The other day I took a look at my client list and was kind of shocked to realize that I have over 70 WordPress-powered client sites under my belt.

How did that happen?

I didn’t really have any time to celebrate though. First thing Monday morning I had a meeting with a new client. We had what I now call the “classic” hosting conversation. The classic hosting conversation goes like this.

Me: “Ok, so you have your domain name set up with Company X, did you sign up for hosting with them as well?”

Client: “Um, I think so. I mean, I went in and paid for so it’s hosted there.”

Me: “Um, ok. I’ll just log into the account here and see what’s going on.”

(This is the best case scenario version in which the client has kept track of their domain registrar login info)

Me: “Ok, you do have the domain registration, but you haven’t actually gotten the hosting set up yet.”

Client: “Oh. I thought that meant hosting.”

Me: “Actually those are two separate things. Your domain name registration is like your title deed on a house. The hosting is more like a mortgage payment or condo fees.”

Client: “Ok, so do you take care of the hosting?”

Me: I don’t actually host the site, but I can help you determine the best company that will fit your needs. I did some research into the domain name registrar’s offered hosting service and didn’t see a ton of negative reviews or complaints, so that’s good. The only thing that concerns me is that I have had other clients who had their sites hosted here and since I track sites’ downtimes via Jetpack, I have noticed that those sites have downtime at least once a day sometimes for over 15 minutes. The reason this hosting company seems so inexpensive is that they keep their overhead low by not employing enough people to handle their call volume when they have one of their frequent service outages. Also, they try to save money by cramming as many sites as they can onto each server for their shared hosting service. Also, almost any time you call with an issue, they are going to try and pressure you into signing up for yet another “add-on” service until you are paying way more than you initially thought you were.

Client: Ugh. I don’t want to have to deal with all that crap. Who do you recommend?

Me: I have been doing this for a while now and after going through two hosting companies for my own site, I ended up going with a company called WP Engine. They handle WordPress site security thoroughly, perform automatic backups and update WordPress core files for you. I’ll send you a link later on today and if you need help signing up, I can help walk you through it.


After I got out of that meeting I was walking to my car and checking my voicemail. I had a message from a friend of another client that sounded slightly panicked. He was looking for a WordPress specialist who could handle fixing a hacked site and had gotten my name. I met him half an hour later and had what I call the “Clinical Assessment” conversation.

Me: How long had the site been hacked?

Client: I’m not sure. The woman who owns the site never actually goes into it.

Me: Ok, we can at least log into the WordPress dashboard and see what’s what.

Client: I’m not sure if she even has the WordPress login stuff. The guy who set this site up for her is nowhere to be found.

Me: (taking a deep centering breath internally) Well, let me see if I can get into the phpMyAdmin side of things and try to change the password in the database.

(logs into hosting account, at least they have that info. Goes through the usual convoluted dashboard setup that the hosting company is notorious for)

And the situation rapidly deteriorated from there. They had been deeply hacked. Trying to send a reset password link to the site admin’s email (which we could access via the hosting account cpanel) didn’t even work because the hackers had used their email addresses to send out spam emails and the hosting company was now blocking their site from sending emails to their own email account. Worst of all, after trying to figure out which database was actually the correct one to reset the password on, we were shut out of the cPanel altogether because the local ISP provider apparently viewed our repeated attempts to fix the site as “suspicious activity” due to the hacked site’s now ruined security profile and blocked our access to it!

This is what your site’s visitors will see if your site gets hacked and you aren’t paying attention. Doesn’t look very inviting does it?

After bonding with the client over our mutual aggravation, I went back to the home office and called the hosting company to see if I could at least get into the WordPress dashboard. After a surprisingly brief (for them) wait of 10 minutes on hold, the technician very kindly re-set the WordPress login so I could at least access the site’s dashboard. And then came the hard sell. They could completely fix the site’s files and make sure they were kept secure from now on for a $20 per month charge. However, to get the site back up and running with its original content, we would have to pay a $150 restoration fee. I did the math while he rattled on about how awesome their “exclusive” security service was compared to the “questionable” effectiveness of the WordPress plugin that most developers swear by (and is 1/2 the cost per year).

Cheap hosting: $7.99 per month = $95.88
Hosting Co’s addon security service = $240
One time site restoration fee = $150
My billable time for the meeting and legwork = $100

Their “bargain” hosting can now potentially cost the client $585.88 in fees for getting their site back in working order.

I poured a glass of wine because at this point, I had been staring at cPanels and acronyms for about 4 hours and needed it. Then, I wrote the client a synopsis of what their options were. They could stay with the current hosting company that had their old backups. The problem is that any backup they installed would have the corrupted files just waiting to wreak havoc again. And possibly, again and again since the hosting company has the unfortunate reputation of not doing much of anything to protect ALL clients’ site in the first place. This, to me, is the equivalent of getting a hotel room in a less-than-stellar neighborhood and finding that there is only a rickety screen door with a rusty latch between you and the cranked out truckers staying two rooms away. So, you go to the front desk and ask for a room with an actual door with a lock and they say it will cost an extra $50.

The moral of the story here is that you get what you pay for. While the responsibility of maintaining your site is ultimately up to you (or, ahem, the person you pay to maintain it),
you should ALWAYS make solid, secure, backup-included, hosting a priority. Sometimes paying more than seven or eight bucks a month for something as intangible as hosting seems a bit much, but when it fails, think about how much potential business you could lose.

Oh. Did you make it this far? Good for you! Here’s a little brevity from the folks at “Silicon Valley”