime event that lasts for longer than eight hours. Several studies place a day of downtime as costing businesses around $20k. The events themselves may be unavoidable, but the amount of attributable downtime is.
A deeper look at the threats to a data center reveals three primary categories of risk.
Data backup and storage
In order to minimize the damage from any of the risks above, most hosting providers create what are known as disaster recovery plans. These proprietary strategies are a vital piece of the puzzle for maintaining uptime across all services. They cover how to reduce and remove downtime, how to get services back online as quickly as possible, and the expected scope of damage.
It’s important to understand and ask your data center about risk – especially if you host in an area prone to natural disasters. For a deeper dive into data center risk, check our expanded article on Data Center Risk and Recovery and see exactly what you should be asking your data center about.
2. Data Center Types
The second question you should be asking is what type of hosting infrastructure your provider is offering.
In modern hosting, opting for a provider doesn’t mean you will necessarily be using their data center. Several hosting providers don’t have their own facilities, instead opting to resell or collocate in third-party facilities.
This has created three primary categories of hosting.
Owned and Operated
Each of these has their own advantages and disadvantages. Owned and operated hosting providers tend to provide the best in terms of support and control, while reseller packages are often cheaper.
The third question is a tricky one – and something often marketed as being free by most providers: migrations.
Website migrations are scary. If something goes wrong, there is a lot to lose: SEO rankings, accessibility, data, and performance can all take a hit. These almost always lead to a reduction in visitors; one which can last for months or years and result in a huge loss in revenue.
All the more reason to take a more active role in the migration process. Know what to expect and what your role will be. With some simple preparation, a good website migration is a relatively easy and stress-free experience.
Learn more about how to keep your website migration simple. Remember, all Hostdedi solutions come with a dedicated migrations team to assist with your move for free. We’ll help walk you through the entire process so you know nothing will go wrong.
4. Traffic Spikes
The fourth question you should be asking is about traffic spikes and the capacity of your solution.
Traffic spikes happen. Sometimes it’s a search engine crawler or bot, other times it’s because your website just got a lot more popular and whatever you’re doing, you’re doing it right. Preparing for traffic spikes is an important piece of the website success puzzle.
At Hostdedi, there are three primary ways to prepare for and manage a traffic spike:
Below you’ll find a basic outline of how these different methods compare.
The final question you should have regards one of the most important features of modern managed hosting: support.
Hosting support should be 24/7, including holidays, and you should have a good understanding of the support channels available to you. At a minimum, there should be a ticketing system and a phone number. Check with your provider to see which channels are available and when they are available.
Wouldn’t it be great if all of these questions were explored in more detail in one place? And wouldn’t it be even better if that place contained more detailed questions for an even more in-depth understanding of the hosting solution you’re choosing?
You’re in luck, we’ve put together a detailed guide for you to explore all of the above and save onto your computer. Simply click the link below and you’ll be taken to the download page.
Hosting support is probably the most important factor you overlooked when shopping around for a provider. The promises of unrivaled performance, top-of-the-line uptime, and incredible security probably made you think you wouldn’t need it.
We’re here to tell you that regardless of who you’re hosting with, it’s not if you need support, it’s when. Even the most secure web hosting provider encounters issues outside of their control. A good support team means that when those issues arise, you’ll be able to quickly and effectively negate their effects
This article takes a deeper look at what’s important with regards to a support team and how you can get the most out of them.
Problems Will and Do Happen
Imagine this: you’re hosting with one of the best providers available. You researched for hours to find one that met and exceeded all of your criteria. They boast incredible uptime, talk about amazing page load speed, and they even provide auto scaling for when traffic spikes. Then one day you open your laptop to a refreshed page of… a 404 error. Your site isn’t there and you’re suddenly aware you’re losing money. Who do you call?
No, not the iconic 80’s team of paranormal experts, you need to get in touch with your hosting support team. You search their site frantically but find nothing. Money continues to disappear. Eventually, you stumble across a contact page in a small, dark corner of their website.
You call the number as fast as possible and… you’re told you’re at the back of the queue and will have to wait for an unknown period of time.
The example above is exactly why you should invest time in finding out about the hosting support your provider offers.
The risks to a data center are multiple and include a number of elements outside of the provider’s control. A good support team means that when these risks become a problem, you’ll be able to quickly and effectively negate their effects.
When Can You Contact Support?
Almost all modern hosting providers offer 24/7 support, so the time of day shouldn’t be an issue. What can be an issue is the type of support you receive.
To get a good idea of how accessible and effective your support team will be, here are four areas you should be asking about.
The channels available for accessing support (phone, tickets, email, social, etc)
The support tier team members available
The support team’s knowledge level (including with your application)
Response Time Many hosting providers advertise a quick response time. Ask them to define what that number means. A 15-minute response time doesn’t usually mean the time it takes for them to solve or begin working on your request, but an initial response time.
How Can You Contact Support?
Multiple avenues for contacting your support team are important. Most hosting providers offer a ticketing system through an internal network. This is great for long-form queries and issues but isn’t always the fastest support option available.
Reach out and see how Hostdedi Beyond Management means your website stays secure.
Other support channels can include:
A ticket system
A phone number
An email address
An online chat box
Some issues have to be solved quicker than others. In these cases, phone support is best. Check to see if your hosting provider offers a 24/7 support line by phone and if you have access to that number.
A web hosting knowledge library with how-tos and guides is a great way to judge your provider’s own knowledge level and allows you to have more control over your solution.
Who Is Your Support Team?
Finding more out about your hosting provider’s support team is a great way to predict client experience. The aim is to feel comfortable with the level and type of support provided.
Location: The first question you should be asking is where the support team is located. Is support outsourced to third-party companies in other parts of the world? Outsourced support often leads to lower quality service and adds an extra step to the line of communication. Opt for a hosting provider with in-house support for a better experience. This is best when combined with an owned and operated data center.
Experience: The level of experience and background knowledge between web hosting support teams varies considerably. Some providers only hire top-of-the-line support staff, others opt for cheaper options.
Application Support: If your hosting provider claims to provide support for the application you run (whether that is Magento, WordPress, WooCommerce, ExpressionEngine, Drupal, or something else), ask if they have any application-expert support staff. Not only will this help when you run into application issues, it also lends credibility to claims that their hosting solution is optimized for your application.
Calling your support team isn’t something you should necessarily be doing a lot of, but if you are, then it’s good to know you’re going to be able to reach the right person. Ask about the support tiers available and how easy it is to move between them when required. At Hostdedi, there are three main support tiers:
Tier 1: Basic support
Tier 2: Advanced support that requires a deeper knowledge of applications and/or infrastructure
ESG: (Enterprise Support Group) For enterprise-level clients with more complex requirements
Different support tiers tend to focus on different types of issues. It’s often faster to go to a tier 1 support team for simple issues, and tier 2 for those more complex.
Hosting providers are not made equal. Classic server methods of hosting have now diverged into a mix of alternate data center types, each of which falls under the singular heading of ‘data center’.
This can make finding the right type of data center architecture for your business a tricky proposal – especially if you’re unsure what you’re looking for.
As a potential client, hosting infrastructure is something that affects every facet of your hosting experience, from support to performance, and beyond. This article provides an explanation as to the different types of hosting provider available, with the aim of helping you find the right fit for you and your business.
A quick overview of the data center types:
Owned and Operated
Direct access to infrastructure
Root access to the server
Real application optimizations
Type R: A Reseller Data Center
Resellers are hosting providers that don’t own or manage their data center facilities but re-sell those of another.
This is great when it comes with added incentives such as development assistance or design and marketing consultation. Moreover, reseller solutions often provide some of the security and performance benefits of a larger data center for a fraction of the price.
Reseller hosting falls down when it comes to the level of support providers are able to provide. Resellers are not given direct root access to a server. This means they can’t handle support requests directly and instead have to follow a complex line of communication. This often leads to multiple voices trying to work on a single problem; including, but not limited to:
The site owner (you)
The reseller’s support team
The data center’s support team
The data center’s infrastructure engineers
Support becomes especially problematic when you find that most agreements between resellers and infrastructure providers don’t cover the reseller’s client: you. In most cases, infrastructure providers are only contractually obligated to help the reseller, not the site owner.
If you host with a reseller, expect longer support times and a lower quality service with a lower price tag.
Type C: A Colocation Data Center
A hosting provider that colocates is one that doesn’t own their hosting facility but does have root access to the server.
Again, a benefit of opting for type C hosting is that most colocation facilities feature top-of-the-line redundancies and excellent facility features for keeping hosted infrastructure secure and reliable – all at a lower cost for you.
A colocation hosting provider is unlikely to have physical, hands-on access despite full root control of the server. Most of the time, trained remote engineers called smart hands provided by the colocation facility, execute support requests that involve physical changes.
A good way to judge how this may affect your hosting experience is to ask how close the colocation facility is to their base of operations and what level of access they have. If you are lucky, you’ll find that your provider is located next door to the colocation facility and have an agreement for direct, instant access. Unfortunately, this is rare and after setting up server racks, many colocation providers have no access.
If they don’t have access, similar support issues can arise.
What Are Smart Hands?
Many colocation providers offer something called ‘smart hands’. These are trained staff members able to provide onsite infrastructure support.
Smart hands can:
Provide technical support
Manage physical infrastructure issues
Proactively keep ahead of any potential issues in the data center
Ask your hosting provider as to whether they have proactive or reactive smart hands. Proactive smart hands should help stop hosting solution outages before an issue arises, while reactive smart hands will only step in after something becomes a problem.
“Smart hands are trained staff members able to provide onsite support for any issues that need fixing.”
Type O: An Owned and Operated Data Center
“Owned and Operated hosting providers offer the best in terms of support and control.“
Owned and Operated hosting is where your hosting provider and data center facility are one and the same. This type offers the best in terms of support and control due to your hosting provider being a direct line to your hosting infrastructure.
This type of data center is also more flexible. They are often able to provide custom managed solutions due to onsite staff and team members having a deeper knowledge of the infrastructure available. This is perfect for larger businesses with specific requirements.
It is also more likely your hosting solution will be properly optimized for your application, as a result of your support team interacting with the hosting infrastructure daily. Checking what features are available and seeing reviews from other clients running the same application or CMS is a good way to judge the true performance of this type of data center.
In the event of a disaster, peace of mind is knowing that your hosting provider or data center knows what to do. This isn’t always certain with reseller and colocation hosting.
If you host with a reseller or provider that colocates, and their infrastructure provider goes down, they have no control over getting that service back online. In many cases, this won’t only affect your solution, it will also affect their internal services; potentially rendering you unable to contact your hosting provider.
Owned and Operated providers can tell you exactly what is happening to your solution at any given time during a disaster and provide a basic outline of how they will manage recovery. Find out more about data center risk and recovery.
Other Data Center Types
Another classification system often used is data center tiers. The tier system is largely based on reliability, with tier one providers having the lowest uptime, and tier 4 providers the highest.
At the beginning of 2017, Matt Mullenweg announced an ambitious project to replace the WordPress editor with a modern block-based editor. Named Gutenberg after the inventor of movable-type printing, the new editor was developed as a feature plugin and then released as the Gutenberg plugin. If all goes according to plan, Gutenberg will be merged into WordPress later this year with the release of WordPress 5.0.
Writing in Gutenberg is quite different to writing in the current WordPress editor. Headers, paragraphs, images, and other elements are contained within blocks. Each block has formatting and configuration options. And blocks can be moved around the page to create layouts.
The WordPress editor is in need of renovation. While usable, no one considers it an example of great user interface design. It is frustrating to new users who don’t understand its quirks. Shortcodes are awkward and unsuitable for a modern content management system. But the editor is used by millions of people every day, many of whom are not impressed with the planned changes.
Gutenberg has supporters, but there are bloggers, business owners, WordPress developers, and agencies that would rather use the current interface. They complain that the block-based system does not provide a good user experience, that it is difficult to write outside of WordPress and paste into the editor — a workflow used by many, and that Gutenberg is not ready for mainstream adoption.
Gutenberg is likely to be the default editor in the next major release of WordPress, but WordPress site owners who don’t enjoy working in Gutenberg can hold back the tide — at least temporarily.
The Classic Editor Plugin
The Classic Editor plugin brings back the original WordPress editor. It is intended to be used by sites that prefer the original editor or that need to use it for plugin compatibility, meta boxes, and other features that don’t work in Gutenberg.
If you are not enthusiastic about Gutenberg, the Classic Editor plugin will turn back time, but it may not be around forever. At best, it is a stopgap that will keep the classic editor alive for a few years.
ClassicPress is a fork of WordPress 4.9.8. Its maintainer, Scott Bowler, is not a fan of Gutenberg and aims to keep ClassicPress as a Gutenberg-free alternative to WordPress.
A fork occurs when a developer copies open source software and creates a parallel project. Over time, the forked version and the original version evolve differently, even if the developer intends to keep them synchronized. Gutenberg is a key part of WordPress’s future development; users of ClassicPress won’t benefit from those changes.
ClassicPress currently has one developer, as compared to WordPress’s hundreds. In my opinion, forking WordPress is a quixotic protest that is unlikely to last long. I’d advise against moving any important production site in that direction.
Remaining On The 4.9.X Branch
If a site isn’t updated to WordPress 5.0 — or whichever version makes Gutenberg the default — it can continue to use the classic editor.
This is the easiest solution, but it is also the worst. The site would receive no security updates and no new features. It would eventually become incompatible with WordPress plugins and themes and would be unable to update to new versions. Declining to update over the long term is not a viable or safe option.
If you really don’t want to use Gutenberg, the Classic Editor plugin is the best solution. You will be able to keep your site up-to-date and have access to the editor you prefer for the foreseeable future.
Instead of asking about bandwidth, ask how your hosting provider manages traffic spikes. Not only will this give you valuable insight into how your hosting solution may be treated in other areas, it also lets you know how to prepare for future growth.
The holiday shopping season is fast approaching. If you are an eCommerce seller, this means an increase in traffic and sales, and time to upgrade your hosting solution to match.
Yet traffic spikes don’t only occur during the shopping season. A number of events can cause a traffic spike: content going viral, a product being featured on TV, or perhaps a sudden surge in the popularity of what you’re selling.
These events can be planned for by knowing what tools you have at your disposal and how effective they can be at improving user concurrency.
In preparation for the holiday seasons, we’ve put together three ways hosting providers tend to manage traffic spikes.
Don’t have time to read the specifics? See our summary below.
Site Capacity Increase?
Available on All Solutions?
Included in Cost?
Why Check Website Traffic?
Traffic spikes are managed differently by different hosting providers. Not all are prepared to accommodate sales and viral content events.
Some providers stop service after a certain cap has been reached; others continue to allow users to access your site but throttle speed. Only some providers offer the tools needed to maintain accessibility and performance. A good hosting provider accommodates traffic spikes in a number of ways, depending on the solution you have. We’ve identified three primary methods:
Quick upgrades and downgrades
An auto scaling mechanism
Is Your Environment Optimized?
Environment optimizations are usually accessible from your control panel and do not come at an extra cost.
The Hostdedi Cloud Accelerator is an example of an environment optimization. This feature is designed to take advantage of NGINX and enables higher user concurrency without having to upgrade or enable auto scaling. It is turned on by clicking a button in the Hostdedi Client Portal.
What Is Your Upgrade/Downgrade Policy?
As hosting technology has developed, so too have upgrade and downgrade procedures and policies. These vary depending on the type of solution you have.
Get in touch with our hosting experts and find the best way to prepare for traffic spikes.
Cloud solution upgrades and downgrades are fast and easy. Most of the time, cloud solutions can be upgraded through your Client Portal or admin panel with a few clicks and should scale instantly.
Upgrading and downgrading traditional hosting solutions requires a migration. This means going through data replication, client testing, a final database re-sync, and a domain repoint. This takes from 3 to 5 days, which includes time for scheduling, client testing, and common delays in communication.
If you intend to downgrade a classic solution, and you’ve paid for several months in advance, check how your hosting provider manages any amount you haven’t used.
Upgrading a cluster solution is relatively easy and can be done by adding a node (web application server). This will, in most cases, take between 72 hours and 2 weeks.
Due to the nature of hosted clusters, upgrading and downgrading in short succession is not efficient or economical, it is usually much better to maintain a high-performance cluster for a longer period of time than just upgrading for a sales event. Consult your hosting provider on their recommended course of action.
Cloud Auto Scaling
Instead of upgrading your hosting solution entirely, auto scaling allows for your site to scale capacity only when it needs it. This allows for your solution to meet any traffic spikes you face while keeping costs down.
Auto scaling mechanisms vary by provider. Generally, the process involves the scaling of PHP threads: individual processes a server executes. Each user action on your site executes a certain number of PHP threads: the more you have access to, the more simultaneous actions can be performed.
Use Your Hosting the Way It’s Meant to Be Used
You have a number of tools at your disposal for increasing the performance of your hosting solution. Find out exactly what your hosting solution includes by asking your provider the 5 questions you really should be asking.
A critical vulnerability in the popular Ultimate Member plugin was discovered earlier this month. A patch was released to fix the problem on 9th August, but researchers report that bad actors are using the vulnerability to compromise WordPress sites using earlier versions of the plugin.
If you use Ultimate Member on your WordPress site, it should be updated to version 2.0.22 or newer as soon as possible. Failing to update could lead to your site being compromised.
Ultimate Member Vulnerability
Ultimate Member is a popular plugin with over 100,000 active installations. It adds membership-related features to WordPress sites, including user profiles, custom form fields, member directories, and more. Ultimate Member is one of the most widely used plugins for building community and membership sites with WordPress.
The vulnerability in Ultimate Member is classified as an Unauthenticated Arbitrary File Upload vulnerability. A flaw in the plugin allows a bad actor to upload arbitrary files to a WordPress site, including PHP files.
To remove the vulnerability, update Ultimate Member as soon as possible.
The Vulnerability Is Actively Exploited By Hackers
Researchers discovered that a large number of WordPress sites were being compromised with a PHP backdoor. Once the backdoor was installed, the attacker used their access to inject code that redirects site visitors to web pages under the attackers’ control.
The attackers probed WordPress sites for vulnerable versions of Ultimate Member and used the vulnerability to upload the backdoor. Additional code was then injected into various files on the WordPress site, including all files that contain <head> tags and all files with jquery in their name or content.
This is an unsophisticated approach, but it worked – several hundred WordPress sites are known to have been compromised in this way. Users were redirected to pages that presented a Captcha test and asked for permission to send browser notifications.
The Problems Of Disclosure
Many of the attacks happened after the patch to fix the vulnerability in Ultimate Member was released. This is a common pattern: fixing a vulnerability alerts bad actors to its existence. The likelihood of a vulnerable site being attacked increases once the patch is released. WordPress site owners who update promptly are protected; those who delay are not and their sites face increased risk.
In this case, the developers of Ultimate Member did exactly what they were supposed to. The presence of the vulnerability was unfortunate, but any complex software is likely to develop such problems at some point in its life. Of more importance is the fact that it was patched promptly when the vulnerability was discovered.
If you suspect that your site has already been compromised, Sucuri’s mitigation guide includes more information and instructions for removing the malicious code. If you need help, don’t hesitate to get in touch with the Hostdedi support team by opening a ticket in your Client Portal or by email.
This week Alex, the Hostdedi Team Member Relations Specialist, walked us through the ins and outs of hiring the right people to work in a data center.
Why Are Human Resources Important In a Data Center?
Team members are an important part of any team. This is especially true at Hostdedi, where our services and solutions revolve around offering unparalleled hosting support to clients.
In order to do this, our human resources department works tirelessly to find and hire the right candidates and to help create a company culture of growth and fun.
Teams Important to a Data Center
Alex identified four primary team categories integral to the running of a data center.
Research and Development
The teams that fall into these categories work independently but also connect to deliver the best client experience possible. To make this process as efficient as possible, it’s important to hire experienced candidates that fit the company culture and believe in it.
As Hostdedi is a hosting provider that focuses on support, the support category often takes precedence over others. A great client experience from point A to B means paying attention to what the client needs and our support department is one of the best ways to understand what this means.
Finding the Right Candidates
Finding the right candidate for an open position means finding someone who fits the company culture. Hostdedi believes in autonomy and innovation, and focusing on what you’re good at.
To this point, experience is just as important. To provide excellent service to our clients, we try to find knowledgeable and expert support staff. Many of our staff members are referred and recommended to us. Which brings us to our final point.
Willing to Go Beyond
A Hostdedi, we believe in going beyond. In fact, our values all revolve around going beyond in one way or another; whether that’s with work, team spirit, or contributing to innovations.
If the right candidate is willing to go beyond, they get a lot back, including some great perks, unique opportunities, and the chance to work remotely.
Interested in Joining Hostdedi?
If you’re interested in becoming part of the Hostdedi team, you can see what opportunities are available here. If you think you’re the right fit, what are you waiting for? Apply now.
ModSecurity helps to protect your site from a variety of attacks by matching up known attack patterns and identifying anomalies. Here’s what you need to know about the web application firewall and how it protects you.
What Is ModSecurity?
ModSecurity is a web application firewall designed to protect against web-based threats (we’ll come back to these later), including:
ModSecurity works by detecting and blocking requests that match signatures of known attack patterns and/or through the use of anomaly scoring. On occasion, ModSecurity may misinterpret a legitimate user’s actions as a threat. Such users will usually encounter a 403 “Forbidden” HTTP status code.
Finding The Issue
The first step to identifying mis-sent 403’s is investigating your website’s error logs. If these logs indicate your site blocked a legitimate request, ModSecurity may be the cause. Resolving the issue is usually a matter of confirming the blocked request was indeed legitimate, then either adding a whitelist or adjusting ModSecurity’s ruleset to prevent it from blocking similar legitimate requests in the future.
If we host your website, and you don’t have the time or resources to investigate, our support team can do it for you. Just open a ticket through the Client Portal, and we can examine your logs, determine the cause, and apply one of our application-specific rulesets. These rulesets help ModSecurity better recognize legitimate users, and include Magento, WordPress, and other platforms featured on our website.
Brute-force attacks attempt to access your site’s admin panel with fast, repeated attempts to guess the password. This method follows a consistent pattern. First, the password is entered into the login form, then sent to the server. If the attack succeeds, the server rejects the password, and content management system (CMS, like Magento, WordPress, and so on) returns an unauthorized token, which redirects the user to the login page. Brute force attacks repeat these login attempts at a furious pace and continue until they succeed, or are detected and stopped.
When the web server notices a high rate of failed logins, ModSecurity blocks the IP address attempting to log in. However, our settings require a relatively high number of failed password entries before perceiving those attempts as a brute force attack. If you are a legitimate user struggling with a password, you will come nowhere near this threshold.
ModSecurity uses a similar technique to derail SQL injection, a common form of attack that attempts to exploit vulnerabilities in an application to insert a malicious SQL statement into your database. These statements normally run automatically as part of database operation. If successful, these attacks can change or disclose your data without your knowledge, or even destroy such data.
SQL injection usually inserts these statements into entry fields, such as those requesting usernames or passwords, and require a security vulnerability that allows user input to be unexpectedly executed as an SQL statement. While the technical details are beyond the scope of this entry, it’s enough to know that ModSecurity resists these nefarious activities.
Cross-Site Scripting (XSS)
In cross-site scripting (XSS), malicious users inject scripts into the HTML of vulnerable websites. When an unsuspecting user clicks the compromised content, the script gains all permissions attached to that user’s system. With this method, attackers can learn login credentials, upload viruses, and even gain administrative access.
ModSecurity intervenes by detecting and blocking requests that attempt to exploit this class of vulnerabilities.
ModSecurity Alone Isn’t Enough
Like any security system, ModSecurity cannot credibly claim perfection. It will, however, make you a harder target. Combined with other best practices like prompt installation of your application’s security patches, a strong password policy, cautious deployment of plug-ins, and two-factor authentication for admin access, ModSecurity plays a key role protecting your website.