Current Provider Offers:

Best VPS Hosting For WordPress

Wordpress

WordPress is the most frequently used content management system worldwide. Due to its widespread use, however, WordPress is also a particularly popular target for hackers who want to gain unauthorized access to data and spread malware. Particularly when the awareness level of one’s own website increases, angry competitors or troublemakers can become an increasing threat to data security. As a rule, attackers try to gain access to the administration area in order to install malware there.

For this purpose, weak points in the main installation or in additionally used plug-ins are searched. Since many users are not aware of it or do not want to seriously deal with the topic of WordPress and security, important areas are often not sufficiently protected, simple passwords are used or the entire system is not kept up to date. All these circumstances make it easy for attackers to compromise the system.

Top 3 VPS Hosting Providers:

60 Days Money Back Guarantee
  • max RAM: 6 GB
  • max Storage: 75 GB
  • max Bandwidth: 2 TB
Control Panel, Root Access
price from $4.49/mo
View Offers
Read Review
Good Price-Performance Ratio
  • max RAM: 32 GB
  • max Storage: 320 GB
  • max Bandwidth: 10 TB
CPanel, Root Access
price from $5/mo
View Offers
Read Review
$50 30-Days Free Credit!
  • max RAM: 912 GB
  • max Storage: 3.8 TB
  • max Bandwidth: 12 TB
Control Panel, Root Access
price from $5/mo
View Offers
Read Review

We have compiled the 6 most important points for you on how to protect your WordPress web hosting against unauthorized access:

Best Security Tips For Managing WordPress On A VPS

Wordpress Content Management

1. Keep WordPress Webhosting Up To Date

The software WordPress is updated regularly, almost every month a version update appears, which closes new features and bug fixes as well as known security holes. If you use WordPress, you usually don’t just use the simple standard installation, but extend it with an individual theme and various plugins. The same applies as for WordPress itself therefore also for these extensions.

In order to offer as little attack surface as possible for hackers and bots, the entire system should always be kept up to date. By logging in to the administration area, available updates are clearly displayed and can be carried out directly there. If you maintain a large number of websites and do not log into every installation regularly, you can also use tools such as the plugin WP Updates Notifier. When new updates are available, the plugin automatically sends an e-mail notification to the administrator.

2. Individual Username And Secure Password

A very simple but very effective method to protect against attacks is to choose an individual user name and set a secure password for it. By default, user names for logging into administration interfaces are usually Administrator, Admin or Root. Hackers who try to gain access to the system via so-called brute force attacks use this fact.

For this purpose, known user names are used and only different passwords are tried out on the basis of dictionary lists. If an individual user name is used instead, not only the password must be cracked, but all possible combinations of user names must also be tried at the same time.

In this context, it should be noted how important a secure password is. The majority of users prefer easy-to-remember character combinations, often simply 123456 or their own first name is used as the password. Such strings are quickly found and cracked using dictionary lists. A really secure password should have at least 12 characters and consist of numbers, letters and special characters.

WP blog post

3. Change WordPress Table Prefix

Some attacks directly target security holes in the database, known as SQL injections. Hackers try to gain access to the database in order to inject their own commands that cause damage there. WordPress uses the table prefix wp_ in the database by default, which is why attacks are especially targeted at this table prefix. Also here the renaming into an individual name like up2uwp_ can provide more security. The easiest way to change the name is to do it directly during the installation of WordPress, afterwards the table prefix can only be changed by using wp-config.php.

4. Use Encrypted Connections

Data, as well as the WordPress installation, are uploaded to the webspace via FTP connection. It is important to make sure that the transfer is encrypted. Web hosting providers usually allow a secure connection via the SFTP protocol. With some web hosting tariffs it is also possible to use FTP via SSH. Especially those who work in public WLAN networks should protect access data from unauthorized third parties in this way. It is also recommended to use an SSL certificate for the entire web space. This ensures that every connection between browser and WordPress, including access to the administrator login, is securely encrypted.

5. Activate Password Protection Via .htaccess

Most web hosters use an Apache web server on their servers. This supports the use of .htaccess configuration files, with which individual functions, such as measures for access protection of directories, can be implemented. Thus the public access to the administration area of a WordPress installation can be completely prevented. All that is required is to activate the function in the .htaccess file and store a corresponding .htpasswd file with password and user name in the directory. If you have exact questions about the implementation, your own webhosting provider can help. Often this setting can also be made conveniently via the webspace administration interface.

6. Caution With WordPress Plugins

Because WordPress functionality can be easily extended using plug-ins, many users install numerous plug-ins for all kinds of functions. However, the more extensions there are in use, the more vulnerable hackers will be. Since anyone with programming knowledge can develop and publish their own WordPress add-ons, it cannot be ruled out that errors have crept into the code that represent security gaps. Above all, users without specialist knowledge cannot understand what the plug-ins do in the background. So you should check whether the extension comes from a trustworthy source before using it.

For example, you can make sure whether a well-known programmer is behind the plugin and whether experienced users have seen the source code and published an evaluation of it. On the other hand, only plugins that are absolutely necessary should be used. As with your home computer, there are numerous plugins for WordPress that promise more security or faster access times, but often do more harm than good. Only a few plugins have proven to be really helpful. These include, for example, Limit Login Attempts, to limit incorrect login attempts or WP Anti Virus as a virus scanner for the website.

Webhosting For WordPress – What To Consider When Choosing A Webhosting Package?

vServer for WordPress

Minimum Requirements For Web Hosting

WordPress is a blog software, which is written in the scripting language PHP and stores its contents in a MySQL database. The current recommendation from WordPress.org is:

  • PHP 7.0 (or higher)
  • MySQL 5.6 (or higher)
  • HTTPS (SSL Certificate)
  • mod_rewrite module of the Apache Web server

In addition, the web hosting package must of course contain web space (storage space on the server) that can be accessed with an FTP program.

Almost every provider fulfills these requirements, but of course there are a number of other requirements and recommendations.

Memory

Only a few MB are required for the WordPress software. The actual amount of disk space required depends heavily on the amount and type of content displayed on the website. For a blog that consists mostly of texts, storage space in the MB area is sufficient. But many large images, PDFs, videos and other media can become real memory guzzlers. For a large website with a lot of content, 2-3 GB of storage space can be required. With pictures it is to be noted that WordPress automatically creates several versions in different sizes for each uploaded picture and one needs as storage space approximately twice the size of the uploaded picture.

The following considerations should also be taken into account when calculating the amount of storage space required:

  • Is a copy of the website required for testing purposes? Already twice as much space is needed.
  • Should I create my own backups in addition to the provider-side backups? 10 full backups require ten times the website size! With intelligent backup strategies, however, you can reduce this need to a reasonable level and, for example, back up databases daily and files only weekly.
  • Should there be more websites running in the same web hosting package in the near future? Then you should plan a few hundred MB reserve.

Many hosting providers now offer storage space of 5-10 GB even in the lower price segment. That should be completely sufficient for a “normal” website.

Performance

Depending on how much traffic you expect on your website, you should choose a hosting variant. For small WordPress blogs with few to an average number of visitors, a low-cost shared hosting package is sufficient, in which many websites share the resources of a physical server. For larger projects with a lot of traffic and high demands on performance and reliability, a virtual server or even a dedicated server is recommended.

Wordpress VPS

On such servers you get guaranteed resources (RAM, computing power) and are also better protected against failures caused by other websites. A virtual server is also recommendable for website operators who want to realize several projects and need some extra features like cronjobs, a higher PHP memory limit or SSH access.

At this point a word about the PHP memory limit: this limit indicates how much memory PHP is allowed to use for processing scripts. A WordPress installation with a few small plugins will do with about 40 MB. When using extensive plugins like WPML, GravityForms and/or themes with many theme options and additional content types, 50-100 MB can quickly become due. Therefore I always recommend packages with 128 MB PHP memory limit. The memory consumption of your WordPress website can be displayed with the Plugin Server IP & Memory Usage Display.

Email

The usual web hosting products usually also contain the option to create mailboxes and e-mail addresses with your own domain and to use them via IMAP, POP or a web mailer. Here it is often advertised that 500 or 1000 or even more e-mail addresses may be created and used. In my eyes a completely stupid sales argument. Much more important I find the size of the mailboxes and the configuration. With a good webhoster, mailboxes are at least 2 GB in size and may be enlarged if necessary (if necessary for an extra charge).

Best WordPress VPS hosting

Often there is the useful option to divide the total storage space available in the package into web space and e-mail accounts. Otherwise I find it important that IMAP is supported and that e-mails can be transmitted encrypted (SSL/TLS). If you want to use another e-mail service with your own domain (e.g. Google Apps for companies), you should make sure that the MX record in the name server can be changed. Spam filters and virus scanners should also be usable.
Support

A very important topic, which is often given too little attention: the support. Most web hosting providers offer various support options: Forums, FAQs, e-mail support, telephone support. Depending on the package, the latter may be subject to a fee, but usually offers the best help because there are fewer misunderstandings. Unfortunately, the quality of the support is not as easy to read from the product description as, for example, the size of the storage space. Therefore, it is important to get opinions and recommendations from other customers.

These can be friends, acquaintances, bloggers or the trusted web designer. For me, good support is when I receive a qualified response to an email request within half a day (not just a link to any FAQ entry) or when I get help by phone at 1 a.m. in the morning. In the best case, the support staff also know WordPress well.

Further Features & Benefits

Some other features you may need to run WordPress are:

  • Backup: The web hosting provider should be able to provide free backups of all data (files, databases, e-mails) of the last 14 days. If you also need your own backups of your website, you can of course create them with a WordPress plugin. Tip: BackWPup.
  • Logfiles: For troubleshooting it is very useful to have access to the logfiles of the last days.
  • Cronjobs: Useful to do regular tasks independently from WordPress. Example: daily database backups with own backup script.
  • SSH access: Some tasks can be performed more efficiently via the console. Examples: Copy, move, (un)pack files and directories.
  • Name server: Access to name server entries may be necessary, for example, if website data and domain are stored with different providers or if an external e-mail service is to be used (see also chapter “E-mail”).
  • Access: A provider should offer the possibility to create several FTP accounts and additional users for the web hosting account with limited rights.
  • Security: The protection of directories via .htaccess should not be missing in any web hosting package.
  • Your own IP address / SSL certificate: If the packet contains your own IP address, you can use additional services such as SSL certificates. Maybe even free certificates are supported by Let’s Encrypt? See also Switching WordPress Website to HTTPS and Installing Let’s Encrypt Certificate at Host Europe.
  • Updates: Updates for the server software (Apache, PHP, MySQL) should be installed regularly and promptly by the provider. These updates are not only important for security reasons, but also to offer customers new features and to meet the minimum requirements for WordPress. Not to be confused with WordPress updates!
  • Manageable contract terms: Web hosting products should be terminable monthly or at least quarterly. In this way, you can quickly switch to another provider if you don’t like it or if your requirements change. Nevertheless, it’s a good idea to be able to set the contract period to a longer period of time in exchange for a small saving.
  • Upgrade option: It should be possible to switch to other packages easily and free of charge.

Wordpress on different devices

Superfluous Features

Webhosters usually offer a lot of other features, some of which you can safely do without. Which I will never use, for example:

  • 1-Click installation and provider-side update of WordPress. I want full control over my WordPress installation and therefore install and update it myself.
  • Homepage construction kit, guestbook, shop, banner advertising & Co. You don’t have to do anything if you work with WordPress.
  • Statistics: The server-side statistics (e.g. Webalizer) are usually little meaningful and confusing and help only conditionally with the content optimization. For statistics it is better to use Google Analytics, Piwik or similar services.

Best VPS For WordPress Comparison

When choosing a webhosting package for WordPress, there are some things to consider and you should inform yourself thoroughly beforehand. Under no circumstances should one go bargain hunting when making a selection and then add € 1.99 per month with a 24-month contract term to the first super special offer. That mostly avenges itself.

In our comparison you find the best selection of VPS for WordPress among the most reasonable and reliable providers on the market.

Images: server room © monsitj – Fotolia.com
Do you have questions or comments? Share your experiences: