 My name is Luke Odom. I'm the director of IT operations at Dreamhost. A little bit about me. I'm a Georgia boy. I grew up about an hour inland of Savannah on a small farm. I got my BBA and MBA from Georgia Southern, Go Eagles. And I've been with Dreamhost for about 13 years and I currently live in Macon, Georgia with my beautiful wife and my four little rascals. I don't come to word camps, which may be shocking since I'm at a word camp. But what I do do is I go and visit our infrastructure for Dreamhost and I happen to be in Northern Virginia at the same time as WordCamp US where Dreamhost had a table. So I ask myself like I don't tend to see that many Dreamhost people since I work in the infrastructure side. It's like can I just come hang out at the table and just hang out with you all and they're like yeah we tend to get a lot of technical questions and you'd be good to answer those. So what I found out in working at the WordCamp US table was a lot of people had questions about a lot of the features that the different hosting plans have. We had a lot of questions and I wish I had taken pictures because I was not intending to do this at the time. But a lot of the different hosting providers that had tables at WordCamp US had these little backdrops behind their tables that were covered in acronyms and I knew what all the acronyms meant but I realized as people came by the table and started asking questions a lot of people did not know what the acronyms meant. So my goal my goal in this presentation is for you whenever you're going and looking for hosting for your company for your nonprofit for wherever you're hosting your WordPress sites when you see these lists of like things that come with your different plan or the type of hosting it is or whatever it is you know what it is and you're comfortable in is this something that my site needs or not. Brett is going to be helping us on our journey here. This is Brett. Brett likes to play the ukulele. He likes to play at a local coffee shop. He doesn't actually get invited to these local coffee shops. He just shows up and starts playing as ukulele. But you can see the way he's looking. He has dreams. He's gonna go big. He's just this is where he's starting out. And some of the people that like to come listen to her like dude you really need to have a website. Like you need to be out there. You need to show people what you enjoy what you love. Share this with other people. Brett knows nothing about websites. He's also not going to get any traffic to these websites. I'm in a little bit but not a lot. So low traffic doesn't really know that much about web hosting. Shared hosting is really what Brett needs. So shared hosting is usually the bottom tier of any hosting provider you see. Two to ten dollars a month. This is the kind of the graphic I'll use for a server in all of my presentation. There's a lot of WordPress sites on this one server. It's well shared hosting because you're sharing these resources with a ton of other sites. Which if you're Brett, if you're not getting that much traffic, if that's not if that's all you need, it's perfect because you're not having to pay that much and your site loads. It comes up whenever you're there. There are significant resource restrictions. If you tried to put a high traffic set on shared, it's not going to work well if at all. But if it's low traffic, if it doesn't need much, there's not many plugins, there's not that much content, this is perfect. What are some of the features that are usually advertised with shared hosting? Caching. So the analogy I'm going to use for caching through this presentation is like baking a cake. So you have all your ingredients, you get your eggs, your flour, whatever you're going to put into the cake, you put it together and mix it. You bake it, you put on the decorations. Think of like from the Great British baking show, the big elaborate ones they make. They go through all this time, all this resources, they make this beautiful cake. One person comes in to see it, imagine they throw it in the trash, they start on the next one. All the person only wants to see the cake. What caching is like, okay, you bake the cake once, you take a picture. Caching is, so someone comes in for a plugin, they come to the site, the first time the site loaded, you've made your content, it pulls in the plugins, it pulls in the themes, it gets the content out of the database, it figures out what it's going to look like and it saves that. So there's a bunch of different caching plugins, but that's your basic, the basic version of caching, the easiest version of caching, the WordPress plugin, and it means your server doesn't have to go through all of the resource intensities of building the site every time. But with shared, you're usually going to be using your own plugin caching within WordPress. Here's some of those acronyms. You'll either see it as SFTP or FTP, no one really uses FTP anymore, but it got kind of in common nomenclature, so you'll still see it listed sometimes. SFTP stands for Secure Shell Protocol File Transfer Protocol. You can see why we use acronyms in IT. We even use the same word, protocol twice. But if you ever see that advertised, what they're talking about is you have access to the files, the underlying file system that your site served on. This is FileZilla, but there are many different applications to do it. On the right side, these are all the files for your website. Left side, that's just your local files on your computer. This just allows you, if you need to move, if you have backups you want to save locally, if you want to move sites, or you have a backup on your computer you want to save to the site, it's basically just moving files back and forth. There's not much else you can do with SFTP, but with shared hosting, you usually get access to at least being able to access your files. Brett formed a band. All the local ukulele players heard Brett playing, so they formed a band. The band is going to get a little more traffic. They're a little more popular. There's more band members. They have family members that are probably going to go to the band. They also want to start selling merchandise in their site, so they're going to be using something a little more resource-intensive, WooCommerce or something of that nature. You also have scheduling, where is this band going to play their ukuleles? More plugins, more complex site, uses more resources. Sometimes they'll get small traffic searches if they're playing in a certain place. The people that are like, hey, I like Brett's band. Let me look it up and see what's up. Something more appropriate for getting a little bit more traffic. If you were here for the last speaker, he actually mentioned he uses VPS hosting. He specifically uses the one with AWS. There are many different VPS providers, but the concept is the same. If you have a box of resources on the server, these are yours. However many cores, however much RAM, that's yours alone. No one can mess with it. You also notice there's some white space around here in our conceptual server. What I did there is it's burstable. If you have these big traffic searches like Brett's band has, the CPU or the RAM, a lot of VPS providers will let you use a little bit extra just when you're having these searches. You get reserved hardware resources, you get burstable resources. It's a little bit more expensive because instead of having all those sites, you are getting a dedicated chunk. You can do multiple WordPress sites on a single VPS if you want. Most people, or at least the ones I've seen, will usually try to do separate ones just to keep the stuff differentiated between their clients or so that you can track issues between individual sites. With a VPS or specifically with selling merchandise or any kind of, you know, that you are always going to want to encrypt your traffic. So website traffic normally is just plain text going through the internet. Any person in the middle can capture it and look at it. If your Brett's homepage of him playing ukulele, you don't really care. If you're selling a hat with a ukulele on it, you care because you're transferring customer information, credit card information. The way that traffic is encrypted is usually advertised as SSL. SSL actually hasn't been used in years, but it's what we all called it. So we keep advertising it that way. That's secure socket layer. What's actually used modernly is TLS, transport layer security. Depending on the hosting provider, they'll list one of those two. It means the same thing. It's encrypting traffic between you and your customers. There's a lot of free options. There are paid options too. They give you basically no benefit other than just sell them instead of giving them away for free. Let's encrypt is the one that I recommend. I actually put the SSL certificate of Atlanta WordCamp.org on there. It happened to be a let's encrypt certificate. So any traffic between when you were visiting the Atlanta WordCamp site, your computer is using that certificate right there to encrypt the traffic. Let's encrypt is very popular. It's a nonprofit. It's open source. It's created by Mozilla and a few other vendors. If your hosting provider does not give you free certificates, strongly recommend using let's encrypt. Another thing to know about encryption certificates is they expire. Let's encrypt it's 90 days. Certain other ones are a year. It's something you need to make sure you keep renewed. It's something you need to watch out if having your traffic encrypted is important. Caching again. We talked about the plugin caching before. Basically the further up the line you do the caching the faster it's going to be. The way I did this presentation is I just googled each type of hosting and went to the top five sites on Google and then pulled off the technical features because they all call things different. Reverse caching proxy caching proxy varnish proxy varnish caching. They all call it a lot of different things. But what the type of caching what that type of caching is is it's doing the same. Imagine the picture of the cake that we had in the bakery. They're now posting it on the door. You don't have to enter the bakery at all. So the web the web software that's doing the serving of the site is serving it before it ever hits WordPress. WordPress never even gets loaded with a word with a proxy reverse proxy varnish whatever you want to call it which makes your site faster because it never even has to start loading the index file for WordPress. It's already there. It knows what it looks like. One thing to keep in mind though is since WordPress is never touched, if you're editing WordPress, the cache doesn't always refresh immediately. There's usually a timer or a button on the panel of your web host that will actually update that proxy for you so that your changes you make may not immediately be live. So it's something to keep in mind when using a product like that. And the next thing is before on the lower tiers you just have access to files. SSH or Secure Shell protocol gets you a command line environment which gives you access to actually do things on the server. So what kind of things can you do? WPCLI if you're dealing with WordPress is awesome. That's what the screenshot is here. This is just searching for and installing a plugin. If you just have one site, it's probably not as useful. If you're updating hundreds of sites, you can write a script that just does it all. If you break your site and you can't get logged in, WPCLI is a great way to troubleshoot it. This also gets you access to logs. You can do resource monitoring to see exactly what resources is my VPS using. If you have two cores and you seem to be from the dashboard or CPU constrained all the time, you can go like what why? What is happening on my server that is happening? So this gets you access onto the server to actually do things with your site. It is usually advertised as SSH, shell access, CLI access. There's some of the various things that it's marketed under. All right. Brettspan went viral. So they learned, Bretton learned that if you do things with cats, it makes you way more popular on the internet. So Bretts did a bunch of videos with his ukulele with cats. We have a screenshot of one of them here. It takes a lot of time to record fresh content with cats. Cats don't always do. They never do what you want them to do. I have four of them. Crazy. But Bretton no longer has time to actually do the management of his site. He doesn't have time to update the plug. He doesn't have time to deal with the theme. He's only got time to record cat videos. A very, very common thing, which I'm sure all of you have heard of this one, is managed WordPress hosting. This is where a hosting provider, there are many, there are many good ones, they do all of the back end kind of maintenance for you. They'll handle your PHP version. They'll update the core. They'll update your plug-ins. They'll do basically everything but the content stuff for you. This is more expensive than VPS hosting usually because they're doing all of that management type stuff for you. They'll deal with, you don't have to worry about the caching. They'll deal with the caching. They'll deal with the performance. If you have a agency or a company that's big enough, you'll usually use something like this because, you know, you don't have time to do that stuff. You have your business to run or your van to do cat videos with. This is one of the ones that actually was called basically the same thing on every side I looked at. But it's a web application firewall and that's a wall of fire, not a firewall. Don't get the too confused. What a web application firewall. I like, I call it here like a bouncer or security guard. So plug-ins, WordPress core. There are many vulnerabilities, cross scripting things. There's many ways to attack and break into websites. There are malicious people trying to get access for your resources to try to steal personal customer data. What a web application firewall does is it's looking at the traffic and normal legitimate traffic looks a certain way. People trying to break into your site or trying to search for vulnerabilities looks a different way. So what a web application firewall is, it looks at every request. And if your request looks a little fishy, it's like, I'm actually not even going to let you try. I'm going to kick you right out. So it's looking for patterns and attacks before they actually get to the site. Oh yeah, and then why would someone attack my site at all? They're not after your ukuleles, I promise you that. They're usually after one of two things. They're either after sensitive information they can steal and then they have your customers passwords or their credit card information or their personal information or they're just after the resources. If you have a big site, it means you're probably on a big VPS or something like that, which means you have lots of resources to mine crypto and send out spam and all the things they don't want to have to pay to do. They'd rather you pay for them to do it. Web application firewall helped to protect those people from getting in and causing you a hassle. Alright, Brett Spandt has gone on tour. So lots more traffic, they're more well known, so this is, they're adding music streaming to the site so you can actually listen to their play their ukuleles. Really big, Brett's doing awesome. So this is dedicated hosting. Dedicated hosting, you get the server all to yourself just you. Doesn't have to be one site, but having a server all to yourself can handle a lot of traffic. It can take a serious beating. Some of the, think of the biggest, highest traffic websites outside of like Google and all. Dedicated could probably handle the traffic if it's configured well. One thing having a dedicated is root access. Root, it's part of a tree. I tried to research why we call it root and I couldn't find anything, so it's just part of a tree. But with root access you can do anything. You can control how the caching on your site works. The packages that are installed, what web server you're using Apache or InginX or Lighty, you have complete and full control. If you get to this level you generally also have a sysadmin or someone like that in your employee that's managing all these details. But with a dedicated server you have complete control of the server to configure it in any way that you want. Also with these very large sites you also tend to get DDoS. So DDoS mitigation is one of the advertised features you'll see a lot of hosts. What is a DDoS? Distributed, so it's traffic coming from all over the world and denial of service. So the reason they're doing it is to try to prevent regular visits to your site from working. So I did the kind of a picture of a store here. If this was a low traffic store and there's only like three people wanting to try to get to it, the way you stop the three people from getting to that store is you just slam it with a thousand people. They're never getting in the front door. The most, from my experience, the most common things we see DDoS is against are political sites or large traffic sites that are doing it specifically to break up the accessing site. What DDoS mitigation does is at the edge. So as the traffic enters the data center where your site's being hosted they have very, very complex devices analyzing the traffic, looking for patterns, figuring out what is DDoS traffic and what is legitimate. It's far more expensive and complex devices than a web application firewall because this isn't malicious traffic or doesn't look like malicious traffic. It looks like legit traffic. There's just a lot of it. So much so you can't serve your site. So if you see that advertised DDoS mitigation is one of the features being offered. That's what it is. It keeps those from happening. They're not very common but when they do happen they are very hard to mitigate. Another thing and you'll see this on almost every plan. You'll kind of see HDD, SSD, and NVMe is three words that are used when talking about storage. HDD and SSD are types of storage devices and I'll get to that crazy chart in a second. Hard drives, they use spinning platters, magnetic heads. Compared to most modern things they're relatively slow but you can store a lot of data. SSDs are like flash drives. Your flash drives are effectively SSDs. Solid-state storage, extremely fast access. NVMe is a protocol of how storage talks to a processor. A completely different thing. Non-volatile memory express if you really need to know the acronym but it is a new protocol that allows flash storage to talk to CPUs extremely quickly. So I did three example metrics. There's so many different metrics you could use for storage but read speed which is how quickly you can read data, latency, how rapidly you can access a certain piece of data, and random IOPS which is how many operations input or output operations you could do per second. I won't go through all of it but you could see between a hard drive on the left with like 170 IOPS and NVMe 1.7 million IOPS. If you see these advertised and oftentimes you will like lightning speed NVMe storage or super fast SSD storage that's what it's talking about. And again in NVMe it's still an SSD so if you see as advertised as SSD storage it could be NVMe, SATA is another protocol, SAS is another protocol. There's so many different buzzwords. The ones you tend to see on the marketing stuff or the ones that I saw when looking for this were HDD, SSD, and NVMe. And those are kind of the three, the difference in those three. All right, bread span goes international, sold out arenas worldwide. He is doing amazing. Now his traffic is coming from all over the world so it's not just local traffic. He has interactive crowd, crowd elements so he'll be like oh yeah everybody pull out your phone do go to my site and click on this. Let's choose what song to do next. Has rapid scalability. You can go from very little traffic to now I'm in a sold out arena and everyone's accessing the site. Multiple languages, dedicated social media team. This site is very resource intensive being accessed by a ton of people all over the world. It's dynamic. The site is huge. So cloud hosting you will often see listed. So there was a joke in IT when cloud hosting started getting popular that there is no cloud it's just someone else's computer. Which is true in the way that a lot of people were talking about cloud hosting. It's a lot of people were like well I'm just going to take my VPS and I'm going to spin it up in the cloud and it's going to be better and I'm like no you're just spinning it up on someone else's computer instead of this one. What cloud actually is which is different than these other hosting products. It is an architecture. It is a way it's a framework of how you structure the site that allows it to scale rapidly. So you're not constrained by the VPS you're not constrained by a DEDI. No matter how much traffic you're getting it will scale out to handle that. The way you do that is you de-aggregate it and you do something like this. This is the Amazon AWS WordPress cloud reference architecture. It's easy. So we're going to go over all these parts. Actually no. Clouds are complex. They are they have a lot of parts a lot of pieces there for the biggest highest traffic sites. The reason I bring them up here is a lot of hosting providers will create a cloud architecture that they then host your stuff on. So they're doing these pieces you don't have to worry about it. Another thing to say about cloud is you often hear cloud and your immediately thought is Google GCP or Amazon AWS or one of the public clouds that anyone can access. They're also private clouds which your company is doing the very same thing. They're doing these cloud architectures. They're doing things in the cloud but they're on their servers because cloud isn't about whose server it's on. It's not about your server or their server. It's about how it's structured so that no matter what happens with your site it stays up and it grows with you without having to worry about well what's my RAM usage today or am I having a concert tomorrow. It scales and usually the pricing based on the usage. So you're small it's not going to charge that much it'll scale up but you're going to be paying for the scale up. Caching again there's always caching. CDN which is the caching is a content delivery network. There's Cloudflare. There's a bunch of other ones. What a CDN is caching and going back to our bakery example you get the picture of that cake you baked and you mail it to places worldwide so if someone wants to see a picture of the cake they can go somewhere local. So the caching of the static parts of your site the parts that aren't dynamic on a CDN sometimes the entire site if your site's static will go out to the whatever CDN provider you're using all of their worldwide locations. So if someone in Indonesia or China or Germany wherever they're at they try to load their site they're loading it from a local data center not where you may be hosting it in northern Virginia. So it's caching but on a wide global scale that's what a CDN is. I also saw when doing my research high frequency CPUs was advertised a lot. So CPUs the central processing unit it's the brain in the computer it's the thing when you're loading the site it's like okay let me let me get the plug-ins let me get the things let me get this all together into one PHP file that works. Which processor and there are thousands of models of processors which one is running your site matters sometimes. If you have a really big dynamic lots of plugins crazy traffic site the processor can make a huge difference on if it takes five seconds or one second to load your site. Unless you have a very large dynamic high traffic site it's not going to make a difference because you're using caching you're not loading that much advertising for it there will sometimes advertise it as the AMDF series or Intel Gold Platinum Series processors. These are all the high frequency processors. So if you have if you're in the tier where you need a global CDN you need a big cloud infrastructure the processors going to matter the tier that you're running on GCP or AWS or the gear that you're buying is going to matter only when you're at that scale it's a scale that most businesses are at you could take the cheapest processor the most expensive the load time is not going to vary that much. Another thing and this one had so many names but staging get version control it's basically being able to create a version of your site that only you see that you get ready and you can do plugin updates you can change the version of PHP you can completely redesign the site where only you see it and then you hit a button and it becomes live. This is not a default feature of WordPress which is why there's so many different ways of doing it get is a technology is created by Linus Tarval that's a technology that's used in the back end version control is kind of what it's called staging is the marketing name but all of those different things just mean being able to mess with your own site break your own site play with your own site without making it live for other people to see. All right that's it that's my X Twitter whatever they call it now email thanks for coming question yeah so All right so the most common you'll see is Apache the reason that Apache tends to be the most common is WordPress utilizes what's called an htaccess file to do some kind some URL manipulation and stuff and it's expecting that to be there we have found in testing and a lot of other providers as well have started moving to like nginx those are the two most common ones you'll see are Apache and nginx it tends to be easier to configure it's also more geared towards high performance but yeah it depends on it depends on if you're willing to deal with not having an htaccess at the very start you mentioned that nobody used to keep my curiosity because I used to in hoping for a site not I had a copy on the local and I made the updates and I only upload through ftp what was updated I did ftp upload everything on the smart why and that's not your ftp why is ftp not used anymore and how do people do that so yeah ftp the reason it's no longer used is it is a non-secure protocol it sends your username and password in plain text where any any middle person between you and your server could capture and they have your username and password so that's why it's not being used anymore the sftp the one with the absurd acronym is a entirely different protocol despite having a similar name that uses secure shell to make it an encrypted connection so it looks the same so so it's just like log into a company to speak to you and to do your search yes exactly so this is filezilla which you can use with ftp it will look exactly the same you won't realize in the back end that you're using sftp because I'm using sftp here the protocol and the way it's doing it is completely different in the back end but from what it looks like to you using cyberduck or filezilla it will look exactly the same and that's why in what you were saying is why a lot of companies will be like ftp access what they actually mean is sftp but because we've for 20 years been calling it ftp when the protocol changed we just kept calling it ftp even though for the people on the back end I'm like yeah that's not right no it's a completely different protocol that they do have different portals 21 versus 22 but the protocol itself is completely different it's not it's not just taking an ftp connection and adding encryption it's a different protocol from the ground up but with the same function bret nope he says no yep just while testing the site no traffic how did you share yeah shared and especially I would recommend just start with shared you will with the knowledge that you will probably outgrow it you need to keep an eye on the resources you're using but if you have a small low traffic and you're just like I'm using this to learn or I'm using this to play shared's perfect but that's the reason it exists there's a lot of companies in this space they sit up on a highway like for managed care and you manage this thing and the team's been looking at your at the companies out there so obviously I'm a little bit biased as I've been with Dreamhost for 13 years I think we're great infrastructure's rocks out so one thing I would say is look at the features like what what do you need like what when looking at your scenario how are you going to manage do you need like the last guy that was here was talking about he has the online web interface where you can click and update one plug-in on all the sites that's something that's important to you is staging something that's important to you is the SSH access because like I said I went to top five hits of all of these and the feature sets offered are drastically different another thing I would say is check reviews you're going to have different different times with different companies some are doing a great job some are struggling oftentimes you can look online and figure out who's doing well and who's not but yeah obviously I think Dreamhost is good I've been there for a while there are but there are a lot of other good companies out there there's a lot of people doing things differently than us then they're doing great as well so let's say do your research know what you're looking for know what's out there yes it's over sorry that's it we're gone so large landscaping so for one thing large landscaping you're a landscaper you're not going to be landscaping in Norway so you're not going to be looking for any of the like global CDNs or any of those kind of caching things that make global traffic look good so VPS is probably a good one because you're going to get enough traffic that shares probably going to be a little less for you it's a fairly static site because I imagine you're going to be doing like these are this is what I offer for landscaping this is my pricing structure this is some example pictures one thing to notice if you're using a lot of example pictures it's going to load that in RAM you're probably not going to want the bottom in VPS the more picture heavy a site is the more memory it's going to use so probably something of a mid tier VPS is where I would start and then get it set up there and you can monitor resources the nice thing about VPS is that you can live if you put it on let's say a two gig VPS and you look at your historical usage and all I may I'm only ever hitting 500 or 70 megs you can tear it down without having to migrate it or anything so as a start I would start to like yeah somewhere mid tier VPS yeah all right so the question is when you're getting attacked what are the differences in shared VPS and the others so one big difference is if you're on shared you have very limited resources that includes being attacked so an attack is going yeah so usually if I shared well that site the way shared hosting is going to work is you're going to have a certain limit on the resources you're going to hit you're not going to have access to the entire server it's not like every site can access all the resources so if one gets attacked it's going to it's not going to take a very big attack to bring it down because you're going to hit those resource limitations but the other sites hosted on shared are still going to be fine somewhat it won't make them unusable but it can slow them down yeah all right well the sign's down let's go home