99 topics and thousands of podcast minutes later, there’s still many burning questions left unanswered.
To celebrate WPMRR’s 100th episode, Joe and Christie weigh in on premium hosting, how often to send client reports, and why you shouldn’t worry about c-Panel hacking.
Listen now to fill the gaps in your WordPress knowledge.
Episode Resources:
- Leave us a 5-star review on iTunes
- Send your questions to yo@wpmrr.com
- Check out our Care Plan course
- Binge on past episodes you missed
Christie Chirinos:
Hello, WordPress people. Welcome back to BWPMRR WordPress business podcast. I’m Christie.
Joe Howard:
And I’m Joe.
Christie Chirinos:
And you’re listening to the WordPress business podcast. What’s going on this week, Joe? Joe, I think I messed that up.
Joe Howard:
Yeah. That’s okay. It was going to be fine but you can do it over. You added an extra business in there, which is good. Extra business-ing. Who doesn’t want extra business-ing. That’s excellent.
Christie Chirinos:
Maybe we’ll just keep going then. How are you?
Joe Howard:
I am excellent. We got double business podcast this week.
Christie Chirinos:
Double business.
Joe Howard:
Yeah. I’m good. We’ve given updates in the past like, “What’s your update?” Just another week in Covid world but my week is a little bit different this week. I am traveling down to Texas with Sterling and Mo and we are doing a safe as possible family visit down there. Sterling has done a ton of research on how to keep ourselves as safe as possible and clean circulating all the air in the entire cabin every three minutes and all this stuff. And so we’ll be as safe as possible. Their grandson is here and they’re aching to see him and of course we want to follow all the protocols as much as possible but we feel at the same time that we are not putting ourselves out there at a huge risk or anybody out there at a huge risk as long as we’re being very safe about the way we’re traveling. We were going to fly on Saturday actually, but we changed our flight to Friday because we bought Southwest flights, which you can change pretty easily. We changed to a Friday night flight because it was less than half full and the Saturday flight was actually a fuller flight, which I was kind of surprised about. I was like, “Oh, some flights are full?” I guess some people are flying still.
Joe Howard:
But yeah, so we’re flying on a flight that’s not packed and Sterling has all these, we won’t use public bathrooms, only family bathrooms because there’s something about the flushing of the toilets that sends air around and spreads stuff. So yeah, we’re pretty ready for it. And honestly, it’ll be nice, I think, to be down in Texas. We’re going down for two weeks and it’ll be a little bit of a nice change of pace for me. So that’s what’s up with me this week. Just getting a little work done and then preparing to fly Friday night. Yeah. That’s me. How about you?
Christie Chirinos:
Oh my gosh. That’s crazy. So you’re flying tomorrow, basically?
Joe Howard:
Oh, yeah. It’s Thursday.
Christie Chirinos:
Tomorrow night.
Joe Howard:
Yeah. Tomorrow night.
Christie Chirinos:
Whoa. That’s soon. Okay. I mean, we are starting the reopening phase tomorrow as well. I read that in the news this morning.
Joe Howard:
Yeah. DC is technically this phase one of reopening is beginning, which I think is parks and stuff. I think maybe some businesses at like whatever, 25% capacity and stuff. Yeah. It’s starting. We’ll see how it goes. I like to be able to trust in people in positions to make these decisions. If they’re making good decisions, doesn’t always happen, but hopefully.
Christie Chirinos:
Our local government is good but hopefully. Well, best of luck staying sanitized during your trip tomorrow night. I totally get I though. You have a cute, adorable little newborn. Of course his grandparents want to meet him. I think that if you’ve done the research and I’m sure that the airports are also taking precautions. Knowing that the flights are full means that, “Hey, other people are doing this.” People like to go places so it makes sense. Best of luck though. I will not be traveling. I will be once again inside of my small, studio apartment for yet another weekend. But I am looking forward to the slow reopening of our world and I think to a degree, I’ve given up hoping for a quick return to normal. I just don’t think it’s coming. I used to think that once a date was over, things were going to reopen and we were all going to go out and now I’m sort of realizing that until there’s a vaccine, things might open but they’re going to reopen after being shut down to prepare for operating in an environment where there’s a deadly virus running around. And that’s scary. That feels a little apocalyptic movie but we got to do our best and protect our communities. So, things that are new with me, I don’t know, absolutely nothing. I got an iPhone, I’m really excited about that.
Joe Howard:
You switched from Android to iPhone?
Christie Chirinos:
Yeah. I switched from Android to iPhone.
Joe Howard:
I can text you with blue text now.
Christie Chirinos:
Yes, you can text me with blue text. I’m very psyched about it. I have been thinking about it for a long time. I’ve had an iPhone before. I was a big fan of the iPhone SE. I think it’s sort of … I’m the target market for that device. You know what I mean? It’s nice and fast and has all the fun, cool iPhone features but sort of makes a lot of sacrifices to be in a budget range but don’t really feel like sacrifices. And for me, who has a whole bunch of other very expensive Apple devices, having an Apple device that integrates with my very expensive Apple devices but doesn’t necessarily have all the bells and whistles of every single phone, works really well for me because all the bell and whistle stuff, I do on my iPad or my iMac. So having iPhone SE, the second generation one, I bought it once they announced it and I finished setting it up last night. So I’m very pumped about that. But that’s about the most exciting thing that’s happened to me in the last five weeks.
Joe Howard:
That’s a big change. Technology. New technology.
Christie Chirinos:
Yeah. And it’s a big purchase. You know? Devices like that. So I’m really excited. I think it’ll be fun.
Joe Howard:
Very cool. Well, when you … iPhone stuff is pretty intuitive. It’ll probably take you a couple weeks to get used to the new UI and know how to do certain stuff but maybe when DC starts reopening, we can hang out and have an iPhone teaching and learning session. Here’s how you use this thing.
Christie Chirinos:
That would be awesome. And some iPhone photo taking sessions because definitely this phone has a much nicer camera than the old Google Pixel that I had.
Joe Howard:
Yeah. The newest Google Pixels have pretty good cameras and the new iPhones do too. A lot of the new premium flagship phones all have pretty premium cameras.
Christie Chirinos:
Yeah. They do.
Joe Howard:
Got to snap some photos. Okay. Well, we have some big news today. Today is a Q&A episode. We’re going to answer some questions from listeners and folks in WPMRR.
Christie Chirinos:
I love these.
Joe Howard:
I know. It’s going to be excellent. These are some of the best episodes. The most fun to do too. But before we dive into that, we are doing a little episode 100 celebration. Yeah. We were talking offline about what we wanted to do this episode on and we were like, “Do we want to do a review of 100 episodes or do we want to do a regular episode?” And we decided, “Let’s just do a regular episode. In the pre-Q&A section we’ll just give ourselves a shout out,” a little pat on the back for me. You get a pat on the back too, Christie. We get collective pats on the backs. And yeah, I mean, it’s been an awesome time building this podcast and getting to do it. We’ve talked to some cool people, honestly we’ve gotten a lot more face time in than we would have in the past, year, year and a half, had we not done this podcast, Christie. We totally would not be as good of friends also, if we had not done this podcast. So that maybe is the biggest thing I’m thankful for. We get to talk every week. It’s just an excuse to get to talk every week. That, to me, is awesome. So thanks for doing this with me. It’s been fun.
Christie Chirinos:
I totally agree with that. I’m so glad that we have developed a better working relationship and friendship over this podcast and I just think back to how when we started and you sent me that email asking me to be on the podcast. I thought it was a mass mailer so I didn’t answer.
Joe Howard:
Gotcha.
Christie Chirinos:
And then Joe was like-
Joe Howard:
I asked 100 people and only Christie said yes.
Christie Chirinos:
That’s how the podcast started. I just immediately assumed you were very popular. You know what I mean? You have popular vibes. I was like, I’ll get to this mass mailer later. And then Joe is like, “Christie, you didn’t answer my email.”
Joe Howard:
Hey, I asked you very specifically and I want you to do it with me. Okay. Fine. I just bug people until they do stuff with me.
Christie Chirinos:
The origin of the podcast was that peak awkward Christie moment. There’s many of those in my life.
Joe Howard:
Those are the best moments and it’s good to reflect on that too. Because I mean, this is one of the more listened to podcasts in the WordPress space and it came from nothing. It came from, “Hey, you want to do this podcast?” Sure. It sounds cool. You’re cool. I’m cool. We could do a cool podcast together. We’re good at talking. We could do a podcast. And then 100 episodes later, it seems like we just were at episode one yesterday. It’s pretty crazy it’s episode 100. Yeah. We won’t do a whole episode on it but I think it’s just nice to put it out there. Pretty crazy that we’ve gotten to this point and I guess here’s to 100 more episodes. I’m excited. Maybe we’ll do something special for 200. 200 is like, a good number of podcasts get to 100 episodes. Well, let’s get to 200. Let’s see what happens then.
Christie Chirinos:
Here’s my dream, okay? I’m going to speak it into existence. I want to do one of those live podcast recordings that people go to, you know? Not just at a Word camp or something but have an event. You know? Have a WPMRR party and an audience and go full on talk show host.
Joe Howard:
Oh, I like that. I’ve done some, what’s the NPR show? The Wait, Wait, Don’t Tell Me. I went to a live recording of that here in DC and that was a lot of fun. That would be super cool if we could do that.
Christie Chirinos:
That’s going to be my goal.
Joe Howard:
Camps come back, we could apply to a Word camp and do the 200th episode at one of the bigger regional Word camps. That would be fun.
Christie Chirinos:
When Word camps are a thing again, I would love to organize a post Word camp event that’s a live taping or something like that. That’d be cool. Okay.
Joe Howard:
I like these.
Christie Chirinos:
Three years from now.
Joe Howard:
Yeah, right? Stay tuned.
Christie Chirinos:
Stay tuned.
Joe Howard:
All right. Cool. Let’s dive into the episode today. We’ve both got a hard stop in like 35 minutes so we’re going to run through questions but if we don’t get to all of them then, hey, we’ll do another Q&A episode soon.
Christie Chirinos:
This is good advice, right? Not bad advice? Because I still really want to do Bad Advice with Christie Chirinos.
Joe Howard:
Bad advice, five cents. I think as long as you, before each answer, clarify whether this is good or bad advice, then we’ll be good to go. So you’re choice, dealers choice.
Christie Chirinos:
Perfect.
Joe Howard:
And we’ve got some hosting questions in here too. So actually perfect for you and I’ll probably not know good answers and then chime in with bad advice. First piece of advice here. Hello there, I’d like to offer three hosting and maintenance plans for clients. I’m very tempted to use Kinsta as a hosting provider. However, I wonder if it’s not overkill for my smaller sites. Would I be better off taking shared hosting for those clients? Is it just not worth the hassle? I mean, is saving a little bit of money there worth it or should I keep things nice and efficient with one great hosting provider? Thanks for any thought and insight. I mean, this question Kinsta hosting. I mean, the real question is, smaller sites that I’m running for clients. Do I want to spend more on a higher quality host or is shared hosting maybe okay for those clients? I think this is a perfect question for you and then maybe I’ll chime in as well but you probably get this question a lot.
Christie Chirinos:
I need so much more information to answer that question helpfully though. And yeah, we can use Kinsta as an example of a placeholder of do you pay the premium for managed WordPress hosting? Right? And I mean, I’m obviously biased but I’m like, yes. When things go wrong, you’re going to be very upset that you’re on that VPS running a bunch of WordPress websites and you’re completely responsible for all of them. But I spend all day and all night, not all night, just all day, working on managed commerce solution built on top of a managed WordPress solution exactly for this issue. Right? And the reality outside of the work that I do is I’m sure that there are instances in which it makes sense to maybe put your higher traffic, higher demand clients on managed WordPress, managed commerce hosting, depending on what they’re running so that you can have access to all of those additional features and benefits and whatever Kinsta offers. And then maybe have one VPS where you sort of put on all of the sites that are local, don’t get that much traffic, are portfolio sites, whatever. Right? I know that as a web professional in general, that’s sort of how I operate in terms of the access of two accounts that I have. Right?
Christie Chirinos:
But with that said, I would question why you’re not just working with clients that are worth managed WordPress. Right? Why do we have clients on a VPS? Why is it that the price difference isn’t a completely surmountable, inconsequential thing? Because ultimately, I don’t know exactly what Kinsta costs but Nexus managed WordPress starts at $19 a month. Managed commerce at Nexus starts at $19 a month. I’m pretty sure Kinsta is at something similar. I think it’s like $29 or something like that. So if a VPS is something like $10 or if you’re looking at cheaper shared hosting which is something like, I don’t know, $3 a site or something like that. Why is $15 a month a make it or break it? Why is it that $15 a month, saving that amount of money makes it okay to not have any access to WordPress core support, to application support, to potentially the different little bundles and things that different managed WordPress plans come with.
Christie Chirinos:
Sometimes they come with premium products like Nexus Managed WordPress comes with iThemes Security Pro. It comes with [inaudible 00:15:08] Builder. It comes with things like that. It just doesn’t seem to me that there are a lot of arguments for that particular cost cutting measure. The cost versus benefit. Or the potential risk versus benefit doesn’t seem worth it to me. Again, understanding that I’m sure there is a strategy in which you can have the bulk of your low traffic sites on something cheaper and then the three big clients that need attention and need the 24/7 support on something more premium like Kinsta or Nexus or WPGen or whatever.
Joe Howard:
Yeah. I think you answered that pretty comprehensively. I don’t have too much to add. I think that you’re totally right. It’s like, if you’re deciding between those two things, I think you’re probably asking the wrong question. I think the right question or the right thing to think about is, you should probably be able to sell a managed hosting over cheaper hosting and pass that cost off to your client and it’s not that much more of a cost anyway. It’s totally worth the investment to them. And that should be part of the sales process whether it’s in your proposal or when you’re talking to them on a discovery call. It should be pretty easy to upsell that fully managed WordPress hosting. Especially if it’s a serious website. Why would you want to build a website for $10,000 and then put it on $3 a month hosting? Probably not the right move.
Christie Chirinos:
No.
Joe Howard:
And so yeah. That’s something I think about and also, if your client is bulking at that, then yeah, looking and making sure you’re attracting higher quality customers is always a big priority. Obviously when you’re starting off, maybe you’re working with some lower quality customers but as you move along, you want to be targeting people who know if they want to invest in better infrastructure for the long term. This question also may not be about selling it to clients. It also just may be about me as the freelancer or me as the person managing this website, is it worth it for me to invest more in my business in doing a fully managed set up than cheap hosting? I mean, it’s kind of a short term, long term thing also. It’s like, if you go with shared hosting, you’re definitely going to have to probably upgrade people in a year. It’s going to cause you 20, 30 hours of BS, bullshit work to do over the year. Is that really worth not paying $150 a year for the fully managed version? Maybe that’s like $500 a year for three sites or whatever. In my opinion, very much no.
Joe Howard:
I’m not personally … I don’t know everything about hosting. I know basics but I’m not a super hosting expert. I’d rather the host fully manage that for me. I trust a Nexus or a Liquid Web to, “Oh, you guys know commerce hosting. Yeah. You guys handle the scaling stuff when I’ve got 100 people on my website checking out at once.” So, yeah, I think in most cases it’s worth it but I think you’re also right. I’d love to sit down with this person and get a little bit more information about exactly who their clients are and help them dig it out a little bit more. But this question, by the way, was send in by Laurent. So Laurent, thanks for the question. It was a good one. Hope that answers it for you. Anything final to add, Christie, or do you want to move to the next one?
Christie Chirinos:
Yeah. I think the final sentence I might add there is that there is maybe an existing lingering thought that manged WordPress hosting is considerably more expensive than something like shared hosting or putting a bunch of WordPress sites on a VPS or something like that but at the beginning of 2020, and this is something that I know because I look at this every single day, right? We say a lot of the managed WordPress companies plummet their prices, Liquid Web included. Why? Because we’re trying to compete in a more competitive, larger market. There’s more and more potential for units, there’s more and more of an addressable market every single day, right? More people are getting online and then right now it’s just up and to the right. And so I think maybe there is a reservation there because you’re thinking, “Oh, it’s going to be $50 per site. Or I can just have everything on shared hosting.” And that’s just not the case at this point.
Christie Chirinos:
With Nexus, I think if you’re looking at multiple site managed WordPress plans, the five site plan is like $79. It’s not insurmountable and the difference in expertise that you’re getting and the number of things that you can hand off to people are so valuable. Right? Even if you’re building sites for people, something that a good managed WordPress host will do is give you the ability to have different kinds of users on the account so you can be the administrative user but your client can also have a limited user profile. And that means that if they have a problem in the middle of the night, they’re not calling you. And that alone can be worth $15 a month or whatever. But yeah. Let’s move on.
Joe Howard:
Cool. Let’s do it. Okay. Next question. Hello, I’m wondering what are others using for support ticketing relating specifically to content update requests. So I guess it’s a software question. I’d like to streamline mine for future growth. I’m not excited about the current set up. I would greatly appreciate any input. I guess this question is kind of asking about what ticketing software folks are using for support. This is from GreenEx Media asking the question. Christie, what do you use for support?
Christie Chirinos:
I don’t think they’re asking about support ticketing. I think they’re asking about ticketing and request tracking about content updates. So when you see things in your KB, when you see things in your website, how do you track the different things that you notice need to change? And honestly, this is such a good question. Let me tell you that Liquid Web, a very large company, has not cracked this. It is so hard. And I have worked however long I’ve worked on this kind of thing now and I have used so many different strategies for this. [inaudible 00:21:27] Boards, Google form that feeds into a request tracker, we have used Base Camp. We have used everything to figure out a good and easy way to track and execute on our content update requests. We have tried outsourcing the whole thing. We have tried everything in the different places that I’ve worked and it’s a really interesting challenge.
Christie Chirinos:
With that said, I do believe that the two key things for tracking this kind of thing are, one, easy input. You need something where it’s very easy to create a new problem when you notice it from whatever device you’re on, from whatever site you’re on. Right? So things that have browser extensions, things that have mobile apps, software that has easy entry input would probably be my first consideration. And then after that, you want to use what your team will use. That’s really it. What’s the best? Base Camp has this, this, and that feature. And [inaudible 00:22:27] has this, this, and that feature. And [inaudible 00:22:28] has this, this, and that feature. It really … They all do the same thing. You want to use what your team is going to use. That’s my two cents on that one.
Joe Howard:
Yeah. I think that makes sense. I’m kind of glad to hear that Liquid Web has not cracked this yet because we for sure have not. It’s tough. It’s more like, I feel like this is a better question for someone who runs more of a pure SaaS company. This is something that we want to do better for just general content updates. Because we have such a huge library of content at this point, it’s hard to keep everything up to date, not just the content and the advice but the screenshots and everything in content. How do we keep everything updated? One thought I have is trying to just create something that’s user generated that’s super easy and minimalist and easy for everybody to use. I mean, you kind of said this but it’s like, if something is complex and complicated, I’m not going to use it and it’s just going to blow up. So trying to find the easiest most streamlined possible way to do it is usually going to be the best route. Yeah.
Joe Howard:
I don’t know if I have any great advice for this but I think probably some of the things you actually mentioned here would work better for a smaller company or a smaller agency even. Maybe companies that get five or 10 pieces of feedback a month. Companies that scale to 100s, that may be a different monster. I think also at then end of the day, it may just require one, someone’s time just to figure it out, and two, just someone’s time dedicated to going through all that and organizing it. And maybe trying to create a more streamlined process. If you’re a small agency or something, you may have to, yourself, just take five hours one day and just organize everything you’ve gotten in the last month. You may have to. If you’re a bigger company, you may have to say, “Hey, someone’s time is dedicated 20% to this feedback thing. We just have to dedicate the time to get it done.” So that’s a solution. It may not be the most elegant one but just spending time enforcing it can work.
Christie Chirinos:
I think the last thing I would add to that before we move on would be just an appreciation for how hard this question actually is and how this seemingly simple thing is something that a lot of companies struggle with. Like I said, I just got an iPhone and so I’ve been looking up how to do new things on my new iPhone and how to have it do those new things well with my iMac and my iPad Pro. And let me tell you, there’s a lot of outdated documentation on Apple’s website. If Apple is struggling, it’s okay if you’re struggling too.
Joe Howard:
Yeah. This is not solely a problem of small companies that just don’t have maybe the manpower to do this as efficiently as they want to like a lot of companies have issues figuring this out. Yeah. I think there’s probably some room here for software maybe to be created. Maybe there’s a new SaaS company that really needs to bridge this gap around users needing updates to content and generating that and organizing it in a way that allows your team to implement it easily. There are things like, one other quick thing I’m thinking about is like, Hot Jar has this little sidebar thing. I forget what it says on it. I think you can customize what it says but it says Feedback or something.
Christie Chirinos:
Feedback Tool. Yeah.
Joe Howard:
Feedback Tool.
Christie Chirinos:
We used to have that on [inaudible 00:26:23]forms.com and it would ask you for feedback after checkout. And then we would get that feedback and I had somebody coming in and copy and pasting the stuff we would get into a Google Sheet so we could track it.
Joe Howard:
Google Sheets, right.
Christie Chirinos:
Yep.
Joe Howard:
So that’s a manual way to do it. But hey, that’s a good start I think. Maybe using Zapier to send some of that information into a Google Form or something and then you can actually manipulate the data. I don’t know. That sounds like probably what I would do if I was using it that way. If I wanted a little feedback thing on my website. Which I don’t know if I want that right now but yes. That’s a good way to do it. All right. Sweet. Anything else to add or should we move on?
Christie Chirinos:
Let’s move on.
Joe Howard:
Moving on. Client reports. Monthly or weekly? We send them out monthly but I see WCP Buffs does weekly. Any pros, cons? Thanks. I’ll answer this question too but you from a web hosting background but also from a ran Caldera for years. Wanting to give feedback to clients, what did you prefer? Did you prefer weekly or did you prefer monthly?
Christie Chirinos:
I need so much more information about this to answer this question. And I know that’s a cheap answer but I really do. It’s like, what industry are you in? There are some products that do not need to be sending client reports at all. There are some agencies that should probably be sending a monthly report about what you accomplished and what you did and where your billable hours went and I’m sure clients appreciate that.
Joe Howard:
Have a little bit of background information. It is a WordPress maintenance and support company.
Christie Chirinos:
Got it. Okay. I think that may be a better question for you then.
Joe Howard:
Yeah. I didn’t want to take over the answer. I wanted to give you a chance to answer too. Yeah. This is a good question. I think it is, yeah, again, somewhat of a cheap answer but it’s totally dependent on your clients and what they want. We have clients that probably want the weekly report because they wan to stay up to date on things. We have clients who want to receive monthly reports because they don’t want to receive an email every week. Probably we have a lot of clients who don’t read the reports. I guess I’m probably assuming there but I would assume most people get the reports, how many people actually click through and read them? I don’t know. Probably not all of them.
Joe Howard:
I think that the reason I like to do a weekly email, we do weekly emails, which Danielle here mentioned. I like weekly because we send emails out every Monday morning to all of our clients with the report of all the updates we did last week to their plugins and to the security scans. And speed scans and uptime monitoring scores and all that stuff. I like sending that out every Monday morning because I want all our clients to feel like their website is top of mind. This is a high priority for me. And when you get an email on Monday morning, that’s how you start your week and so yeah. It kind of makes your website top of mind for them.
Joe Howard:
So I like sending it out weekly for that reason. We actually have certain clients who tell us, “I don’t need a weekly report. Just send it to me on the first of every month.” And so we just adjust their settings in our software and send them monthly reports. So it’s kind of customized. But that would be one reason we like to send weekly. It’s also just higher touchpoint which usually, if I had to learn one way or the other, there’s a lot of context, like we said here, but if I had to lean one way or the other, I’d probably want to lean towards higher touchpoint because the more positive touchpoints you have with your customers or clients, more often than not, the lower the churn is going to be and the higher the lifetime value of that customer is going to be.
Joe Howard:
You’re going to be less likely to cancel a subscription if you have positive interaction after positive interaction after positive interaction. If you look at your report every week, it’s like, “Oh, here’s all the stuff they did. Guess I can’t cancel. Do I want to do all these updates? Do I want to monitor the uptime? Oh, I don’t want to do that. Okay. Oh, and it’s had 100% uptime this week. Okay. I guess, keeping it forever.” Hopefully. So yeah. I think that having more positive touchpoints, as many as possible, is a good thing.
Christie Chirinos:
I will say that from a customer perspective, right? As someone who has been a customer of a maintenance company, I like what you said about options. I would love that my account, by default, sends me weekly reports. And then I can opt into, “Hey, I don’t need these. It’s fine. Give me monthly.” Or, “Give me none. Just don’t email me. I have too much email. I’m sitting on 85 emails. I’m very stressed out about it.”
Joe Howard:
Yep. It’s always good to give options and get options, shout out to the Get Options podcast. You said options and I’m totally liking the Get Options podcast. What’s up, Kyle? What’s up, Adam? All right. Sweet. Danielle, thanks for the question. Good one. All right. Let me mark that one as complete. It is, we’ve got about 15 minutes let so maybe let’s do one more question and then we’ll wrap up. We’ll save the other questions for another Q&A episode.
Christie Chirinos:
Love it.
Joe Howard:
This is another hosting one. Good for you and I will chime in as well. The question is, how difficult is it for a hacker who compromised one C Panel account to gain access to the other C Panel accounts on the same serve? What can I do to make it harder? This is an interesting question coming off the back of the first question we did here, which was, this is another risk of shared hosting is that you’re hosting alongside 20,000 other sites on the same server potentially. There is the possibility for someone to gain access to C Panel and gain access to everybody else’s C Panel. So Christie, as a hosting person who-
Christie Chirinos:
Go in on this question.
Joe Howard:
Yeah. I can already see your willingness to want to attack this question.
Christie Chirinos:
I’m like a cat. I have a ready to pounce position and people know it.
Joe Howard:
And quickly before you answer the question, this is sent in by Nate. So, Nate, thanks for the question. It’s a good one.
Christie Chirinos:
Cool. Thank you for the question, Nate. This is such a good question and there’s also so much to it, right? All of these questions have a lot of different components. The first thing that comes to mind to me is, well, how difficult is it for a hacker to compromise another C Panel? How easy did you make it to compromise the first one? If your C Panel account was easily compromisable because you used insecure security practice because your password was your dog’s name and because you weren’t mindful about using a password manager and because you also weren’t mindful about your hosting password management and because I don’t know what else you could be doing but because you just were … I don’t want to use the word careless but that’s the word that comes to mind, about your own security management because you responded to a phishing attack, I don’t know. Right?
Christie Chirinos:
Then it’s going to be just as easy to gain access to the other C Panel accounts on the same server no matter how technically difficult or not difficult it is to do something. Right? Number one thing about security, and web hosting security, is that it’s primarily driven by human behavior. We can take on a lot of different precautions to protect you from malicious attacks, but we can’t stop you from giving up your information or protecting your information poorly. So on and so forth. That’s the first thing that comes to mind when I see that. And then when it comes to the actual technical aspect of it, I wonder it really does depend on how your host implements C Panel. Right?
Christie Chirinos:
And then it depends on what you mean by compromise. If you are talking about a C Panel account getting hacked and then what’s the hacker doing on that account? Are we attacking it with insane amounts of load and making it do crazy stuff? Then yeah, it’s going to bring down the whole server and all the other C Panel accounts on that server and it’s all going to be compromised because one thing was compromised. Right? Especially if you’re operating under a completely shared server and in a limited server resources situation. It’s all going to go down. If one thing has been compromised and then the other C Panel account we’re worried about that same hacker being able to get access to the same account and also upload malicious files or whatever, again, depends on the configuration and how NCP settings are set up and things like that among the C Panel accounts.
Christie Chirinos:
I’m not a C Panel expert or security expert but it’s absolutely possible which then brings me to the last new ones of this which is, why are you worrying about this? You could pay an additional $7 a month and this problem could be a support ticket. Right? You fire up an email from your iPhone while drinking your morning coffee and you’re like, “Hey, why was my C Panel account hacked?” And then again, I’m like, the majority of managed WordPress and definitely managed commerce are not even using C Panel anymore. Right? With the C Panel price increases, a lot of different web hosting companies chose different vendors or even rolled out their own that have different security practices and account for this sort of very 10 years ago type problem.
Christie Chirinos:
So when you’re concerned about this, I’m like, oh my gosh. Pay for a better host. Right? Pay for managed WordPress so that, on whoever, right? Like Nexus, Kinsta, WPN Gen, all of them would include within their scope of support, to identify, protect against, and clean up malicious scripts. And so I’m very much like, oh my god, what can you do to make it harder is the last section of this question. It’s, this takes an adjustment in thinking buy this is so not a problem that you could be worrying about in 2020. Security is complicated. It is an ever, ongoing and active process that you constantly have to stay monitoring and you can pay someone $20 a month to worry about it for you. And when we’re talking about building businesses that have recurring revenue, a key part of doing that successfully is realizing that our job is to do what we’re good at and outsource everything else and sell the things that we’re paying for plus our time for more money than they cost.
Joe Howard:
Cool. I don’t think I could answer that much better. Or add much to it I think. I was like, I’m just going to let Christie nail this one because I knew you’d know the answer.
Christie Chirinos:
It’s honestly so crazy how much I’ve learned about web hosting in the last year though. I’ll add that for the listeners, right? That I started working at Liquid Web March of last year. We’re recording this May 2020. Almost June. And I started in March 2019. Before then, I understood web hosting like a consumer. And I knew that with this new job, I was being hired for my knowledge of WordPress and the plugin ecosystem and Woo Commerce and that I would have to learn the nuances of what lies beneath that surface. And it’s super complicated and there’s so much and there’s so much history but I tell people who are working in that same sphere where they’re thinking about WordPress and up in the stack, pay someone else to worry about this. There’s so much going on there. Just pay somebody else to worry about this.
Joe Howard:
Yeah. Ask someone who runs a support company. I know for a fact that a lot of people pay us to handle things and take care of things that they don’t want to. Including security issues. I mean, there’s a reason that managed hosting has exploded the way that it has. I can’t remember the last time I talked to a WordPress professional that really considered using shared hosting/C Panel stuff. Most of the people I talk to, again, I can’t remember the last time I talked to-
Christie Chirinos:
Oh, I can.
Joe Howard:
Who was like, “I host everything on a shared hosting.” I mean, actually, full transparency, I have a shared hosting account where I host a dinky couple little websites that I don’t even run anymore that are just kind of out there but like anything serious that I’m doing or anything professional that I’m doing is always going to be on fully managed hosting. So I think that this is … I mean, just the fact that managed hosting has become so big and popular [inaudible 00:39:32] and one of the biggest reasons is because it allows me to not have to worry about answering this question anymore. And like me, as a business owner, I’m always looking for ways to get time back and not spend time on things that don’t matter. And this is a great way to not have to spend time on something that doesn’t matter. Or something that doesn’t matter, just to invest in better infrastructure and this question become vacuous. Yeah. That’s why I’d answer it.
Christie Chirinos:
I agree.
Joe Howard:
Cool. All right. I think it’s time to wrap up for the day. We have a few more Q&A here. So yay, we have enough or another episode which will be fun.
Christie Chirinos:
Yes. I love these Q&A episodes. They’re so fun.
Joe Howard:
Yeah. Excellent. Love it. Cool. Let’s do our usual wrap up which now I have to look up in our show notes because we’re still getting back in the swing of things. Cool.
Christie Chirinos:
How do we podcast?
Joe Howard:
If people want to leave a review for the podcast, feel free to go to WPMRR.com/iTunes and give us a nice little review there. Comment something about this episode or something you like about the podcast. Leave your favorite emoji that’s a totally random one that gets used very infrequently.
Christie Chirinos:
Like the bread.
Joe Howard:
Oh, yeah. I don’t think I’ve ever used bread emoji. But now, okay. It’s in my head. Bread emoji. Go back and binge some old episodes of the podcast. This is episode 100. You’ve got literally 99 other episodes to go and listen to and we’ve talked about all sorts of things on the podcast with Christie. So if people have a specific challenge, they can probably find an episode on something we talked about. Right? And if you have more questions, you can-
Christie Chirinos:
Please have more questions.
Joe Howard:
Yeah. Send us more questions. We like doing these episodes. Have fun. Send us more. [inaudible 00:41:27]@WPMRR.com, that’s all. Anything else from you Christie?
Christie Chirinos:
Last but certainly not least, go to WPMRR.com and check out the course and the series and the content and all the things that have to do with [inaudible 00:41:44] WordPress and using [inaudible 00:41:46].
Joe Howard:
Yeah. Exactly. Cool. And we’ll be your podcast players next Tuesday. Thanks again Christie. This has been fun. We’ll talk next week.
Christie Chirinos:
Woo.
