Managed WordPress Security for Pennies a Day. Call (619) 479-6637

Managed WordPress Security with Heart

Call (619) 479-6637

The Risks of Running Multiple WordPress Sites on a Shared Hosting Account and More…

The Risks of Running Multiple WordPress Sites on Shared Hosting Account and More.png

Listen Listen in to the Recast article, “The Risks of Hosting Multiple WordPress Websites on One Shared Hosting Account”

In today’s online-business focused world, maintaining multiple websites to enhance one’s online presence is crucial for businesses and individuals alike. I manage many WordPress websites personally. And while I would never host more than one WordPress website in a single shared account, I get that this might not be cost effective for everyone.

In this article, we’ll delve into the risks associated with managing multiple WordPress websites on a shared hosting account and discuss ways to mitigate those risks, along with some helpful tips relating to WordPress hosting and website management. Strap in as we navigate the stormy waters of shared hosting.

 

Let’s Talk About…

1.0 The Allure of Shared Hosting

2.0 Understanding the Risks

2.1. Server-Level Security Vulnerabilities

2.2. Account-Level Performance Issues

2.3. Limited Resources

2.4. Mass-hack Risks

2.5. Inadequate Support

3.0 Mitigating the Risks

3.1. Choosing a Reputable Hosting Provider

3.2. Regular Backups

3.3. Implementing Security Measures

3.4. Monitoring Performance and Testing

3.5. Segregation is Key

3.6. Considering Alternatives to Shared Hosting

4.0 Conclusion

5.0 My Top-Fifty WordPress Related FAQs

 

1.0 Let’s Start With The Allure of Shared Hosting

Shared hosting is like the starter pack of web hosting services. It’s affordable, easy to set up, and suitable for small to medium-sized websites. With its low price tag and beginner-friendly features, it’s no wonder that so many people opt for shared hosting when managing multiple WordPress websites.

2.0 Understanding the Risks

Despite its attractive features, shared hosting comes with a number of inherent risks, especially when you’re managing multiple WordPress websites within the same shared hosting account. Let’s take a closer look at some of these risks.

2.1 Server-Level Security Vulnerabilities

Shared hosting means your websites share a server with other users’ websites. This arrangement can expose your websites to security threats like hacking, malware, and DDoS attacks. If one website on the server is compromised, it can put your websites sharing the same server at risk as well.

2.2 Account-Level Performance Issues

As you share resources like CPU, RAM, and bandwidth with other websites, there’s a higher potential for performance issues like slow loading times and server crashes. Performance problems can negatively impact user experience and especially search engine rankings.

2.3 Limited Resources

Shared hosting plans come with limited resources. When you manage multiple WordPress websites on a shared hosting account, you are more likely to inadvertently exceed your allocated resources, which can lead to unexpected website downtime and reduced performance.

2.4 Mass-hack Risks

In a shared hosting environment, websites share the same space and file structure. If one of the shared websites harbors an exploitable plugin, theme, or other PHP file, there is nothing stopping a would-be hacker from damaging, deleting, or editing the files and databases that are sharing your account.

Likewise, keep in mind that WordPress websites are often compromised through legitimate administrator logins as well, in addition to the more common PHP script exploits that can occur on any website. In a shared hosting environment, this means that if one of the WordPress installations sharing the same account is compromised, the administrator login credentials could be used to gain unauthorized access

3.0 Mitigating the Risks

Now that we’ve identified some of the risks, let’s explore some strategies to mitigate them.

3.1 Choosing a Reputable Hosting Provider

Choosing a reputable hosting provider with a proven track record and high customer service reviews can significantly reduce the risks associated with shared hosting. Look for providers with robust security measures, reliable performance, and excellent customer support. It’s worth noting that bigger hosts aren’t always the better choice when selecting a web host because hackers tend to target them more aggressively than smaller, less well-known hosting companies.

3.2 Regular Backups

Performing regular backups of your WordPress websites to an external cloud service provider such as Google Drive, Dropbox or Wasabi is essential in case of security breaches or data loss. Backups allow you to restore your websites quickly, minimizing downtime and damage.

3.3 Implementing Security Measures

Take proactive steps to secure your websites, such as installing SSL certificates, keeping WordPress and plugins up-to-date, using strong passwords, implementing two-factor authentication, and installing a WordPress exploit monitoring plugin like Wordfence or iThemes Security.

3.4 Monitoring Performance and Testing

Monitor your websites’ performance using tools like GTmetrix, Pingdom and WebPageTest.
Regular monitoring helps you identify and address performance issues before they escalate.

3.5 Segregation is Key

By limiting the number of WordPress installations within your shared account, you can significantly reduce the risk of a mass-hacking “situation” affecting all of your websites.

Why? Because each website installed within the shared account presents multiple potential vulnerability points that could be exploited by hackers. By installing too many WordPress installations, you’re essentially increasing the attack surface of your shared account, making it more vulnerable to attacks.

By limiting the number of WordPress installations to no more than three per shared hosting account, you can significantly reduce the number of potential vulnerabilities that could be exploited by hackers, ultimately reducing the risk of a mass-hacking scenario affecting all of your websites.

3.6 Considering Alternatives to Shared Hosting

If you’ve read this article and feel that the risks of shared hosting outweigh the benefits, there are several alternatives that you can consider. One option is to use a virtual private server (VPS), which provides you with more resources, greater control, and better security than a shared hosting account. Another option is dedicated hosting (DS), which gives you exclusive use of a server for maximum performance and security.

Alternatively, you could consider hiring a managed WordPress services provider to help manage your WordPress website. These providers offer specialized support for WordPress websites and can help you with everything from security to performance optimization. By choosing one of these alternatives, you can enjoy the benefits of better security, more resources, and specialized support for your WordPress website.

4.0 Conclusion

Managing multiple WordPress websites on a shared hosting account can be an attractive option due to its affordability and ease of use, but it’s essential to understand the potential risks involved. By taking proactive steps to secure your websites, limiting the number of WordPress installations within your shared account, and considering alternatives like VPS, DS, or managed WordPress services, you can significantly reduce the risks associated with shared hosting. By following the strategies provided in this article, you can maintain a secure and high-performing online presence across all of your websites.

 

5.0 My Top-Fifty WordPress Related FAQs

In writing this article, it became apparent that some of the concepts presented may not be clear to a new web designer setting up shop for the first time. Whether you’re just starting out or looking to improve your existing websites, my hope is that these FAQs will help you navigate the world of WordPress hosting and website management.

1. Is shared hosting suitable for multiple WordPress websites? Shared hosting can be suitable for small to medium-sized WordPress websites, but it’s essential to understand the potential risks and take necessary precautions to mitigate them.

2. What are the main risks of managing multiple WordPress websites on a shared hosting account? The main risks include security vulnerabilities, performance issues, limited resources, cross-contamination, and inadequate support.

3. How can I improve the security of my WordPress websites on a shared hosting account? You can improve security by choosing a reputable hosting provider, performing regular backups, implementing security measures like SSL certificates and two-factor authentication, and keeping your WordPress core and plugins up to date.

4. What are some alternatives to shared hosting for managing multiple WordPress websites? Alternatives to shared hosting include virtual private servers (VPS), dedicated hosting, and managed WordPress hosting. These options provide more resources, enhanced security, and specialized support for WordPress websites.

5. How can I monitor the performance of my WordPress websites on a shared hosting account? You can use tools like Google Analytics, GTmetrix, Pingdom and WebPageTest to monitor your websites’ performance. Regular monitoring helps identify and address performance issues before they escalate.

6. How can I avoid cross-contamination between my websites on a shared hosting account? To avoid cross-contamination, implement security best practices, such as using strong passwords, keeping your WordPress core and plugins up to date, and monitoring your websites for suspicious activity. Additionally, consider using separate hosting accounts or even different hosting providers for each website to minimize the risk of cross-contamination.

7. How can I tell if my shared hosting account has enough resources for all of my WordPress websites? Monitor the usage of your allocated resources, such as CPU, RAM, and bandwidth, using your hosting provider’s control panel or analytics tools. If you notice consistent over-usage, consider upgrading to a higher-tier shared hosting plan or switching to an alternative hosting solution with more resources.

8. How often should I back up my WordPress websites on a shared hosting account? The frequency of backups depends on the nature and complexity of your websites. As a general rule, perform daily backups for websites with regular updates and frequent changes. For less dynamic websites, weekly or bi-weekly backups may be sufficient. Always store backups off-site to ensure their safety.

9. Can I improve the performance of my WordPress websites on a shared hosting account without switching to another hosting solution? Yes, you can improve performance by optimizing your websites, such as compressing images, minifying CSS and JavaScript files, using caching plugins, and employing a content delivery network (CDN). However, if resource limitations are the main cause of performance issues, you may need to consider alternative hosting solutions.

10. Is it better to have separate shared hosting accounts for each WordPress website? Having separate shared hosting accounts for each WordPress website can minimize the risk of cross-contamination and improve resource allocation. However, this approach may increase your overall hosting costs. Weigh the benefits against the costs to determine the best solution for your specific needs.

11. Can I host both my personal and business WordPress websites on the same shared hosting account? You can host both personal and business WordPress websites on the same shared hosting account, but it’s important to evaluate the risks and potential consequences. If one website experiences a security breach or performance issues, it may impact the other websites on the same account. In such cases, it might be wiser to use separate hosting accounts or different hosting solutions for each website.

12. How important is customer support when choosing a shared hosting provider for multiple WordPress websites? Customer support is crucial when choosing a shared hosting provider, especially when managing multiple WordPress websites. Reputable providers offer knowledgeable and responsive support teams that can help you address technical issues, optimize website performance, and maintain a secure environment.

13. What are the key factors to consider when choosing a shared hosting provider for multiple WordPress websites? Some key factors to consider include the provider’s reputation, security measures, resource allocations, performance, customer support, and pricing. Analyze each factor based on your specific requirements and weigh the pros and cons before making a decision.

14. How can I ensure my WordPress websites remain up to date and secure on a shared hosting account? To keep your WordPress websites secure and up to date, regularly update the WordPress core, themes, and plugins, use strong passwords, enable two-factor authentication, and employ security plugins or services. Additionally, stay informed about the latest security threats and best practices to maintain a secure environment.

15. Can I use a single SSL certificate for all my WordPress websites on a shared hosting account? A single-domain SSL certificate can secure only one domain. If you want to secure multiple domains on the same shared hosting account, consider using a multi-domain SSL certificate (also known as a SAN or UCC certificate) or purchasing individual SSL certificates for each domain.

16. Can I host an e-commerce store along with other WordPress websites on a shared hosting account? Yes, you can host an e-commerce store alongside other WordPress websites on a shared hosting account. However, e-commerce websites often require more resources and higher security measures compared to regular websites. Before hosting an e-commerce store on a shared hosting account, ensure the account has adequate resources, robust security features, and supports e-commerce plugins or platforms like WooCommerce.

17. How can I manage the database of multiple WordPress websites on a shared hosting account? You can manage the databases of your multiple WordPress websites using your hosting provider’s control panel, usually cPanel or Plesk. These control panels offer database management tools like phpMyAdmin, allowing you to create, modify, and manage databases for each of your websites.

18. Can I host a membership site along with other WordPress websites on a shared hosting account? You can host a membership site alongside other WordPress websites on a shared hosting account. However, membership sites often involve sensitive user data and may require more resources, especially if you have a large number of members or regularly updated content. Evaluate your shared hosting account’s resources and security measures to ensure they meet the needs of your membership site.

19. How can I optimize the loading speed of multiple WordPress websites on a shared hosting account? To optimize the loading speed of your WordPress websites, use image compression tools, enable browser caching, minify CSS and JavaScript files, and employ a content delivery network (CDN). Additionally, choose a hosting provider with servers close to your target audience, and use performance monitoring tools to identify bottlenecks and areas for improvement.

20. What is the best backup solution for multiple WordPress websites on a shared hosting account? The best backup solution depends on your specific needs and budget. You can use WordPress backup plugins like UpdraftPlus or WP Time Capsule to schedule automatic backups. Alternatively, you can utilize your hosting provider’s built-in backup tools or subscribe to a third-party backup service. Ensure you store backups off-site and have multiple copies for added security.

21. How can I handle email accounts for multiple WordPress websites on a shared hosting account? Most shared hosting providers offer email services along with web hosting. You can create and manage email accounts for each of your WordPress websites using your hosting provider’s control panel (such as cPanel or Plesk). These control panels allow you to set up email accounts, configure email forwarding, and manage spam filters. Alternatively, you can use third-party email hosting services like Google Workspace or Microsoft Office 365 for more advanced email features and integration with other productivity tools.

22. Can I upgrade my shared hosting account to a higher plan if I need more resources for my multiple WordPress websites? Yes, you can typically upgrade your shared hosting plan to a higher-tier plan that offers more resources if needed. Most hosting providers offer seamless upgrades without any downtime or significant disruptions to your websites. However, if you still experience performance or resource limitations after upgrading, you may want to consider alternative hosting solutions like VPS, dedicated, or managed WordPress hosting.

23. How do I know if I need to switch from shared hosting to another hosting solution for my multiple WordPress websites? Some signs that you may need to switch from shared hosting to another hosting solution include consistently slow loading times, frequent downtime, exceeding allocated resources, persistent security issues, or the need for more control and customization. If you encounter these issues even after optimizing your websites and upgrading to a higher-tier shared hosting plan, consider alternative hosting solutions like VPS, dedicated, or managed WordPress hosting.

24. Can I host a WordPress multisite network on a shared hosting account? Yes, you can host a WordPress multisite network on a shared hosting account, but it’s important to ensure your hosting provider supports multisite installations and provides sufficient resources for your network’s needs. Due to the increased complexity and resource requirements of multisite networks, you may want to consider VPS, dedicated, or managed WordPress hosting solutions for better performance and scalability.

25. How can I monitor the traffic of multiple WordPress websites on a shared hosting account? You can monitor the traffic of your multiple WordPress websites using web analytics tools like Google Analytics, Jetpack Stats, or Matomo. These tools provide insights into visitor behavior, traffic sources, and website performance, helping you make data-driven decisions to optimize your online presence. Additionally, check your hosting provider’s control panel for server-side traffic statistics and resource usage information.

26. Is it possible to manage multiple WordPress websites from a single dashboard on a shared hosting account? Yes, you can manage multiple WordPress websites from a single dashboard using WordPress management tools like ManageWP, InfiniteWP, or MainWP. These tools allow you to update WordPress core, themes, and plugins, perform backups, monitor performance, and manage security across all your websites from one central location, making it easier to maintain multiple WordPress websites on a shared hosting account.

27. Can I use different domain registrars for my multiple WordPress websites on a shared hosting account? Yes, you can use different domain registrars for your multiple WordPress websites hosted on a shared hosting account. Just ensure that you configure the DNS settings properly for each domain in your hosting provider’s control panel to avoid any issues.

28. How can I improve the search engine rankings of my multiple WordPress websites on a shared hosting account? To improve the search engine rankings of your multiple WordPress websites, implement SEO best practices such as optimizing your website structure, creating high-quality and relevant content, using descriptive and keyword-rich URLs, optimizing title tags and meta descriptions, and incorporating internal and external links. Additionally, ensure your websites load quickly, are mobile-friendly, and have a secure HTTPS connection.

29. Is it necessary to use a content delivery network (CDN) for multiple WordPress websites on a shared hosting account? While it’s not necessary to use a CDN for multiple WordPress websites on a shared hosting account, using one can improve website performance, especially for visitors located far from your hosting provider’s server. A CDN stores copies of your website content on servers located around the world, ensuring faster loading times and reduced server load. This can be particularly beneficial for websites with a global audience or high traffic.

30. How can I secure the login pages of my multiple WordPress websites on a shared hosting account? To secure the login pages of your multiple WordPress websites, implement security measures such as using strong passwords, enabling two-factor authentication, limiting login attempts, and changing the default “wp-admin” and “wp-login” URLs. Additionally, consider using security plugins like Wordfence or iThemes Security to add an extra layer of protection to your websites’ login pages.

31. Can I migrate multiple WordPress websites to a different shared hosting account or hosting solution? Yes, you can migrate multiple WordPress websites to a different shared hosting account or an alternative hosting solution, such as VPS, dedicated, or managed WordPress hosting. To perform the migration, you can use WordPress migration plugins like Duplicator, All-in-One WP Migration, or Migrate Guru, or you can follow a manual migration process by transferring files and databases. Before migrating, ensure you have proper backups of all your websites and verify that your new hosting provider meets your requirements.

32. How can I prevent spam on my multiple WordPress websites on a shared hosting account? To prevent spam on your multiple WordPress websites, you can use anti-spam plugins like Akismet, Antispam Bee, or CleanTalk. These plugins help identify and block spam comments and form submissions. Additionally, you can implement security measures like reCAPTCHA or honeypot fields on your comment and contact forms to deter automated spam bots.

33. How do I choose the right themes and plugins for my multiple WordPress websites on a shared hosting account?

When choosing themes and plugins for your multiple WordPress websites, consider the following factors:

  • Reputation: Opt for themes and plugins from reputable developers with positive reviews and a history of regular updates.
  • Compatibility: Ensure the themes and plugins are compatible with your version of WordPress and other installed plugins.
  • Performance: Choose lightweight themes and plugins that won’t slow down your websites or consume excessive resources.
  • Security: Look for themes and plugins with a strong focus on security and no history of vulnerabilities.
  • Functionality: Select themes and plugins that meet your specific needs without adding unnecessary features or complexity.

34: Best Practices for Managing Multiple WordPress Websites on a Shared Hosting Account

Some best practices for managing multiple WordPress websites on a shared hosting account include:

    • Regularly update WordPress core, themes, and plugins.
    • Implement strong security measures, such as using strong passwords, enabling two-factor authentication, and employing security plugins.
    • Optimize website performance using caching plugins, image optimization, and minification of CSS and JavaScript files.
    • Monitor resource usage and traffic to ensure your websites are not exceeding the allocated resources on your shared hosting account.
    • Regularly back up your websites and store backups off-site.
    • Use a centralized management tool like ManageWP, InfiniteWP, or MainWP to streamline the maintenance of multiple WordPress websites.

35: Ensuring Privacy of Multiple WordPress Websites on a Shared Hosting Account
To ensure the privacy of your multiple WordPress websites on a shared hosting account, follow these steps:

  • Use SSL certificates to encrypt data transferred between your websites and visitors.
  • Implement strong authentication measures, such as strong passwords and two-factor authentication, to prevent unauthorized access.
  • Regularly update WordPress core, themes, and plugins to address potential security vulnerabilities.
  • Use privacy-focused plugins like WP GDPR Compliance or Cookie Notice to help you comply with data protection regulations like GDPR.
  • Review and update your websites’ privacy policies to accurately reflect the data collection, usage, and sharing practices of your websites.

36. How can I set up staging environments for my multiple WordPress websites on a shared hosting account?

To set up staging environments for your multiple WordPress websites, follow these steps:

  1. Check if your hosting provider offers a built-in staging feature, and if so, use it to create staging environments for your websites. You can find a list of hosting providers that offer staging features here.
  2. If your hosting provider doesn’t offer a staging feature, you can use WordPress plugins like WP Staging, Duplicator, or All-in-One WP Migration to create staging environments.
  3. Alternatively, you can set up a manual staging environment by creating a subdomain or subdirectory for each staging site, copying the files and database, and adjusting the configuration settings.

Remember that staging environments consume resources on your shared hosting account, so ensure you have adequate resources available to accommodate them without affecting your live websites.
37. How can I monitor the uptime of my multiple WordPress websites on a shared hosting account?
To monitor the uptime of your multiple WordPress websites, you can use website monitoring tools like Uptime Robot, Pingdom, or StatusCake. These tools automatically check your websites at regular intervals and notify you if they detect any downtime. Monitoring uptime helps you identify and address potential issues with your shared hosting account and ensure your websites remain accessible to your visitors.

38. What should I consider when choosing a shared hosting provider for hosting multiple WordPress websites?

When choosing a shared hosting provider for hosting multiple WordPress websites, consider the following factors:

  • Resources: Ensure the provider offers adequate resources (storage, bandwidth, and processing power) to support all your websites.
  • Scalability: Check if the provider allows seamless upgrades to higher-tier plans or alternative hosting solutions as your websites grow.
  • Reliability: Look for a provider with a strong track record of uptime and performance.
  • Support: Choose a provider that offers responsive and knowledgeable customer support, preferably with experience in WordPress-related issues.
  • Security: Evaluate the provider’s security features, such as SSL certificates, backups, and malware scanning.
  • Price: Compare prices and features among different providers to find the best value for your needs.

39. How can I manage the media files of multiple WordPress websites on a shared hosting account?
To manage the media files of your multiple WordPress websites, you can use media management plugins like WP Media Folder, FileBird, or Enhanced Media Library. These plugins help you organize and manage your media files more efficiently by offering features such as folders, categories, and tags. Additionally, consider using image optimization plugins like ShortPixel, Imagify, or Smush to reduce file sizes and improve website performance.

40. How can I track the success of my multiple WordPress websites on a shared hosting account?

To track the success of your multiple WordPress websites, use web analytics tools like Google Analytics, Jetpack Stats, or Matomo. These tools provide valuable insights into visitor behavior, traffic sources, conversion rates, and other key performance indicators (KPIs). Regularly monitoring and analyzing this data can help you make informed decisions to improve your websites’ performance, user experience, and overall success.

41. Can I use a single security plugin to protect multiple WordPress websites on a shared hosting account?

While you can’t use a single security plugin installation to protect all your websites on a shared hosting account, you can install the same security plugin on each of your WordPress websites. Plugins like Wordfence, iThemes Security, or Sucuri provide a range of security features, including firewall protection, malware scanning, and login security, to help keep your websites safe. Regularly update and configure the security plugins on each website to ensure maximum protection.

42. Can I use a single caching plugin to improve the performance of multiple WordPress websites on a shared hosting account?

Similar to security plugins, you can’t use a single caching plugin installation for all your websites on a shared hosting account. However, you can install the same caching plugin on each of your WordPress websites to improve their performance. Popular caching plugins like W3 Total Cache, WP Super Cache, or WP Rocket can help reduce loading times and server load by caching static content, minifying files, and implementing other performance optimizations.

43. How can I manage user accounts and permissions for multiple WordPress websites on a shared hosting account?

To manage user accounts and permissions for your multiple WordPress websites, you can use user management plugins like User Role Editor, Members, or Advanced Access Manager. These plugins allow you to create custom user roles, modify existing roles, and control access to various features and content on your websites. By managing user accounts and permissions effectively, you can ensure that only authorized users have access to sensitive areas of your websites and reduce the risk of unauthorized changes or security breaches.

44. How can I optimize the databases of multiple WordPress websites on a shared hosting account?

To optimize the databases of your multiple WordPress websites, you can use database optimization plugins like WP-Optimize, Advanced Database Cleaner, or WP-Sweep. These plugins help clean up unnecessary data, such as revisions, spam comments, and expired transients, and can also optimize the database tables for better performance. Regularly optimizing your databases can help reduce server load and improve the performance of your websites on a shared hosting account.

45. Can I use a single backup solution for multiple WordPress websites on a shared hosting account?

Although you can’t use a single backup solution installation for all your websites on a shared hosting account, you can install the same backup plugin on each of your WordPress websites. Plugins like UpdraftPlus or WP Time Capsule allow you to schedule automatic backups, store them off-site, and restore your websites if needed. Regularly backing up your websites ensures that you can recover your data in case of a security breach, server failure, or other unexpected events.

46. How do I handle email for multiple WordPress websites on a shared hosting account?

To handle email for your multiple WordPress websites on a shared hosting account, you can:

  1. Use your hosting provider’s email service, if available, to create email accounts for each domain.
  2. Set up email forwarding rules to redirect emails to your preferred email accounts.
  3. Use a third-party email service like G Suite, Zoho Mail, or Microsoft 365 for more advanced features and better deliverability.
  4. Use SMTP plugins like WP Mail SMTP, Post SMTP, or Easy WP SMTP to configure your WordPress websites to send emails through a third-party SMTP server, which can improve email deliverability and reduce the chances of your emails being marked as spam.

47. Can I use a single maintenance mode plugin for multiple WordPress websites on a shared hosting account?

You can’t use a single maintenance mode plugin installation for all your websites on a shared hosting account. However, you can install the same maintenance mode plugin on each of your WordPress websites. Plugins like SeedProd, WP Maintenance Mode, or Under Construction Page allow you to create custom maintenance mode or coming soon pages that inform visitors when your websites are temporarily unavailable due to updates, maintenance, or development work.

48. Can I use a single SEO plugin to optimize multiple WordPress websites on a shared hosting account?

Although you can’t use a single SEO plugin installation for all your websites on a shared hosting account, you can install the same SEO plugin on each of your WordPress websites. Popular SEO plugins like Yoast SEO, Rank Math, or All in One SEO Pack provide a range of features to help you optimize your websites for search engines, including XML sitemaps, meta tags, schema markup, and content analysis.

49. How can I automate updates for multiple WordPress websites on a shared hosting account?

To automate updates for your multiple WordPress websites, you can:

  1. Enable automatic updates for WordPress core, themes, and plugins in each website’s wp-config.php file or by using plugins like Easy Updates Manager or Companion Auto Update.
  2. Use a WordPress management tool like ManageWP, InfiniteWP, or MainWP to centrally manage updates for all your websites from a single dashboard.

Remember that automatic updates can sometimes cause compatibility issues or break your websites, so it’s essential to have regular backups and monitor your websites closely for any issues after updates.

50. Can I use a single analytics solution for multiple WordPress websites on a shared hosting account?

You can’t use a single analytics solution installation for all your websites on a shared hosting account, but you can use the same analytics service, like Google Analytics, to track the performance of each website. To do this, set up separate tracking codes for each website within your analytics account and add the tracking code to each website using a plugin or by manually inserting it into the website’s header or footer. By using a single analytics service, you can easily monitor the performance of all your websites and compare data across multiple sites.

 

Disclaimer:
This post was written by Jim Walker for informational purposes only, was not solicited, nor paid for respectively.

 

Why Should I Maintain My Own WordPress Website’s Backups?

WordPress Backup Locally or to the Cloud

Thank you for asking. My name is Jim Walker. I’ve been managing website hosting and security for thousands of our businesses here at TVC.Net since 1997.

Some years back, I launched our HackRepair.com service, a reactive website security service for WordPress. I quickly found that nearly all of our new customers either did not have a web designer to help with ongoing security and maintenance or simply never considered the ongoing security requirements of WordPress. So HackGuard.com, our proactive security service, was born.

Through our HackGuard.com service, I learned some truths about hosting companies and their backup systems, especially in how “free” backups are limited at most well-known hosting companies.

I would even go as far as to say that only a small percentage of the websites I’ve worked on over the past decade have had reliable backup options. Unfortunately, a great many well-known web hosting companies do not actually backup their clients’ accounts, despite claiming that “backups are included” in their hosting plans.

[ Key Takeaways
As a professional website manager, I share my experience and advice on website backups. I explain that many web hosting companies claim to offer “free” backups but in reality, they often limit the number of files that can be backed up. This leads clients to falsely believe that their accounts are being backed up. I argue that having a reliable backup strategy is important for reducing damage done by hackers, avoiding human error, keeping a business running in case of a disaster, and saving time and money. I recommend using two backup solutions, one saving daily, weekly, and monthly backups offsite and one yearly backup saved either offsite or on the client’s personal computer. I suggest using UpdraftPlus and WP Time Capsule as backup plugins, and using either Amazon S3 or Google Drive for cloud backups. ]

 

Do hosting companies limit free backups?

The truth is that many web hosts deactivate backups once the number of files within a hosting account exceeds a certain limit, known as “inodes.” Once this limit is reached, backups are stopped.Many web hosts attempt to avoid this ethical issue by offering paid backup options, which they promote in the client’s hosting control panel. However, since most clients rarely log in to their control panel, they may not realize that backups have been suspended due to exceeding the host’s inode limit. As a result, many businesses falsely believe that their accounts are being backed up, when in reality, they are often not regularly backed up at all.

 

Why is having a reliable backup strategy important?

If you are not yet convinced of the importance of backups, here are five reasons why you should regularly back up your website:

  1. Reduce the Damage Done by Hackers: Cyberattacks are becoming more common every day. If your website gets hacked and you don’t have a backup, you’re starting from scratch. But, with a recent backup, you can quickly restore your website and minimize the damage from the attack.
  2. Server Failure, No More: Servers can fail for various reasons, but with regular backups, your website data is protected and can be restored quickly if anything goes wrong.
  3. Avoid Human Error: Even the best website administrators can make mistakes. Accidentally deleting important files or data can be a disaster, but with a backup, you can easily restore your website to its previous state.
  4. Keep Your Business Running: In case of any disaster, a recent backup can ensure that your business operations keep running. You can quickly restore your website and minimize the impact on your customers.
  5. Save Time and Money: Starting a website from scratch takes time and money. Regular backups can save you both by allowing you to restore your website quickly.

 

Backups and HackGuard.com service

The absence of backup systems at several web hosting services prompted me to create my own solution, which I named HackGuard. Many clients whose websites had been hacked were not only missing a functional backup system but also lacked expertise in maintaining WordPress websites. As a result, developing a dependable service that includes website maintenance, backup systems, and security measures was an obvious choice.

When I started my HackGuard.com service, I tried a variety of backup options. Of the dozens of WordPress plugins tried over the course of a few years, I found only two met my service requirements, UpdraftPlus and WP Time Capsule. At the time, my service requirements included: displayed minimal self-advertising and promotion, provided responsive customer service, supported a variety of cloud backup options, and provided a high level of reliability.

 

Updraft Plus and WP Time Capsule

 

Having managed websites for over twenty-five years, I can say without a doubt that the biggest lesson I’ve learned in my time managing websites is a simple one: backup redundancy and security go hand in hand.

It’s for this reason that I believe every website should have at least two backup solutions in place: one system saving daily, weekly, and monthly backups offsite, and at least one yearly backup saved either offsite or on the client’s personal computer.

I could get into discussing the pros and cons of my most used backup plugins, but the details are beside the point. You can learn more about the pros and cons of each with a quick Google search. In short, it doesn’t matter which backup system you have in place. Having multiple backup systems regularly backing your website up to an offsite “cloud” backup service is key #1.

Of the cloud services I’ve tried for website backups over the years, both Amazon S3 and Google Drive have been very reliable. The biggest downside of Amazon S3 is cost. Once backups on Amazon S3 reach a terabyte, service fees may begin to exceed $100 a month, especially if you are doing frequent recovery of files. Alternate lower-cost cloud service options, like Wasabi, are available as well, which according to their website, is 80% less costly than AWS. As of this writing, I haven’t tested Wasabi enough to give a review on their service.

Now, having covered the importance of backups, I would be remiss if I didn’t mention how backups may affect the performance of your website. On an overloaded or poorly tuned web server, backups may impact how a website loads during the moving of data from the web server to the cloud service. On the other hand, having maintained the backups of hundreds of websites on dozens of different web hosting companies’ servers over the past several years, I’ve found that the more experienced web hosts with well-tuned web servers have zero issues with clients running multiple backup systems simultaneously.

Will backups slow down my website?

Sadly, many well-known hosting companies throttle their shared servers by severely limiting CPU cycles, number of processes allowed, and/or, memory. If you’ve worked on a website and seen a 503 error page appear, then you’ve likely experienced this first hand (picture below).

503 error page
This may have the undesirable effect of backups taking exceedingly longer to complete, which may then perceptively slow web page loading, as well as increase the likelihood of backup failure.

This often-reported backup plugin “problem” is nearly always related to how well a given hosting service has tuned its web servers. I know I’m repeating myself here, but I would like to reiterate once again that an overly restrictive hosting service may limit the ability of your backups to fully complete in a timely manner, resulting in backups failing unexpectedly. If a hosting company recommends against using backup plugins like UpdraftPlus, there is a high likelihood that you are using one of “those” overly restrictive hosting companies. Is this a red flag when choosing a quality hosting service company for your business? I think so.

 

Why is backup recovery testing important?

Which leads me to a discussion on the next uber-important aspect of backup management: backup recovery. Once you’ve established a working offsite backup systems, repeatedly and periodically testing the recovery process is key #2.

With UpdraftPlus, a files-based backup solution, recovery is as simple as deciding what you wish to recover—be it a plugin, theme, or the entire account—and then clicking the “Next” button a few times until the process is completed. With WP Time Capsule, an incremental backup solution, you have the benefit of choosing restore points, and within those restore points, the specific files or database dates to restore. Irrespective of how the backup plugins work, periodically testing and becoming comfortable with the recovery process is as important a step as establishing the backup options for your website in the first place.

 

Should I back my website up to a cloud service?

That said, website hosting or backup failures are inevitable. That’s why it’s imperative to have multiple backup options saving off-server. The cost to archive your website to a cloud service is minuscule compared to the physical and emotional cost of having to rebuild a website from an Internet archive or multi-year-old backup. Been there, done that, and it’s no fun at all!

In the worst case, when the web host’s server literally crashes and the data is lost, your cloud backup service decision may spell the difference between the same day recovery of your website’s files and database and a total and irretrievable loss of your content. Backing up your website to an off-server cloud service is just smart business.

And while most of this discussion has been about the value of establishing an offsite backup system, you may ask, “What about my web host’s backups?” Great question, and not meaning to be flippant here, but as that guy in that movie, Donnie Brasco, said, “Forget about it.” Sure, your hosting company may offer backups as part of their service, though I would argue that for the fifteen or so minutes it takes to set up a backup system for your website to “the cloud,” why take the chance? Whether your web host has a backup available when you really need it is also beside the point. Take control of your destiny. Just make a backup.

 

Disclaimer:
This post was written by Jim Walker for informational purposes only, was not solicited, nor paid for respectively.

 

How to Improve Junk Email Filtering at Gmail

Email phishing and junk email are like death and taxes… Acceptance is the wisest course of action—oh, and reporting spam, of course.

Key Takeaways
Gmail has decent back-end filtering for junk email, but reporting spam to Google Gmail can help improve filtering in the future. It is important to note that marking bad emails as spam and not just deleting them will help Gmail better filter your inbox in the future. ]

Most folks I chat with about email issues seem overwhelmed with the day-to-day junk email burden. And when I ask, “Have you reported it?” the line usually goes quiet.

Gmail has some decent back-end filtering, such that most of the bad email senders will fail in their attempt to slam you with their bogus offers and phishing attempts.

   What is Phishing?
Phishing is a type of scam in which criminals disguise themselves as trustworthy organizations or individuals to trick people into giving them sensitive information, such as passwords or credit card numbers.

 
But if you don’t tell Google that the email you receive is spam, it’s less likely they’ll filter that email or type of email from hitting your inbox in the future. Deleting junk email or not reading it does not count as a filter where Gmail is concerned.

To reduce spam in your Gmail inbox, follow these steps:

  1. With your eyes on your inbox, select the messages you wish to mark as spam (#1 below) and then click the little circle with an exclamation mark (#2 below).
  2. That’s it.
    Mission accomplished!

How to Improve Junk Email Filtering at Gmail

Yes, if you inadvertently open the junk email message, you may likewise mark it as spam there as well (see above example).

Just click the vertical three dots at the top right of your open message window. There, you’ll see a “Report Spam” option. Click it to help Gmail better filter junk email messages in the future.
 

___

What is HackGuard.com service?
Based in San Diego, California, HackGuard.com service provides a personalized white label ready WordPress management and security service experience for just pennies a day.


MONITOR


MANAGE


BACKUP


SECURE

 

Disclaimer:
This post was written by Jim Walker for informational purposes only, was not solicited, nor paid for respectively.

 

What are the top 20 WordPress plugins to avoid in 2023?

Top 20 WordPress Plugins to Avoid


What are the top 20 WordPress plugins to avoid in 2023?

To help optimize your WordPress website for SEO, here is a list of the top 20 plugins to avoid

  1. Broken Link Checker runs continually and may slow page loading.
  2. Contact Form 7 loads plugin assets on every page.
  3. Contextual Related Posts has outdated or bloated coding.
  4. Disqus Comment System has outdated or bloated coding.
  5. Download manager has outdated or bloated coding.
  6. EWWW Image Optimizer runs continually and may slow page loading.
  7. Essential Grid has outdated or bloated coding.
  8. Image Optimization plugins runs continually and may slow page loading.
  9. JetPack has outdated or bloated coding.
  10. VaultPress has outdated or bloated coding.
  11. NextGen Gallery has outdated or bloated coding.
  12. Query Monitor runs continually and may slow page loading.
  13. Revolution Slider has outdated or bloated coding.
  14. S2 Member has outdated or bloated coding.
  15. Similar Posts has outdated or bloated coding.
  16. SumoMe has outdated or bloated coding.
  17. WP Reset may created bloated database tables.
  18. WordPress Multilingual (WPML) has outdated or bloated coding.
  19. XML Sitemaps. Sitemap Plugins are generally unnecessary. Be sure to use more fully featured SEO plugins when possible, like Slim SEO or Rank Math SEO.
  20. Yet Another Related Post has outdated or bloated coding.

 

[ Key Takeaways
This article provides advice on the best practices for using WordPress, such as avoiding plugins that have outdated or bloated coding, keeping the number of plugins to a minimum, and disabling any unnecessary features. It also recommends avoiding active social media connection plugins in moderation, as they can slow down page loading as well. ]

 

As a WordPress website manager with over a decade of experience at HackGuard.com service, I recommend avoiding or replacing the plugin above.

More Details About My Plugins List

It is not my intention to discredit the hard work of the developers who oversee these plugins. This list is based on my own personal experience.

As a general rule of thumb, the fewer plugins “installed” within a WordPress website the better. Both active and inactive plugins installed within WordPress may impact the security of a website as well.

 

When Using WordPress, It’s Best To Keep The Number Of Plugins To A Minimum

This is true for both active and inactive plugins, as they can both affect the security of your website.

After activating a plugin, it’s important that you disable all not required features. For example, many SEO plugins have Google Analytics ( GA) enabled by default. If you are not using GA, be sure to disable that feature. Contact forms are another common source of feature bloat. If you are using a contact form on your website, be sure to choose a plugin that does not inject the contact form assets into every page of your website. I added Contact Form 7 to my list for this very reason.

Likewise, as a general rule, be sure to use social media connection plugins in moderation. Active social media connection plugins can greatly slow down the full loading of a web page.

If you are looking to dramatically improve the performance of your website, please see my article, “Improving Your WordPress Website Speed with Cloudflare, Image Optimization and Litespeed Today“.

 

What is HackGuard.com service?
Based in San Diego, California, HackGuard.com service provides a personalized white label ready WordPress management and security service experience for just pennies a day.


MONITOR


MANAGE


BACKUP


SECURE

 

Disclaimer:
This post was written by Jim Walker for informational purposes only, was not solicited, nor paid for respectively.

 

WordPress 6.0.3 Security Release – Updated?

WordPress 6.0.3 Security Update

A number of my clients asked, “Have you updated my WordPress today?”

Answer: Yes.

 

As part of our HackGuard.com service, whenever a security release is posted, we work to ensure all of our client’s sites are updated same day.

Why this week?

WordPress 6.0.3 Security Release was posted this week.

Over 16 patches were made in this WordPress release:

1 Stored XSS via wp-mail.php
– contributed by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT

2 Open redirect in `wp_nonce_ays`
– contributed by devrayn

3 Sender’s email address is exposed in wp-mail.php
– contributed by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT

4 Media Library
– Reflected XSS via SQLi
– contributed by Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue

5 CSRF in wp-trackback.php
– contributed by Simon Scannell

6 Stored XSS via the Customizer
– contributed by Alex Concha from the WordPress security team

7 Revert shared user instances introduced in 50790
– contributed by Alex Concha and Ben Bidner from the WordPress security team

8 Stored XSS in WordPress Core via Comment Editing
– contributed by Third-party security audit and Alex Concha from the WordPress security team

9 Data exposure via the REST Terms/Tags Endpoint
– contributed by Than Taintor

10 Content from multipart emails leaked
– contributed by Thomas Kräftner

11 SQL Injection due to improper sanitization in `WP_Date_Query`
– contributed by Michael Mazzolini

12 RSS Widget: Stored XSS issue
– contributed by Third-party security audit

13 Stored XSS in the search block
– contributed by Alex Concha of the WP Security team

14 Feature Image Block: XSS issue
– contributed by Third-party security audit

15 RSS Block: Stored XSS issue
– contributed by Third-party security audit

16 Fix widget block XSS
– contributed by Third-party security audit

 

Disclaimer:
This post was written by Jim Walker for informational purposes only, was not solicited, nor paid for respectively.

 

Your Site is Experiencing a Technical Issue – Or Maybe Not…

Weekly jQuery Migrate Status Update
[ Click to View ]

One of the most common support requests I receive on a weekly basis have the subject “Your Site is Experiencing a Technical Issue”.

These not so helpful email messages were introduced in the release of WordPress 5.2.

While I’m sure the WordPress developers who added this feature thought it would be a great way to alert folks of downtime due to plugin or theme incompatibilitWhile a great step in alerting WordPress users of potential errors within their websiteI’m

The plugin, Enable jQuery Migrate Helper, was installed as a temporary solution, enabling the migration script for your site to give your plugin and theme authors some more time to update, and test their code.

Recently, this plugin has been sending “deprecated” email alerts to administrators as well.

The word “deprecated” simply means that some function within a plugin or theme no longer meets the latest WordPress coding standards.

Should you be concerned?
Answer: No, but maybe…

WordPress is evolving and in doing so, some older coding standards will be left behind, to be replaced by newer faster, more secure standards. If you have received a deprecated message, like the one below, the message is simply a reminder that older code may stop functioning someday in the future.

Since maintaining the latest updates is just smart business where WordPress is concerned, be sure to check what is described as deprecated within the email alert and update that if possible.

In the example notice above, you’ll see that the alert relates to the “Dandelion” theme. Once the client updated his theme the error reports ended—the Enable jQuery Migrate Helper plugin was no longer required and then deleted.

If you wish to stop your website from sending these messages you could try deleting the Enable jQuery Migrate Helper plugin. If your website functions without the plugin, you should be fine for a while.

If your website appears broken after disabling the plugin, just add the Enable jQuery Migrate Helper plugin back to fix the issue.

Enjoy!
Proactive WordPress Security Management for Pennies a Day™

© Copyright 2022 HackGuard.com™, HackRepair.com™,
The Hack Repair Guy™, Hack Repair Guy™
Copyright and Trademark Statement | Privacy Policy

Call HackRepair.com for website security help, (619) 479-6637.
Content Approved By Jim Walker, The Hack Repair Guy